Windows Support Forum

Windows 7 Trojan horse Rootkit-Pakes.U C:\WINDOWS\system32\drivers\atapi.sys

Q: Windows 7 Trojan horse Rootkit-Pakes.U C:\WINDOWS\system32\drivers\atapi.sys

I am running windows 7 ultimate 32 bit and i installed avg internet security 9.0. i found this threat in my computer

\"C:\\WINDOWS\\system32\\drivers\\atapi.sys\";\"Tr ojan horse Rootkit-Pakes.U\";\"Object is white-listed (critical/system file that should not be removed)\".

I try to use malwarebytes and is says its clean.. but when i scan with virustotal.com, it detects a trojan... they say that this site can help me fix my problem. i don't now how to remove the trojan....

hope you can HELP me...

thanks....

Relevancy 100%
Preferred Solution: Windows 7 Trojan horse Rootkit-Pakes.U C:\WINDOWS\system32\drivers\atapi.sys

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/directdownload.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Windows 7 Trojan horse Rootkit-Pakes.U C:\WINDOWS\system32\drivers\atapi.sys

Hello and Welcome to TSF.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new thread, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

------------------------------------------------------

http://www.techsupportforum.com/forums/f50/windows-7-trojan-horse-rootkit-pakes-u-c-windows-system32-drivers-atapi-sys-450979.html
Relevancy 118.73%

Hello dear staff,

I've been having security issues. AVG antivirus keeps warning me about a threat C:\WINDOWS\system32\drivers\ndis.sys - Trojan horse Rootkit-Pakes.AA
It cannot remove it.
Also, after the scan on the reboot windows loads normaly but very very slow. The processor is on 100%
But if i interrupt the scan on the boot windows starts normally, the processor works fine.

Safe mode loads very slowly, using up 100% of the processor.

I have this problem for a long time (2 moths) but did'nt have time to take kare of it.
I was wandering if you could advise me what to do.
Thank You in advance
 

https://forums.techguy.org/threads/c-windows-system32-drivers-ndis-sys-trojan-horse-rootkit-pakes-aa.975096/
Relevancy 104.16%

I am running windows ultimate bit and i installed avg internet security i found this threat in my computer quot C WINDOWS system drivers atapi sys quot quot Tr ojan horse Rootkit-Pakes U quot quot Object is white-listed critical system file that should not be removed quot I try to use malwarebytes and is says its clean but when i scan with virustotal com it detects a trojan they say that this site 7 horse Windows Trojan C:\WINDOWS\system32\d Rootkit-Pakes.U can help me fix my problem i don t now how to remove the trojan I tried to follow the steps from your site but PROBLEM ABOUT ROOTREPEAL it cant run with my computer it shows DEVICE CONTROL ERROR and i dont know why so i can only show you my DDShope you can HELP me thanks below are the results of my DDS and Result from my scan with VirusTotal comDDS Ver - - - NTFSx Run by Admin at on Thu Internet Explorer BrowserJavaVersion Microsoft Windows Ultimate GMT SP Spybot - Search and Windows 7 Trojan horse Rootkit-Pakes.U C:\WINDOWS\system32\d Destroy enabled Updated ED FAF- B F- B -ACA - E C DADBE Running Processes C Windows system wininit exeC Program Files AVG AVG avgchsvx exeC Program Files AVG AVG avgrsx exeC Windows system lsm exeC Program Windows 7 Trojan horse Rootkit-Pakes.U C:\WINDOWS\system32\d Files AVG AVG avgcsrvx exeC Windows system svchost exe -k DcomLaunchC Windows system svchost exe -k RPCSSC Windows System svchost exe -k LocalServiceNetworkRestrictedC Windows System svchost exe -k LocalSystemNetworkRestrictedC Windows system svchost exe -k netsvcsC Windows system svchost exe -k LocalServiceC Windows system svchost exe -k NetworkServiceC Windows System spoolsv exeC Program Files AVG AVG Identity Protection Agent Bin AVGIDSAgent exeC Windows system taskhost exeC Windows system Dwm exeC Windows Explorer EXEC Program Files AVG AVG avgtray exeC Windows System igfxpers exeC Program Files Malwarebytes Anti-Malware mbamgui exeC Windows system igfxsrvc exeC Program Files Windows Sidebar sidebar exeC Back DAN leftsider leftsider exeC Windows system svchost exe -k LocalServiceNoNetworkC Program Files Spybot - Search amp Destroy TeaTimer exeC Program Files RocketDock RocketDock exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files AVG AVG avgwdsvc exeC Program Files AVG AVG avgfws exeC Program Files Bonjour mDNSResponder exeC Program Files O Micro Flash Memory Card Driver o flash exeC Windows system svchost exe -k imgsvcC Program Files TuneUp Utilities TuneUpUtilitiesService exeC Program Files Yahoo SoftwareUpdate YahooAUService exeC Program Files Spybot - Search amp Destroy SDWinSec exeC Program Files TuneUp Utilities TuneUpUtilitiesApp exeC Program Files AVG AVG avgam exeC Program Files AVG AVG avgnsx exeC Windows system svchost exe -k NetworkServiceNetworkRestrictedC Windows system svchost exe -k LocalServiceAndNoImpersonationC Program Files AVG AVG Identity Protection agent bin avgidsmonitor exeC Windows system conhost exeC Program Files AVG AVG avgcsrvx exeC Program Files BitComet BitComet exeC Windows system wbem wmiprvse exeC Program Files Malwarebytes Anti-Malware mbamservice exeC Windows system sppsvc exeC Program Files Spybot - Search amp Destroy SpybotSD exeC Windows system svchost exe -k SDRSVCC Program Files Internet Explorer iexplore exeC Program Files Internet Explorer iexplore exeC Windows system Macromed Flash FlashUtil d exeC Windows system DllHost exeC Windows system DllHost exeC Users Admin Desktop dds scrC Windows system conhost exeC Windows system wbem wmiprvse exe Pseudo HJT Report uSearch Page uStart Page hxxp google atcomet com b uSearch Bar mDefault Page URL hxxp www yahoo comuInternet Settings ProxyOverride localuURLSearchHooks AVG Security Toolbar BHO a bc a - f - -aa - d c - c program files avg avg toolbar IEToolbar dlluURLSearchHooks Download Energy Toolbar bae c - f - d -a - f c a - c program files p p energy tbP P dllmURLSearchHooks Download Ener... Read more

A:Windows 7 Trojan horse Rootkit-Pakes.U C:\WINDOWS\system32\d

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.regards myrti

http://www.bleepingcomputer.com/forums/t/286852/windows-7-trojan-horse-rootkit-pakesu-cwindowssystem32d/
Relevancy 99.2%

Hi guys I've recently done a AVG "C:\WINDOWS\system32\drivers\atapi.sys Horse Infected in C with Trojan Packed.Protector scan and found my computer was infected with quot C Infected with Trojan Horse Packed.Protector C in "C:\WINDOWS\system32\drivers\atapi.sys WINDOWS system drivers atapi sys quot quot Trojan horse Packed Protector C quot quot Object is white-listed critical system file that should not be removed quot I've tried removing it but couldn't as it is white-listed Please kindly offer your advise Thank you very much and ur help will be greatly appreciated DDS Ver - - - NTFSx Run by user at on Fri Internet Explorer Microsoft Windows XP Professional GMT Running Processes C WINDOWS system Ati evxx exe C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs svchost exe svchost exe C WINDOWS system Ati evxx exe C Program Files AVG AVG avgchsvx exe C Program Files AVG AVG avgrsx exe C Program Files AVG AVG avgcsrvx exe C WINDOWS system spoolsv exe C WINDOWS Explorer EXE svchost exe C WINDOWS RTHDCPL EXE C Program Files CyberLink PowerDVD PDVDServ exe C Program Files ATI Technologies ATI ACE Core-Static MOM exe C Program Files AVG AVG avgwdsvc exe C Program Files lg fwupdate fwupdate exe C PROGRA AVG AVG avgtray exe C Program Files CyberLink Shared Files RichVideo exe C WINDOWS system MRT exe C Program Files Windows Live Messenger msnmsgr exe C Program Files ATI Technologies ATI ACE Core-Static ccc exe C WINDOWS system ctfmon exe C Program Files McAfee Security Scan SSScheduler exe C Program Files AVG AVG avgnsx exe C WINDOWS system Wacom Tablet exe C Program Files AVG AVG avgemc exe C WINDOWS system WTablet Wacom TabletUser exe C Program Files AVG AVG avgcsrvx exe C WINDOWS system Wacom Tablet exe C WINDOWS System svchost exe -k HTTPFilter C WINDOWS system wuauclt exe C Program Files Mozilla Firefox firefox exe C WINDOWS System svchost exe C WINDOWS System svchost exe C Documents and Settings user Desktop dds scr Pseudo HJT Report uStart Page hxxp google com sg uURLSearchHooks AVG Security Toolbar BHO a bc a - f - -aa - d c - c program files avg avg toolbar IEToolbar dll BHO Adobe PDF Reader Link Helper e f-c d - d -b d- b d be b - c program files common files adobe acrobat activex AcroIEHelper dll BHO AVG Safe Search ca f - f e- b -a e- e e c c - c program files avg avg avgssie dll BHO C C A-E - b - D - CECB - No File BHO Windows Live Sign-in Helper d - c - abf- ecc- c - c program files common files microsoft shared windows live WindowsLiveLogin dll BHO AVG Security Toolbar BHO a bc a - f - -aa - d c - c program files avg avg toolbar IEToolbar dll TB AVG Security Toolbar ccc a -b ca- -b a - f dd - c program files avg avg toolbar IEToolbar dll uRun msnmsgr quot c program files windows live messenger msnmsgr exe quot background uRun NeoChronos c docume user locals temp c exe uRun ctfmon exe c windows system ctfmon exe uRun av md c windows temp TM A tmp mRun RTHDCPL RTHDCPL EXE mRun Alcmtr ALCMTR EXE mRun Adobe Reader Speed Launcher quot c program files adobe reader reader Reader sl exe quot mRun StartCCC quot c program files ati technologies ati ace core-static CLIStart exe quot MSRun mRun RemoteControl quot c program files cyberlink powerdvd PDVDServ exe quot mRun LanguageShortcut quot c program files cyberlink powerdvd language Language exe quot mRun NeroFilterCheck c program files common files ahead lib NeroCheck exe mRun LGODDFU quot c program files lg fwupdate fwupdate exe quot blrun mRun IMJPMIG quot c windows ime imjp IMJPMIG EXE quot Spoil RemAdvDef Migration mRun MSPY c windows system ime pintlgnt ImScInst exe SYNC mRun PHIME ASync c windows system ime tintlgnt TINTSETP EXE SYNC mRun PHIME A c windows system ime tintlgnt TINTSETP EXE IMEName mRun AVG TRAY c progra avg avg avgtray exe mRun Regedit c windows system regedit exe StartupFolder c docume user startm programs startup adobeg lnk - c program files common files adobe calibratio... Read more

A:Infected with Trojan Horse Packed.Protector C in "C:\WINDOWS\system32\drivers\atapi.sys

Hi,My name is Extremeboy (or EB for short), and I will be helping you with your log.We apologize for the delay of response. If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs as well as a RootRepeal log and a description of any remaining problems or symptoms you may still have please.If for any reason you did not post a DDS log or RootRepeal log please refer to this page and in step #6 and Step #7 for further instructions on downloading and running DDS & RootRepeal. If you have any problems just let me know in your next reply or simply post a Hijackthis log.For your next reply I would like to see:-The DDS logs---DDS.txt and Attach logs-RootRepeal logs-Description of any remaining problems you may still have.Thanks again and we apologize for the delay.With Regards,Extremeboy

http://www.bleepingcomputer.com/forums/t/277796/infected-with-trojan-horse-packedprotector-c-in-cwindowssystem32driversatapisys/
Relevancy 95.17%

I know someone below me has my problem and I read that topic but I don t want to follow those steps because they are specific to his computer Today my AVG popped up with a warning stating that Rootkit-Pakes U has infected my Atapi Sys times and that it is white listed It found it in Horse Atapi.sys Rootkit-Pakes.U Trojan Trojan on my Explorer exe Here are my HijackThis logs Code Logfile of Trend Trojan Horse Rootkit-Pakes.U Trojan on my Atapi.sys Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS Trojan Horse Rootkit-Pakes.U Trojan on my Atapi.sys system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C WINDOWS Explorer EXE C WINDOWS RTHDCPL EXE Trojan Horse Rootkit-Pakes.U Trojan on my Atapi.sys C Program Files Java jre bin jusched exe C WINDOWS system hkcmd exe C WINDOWS system igfxpers exe C PROGRA AVG AVG avgtray exe C WINDOWS system igfxsrvc exe C Program Files iTunes iTunesHelper exe C WINDOWS system ctfmon exe C Program Files YourWare Solutions FreeRAM XP Pro FreeRAM XP Pro exe C Program Files uTorrent uTorrent exe C Program Files RocketDock RocketDock exe C Program Files Messenger msmsgs exe C Program Files MagicDisc MagicDisc exe C Program Files OpenOffice org program soffice exe C Program Files OpenOffice org program soffice bin C DOCUME Nathan LOCALS Temp RtkBtMnt exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C PROGRA AVG AVG avgwdsvc exe C Program Files Bonjour mDNSResponder exe C PROGRA AVG AVG avgrsx exe C PROGRA AVG AVG avgnsx exe C Program Files LogMeIn Hamachi hamachi- exe C WINDOWS system svchost exe C Program Files Java jre bin jqs exe C WINDOWS System svchost exe C WINDOWS System svchost exe C WINDOWS system svchost exe C Program Files iPod bin iPodService exe C WINDOWS system wuauclt exe C Documents and Settings Nathan Local Settings Application Data Google Chrome Application chrome exe C Documents and Settings Nathan Local Settings Application Data Google Chrome Application chrome exe C Documents and Settings Nathan Local Settings Application Data Google Chrome Application chrome exe C Program Files AVG AVG avgscanx exe C Program Files AVG AVG avgcsrvx exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http uk ask com o amp l dis R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Internet Connection Wizard ShellNext http register freeze com ping shortname radarsync wdn amp format xml amp os amp parents amp v amp max amp browsers amp DefaultBrowser amp a amp f radarsync exe R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local O - BHO no name - D -C F - efb- B - ECA - no file O - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll O - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Program Files AVG AVG avgssie dll O - BHO no name - C C A-E - b - D - CECB - no file O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO Ask Toolbar BHO - D C F- A-... Read more

A:Trojan Horse Rootkit-Pakes.U Trojan on my Atapi.sys

Please guys I really need help. I think it's masking other viruses, today my "My Computer" folder's name was changed to 2543e. Something is happening to my computer! Please help!
Bump.
 

https://forums.techguy.org/threads/trojan-horse-rootkit-pakes-u-trojan-on-my-atapi-sys.869265/
Relevancy 95.17%

Hi all I m new here so excuse me if I don t understand something Recently Rootkit Pakes.U 7 Trojan atapi.sys- on Windows AVG free warned me about a Trojan Rootkit Pakes.U on atapi.sys- Windows 7 threat Trojan Trojan Rootkit Pakes.U on atapi.sys- Windows 7 Rootkit Pakes U and that it is located in C Windows System Drivers atapi sys I ve seen that a lot of people have this problem and that they have solved it with Combofix I tried one of those solutions once Trojan Rootkit Pakes.U on atapi.sys- Windows 7 but it seems Combofix doesn t work with Windows Please help my computer is running too slow compared to a few weeks ago here is my HJT log Logfile of Trend Micro HijackThis v Scan saved at p m on Platform Unknown Windows WinNT MSIE Internet Explorer v Boot mode Normal Running processes C Windows system taskhost exe C Windows system Dwm exe C Windows Explorer EXE C Windows SOUNDMAN EXE C Program Files AVG AVG avgtray exe C Program Files Microsoft Office Office GrooveMonitor exe C Program Files BitTorrent BitTorrent exe C Program Files Windows Live Messenger msnmsgr exe C Program Files Windows Live Contacts wlcomm exe C Windows system taskhost exe C Users Casa AppData Local Google Chrome Application chrome exe C Users Casa AppData Local Google Chrome Application chrome exe C Windows system taskeng exe C Program Files Internet Explorer IELowutil exe C Program Files Trend Micro HijackThis HijackThis exe C Windows system SearchFilterHost exe R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http www topweb com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http www topweb com R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName R - URLSearchHook AVG Security Toolbar BHO - A BC A - F - -AA - D C - C Program Files AVG AVG Toolbar IEToolbar dll O - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Program Files AVG AVG avgssie dll O - BHO no name - C C A-E - b - D - CECB - no file O - BHO Groove GFS Browser Helper - - C - D -B F - BBC D A E - C Program Files Microsoft Office Office GrooveShellExtensions dll O - BHO Windows Live Aplicaci n auxiliar de inicio de sesi n - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO AVG Security Toolbar BHO - A BC A - F - -AA - D C - C Program Files AVG AVG Toolbar IEToolbar dll O - Toolbar AVG Security Toolbar - CCC A -B CA- -B A - F DD - C Program Files AVG AVG Toolbar IEToolbar dll O - HKLM Run SoundMan SOUNDMAN EXE O - HKLM Run AVG TRAY C PROGRA AVG AVG avgtray exe O - HKLM Run GrooveMonitor quot C Program Files Microsoft Office Office GrooveMonitor exe quot O - HKLM Run win c windows ini exe O - HKCU Run BitTorrent quot C Program Files BitTorrent BitTorrent exe quot O - HKCU Run Google Update quot C Users Casa AppData Local Google Update GoogleUpdate exe quot c O - HKCU Run msnmsgr quot C Program Files Windows Live Messenger msnmsgr exe quot background O - HKUS S- - - Run Sidebar ProgramFiles Windows Sidebar Sidebar exe autoRun User LOCAL SERVICE O - HKUS S- - - RunOnce mctadmin C Windows System mctadmin exe User LOCAL SERVICE O - HKUS S- - - Run Sidebar ProgramFiles Windows Sidebar Sidebar exe autoRun User NETWORK SERVICE O - HKUS S- - - RunOnce mctadmin C Windows System mctadmin exe User NETWORK SERVICE O - Extra context menu item E amp xport to Microsoft Excel - res C PROGRA MICROS Office EXCEL EXE O - Extra button Send to OneNote... Read more

https://forums.techguy.org/threads/trojan-rootkit-pakes-u-on-atapi-sys-windows-7.879601/
Relevancy 83.7%

If some one could help me please I would really appreciate it I have my logs you requested right here in the attached zip folder My computer apparently has a trjan and I would really like to remove it Please help DDS Ver - - - NTFSx Run by James at on Thu Internet Explorer BrowserJavaVersion Microsoft Windows Ultimate GMT - Running Processes C Windows system wininit exe C Program Files AVG AVG avgchsvx exe How to 7 WIndows C:\windows\system32\drivers\atapi.sys remove Trojan C Program Files AVG AVG avgrsx exe C:\windows\system32\drivers\atapi.sys Trojan WIndows 7 How to remove C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Program Files AVG AVG avgcsrvx exe C Windows system svchost exe -k RPCSS C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows system svchost exe -k LocalService C Program Files DisplayLink Core Software DisplayLinkService exe C Windows system svchost exe -k NetworkService C Windows System spoolsv C:\windows\system32\drivers\atapi.sys Trojan WIndows 7 How to remove exe C Windows system taskhost exe C Windows system Dwm exe C Windows system taskeng exe C Windows Explorer EXE C Program Files Sony VAIO Update VAIOUpdt exe C Windows system svchost exe -k LocalServiceNoNetwork C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files AVG AVG avgwdsvc exe C Program Files AVG AVG avgfws exe C Program Files Bonjour mDNSResponder exe C Windows system svchost exe -k LocalServiceAndNoImpersonation C:\windows\system32\drivers\atapi.sys Trojan WIndows 7 How to remove C Program Files Sony VAIO Event Service VESMgr exe C Program Files AVG AVG avgam exe C Windows system DRIVERS xaudio exe C Program Files AVG AVG avgnsx exe C Program Files AVG AVG avgemc exe C Program Files Sony VAIO Event Service VESMgrSub exe C Program Files Sony VAIO Care VCsystray exe C Program Files AVG AVG avgcsrvx exe C Windows system igfxext exe C Windows system igfxsrvc exe C Windows system svchost exe -k NetworkServiceNetworkRestricted C Program Files Sony ISB Utility ISBMgr exe C Program Files Apoint Apoint exe C Program Files DisplayLink Core Software DisplayLinkUI exe C Windows System igfxpers exe C Program Files AVG AVG avgtray exe C Windows system igfxsrvc exe C Program Files iTunes iTunesHelper exe C Program Files Java jre bin jusched exe C Program Files Windows Sidebar sidebar exe C Program Files AIM aim exe C Program Files Skype Phone Skype exe C Program Files Sony VAIO Power Management SPMgr exe C Program Files Apoint ApMsgFwd exe C Program Files Apoint Apntex exe C Windows system conhost exe C Users James AppData Local Apps MH QVRYR R A KG X ZJZ HTZ curs tion eee a d CurseClient exe C Program Files AVG AVG avgcsrvx exe C Windows system SearchIndexer exe C Program Files iPod bin iPodService exe C Program Files Windows Media Player wmpnetwk exe C Windows System svchost exe -k LocalServicePeerNet C Program Files Mozilla Firefox firefox exe C Windows system ctfmon exe C Program Files Skype Plugin Manager skypePM exe C Program Files Sony VAIO Update VUAgent exe C Users James AppData Local Temp Zgc exe C Windows system SearchProtocolHost exe C Windows system SearchFilterHost exe C Windows system DllHost exe C Windows system DllHost exe C Users James Downloads dds scr C Windows system conhost exe C Windows system wbem wmiprvse exe Pseudo HJT Report uInternet Settings ProxyOverride local uURLSearchHooks AIM Toolbar Search Class f - dc - -bc - e fefafe - c program files aim toolbar aimtb dll uURLSearchHooks AVG Security Toolbar BHO a bc a - f - -aa - d c - c program files avg avg toolbar IEToolbar dll mURLSearchHooks AIM Toolbar Search Class f - dc - -bc - e fefafe - c program files aim toolbar aimtb dll BHO AVG Safe Search ca f - f e- b -a e- e e c c - c program files avg avg avgssie dll BHO AVG Security Toolbar BHO a bc a - f - -aa - d c - c program files avg ... Read more

A:C:\windows\system32\drivers\atapi.sys Trojan WIndows 7 How to remove

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

I see no evidence of the "atapi" infection. What led you to that conclusion? Is your browser being redirected? You are infected though.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Due to the restrictions on Windows 7, all tools should be started by right-click > Run as Administrator

If you click 'Start' and have no 'Run' function, please right-click Start > Properties > Start menu tab > Customize button > and tick the 'Display Run' or 'Run command' box > OK > OK.

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Please post the C:\ComboFix.txt in your next reply for further review.

Please re-enable your antivirus before posting the ComboFix.txt log.

------------------------------------------------------

http://www.techsupportforum.com/forums/f100/c-windows-system32-drivers-atapi-sys-trojan-windows-7-how-to-remove-456801.html
Relevancy 82.15%

Hi Several days ago AVG picked up Trojan-Pakes U in atapi sys and I have been extremely unsuccsessful at removing it Although not causing any obvious problems that I can see I am still very concerned and would like any help to get rid of it I m running Windows Home Vista SP and have Trojan in atapi.sys Rootkit-Pakes.U tried several different Trojan Rootkit-Pakes.U in atapi.sys software removal programs to no avail including Sophos Trojan Remover Malwarebytes and others Any help is very greatly appreciated My HJT log is as follows Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows Vista SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C Windows system taskeng exe C Windows system Dwm exe C Windows Explorer EXE C Program Files Windows Defender MSASCui exe C Program Files OEM Trojan Rootkit-Pakes.U in atapi.sys OSD osd exe C Program Files AVG AVG avgtray exe C Program Files Virgin Broadband Wireless Wireless Manager Trojan Rootkit-Pakes.U in atapi.sys exe C Windows ehome ehtray exe C Program Files DAEMON Tools Lite daemon exe C Windows ehome ehmsas exe C Windows system wbem unsecapp exe C Program Files Internet Explorer iexplore exe C Program Files Windows Live Messenger msnmsgr exe C Program Files Internet Explorer iexplore exe C Program Files Trend Micro HijackThis HijackThis exe C Windows system SearchFilterHost exe R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http www google co uk R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName O - Hosts localhost O - BHO no name - D -C F - efb- B - ECA - no file O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Program Files AVG AVG avgssie dll O - BHO no name - C C A-E - b - D - CECB - no file O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO Java tm Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files Java jre bin jp ssv dll O - HKLM Run Windows Defender ProgramFiles Windows Defender MSASCui exe -hide O - HKLM Run IgfxTray C Windows system igfxtray exe O - HKLM Run OSD C Program Files OEM OSD osd exe O - HKLM Run AVG TRAY C PROGRA AVG AVG avgtray exe O - HKLM Run Wireless Manager quot C Program Files Virgin Broadband Wireless Wireless Manager exe quot startup O - HKCU Run ehTray exe C Windows ehome ehTray exe O - HKCU Run DAEMON Tools Lite quot C Program Files DAEMON Tools Lite daemon exe quot -autorun O - HKUS S- - - Run Sidebar ProgramFiles Windows Sidebar Sidebar exe detectMem User LOCAL SERVICE O - HKUS S- - - Run WindowsWelcomeCenter rundll exe oobefldr dll ShowWelcomeCenter User LOCAL SERVICE O - HKUS S- - - Run Sidebar ProgramFiles Windows Sidebar Sidebar exe detectMem User NETWORK SERVICE O - Extra context menu item E amp xport to Microsoft Excel - res C PROGRA MI OFFICE EXCEL EXE O - Extra button Research - B - CC- C -B BE- C C A - C PROGRA MI OFFICE REFIEBAR DLL O - Gopher Prefix O - DPF B E B C- FE- E -BEF - A CDD SABScanProcesses Class - http www superadblocker com activex sabspx cab O - DPF E E F- F- FB - -AC BF A - http platformdl adobe com NOS getPlusPlus gp cab O - Protocol linkscanner - F C- F - D -A D -FBDDE F D - C Program Files AVG AVG avgpp dll O - AppInit DLLs avgrsstx dll O - Service ArcSoft Connect Daemon ACDaemon - Unknown owner - C Program Files Common Files ArcSoft Connection Service ... Read more

Relevancy 81.22%

This seems to be a pretty popular topic of late, but yeah....Rootkit-Pakes.U trojan in atapi.sys. Google is sending me in some uncomfortable directions and I'd rather not have that happen anymore.

I'm running Windows 7 x86

HJT log attached

Thanks in advance!
 

Relevancy 81.22%

Hi Recently AVG s Resident Shield Alert popped up with the trojan Rootkit-Pakes U found in C WINDOWS system atapi sys found from svchost exe since it was from svchost exe trojan in atapi.sys Rootkit-Pakes.U found I was afraid remove selected infection and just exited out of the alert My best guess is that this came from a Hybrid album I torrented from mininova The second day Avast caught the same trojan and I moved it to virus vault AVG popped up with of the same threats one of them coming from C Program Files Alwil Software Avast ashServe exe I m guessing that s where I moved it to Also ran MalwareBytes and found Trojan Vundo in my registry keys My HijackThis log is as followed Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost Rootkit-Pakes.U trojan found in atapi.sys exe C WINDOWS System svchost exe C Program Files Intel Wireless Bin EvtEng exe C Program Files Intel Rootkit-Pakes.U trojan found in atapi.sys Wireless Bin S EvMon exe C Program Files Alwil Software Avast aswUpdSv exe C Program Files Alwil Software Avast ashServ exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C PROGRA AVG AVG avgwdsvc exe C Program Files Bonjour mDNSResponder exe C Program Files TOSHIBA ConfigFree CFSvcs exe C WINDOWS system DVDRAMSV exe C WINDOWS eHome ehRecvr exe C WINDOWS eHome ehSched exe C Program Files Java jre bin jqs exe C PROGRA AVG AVG avgrsx exe C Program Files Intel Wireless Bin RegSrvc exe c TOSHIBA IVP swupdate swupdtmr exe C WINDOWS system Wacom Tablet exe C Program Files TOSHIBA TOSHIBA Applet TAPPSRV exe C WINDOWS system TODDSrv exe C WINDOWS system UTSCSI EXE C WINDOWS system WTablet Wacom TabletUser exe C WINDOWS system Wacom Tablet exe C WINDOWS Explorer EXE C Program Files Alwil Software Avast ashMaiSv exe C Program Files Alwil Software Avast ashWebSv exe C WINDOWS system dllhost exe C Program Files Toshiba Toshiba Applet thotkey exe C Program Files TOSHIBA ConfigFree NDSTray exe C Program Files TOSHIBA TOSHIBA Direct Disc Writer ddwmon exe C WINDOWS RTHDCPL EXE C WINDOWS system igfxtray exe C WINDOWS system hkcmd exe C WINDOWS system igfxpers exe C WINDOWS ehome ehtray exe C WINDOWS eHome ehmsas exe C Program Files Synaptics SynTP SynTPEnh exe C Program Files Protector Suite QL psqltray exe C Program Files ltmoh Ltmoh exe C WINDOWS AGRSMMSG exe C WINDOWS system TPSMain exe C Program Files Synaptics SynTP Toshiba exe C Program Files TOSHIBA Touch and Launch PadExe exe C Program Files TOSHIBA TOSHIBA Controls TFncKy exe C WINDOWS system TPSBattM exe C Program Files Toshiba Tvs TvsTray exe C Program Files TOSHIBA TOSHIBA Zooming Utility SmoothView exe C toshiba ivp ism pinger exe C Program Files Intel Wireless bin ZCfgSvc exe C Program Files Intel Wireless Bin ifrmewrk exe C PROGRA AVG AVG avgtray exe C PROGRA ALWILS Avast ashDisp exe C Program Files Java jre bin jusched exe C WINDOWS system ctfmon exe C Program Files TOSHIBA TOSCDSPD toscdspd exe C Program Files Windows Live Messenger msnmsgr exe C Program Files Intel Wireless Bin Dot XCfg exe C WINDOWS system RAMASST exe C Program Files Windows Live Contacts wlcomm exe C PROGRA AVG AVG avgnsx exe C Program Files Malwarebytes Anti-Malware mbam exe C WINDOWS system spoolsv exe C Program Files AVG AVG avgcsrvx exe C Program Files Mozilla Firefox firefox exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www ask com o amp l dis R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R... Read more

Relevancy 81.22%

Hello My AVH found this trojan in found Rootkit-Pakes.U atapi.sys infection gt gt Rootkit-Pakes U trojan found in atapi sys lt lt lt lt AVG is stating that it can t delete the file as it is suppose to be a important file but it s coming up as a infection and I think it s causing my computer to not take the last update from Microsoft But I m not sure of that My computer is running fine but that infection is still there and I don t want it get worse and also my computer will not take the last Microsoft update gt gt gt Microsoft SQL Server Express Edition Service Pack KB lt lt lt lt lt Please help like you help that one guy who had the same problem with the Rootkit-Pakes U trojan found in atapi sys I know every problem is different with everyone but I hope you can help My computer is a Dell Latitude D Intel Centrino Duo GB Ram Desmond J Tappin nbsp

Relevancy 111.37%

This is my first post thread on this forum so please be patient with me I have seen a couple other people on Rootkit-Pakes.U atapi.sys trojan in file found here with this rootkit-pakes problem but would like some help specifically to my computer I have a HJT log i will post in a second and any other information you guys would need to help me I will have ASAP Thank You for all posts and help in advance Heres my log Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Rootkit-Pakes.U trojan found in atapi.sys file Boot mode Normal Running processes E windows System smss exe E windows system winlogon exe E windows system services exe E windows system lsass exe E windows System Ati evxx exe E windows system svchost exe E windows System svchost exe E windows system svchost exe E Program Files Lavasoft Ad-Aware aawservice exe E windows system spoolsv exe E windows system Ati evxx exe E windows Explorer EXE E Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe Rootkit-Pakes.U trojan found in atapi.sys file E PROGRA AVG AVG avgwdsvc exe E Program Files Bonjour mDNSResponder exe E Program Files Dantz Retrospect retrorun exe E windows System svchost exe E PROGRA AVG AVG avgrsx exe E Program Files Viewpoint Common ViewpointService exe E Program Files ATI Technologies ATI Control Panel atiptaxx exe E Program Files Adobe Adobe Acrobat Distillr Acrotray exe E windows SOUNDMAN EXE E Program Files Razer Lachesis razerhid exe E PROGRA AVG AVG avgtray exe E Program Files iTunes iTunesHelper exe E Program Files ATI Multimedia RemCtrl ATIRW exe E Program Files Razer Lachesis razerofa exe E WINDOWS System spool DRIVERS W X E FATICEA EXE E Program Files AIM aim exe E WINDOWS System rundll exe E Program Files iPod bin iPodService exe E Program Files AIM aolsoftware exe E Program Files Steam steam exe E Program Files AVG AVG avgcsrvx exe E windows system winlogon exe E windows system Ati evxx exe E Program Files Mozilla Firefox firefox exe E Program Files Java jre bin jusched exe Rootkit-Pakes.U trojan found in atapi.sys file E Program Files Java jre bin jqs exe E Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main SearchAssistant http search bearshare com sidebar html src ssb R - HKCU Software Microsoft Internet Explorer Main Search Bar http us rd yahoo com customize ycomp defaults sb http www yahoo com search ie html R - HKCU Software Microsoft Internet Explorer Main Search Page http us rd yahoo com customize ycomp defaults sp http www yahoo com R - HKCU Software Microsoft Internet Explorer Main Start Page about blank R - HKLM Software Microsoft Internet Explorer Search SearchAssistant http search bearshare com sidebar html src ssb R - HKCU Software Microsoft Internet Explorer SearchURL Default http us rd yahoo com customize ycomp defaults su http www yahoo com R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local R - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - E Program Files Yahoo Companion Installs cpn yt dll F - REG system ini Shell O - BHO btorbit com - B - B - -B F -F B EFC - E Program Files Orbitdownloader orbitcth dll O - BHO amp Yahoo Toolbar Helper - D -C F - efb- B - ECA - E Program Files Yahoo Companion Installs cpn yt dll O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - E Program Files Adobe Adobe Acrobat ActiveX AcroIEHelper dll O - BHO Winamp Toolbar Loader - CEE EC- - bc- B - DDC AB C - E Program Files Winamp Toolbar winamptb dll O - BHO BitComet ClickCapture - F E - A- B A-BCAF- B BFDFEA - E Program Files BitComet tools BitCometBHO dll O - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - E Program Files AVG AVG avgssie dll O - BHO Viewpoint Toolbar BHO - A C -B - EDB- - D C EC - E Program Files Viewpoint Viewpoint Toolbar ViewBarBHO dll file missing O - BHO AcroIEToolbarHelper Class - AE CD -E - f- - EE - E... Read more

Relevancy 106.64%

MalwareBytes and AVG show that system is clean when scanned. However I get an AVG pop up that states that this file, c:windows/system32/drivers/ipec.sys, has been isolated. I connect to the internet through a wireless connection. Status shows connected but browser unable to connect. System is XP Home. Dell Optiplex DIM3000, Pentium 2.80GHz 2GB RAM.
What should I do??
Thank you

A:c:windows/system32/drivers/ipec.sys trojan horse hider

DownloadSystem lookCopy this script
:filefind
ipsec.sysPaste it in the BOXClick on LookPost the log

http://www.bleepingcomputer.com/forums/t/435272/cwindowssystem32driversipecsys-trojan-horse-hider/
Relevancy 105.35%

An AVG scan in safe mode is showing a Trojan horse Agent_r.AWW in C:\Windows\System32\drivers\netbt.sys

Other scans showed more concerns, See Attached DDS, GMER & TDDSSKIller scan results

Thanks much in advance!

A:Trojan horse Agent_r.AWW in C:\Windows\System32\drivers\netbt.sysAn

Hello and Welcome to Bleeping Computer!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster. NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer. NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.Security CheckDownload Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Double click on combofix.exe & follow the prompts. When finished, it will produce a report for you. Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stallNote 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer"information and logs"In your next post I need the following
Log from Combofixlet me know of any problems you may have had
How is the computer doing now?Gringo

http://www.bleepingcomputer.com/forums/t/452093/trojan-horse-agent-raww-in-cwindowssystem32driversnetbtsysan/
Relevancy 104.92%

The Resident Shield in my AVG antivirus detected four files that are infected with Trojan Horse Rootkit-Pakes m AVG will not remove the infections since they are quot white listed quot as critical operating components How can I remove this infection I have attached the Trojan Horse Help with Rootkit-Pakes.m HJT log Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system svchost exe C WINDOWS system LEXBCES EXE C WINDOWS system spoolsv exe C WINDOWS system LEXPPS EXE Help with Trojan Horse Rootkit-Pakes.m C PROGRA COMMON AOL ACS AOLacsd exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C PROGRA AVG AVG avgwdsvc exe C Program Files Bonjour mDNSResponder exe C WINDOWS system DRIVERS CDANTSRV EXE C WINDOWS Explorer EXE C WINDOWS System svchost exe C PROGRA AVG AVG avgrsx exe C PROGRA AVG AVG avgnsx exe C Program Files Java jre bin jqs exe C WINDOWS system nvsvc exe C WINDOWS system PnkBstrA exe C Program Files Common Files New Boundary PrismXL PRISMXL SYS C WINDOWS system svchost exe C PROGRA AVG AVG avgemc exe C PROGRA COMMON AOL AOLSPY AOLSP Scheduler exe C Program Files AVG AVG avgcsrvx exe C Program Files Java jre bin jusched exe C Program Files Common Files InstallShield UpdateService issch exe C Program Files Microsoft Xbox Accessories XboxStat exe C Program Files Zune ZuneLauncher exe C WINDOWS system RUNDLL EXE C Program Files Pinnacle Shared Files Programs USBTip USBTip exe C PROGRA AVG AVG avgtray exe C Program Files iTunes iTunesHelper exe C WINDOWS system msword exe C WINDOWS system ctfmon exe C Program Files Spybot - Search amp Destroy TeaTimer exe C WINDOWS System svchost exe C Documents and Settings Owner msword exe C WINDOWS System svchost exe C WINDOWS System svchost exe C WINDOWS System svchost exe C WINDOWS system svchost exe C Program Files AVG AVG avgcsrvx exe C WINDOWS System svchost exe C Program Files iPod bin iPodService exe C Program Files Java jre bin jucheck exe C Program Files Internet Explorer iexplore exe C Program Files Internet Explorer iexplore exe C Program Files Internet Explorer iexplore exe C WINDOWS Microsoft NET Framework v Windows Communication Foundation infocard exe C Program Files Windows Live Messenger msnmsgr exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http home bellsouth net R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Connection Wizard ShellNext http www emachines com R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Program Files AVG AVG avgssie dll O - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dll O - BHO no name - C C A-E - b - D - CECB - no file O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Program Files Google GoogleToolbarNotifier swg dll O - BHO Java tm Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files Java jre bin jp ssv dll O - BHO JQSIEStartDetectorImpl - ... Read more

Relevancy 104.92%

My HP Compaq b laptop is running WinXP SP It has AMD Athlon X DualCore QL CPU GHz GB RAM GB storage and GB external storage Since May th this computer has had multiple infections daily as listed below and I ve been chasing and deleting or quarantining them only to have them re-appear others Horse Trojan and Rootkit-Pakes.AA elsewhere in some form My Win firewall was shut down and all my Restore points disappeared I ve been using my five installed A V programs Free AVG Free Ad-Aware Free Malwarebytes Free SpyBot S amp D and Free SUPERAntiSpyware and I m keeping the logs but losing the battle My two most recent scans both on AVG and Malwarebytes showed zero infections but I know that cannot be true because there are files in my Temporary Internet Files that I cannot delete cookie administrator facebook com AND cookie administrator tacoda net One day I had infections of which only could be cured leaving infected files The same scans the following Trojan Horse Rootkit-Pakes.AA and others day reported NO infections as if the viruses had vanished On another occasion while I was away from the computer an AVG Resident Shield Alert appeared saying Accessed file infected detected on Open -- Filename C Windows System ndis sys -- Threat Trojan horse Rootkit-Pakes AA -- Details Process name C Windows System svchost exe ProcessID In another instance Runtime Packed NSPack Named files in other instances C Windows Temp mbme tmp was actually an empty folder not a file C Windows System adgvqacq dll The computer is barely functional Windows Explorer often freezes even when attempting to open a simple txt file and I cannot open the Task Manager to close the Application it requires a hard reboot I have read and complied with your Preparation Guide Please please help me as soon as you can My wife and I are leaving next week for a family reunion in Ohio and this is our only laptop computer Thank you very much for your consideration See virus names below by the A V program that reported them AVG Trojan horse Rootkit Pakes AATrojan horse Clicker AISYTrojan horse SHeur VSNTrojan horse SHeur WUGTrojan horse Crypt VSNTrojan horse CBSTTrojan horse BZAATrojan horse BVQN Trojan horse CCHSAd-Aware Cookies Engine o MalwareBytes Rootkit Agent Trojan FakeAlert Trojan Refpron Trojan Agent Trojan Downloader Trojan Koblu Backdoor Bot Malware Trace Adware MyWebSearchAdware MyWayAdware SpeedApps Trojan Fraudpack Spybot S amp R Microsoft WindowsSecurityCenter disabledWin Agent attaSUPERAntiSpyware Trojan Agent Gen-Nullo Short Trojan Agent Gen-KrpytikAdware Tracking Cookie DDS Ver - - - NTFSx Run by Administrator at on Wed Internet Explorer Microsoft Windows XP Professional GMT - AV AVG Anti-Virus Free On-access scanning enabled Updated DDD - FF- F- E B- D D BF Running Processes C WINDOWS System svchost exe -k Cognizancec Program Files Fingerprint Sensor AtService exeC WINDOWS system Ati evxx exeC WINDOWS system svchost -k DcomLaunchc Program Files Hewlett-Packard Drive Encryption HpFkCrypt exesvchost exeC WINDOWS System svchost exe -k netsvcssvchost exesvchost exeC WINDOWS system Ati evxx exeC Program Files AVG AVG avgchsvx exeC Program Files AVG AVG avgrsx exeC Program Files Lavasoft Ad-Aware AAWService exeC Program Files AVG AVG avgcsrvx exeC WINDOWS system spoolsv exesvchost exec Program Files ActivIdentity ActivClient accoca exeC WINDOWS system agrsmsvc exeC Program Files AVG AVG avgwdsvc exeC Program Files Comodo BackUp CmdBkSvc exec Program Files Hewlett-Packard HP ProtectTools Security Manager PTChangeFilterService exeC Program Files AVG AVG avgnsx exeC Program Files Java jre bin jqs exeC Program Files Common Files Microsoft Shared VS DEBUG MDM EXEC WINDOWS system svchost exe -k imgsvcC WINDOWS system mqsvc exeC WINDOWS system mqtgsvc exeC Program Files Hewlett-Packard Shared hpqwmiex exec Program Files Hewlett-Packard IAM Bin AsGHost exeC WINDOWS system wscntfy exeC WINDOWS Explorer EXEC Program Files Synaptics SynTP SynTPEnh exeC PROGRA AVG AVG avgtray exeC W... Read more

A:Trojan Horse Rootkit-Pakes.AA and others

Hello Joseph Aliano, Welcome to Bleeping Computer. My name is fireman4it and I will be helping you with your Malware problem.Please take note of some guidelines for this fix: Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". Finally, please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.1.Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.Link 1Link 2Link 3Link 4 Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how. Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator) A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed. If nothing happens or if the tool does not run, please let me know in your next reply2.Install Recovery Console and Run ComboFixThis tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.Download Combofix from any of the links below, and save it to your desktop. Link 1Link 2 Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.Close any open windows, including this one.Double click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. If you did not have it installed, you will see the prompt below. Choose YES.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help youshould your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).Leave your computer alone while ComboFix is running.ComboFix will restart your computer if malware is found; allow it to do so.Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.Things to include in your next reply::Combofix.txt How is your machine running now?

http://www.bleepingcomputer.com/forums/t/318058/trojan-horse-rootkit-pakesaa-and-others/
Relevancy 104.92%

Hi This trojan does not want to be removed by AVG and I am not really sure if my computer is at risk I have found Rootkit-Pakes.M XP horse Trojan an existing thread on the forum http forums techguy org malware-removal-hijackthis-logs -xp-trojan-horse-rootkit-pakes html and followed the advices provided in the last reply I have installed ATF Cleaner which did not find any file to remove Then I XP Trojan horse Rootkit-Pakes.M have installed Malwarebytes Anti-Malware and here is the report generated I can help translating the bits in French if needed Malwarebytes Anti-Malware Version de la base de donn es Windows Service Pack mbam-log- - - - - txt Type de recherche Examen rapide El ments examin s Temps coul minute s second s XP Trojan horse Rootkit-Pakes.M Processus m moire infect s Module s m moire infect s Cl s du Registre infect e s Valeur s du Registre infect e s El ment s de donn es du Registre infect s Dossier s infect s Fichier s infect s Processus m moire infect s Aucun l ment nuisible d tect Module s m moire infect s Aucun l ment nuisible d tect Cl s du Registre infect e s HKEY LOCAL MACHINE SYSTEM ControlSet Services browserctl Trojan Agent - gt No action taken HKEY LOCAL MACHINE SYSTEM ControlSet Services browserctl Trojan Agent - gt No action taken HKEY LOCAL MACHINE SYSTEM CurrentControlSet Services browserctl Trojan Agent - gt No action taken HKEY LOCAL MACHINE System CurrentControlSet Services browserctldrv Trojan Agent - gt No action taken Valeur s du Registre infect e s HKEY CURRENT USER SOFTWARE Microsoft Windows CurrentVersion Run ms word Trojan Agent - gt No action taken HKEY LOCAL MACHINE SOFTWARE Microsoft Windows NT CurrentVersion SvcHost browserctl Trojan Agent - gt No action taken HKEY LOCAL MACHINE SOFTWARE Microsoft Windows CurrentVersion Run ms word Trojan Agent - gt No action taken HKEY LOCAL MACHINE SOFTWARE Microsoft Windows CurrentVersion Run Regedit Trojan Agent - gt No action taken El ment s de donn es du Registre infect s Aucun l ment nuisible d tect Dossier s infect s C Program Files BrowserCtl Trojan Agent - gt No action taken Fichier s infect s C Program Files BrowserCtl browserctl dll Trojan Agent - gt No action taken C Documents and Settings F Application Data wiaserva log Malware Trace - gt No action taken C Documents and Settings LocalService oashdihasidhasuidhiasdhiashdiuasdhasd Trace Pandex - gt No action taken C Documents and Settings F oashdihasidhasuidhiasdhiashdiuasdhasd Trace Pandex - gt No action taken C WINDOWS prxid ps dat Malware Trace - gt No action taken Thanks for your help Nico nbsp

https://forums.techguy.org/threads/xp-trojan-horse-rootkit-pakes-m.853784/
Relevancy 104.92%

I find this thread http://www.techsupportforum.com/f100...ml#post2305205
that says:

"My PC is infected with this trojan that I can't seem to get rid of. I had AVG Free 8.5 installed and the following message would pop up:

"C:\WINDOWS\system32\drivers\ntfs.sys";"Trojan horse Rootkit-Pakes.M";"Object is white-listed (critical/system file that should not be removed)"

I got the same problem, my computer works fine but only every couple minutes AVG pops up with this notice. I saw that solution is to run ComboFix but it says that it shouldn't be run without helper. So please help me..

A:Trojan horse Rootkit-Pakes.M

hi.


Quote:




I saw that solution is to run ComboFix but it says that it shouldn't be run without helper. So please help me..







Please complete the instructions for DDS and gmer.

http://www.techsupportforum.com/f50/...lp-305963.html

Then also do this one,

Please save this file to your desktop. Double-click on it to run a scan. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.


Mark

http://www.techsupportforum.com/forums/f50/trojan-horse-rootkit-pakes-m-409385.html
Relevancy 104.92%

Hi there Im getting an alert in AVG that sytem drivers file is infected with rootkit-pakes u and is a white listed file so cannot be deleted have tried various cures fixes but to no avail please can you help HJT Log file below Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Program Files AVG AVG avgchsvx exe C Program Files AVG AVG avgrsx exe C Program Files Lavasoft Ad-Aware horse Help Rootkit pakes ! trojan .. AAWService exe C Program Files AVG AVG avgcsrvx exe C WINDOWS system spoolsv exe C Program Files AVG AVG avgwdsvc exe C Program Files Java jre bin jqs exe C Program Files Common Files Motive McciCMService exe C WINDOWS System svchost exe C Program Files AVG AVG avgnsx exe C WINDOWS Explorer EXE C WINDOWS System svchost exe C Program Files Intel Modem Event Monitor IntelMEM exe C WINDOWS system hkcmd exe C WINDOWS system igfxpers exe C WINDOWS system rundll exe C Program Files Microsoft IntelliPoint point exe C Program Files Java jre bin jusched exe C Program Files Common Files Real Update OB realsched exe C PROGRA AVG AVG avgtray exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Program Files Spybot - Search amp Destroy TeaTimer exe C WINDOWS system ctfmon exe C Program Files Belkin USB F D Wireless Utility Belkinwcui exe C Program Files Rootkit pakes trojan horse .. Help ! Wireless Device Wireless Keyboard Magickey exe C Program Files Wireless Device Wireless Keyboard osd exe C PROGRA MICROS rapimgr exe C Program Files Microsoft ActiveSync wcescomm exe C WINDOWS system wuauclt exe C Program Files Lavasoft Ad-Aware AAWTray exe C Program Files Internet Explorer iexplore exe C Program Files Internet Explorer iexplore exe C Program Files Internet Explorer iexplore exe C Program Files Internet Explorer iexplore exe C Documents and Settings Mark Youngman Local Settings Temporary Internet Files Content IE FDAH O sfhurvb exe C Program Files MSN Messenger msnmsgr exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www google co uk R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - C Program Files Google Google Toolbar GoogleToolbar dll O - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Program Files Google GoogleToolbarNotifier swg dll O - BHO Google Dictionary Compression sdch - C D FE-E D- -BB - C E E C E - C Program Files Google Google Toolbar Component fastsearch B C AC BB E dll O - BHO Java tm Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files Java jre bin jp ssv dll O - BHO JQSIEStartDetectorImpl - E E F - CE- C -BC -EABFE F C - C Program Files Java jre lib deploy jqs ie jqs plugin dll O - Toolbar no name - CCC A -B CA- -B A - F DD - no file O - Toolbar Google Toolbar - C B - - d - B - A CD F - C Program Files Google Google Toolbar GoogleToolbar dll O - HKLM Run IntelMeM C Program Files Intel Modem Event Monitor IntelMEM exe O - HKLM Run StorageGuard quot C Program Files Common Files Sonic Update Manager sgtray exe quot r O - HKLM Run REGSHAVE C Program Files REGSHAVE REGSHAVE EXE AUTORUN O - HKLM Run igfxtray C WINDOWS system igfxtray exe O - HKLM Run igfxhkcmd C WINDOWS system hkcmd exe O - HKLM Run igfxpers C WINDOWS system igfxpers exe O - HKLM Run BluetoothAuthenticationAgent rundll exe bthprops cpl BluetoothAuthenticatio... Read more

https://forums.techguy.org/threads/rootkit-pakes-trojan-horse-help.874462/
Relevancy 104.92%

Good day I had AVG on my pc and got infected by the Trojan horse rootkit pakes M virus Based on advice on pakes.M Trojan rootkit horse your website I have downloaded Combofix txt and pasted below is the log file Now I cant get any of the wireless adapters to Trojan horse rootkit pakes.M work external or internal as it keeps on saying I should load the software Even if loaded an IP address cannot be generated Please help I deleted everything from the quot locked registry codes quot as it was more text than allowed let me know if you need it Thanks Running from F ComboFix exe AV AVG Anti-Virus Free On-access scanning enabled Updated DDD - FF- F- E B- D D BF Created a new restore point Other Deletions c documents and settings All Users Start Menu HP Image Zone lnk c documents and settings All Users Start Menu Programs Acer Crystal Eye Webcam Video Class Camera c documents and settings All Users Start Menu Programs Acer Crystal Eye Webcam Video Class Camera Uninstall lnk c documents and settings Johan Adam Application Data wiaserva log c documents and settings Johan Adam oashdihasidhasuidhiasdhiashdiuasdhasd c documents and settings Johan Adam Start Menu Programs Startup ikowin exe c documents and settings LocalService oashdihasidhasuidhiasdhiashdiuasdhasd c program files Ulead Systems Ulead Photo Express SE CrossSell notes Desktop ini c program files Ulead Systems Ulead Photo Express SE CrossSell Desktop ini c program files Ulead Systems Ulead Photo Express SE CrossSell images Desktop ini c program files Ulead Systems Ulead Photo Express SE Desktop ini c program files WinPCap c program files WinPCap daemon mgm exe c program files WinPCap npf mgm exe c program files WinPCap rpcapd exe c windows Installer msi c windows system drivers npf sys c windows system Packet dll c windows system pthreadVC dll c windows system sfcfiles dll c windows system WanPacket dll c windows system wpcap dll Infected copy of c windows system drivers ntfs sys was found and disinfected Restored copy from - c windows hf mig KB SP QFE ntfs sys Drivers Services ------- Service NPF Find M Report - - - - ----a-w- c windows bthservsdp dat - - - - -------- d-----w- c documents and settings Johan Adam Application Data Skype - - - - -------- d-----w- c documents and settings Johan Adam Application Data skypePM - - - - -------- d-----w- c documents and settings All Users Application Data pdf - - - - ----a-w- c windows wpd drv - - - - -------- d-----w- c documents and settings All Users Application Data AVG Security Toolbar - - - - -------- d-----w- c documents and settings LocalService Application Data AVGTOOLBAR - - - - ----a-w- c windows system avgrsstx dll - - - - ----a-w- c windows system drivers avgldx sys - - - - ----a-w- c windows system drivers avgmfx sys - - - - -------- d-----w- c program files Launch Manager - - - - ----a-w- c windows system d d caps dat - - - - ----a-w- c documents and settings Administrator Local Settings Application Data GDIPFONTCACHEV DAT - - - - ----a-w- c windows system keymail dll - - - - ----a-w- c windows system drivers avgtdix sys ------- Sigcheck ------- - - - C D BCDB CFEB B F D BE E c windows SoftwareDistribution Download dd ab cf e fa d f e svchost exe - - - F AE ED AAABC A DE c windows system svchost exe - - - F AE ED AAABC A DE c windows system dllcache svchost exe - - - F BCCC EDE A E B D c windows hf mig KB SP QFE user dll - - - AA F C DFC B ED E D B c windows hf mig KB SP QFE user dll - - - C F ACE C C E A CF C c windows NtUninstallKB user dll - - - DE DB BBB DB AF E c windows NtUninstallKB user dll - - - B B FF B F C B A D F B c windows SoftwareDistribution Download dd ab cf e fa d f e user dll - - - B F E E A ED ABF E c windows system user dll - - - B F E E A ED ABF E c windows system dllcache user dll - - - CCC EB CEAA E FA A E A c windows SoftwareDistribution Download dd ab cf e fa d f e ws dll - - - ED B F A F C FA EC B c windows system ws dll - - - ED B F A F C FA EC B c windows system dllcache ws dll - - - DDE A ... Read more

https://forums.techguy.org/threads/trojan-horse-rootkit-pakes-m.855193/
Relevancy 104.92%

Hello I am currently running Windows and am getting a threat detected alert from AVG stating that my atapi sys file is infected with a Trojan horse Rootkit-Pakes U and it is unable to remove fix the problem Here is my HJT log Platform Unknown Windows WinNT MSIE horse Trojan Rootkit-Pakes.U Internet Explorer v Boot mode Normal Running processes C Windows system taskhost exe C Windows system Dwm exe C Windows Explorer EXE C Program Files Hewlett-Packard Trojan horse Rootkit-Pakes.U HP Quick Launch Buttons QLBCTRL exe C Program Files DigitalPersona Bin DpAgent exe C Program Files Synaptics SynTP SynTPEnh exe C Program Files Motorola SMSERIAL sm hlpr exe C Program Files Synaptics SynTP SynTPHelper exe C Windows RtHDVCpl exe C Program Files HP QuickPlay QPService exe C Windows System rundll exe C Program Files Common Files Research In Motion Auto Update RIMAutoUpdate exe C Program Files AVG AVG avgtray exe C Program Files Common Files InstallShield UpdateService ISUSPM exe C Program Files Windows Sidebar sidebar exe C Program Files RocketDock RocketDock exe C Program Files Mozilla Firefox firefox exe C Program Files Windows Live Messenger msnmsgr exe C Program Files Windows Live Contacts wlcomm exe C Windows system SearchFilterHost exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http www ask com o amp l dis R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName O - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll O - BHO DigitalPersona Personal Extension - AE-C - f -B E- EA F A - C Program Files DigitalPersona Bin DpOtsPluginIe dll O - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Program Files AVG AVG avgssie dll O - BHO no name - C C A-E - b - D - CECB - no file O - BHO Groove GFS Browser Helper - - C - D -B F - BBC D A E - C Program Files Microsoft Office Office GrooveShellExtensions dll O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - HKLM Run QlbCtrl exe C Program Files Hewlett-Packard HP Quick Launch Buttons QlbCtrl exe Start O - HKLM Run MaxMenuMgr quot C Program Files Seagate SeagateManager FreeAgent Status StxMenuMgr exe quot O - HKLM Run DpAgent C Program Files DigitalPersona Bin dpagent exe O - HKLM Run SynTPEnh C Program Files Synaptics SynTP SynTPEnh exe O - HKLM Run SMSERIAL C Program Files Motorola SMSERIAL sm hlpr exe O - HKLM Run RtHDVCpl RtHDVCpl exe O - HKLM Run QPService quot C Program Files HP QuickPlay QPService exe quot O - HKLM Run NvCplDaemon RUNDLL EXE C Windows system NvCpl dll NvStartup O - HKLM Run NvMediaCenter RUNDLL EXE C Windows system NvMcTray dll NvTaskbarInit O - HKLM Run BlackBerryAutoUpdate C Program Files Common Files Research In Motion Auto Update RIMAutoUpdate exe background O - HKLM Run RoxWatchTray quot C Program Files Common Files Roxio Shared SharedCOM RoxWatchTray exe quot O - HKLM Run AVG TRAY C PROGRA AVG AVG avgtray exe O - HKLM Run Adobe Reader Speed Launcher quot C Program Files Adobe Reader Reader Reader sl exe quot O - HKLM Run Adobe ARM quot C Program Files Common Files Adobe ARM AdobeARM exe quot O - HKCU Run msnmsgr quot C Program Files Windows Live Messenger msnmsg... Read more

https://forums.techguy.org/threads/trojan-horse-rootkit-pakes-u.898982/
Relevancy 104.06%

Please could you help me eliminate Trojan horse Rootkit-Pakes.U infected from my windows\systeme32\drivers\atapi.sys on a windows XP .

Tahnk you

A:Trojan horse Rootkit-Pakes.U infected

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

http://www.techsupportforum.com/forums/f100/trojan-horse-rootkit-pakes-u-infected-454412.html
Relevancy 104.06%

I am brand new to this forum. I am having the same problem as another post. I have been reading the correspondence, and it has gone beyond my area of expertise.

While running a scan with AVG the program detected Trojan horse Rootkit-Pakes.U infecting my C:\WINDOWS\system32\drivers\atapi.sys file. AVG lists the problem as "white-list" and will not remove or repair because it is a critical system file.

I have downloaded the following applications:

RootRepeal
Avira
Pavark
AVG
Combofix
Malwarebytes
RootRepeal

I tried to download DR (?); but AVG stated it was 'possibly' infected?

I am working on Windows XP Professional; and have upgraded to SP3.

Any help would be greatly appreciated as I have been trying to get rid of this virus for a week and many, many hours.

A:Trojan horse Rootkit-Pakes.U problem

Hello,Have you run all those downloads? Do not run CombFix.

Run Malwarebytes (MBAM) and Rootrepeal and post those logs.

http://www.bleepingcomputer.com/forums/t/267480/trojan-horse-rootkit-pakesu-problem/
Relevancy 104.06%

Thanks in advance for any and all help.

I'm using a Toshiba with Win XP Media Center (Service Pakc 3), all service packs and updates are current.

According to numerous scan warnings, my machine is infected with rootkit-pakes.u, in the following file:

C:\WINDOWS\system32\drivers\atapi.sys

This trojan was first detected by AVG Free on Saturday October 14, when it entered my system (I had gone to a supposedly certified-safe website and a pdf file opened, which somehow allowed the infection). The problem is also detected by MalWareBytes. On my daily AVG scan, the problem is always identified and states that the file cannot be removed because it is whitelisted as a critical file.

Quite a few people have asked for help with this problem lately, so I'm hoping someone will already be familiar with the ins and outs of removing the trojan.

Thanks again for your help and advice!

caligirlv

A:Trojan horse Rootkit-Pakes.U infection

It is not a simple removalWe Need to check for Rootkits with RootRepealDownload RootRepeal from the following location and save it to your desktop.Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorExtract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).Open on your desktop.Click the tab.Click the button.Check all seven boxes: Push OkCheck the box for your main system drive (Usually C:), and press Ok.Allow RootRepeal to run a scan of your system. This may take some time.Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.----------------------------------Please note: If Rootrepeal fails to run, try this step: Click Settings - Options. Set the Disk Access slider to HighAlso try: right-click on rootrepeal.exe and rename it to tatertot.scr=============================Please download Win32kDiag.exe by AD and save it to your desktop.alternate download 1alternate download 2This tool will create a diagnostic report Double-click on Win32kDiag.exe to run and let it finish. When it states Finished! Press any key to exit..., press any key on your keyboard to close the program. A file called Win32kDiag.txt should be created on your Desktop.Open that file in Notepad and copy/paste the entire contents (from Starting up... to Finished! Press any key to exit...) in your next reply.-------------------------------------- Go to > Run..., then copy and paste this command into the open box: cmdClick OK.At the command prompt C:\>, copy and paste the following command and press Enter:DIR /a/s %windir%\scecli.dll %windir%\netlogon.dll %windir%\eventlog.dll >Log.txt & START notepad Log.txtA file called log.txt should be created on your Desktop.Open that file and copy/paste the contents in your next reply.

http://www.bleepingcomputer.com/forums/t/267218/trojan-horse-rootkit-pakesu-infection/
Relevancy 104.06%

Hello. Thanks in advance for any assistance you may provide.

I'm using a Lenovo 3000 C100 laptop running Windows XP Professional.

While running a scan with AVG (version 9.0.698) the program detected Trojan horse Rootkit-Pakes.U infecting my C:\WINDOWS\system32\drivers\atapi.sys file. AVG lists the problem as "white-list" and will not remove or repair because it is a critical system file.

I've run Malware Bytes both in normal and safe mode, with the safe mode scan performed last. The Malware Bytes full system scan in safe mode discovered zero problems.

Other than the AVG pop-up I get about once every three hours reminding me of the infected file I can't think of any additional details that would be helpful.

If you need further information or would like to perform any additional tasks please let me know.

Again, you assistance is greatly appreciated.

A:Trojan horse Rootkit-Pakes.U problem

Hello and welcome.if this is Vista you may need to right click on the the desktop icon we create and select run as Administrator.We Need to check for Rootkits with RootRepealDownload RootRepeal from the following location and save it to your desktop.Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorExtract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).Open on your desktop.Click the tab.Click the button.Check all seven boxes: Push OkCheck the box for your main system drive (Usually C:), and press Ok.Allow RootRepeal to run a scan of your system. This may take some time.Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

http://www.bleepingcomputer.com/forums/t/266551/trojan-horse-rootkit-pakesu-problem/
Relevancy 104.06%

My PC is with: Rootkit-Pakes.M Trojan infected horse infected with this trojan that I can't infected with: Trojan horse Rootkit-Pakes.M seem to get rid of I had AVG Free installed and the following message would pop up quot C WINDOWS system drivers ntfs sys quot quot Trojan horse Rootkit-Pakes M quot quot Object is white-listed critical system file that should not be removed quot It wouldn't let me remove or heal it I tried SuperAntiSpyware and it couldn't remove it either This morning my computer screen was displaying a fake antivirus warning screen and I couldn't open AVG or SAS to try to find the problem I also couldn't CTRL ALT DELETE to stop any goofy applications I restarted the computer and went to safe mode with F and rebooted with an older date This still didn't get rid of the trojan At least I was able to use the computer to find help from this site I am running Windows XP with SP Please help I already backed up all files I also uninstalled AVG and left SAS installed Thanks

A:infected with: Trojan horse Rootkit-Pakes.M

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

http://www.techsupportforum.com/forums/f100/infected-with-trojan-horse-rootkit-pakes-m-406818.html
Relevancy 104.06%

I have AVG anti-virus software and it will not remove the virus it says it has been quot white listed quot and cannot be removed There haven't been any problems that I have noticed thus far from the virus I just continually get a pop up warning window from AVG saying that the virus is on my computer trojan horse rootkit-pakes U DDS Ver - - - NTFSx Run by timmy at on Sun Internet Explorer BrowserJavaVersion Microsoft Windows XP Home Edition GMT - AV AVG Internet Security On-access scanning enabled Updated DDD - FF- F- E B- D D BF FW AVG Firewall enabled decf - - -b a-d d b Running Processes H WINDOWS system svchost -k DcomLaunch svchost exe H WINDOWS System svchost exe -k netsvcs H WINDOWS system svchost exe -k WudfServiceGroup svchost exe svchost exe H Program Files AVG AVG avgrsx exe H Program Files AVG AVG avgcsrvx exe H WINDOWS system spoolsv exe H Program Files AVG AVG Identity Protection with trojan Infected horse rootkit-pakes.U Agent Bin AVGIDSAgent exe H WINDOWS Explorer EXE H WINDOWS RTHDCPL EXE H WINDOWS SkyTel EXE H WINDOWS Infected with trojan horse rootkit-pakes.U system RUNDLL EXE H Program Files Java jre bin jusched exe H Program Files iTunes iTunesHelper exe H WINDOWS system ctfmon exe H Program Files AIM aim exe H Program Files MySpace IM MySpaceIM exe H Program Files Common Files Ahead Lib NMBgMonitor exe H Program Files Messenger msmsgs exe H Program Files Windows Desktop Search WindowsSearch exe svchost exe H Program Files Lavasoft Ad-Aware aawservice exe H Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe H Program Files Bonjour mDNSResponder exe H Program Files Java jre bin jqs exe H Program Files Common Files Microsoft Shared VS DEBUG MDM EXE H WINDOWS system nvsvc exe H WINDOWS system IoctlSvc exe H Program Files Viewpoint Common ViewpointService exe H WINDOWS system SearchIndexer exe H Program Files Common Files Ahead Lib NMIndexingService exe H Program Files iPod bin iPodService exe H Program Files Common Files Ahead Lib NMIndexStoreSvr exe H Program Files AIM aolsoftware exe H Program Files MySpace IM MySpaceIM exe H WINDOWS System svchost exe -k HTTPFilter H Program Files AVG AVG avgchsvx exe H Program Files AVG AVG avgwdsvc exe H Program Files AVG AVG avgam exe H Program Files AVG AVG avgnsx exe H Program Files AVG AVG avgfws exe H Program Files AVG AVG avgtray exe H Program Files AVG AVG Identity Protection agent bin avgidsmonitor exe H Program Files AVG AVG avgcsrvx exe H WINDOWS system svchost exe -k imgsvc H Program Files Common Files Real Update OB realsched exe H Program Files Mozilla Firefox firefox exe H WINDOWS system SearchProtocolHost exe H Documents and Settings timmy Desktop install dds scr Pseudo HJT Report uStart Page hxxp www netflix com Login uInternet Connection Wizard ShellNext iexplore uInternet Settings ProxyOverride local mURLSearchHooks AVG Security Toolbar BHO a bc a - f - -aa - d c - h program files avg avg toolbar IEToolbar dll BHO Adobe PDF Reader Link Helper e f-c d - d -b d- b d be b - h program files adobe acrobat activex AcroIEHelper dll BHO AVG Safe Search ca f - f e- b -a e- e e c c - h program files avg avg avgssie dll BHO - f - d - - d f - h program files spybot SDHelper dll BHO Java Plug-In SSV Helper bb-d f - c-b eb-d daf d d - h program files java jre bin ssv dll BHO AOL Toolbar Launcher c - cb - a -b f - ea c f - h program files aol aim toolbar aoltb dll BHO AVG Security Toolbar BHO a bc a - f - -aa - d c - h program files avg avg toolbar IEToolbar dll BHO Java Plug-In SSV Helper dbc -a - b-bc - c c c a - h program files java jre bin jp ssv dll BHO JQSIEStartDetectorImpl Class e e f - ce- c -bc -eabfe f c - h program files java jre lib deploy jqs ie jqs plugin dll TB AIM Toolbar de c f- - a - b-aa ed d - h program files aol aim toolbar aoltb dll TB AVG Security Toolbar ccc a -b ca- -b a - f dd - h program files avg avg toolbar IEToolbar dll TB A A -BACC- D - - A E E - No File uRun ctfmon exe h windows system ctfmon exe uRu... Read more

A:Infected with trojan horse rootkit-pakes.U

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.regards _temp_

http://www.bleepingcomputer.com/forums/t/271776/infected-with-trojan-horse-rootkit-pakesu/
Relevancy 104.06%

My PC is infected with this trojan that I can't seem to get rid of I had AVG Free installed and the following message would pop up quot C WINDOWS system drivers ntfs sys quot quot Trojan horse Rootkit-Pakes M quot quot Object is white-listed critical system file that should not be removed quot It wouldn't let me remove or heal it I tried SuperAntiSpyware and it couldn't remove it either This morning my computer screen was displaying a fake antivirus warning screen and I couldn't open AVG or SAS to try to find the problem I also couldn't CTRL ALT DELETE to stop any goofy applications I restarted the computer and went to safe mode with F and rebooted with an older date This still didn't get rid of the trojan At least I was able to use the computer to find help from this site I am Rootkit-Pakes.M horse infected with: Trojan running Windows XP with SP Please help I already backed up all files I also uninstalled AVG and left SAS installed DDS Ver - - - NTFSx Run by Owner at on Fri Internet Explorer Microsoft Windows infected with: Trojan horse Rootkit-Pakes.M XP Professional GMT - Running Processes C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs C WINDOWS system svchost exe -k WudfServiceGroup svchost exe svchost exe C WINDOWS system spoolsv exe svchost exe C WINDOWS eHome ehRecvr exe C WINDOWS eHome ehSched exe C WINDOWS system nvsvc exe C Program Files Common Files New Boundary PrismXL PRISMXL SYS C Program Files Common Files Intuit QuickBooks QBCFMonitorService exe C WINDOWS system tcpsvcs exe svchost exe C WINDOWS system svchost exe -k imgsvc C WINDOWS system UStorSrv exe C WINDOWS system svchost exe -k netsvcs C WINDOWS system dllhost exe C WINDOWS system rundll exe C WINDOWS system rundll exe C WINDOWS System svchost exe C WINDOWS System svchost exe C WINDOWS Explorer EXE C WINDOWS ehome ehtray exe C Program Files Digital Media Reader readericon G exe C WINDOWS system ctfmon exe C WINDOWS eHome ehmsas exe svchost C WINDOWS Temp ex- exe C Program Files Internet Explorer iexplore exe C Program Files Internet Explorer iexplore exe C Program Files Internet Explorer iexplore exe C Documents and Settings Owner Desktop dds scr Pseudo HJT Report uSearch Bar hxxp www google com ie uStart Page www google com uSearch Page hxxp www google com uSearchMigratedDefaultURL hxxp www google com search q searchTerms amp sourceid ie amp rls com microsoft en-US amp ie utf amp oe utf uSearchAssistant hxxp www google com uSearchURL Default hxxp www google com search q s mSearchAssistant hxxp www google com mWinlogon Userinit c windows system userinit exe c windows system sdra exe BHO AVG Safe Search ca f - f e- b -a e- e e c c - c program files avg avg avgssie dll BHO BCA - A - eaf- - C B D - No File BHO d -a - -b -be a fe - c windows system fccAQIcd dll BHO f e - - d - a- f e b e - c windows system habamahu dll TB A A -BACC- D - - A E E - No File EB Real com fe fa -d c- d - fa- c f afe - c windows system Shdocvw dll uRun ctfmon exe c windows system ctfmon exe uRun updateMgr quot c program files adobe acrobat reader AdobeUpdateManager exe quot AcRdB -reboot uRun GetModule quot c program files getmodule GetModule exe quot uRun GetModule quot c program files getmodule GetModule exe quot uRun SUPERAntiSpyware c program files superantispyware SUPERAntiSpyware exe uRun Monopod c docume owner locals temp d exe mRun ehTray c windows ehome ehtray exe mRun NvCplDaemon RUNDLL EXE c windows system NvCpl dll NvStartup mRun nwiz nwiz exe install mRun readericon c program files digital media reader readericon G exe mRun Reminder WINDIR Creator Remind XP exe mRun Recguard WINDIR SMINST RECGUARD EXE mRun NvMediaCenter RUNDLL EXE c windows system NvMcTray dll NvTaskbarInit mRun SoundMan SOUNDMAN EXE mRun QuickTime Task quot c program files quicktime qttask exe quot -atboottime mRun MSKDetectorExe c program files mcafee spamkiller MSKDetct exe uninstall mRun fibepotoyo Rundll exe quot c windows system pogomaya dll quot s mRu... Read more

A:infected with: Trojan horse Rootkit-Pakes.M

hi.

I need to get another rootkit scan before we start disinfecting your computer.

Download RootRepeal.zip to your Desktop and extract the compressed file to it's own folder.

Open the folder and doubleclick on RootRepeal.exe to run it.Click on the Report tab, and then click on: Scan
A window opens asking what to include in the scan.
Check the following boxes then click OK:
Drivers
Files
Processes
SSDT
Stealth Objects
Hidden Services
Shadow SSDT You will then be asked which drive to scan.
Check C: (or the drive your operating system is installed on, if not C)
Click OK once again.
The tool will begin scanning and may take a while to complete, so please be patient.
When the scan finishes, click on: Save Report. Save it to your desktop so you may find it easily.

Please attach the report in your next reply.
--------------------------------------------------------------------------

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:

Code:
:filefind
ntfs.sys

Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found at on your Desktop entitled SystemLook.txt

Mark

http://www.techsupportforum.com/forums/f100/infected-with-trojan-horse-rootkit-pakes-m-406962.html
Relevancy 104.06%

I ran SuperAntiSpyware, TrojanHunter, and AntiMalwareBytes along with AVG command line scanner in Safe Mode and AVG keeps popping up saying that I am infected with Trojan horse Rootkit-Pakes.L but it was not found by any of these applications.

It keeps coming up everytime I startup.

Please advise how I can resolve this.

Thank you.

A:AVG detecting Trojan horse Rootkit-Pakes.L

Hello and welcome.We Need to check for Rootkits with RootRepealDownload RootRepeal from the following location and save it to your desktop.Zip Mirrors (Recommended)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorExtract RootRepeal.exe from the archive.Open on your desktop.Click the tab.Click the button.Check all seven boxes: Push OkCheck the box for your main system drive (Usually C:), and press Ok.Allow RootRepeal to run a scan of your system. This may take some time.Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

http://www.bleepingcomputer.com/forums/t/248820/avg-detecting-trojan-horse-rootkit-pakesl/
Relevancy 104.06%

At this point I'm getting AVG popping up every minutes with rootkit-Pakes.m Trojan Horse Infected warning me that the NTFS sys is messing this up and infecting Infected with Trojan Horse rootkit-Pakes.m other things It won't even boot normally anymore not even in safe mode Blue screen of death if I try that Can anyone help Here are the logs that were required in the sticky'd thread Edit I just got an error from Cobian a program suggested by this site to back things up PM Infected with Trojan Horse rootkit-Pakes.m Changing the backup type for quot Backup quot to Full First backup PM Creating or updating the archive quot H Backup of Everything C - - zip quot ERR PM Error while compressing the file quot C Documents and Settings Danny N Application Data Mozilla Firefox Profiles zz rek default parent lock quot Cannot open file quot Infected with Trojan Horse rootkit-Pakes.m C Documents and Settings Danny N Application Data Mozilla Firefox Profiles zz rek default parent lock quot - Native error ERR PM Error while compressing the file quot C Documents and Settings Danny N Application Data Mozilla Firefox Profiles zz rek default places sqlite-journal quot Cannot open file quot C Documents and Settings Danny N Application Data Mozilla Firefox Profiles zz rek default places sqlite-journal quot - Native error ERR PM Error while compressing the file quot C Documents and Settings Danny N Local Settings Application Data Microsoft Windows UsrClass dat quot Cannot open file quot C Documents and Settings Danny N Local Settings Application Data Microsoft Windows UsrClass dat quot - Native error ERR PM Error while compressing the file quot C Documents and Settings Danny N Local Settings Application Data Microsoft Windows UsrClass dat LOG quot Cannot open file quot C Documents and Settings Danny N Local Settings Application Data Microsoft Windows UsrClass dat LOG quot - Native error ERR PM Error while compressing the file quot C Documents and Settings Danny N Local Settings Temp etilqs zyh SLt XaM do ajDbe quot Cannot open file quot C Documents and Settings Danny N Local Settings Temp etilqs zyh SLt XaM do ajDbe quot - Native error DDS Ver - - - NTFSx Run by Danny N at on Thu Internet Explorer BrowserJavaVersion Microsoft Windows XP Home Edition GMT - AV AVG Anti-Virus Free On-access scanning enabled Updated DDD - FF- F- E B- D D BF Running Processes C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs C WINDOWS system svchost exe -k WudfServiceGroup svchost exe svchost exe svchost exe C PROGRA AVG AVG avgwdsvc exe C WINDOWS system PnkBstrA exe C WINDOWS system PnkBstrB exe C WINDOWS system svchost exe -k imgsvc C PROGRA AVG AVG avgemc exe C PROGRA AVG AVG avgrsx exe C PROGRA AVG AVG avgnsx exe C Program Files AVG AVG avgcsrvx exe C WINDOWS Explorer EXE C WINDOWS system RUNDLL EXE C Program Files iTunes iTunesHelper exe C WINDOWS RTHDCPL EXE C WINDOWS system ctfmon exe C Program Files Windows Live Messenger msnmsgr exe C Program Files UnHackMe hackmon exe C Program Files UnHackMe gwebupdate exe C Program Files iPod bin iPodService exe C Program Files AVG AVG avgtray exe C WINDOWS System svchost exe -k HTTPFilter C Program Files Mozilla Firefox Beta firefox exe C WINDOWS System svchost exe svchost exe C WINDOWS System svchost exe C Program Files Cobian Backup Cobian exe C Program Files Cobian Backup cbInterface exe C Documents and Settings Danny N Desktop dds scr Pseudo HJT Report uStart Page hxxp www yahoo com uInternet Settings ProxyOverride local uURLSearchHooks H - No File uURLSearchHooks H - No File uURLSearchHooks H - No File uURLSearchHooks AVG Security Toolbar BHO a bc a - f - -aa - d c - c program files avg avg toolbar IEToolbar dll uURLSearchHooks N A b - d - f f-bcc - aa afd - c program files pandobar srchastt bin P SRCHAS DLL mURLSearchHooks AIM Toolbar Search Class f - dc - -bc - e fefafe - c program files aim toolbar aimtb dll mURLSearchHooks AVG Security Toolbar BHO a bc a - f - -aa - d c - c pr... Read more

A:Infected with Trojan Horse rootkit-Pakes.m

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

http://www.bleepingcomputer.com/forums/t/249380/infected-with-trojan-horse-rootkit-pakesm/
Relevancy 104.06%

I am running Trojan horse help Rootkit-Pakes.U with Need repair AVG Internet Security and has detected that C Windows system drivers atapi sys is infected with Rootkit-Pakes U I ve attached a screen print of the AVG warning I have also ran a Kapersky online scan and received the same result I am running Windows XP SP on my good ol P ghz with gb of ram Did I mention it does hyper threading Below is my HijackThis Log Thanks in advance Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C Need help with Trojan horse Rootkit-Pakes.U repair WINDOWS System Need help with Trojan horse Rootkit-Pakes.U repair smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C Program Files AVG AVG avgchsvx exe C Program Files AVG AVG avgrsx exe C Program Files AVG AVG avgcsrvx exe C WINDOWS Explorer EXE C PROGRA AVG AVG avgtray exe C Program Files iTunes iTunesHelper exe C Program Files Java jre bin jusched exe C Program Files Nitro PDF Professional NitroPDFPrinterMonitor exe C WINDOWS system ctfmon exe C Program Need help with Trojan horse Rootkit-Pakes.U repair Files Microsoft ActiveSync wcescomm exe C PROGRA MICROS rapimgr exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files AVG AVG avgwdsvc exe C Program Files AVG AVG avgfws exe C Program Files Bonjour mDNSResponder exe C WINDOWS system svchost exe C Program Files AVG AVG avgam exe C Program Files AVG AVG avgnsx exe C Program Files iPod bin iPodService exe C Program Files AVG AVG avgcsrvx exe C WINDOWS System svchost exe C Program Files My Mobile MyMobiler MyMobiler exe C Program Files Microsoft ActiveSync WCESMgr exe C Program Files Mozilla Firefox firefox exe C Program Files Trend Micro HijackThis HijackThis exe R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local O - BHO no name - C C A-E - b - D - CECB - no file O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO Java tm Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files Java jre bin jp ssv dll O - HKLM Run AVG TRAY C PROGRA AVG AVG avgtray exe O - HKLM Run Malwarebytes Anti-Malware reboot quot C Program Files Malwarebytes Anti-Malware mbam exe quot runcleanupscript O - HKLM Run QuickTime Task quot C Program Files QuickTime QTTask exe quot -atboottime O - HKLM Run iTunesHelper quot C Program Files iTunes iTunesHelper exe quot O - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run Nitro PDF Printer Monitor quot C Program Files Nitro PDF Professional NitroPDFPrinterMonitor exe quot O - HKCU Run ctfmon exe C WINDOWS system ctfmon exe O - HKCU Run H PC Connection Agent quot C Program Files Microsoft ActiveSync wcescomm exe quot O - Extra button Create Mobile Favorite - EAF BB - F- D - - C FAE D F - C PROGRA MICROS INetRepl dll O - Extra button no name - EAF BB - F- D - - C FAE D F - C PROGRA MICROS INetRepl dll O - Extra Tools menuitem Create Mobile Favorite - EAF BB - F- D - - C FAE D F - C PROGRA MICROS INetRepl dll O - Extra button no name - e e dd -d - - b -f ba - C WINDOWS Network Diagnostic xpnetdiag exe O - Extra Tools menuitem xpsp res dll - - e e dd -d - - b -f ba - C WINDOWS Network Diagnostic xpnetdiag exe O - Extra button Messenger - FB F -F - d -BB E- C F - C Program Files Mes... Read more

Relevancy 104.06%

Hi there I ve gotten Trojan horse Rootkit-Pakes U somehow and my Resident Alert shield has been popping up frequently with messages about it being opened The infected file C Windows System drivers atapi sys is quot white-listed critical system file that should not be removed quot on AVGs infections page so I cannot seem to do anything about it Any help would be greatly appreciated thanks so much My HiJackThis Log Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Unknown Windows WinNT MSIE Internet Explorer v Boot mode Normal Running processes C Windows system taskhost exe C Windows system Dwm exe C Windows Explorer EXE C Program Files AVG AVG avgtray exe C Program Files iTunes iTunesHelper exe C Program Files Microsoft Office Office GrooveMonitor exe C Program Files Windows Live Messenger msnmsgr exe C Program Files Windows Live Contacts wlcomm exe C Windows system wuauclt exe C Program Files Mozilla Firefox firefox exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Rootkit-Pakes.U! horse Trojan removing. Help Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Trojan horse Rootkit-Pakes.U! Help removing. Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName O - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Program Files AVG AVG avgssie dll O - BHO no name - C C A-E - b - D - CECB - no file O - BHO Groove GFS Browser Helper - - C - D -B F - BBC D A E - C PROGRA MIF BA Office GR A DLL O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - HKLM Run AVG TRAY C PROGRA AVG AVG avgtray exe O - HKLM Run QuickTime Task quot C Program Files QuickTime QTTask exe quot -atboottime O - HKLM Run iTunesHelper quot C Program Files iTunes iTunesHelper exe quot O - HKLM Run GrooveMonitor quot C Program Files Microsoft Office Office GrooveMonitor exe quot O - HKLM Run MRT quot C Windows system MRT exe quot R O - HKCU Run msnmsgr quot C Program Files Windows Live Messenger msnmsgr exe quot background O - HKUS S- - - Run Sidebar ProgramFiles Windows Sidebar Sidebar exe autoRun User LOCAL SERVICE O - HKUS S- - - RunOnce mctadmin C Windows System mctadmin exe User LOCAL SERVICE O - HKUS S- - - Run Sidebar ProgramFiles Windows Sidebar Sidebar exe autoRun User NETWORK SERVICE O - HKUS S- - - RunOnce mctadmin C Windows System mctadmin exe User NETWORK SERVICE O - Extra context menu item E amp xport to Microsoft Excel - res C PROGRA MIF BA Office EXCEL EXE O - Extra button Send to OneNote - A- - f c- - EE C C - C PROGRA MIF BA Office ONBttnIE dll O - Extra Tools menuitem S amp end to OneNote - A- - f c- - EE C C - C PROGRA MIF BA Office ONBttnIE dll O - Extra button Research - B - CC- C -B BE- C C A - C PROGRA MIF BA Office REFIEBAR DLL O - Gopher Prefix O - Protocol grooveLocalGWS - FED C-F CA- -A - CB B CD - C PROGRA MIF BA Office GRA A DLL O - Protocol linkscanner - F C- F - D -A D -FBDDE F D - C Program Files AVG AVG avgpp dll O - AppInit DLLs avgrsstx dll O - Service Apple Mobile Device - Apple Inc - C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe O - Service AVG E-mail Scanner avg emc - A... Read more

https://forums.techguy.org/threads/trojan-horse-rootkit-pakes-u-help-removing.903932/
Relevancy 104.06%

Trojan horse Rootkit-Pakes.U infected Please could you help me eliminate Trojan horse Rootkit-Pakes.U that infected from my windows\systeme32\drivers\atapi.sys on a windows XP . Please help me .

Thank you
 

A:Trojan horse Rootkit-Pakes.U infected on XP

Thank you for receiving NO HELP !!! (
 

https://forums.techguy.org/threads/trojan-horse-rootkit-pakes-u-infected-on-xp.897368/
Relevancy 104.06%

Hi there!Please help me get rid of this virus from my computer (Windows Vista). It seems to be sometimes affecting my browsing experience, but AVG keeps popping up with this SKYNET infection Trojan horse Rootkit-Pakes.L. Thanks in advance!- CarmenP.S. I already downloaded MBAM (MalwareBytes) and am currently running it, what should I do after it's finished?

A:AVG detecting Trojan horse Rootkit-Pakes.L!

Post that log..The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Now We Need to check for Rootkits with RootRepealDownload RootRepeal from the following location and save it to your desktop.Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorExtract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).Open on your desktop.Click the tab.Click the button.Check all seven boxes: Push OkCheck the box for your main system drive (Usually C:), and press Ok.Allow RootRepeal to run a scan of your system. This may take some time.Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

http://www.bleepingcomputer.com/forums/t/256781/avg-detecting-trojan-horse-rootkit-pakesl/
Relevancy 104.06%

Please could you help me eliminate Trojan horse Rootkit-Pakes.U that infected from my windows\systeme32\drivers\atapi.sys on a windows XP .

Thank you
 

A:Trojan horse Rootkit-Pakes.U infected

Please do not create multiple threads for the same problem.
Continue here: http://forums.techguy.org/malware-removal-hijackthis-logs/897368-trojan-horse-rootkit-pakes-u.html
 

https://forums.techguy.org/threads/trojan-horse-rootkit-pakes-u-infected.897054/
Relevancy 104.06%

Pretty much self-explanatory...AVG keeps finding Trojan horse Rootkit-Pakes.BI in volsnap.sys.

OS is WIN XP Home...how should I proceed?

Thanx!

http://www.bleepingcomputer.com/forums/t/405369/avg-keeps-finding-trojan-horse-rootkit-pakesbi/
Relevancy 104.06%

Hello first timer here I ve been trying to help my roommate clean horse AVG Rootkit-Pakes.BI finding Trojan keeps up his PC as it had gotten to a point that it was almost unusable due to browser redirects and endless popups about fake virus scanners I ran GMER and MalwareBytes installed AVG keeps finding Trojan horse Rootkit-Pakes.BI AVG as he had no antivirus installed and switched out IE for Firefox All of this was done following guides on this site Unfortunately I didn t think to save logs or write down the infections found before I tried to clean them out Nevertheless after doing all of that the problems seemed to stop That was roughly two months ago Now AVG is coming up with an infection called Trojan horse Rootkit-Pakes BI in C WINDOWS system drivers volsnap sys I was hoping there was nothing worse than some spyware malware on his computer which is why I rolled up my sleeves and tried to fix it myself but I know when to admit that something is past my DIY abilities Here s the DDS log DDS Ver - - - NTFSx Run by Administrator at on Thu Internet Explorer Microsoft Windows XP Professional GMT - Running Processes C PROGRA AVG AVG avgchsvx exe C WINDOWS system nvsvc exe C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs svchost exe svchost exe C WINDOWS system spoolsv exe C WINDOWS Explorer EXE C Program Files Java jre bin jusched exe C WINDOWS system taskswitch exe C WINDOWS system RUNDLL EXE svchost exe C WINDOWS system spool drivers w x hpztsb exe C WINDOWS RTHDCPL EXE C Program Files AVG AVG avgtray exe C Program Files iTunes iTunesHelper exe C Program Files TomTom HOME TomTomHOMERunner exe C Program Files Common Files Apple Mobile Device Support AppleMobileDeviceService exe C WINDOWS system ctfmon exe C Program Files AVG AVG avgwdsvc exe C Program Files Bonjour mDNSResponder exe C WINDOWS System svchost exe -k HTTPFilter C Program Files AVG AVG Identity Protection agent bin avgidsmonitor exe C Program Files Java jre bin jqs exe C WINDOWS system PnkBstrA exe C WINDOWS system svchost exe -k imgsvc C Program Files TomTom HOME TomTomHOMEService exe C Program Files UPHClean uphclean exe C Program Files AVG AVG avgnsx exe C Program Files AVG AVG avgemcx exe C Program Files AVG AVG Identity Protection Agent Bin AVGIDSAgent exe C Program Files iPod bin iPodService exe C Program Files Java jre bin jucheck exe C PROGRA AVG AVG avgrsx exe C Program Files AVG AVG avgcsrvx exe C PROGRA TVvie g bar bin gbrmon exe C Documents and Settings Administrator Desktop gmer exe C WINDOWS Explorer EXE C Documents and Settings Administrator Desktop dds scr Pseudo HJT Report uStart Page hxxp home mywebsearch com index jhtml n C F F amp ptnrS Y xdm YYus amp ptb CA F- - B -A C-E CEF A uInternet Settings ProxyOverride local uURLSearchHooks N A e a f-a a- c - e - b fff - c program files tvvie g bar bin gSrcAs dll BHO AVG Safe Search ca f - f e- b -a e- e e c c - c program files avg avg avgssie dll BHO C C A-E - b - D - CECB - No File BHO Search Assistant BHO cb -b - e - ca - - c program files tvvie g bar bin gSrcAs dll BHO Windows Live Sign-in Helper d - c - abf- ecc- c - c program files common files microsoft shared windows live WindowsLiveLogin dll BHO Toolbar BHO d b e d-c a - fcf- a e- e a c - c progra tvvie g bar bin gbar dll BHO Java Plug-In SSV Helper dbc -a - b-bc - c c c a - c program files java jre bin jp ssv dll BHO JQSIEStartDetectorImpl Class e e f - ce- c -bc -eabfe f c - c program files java jre lib deploy jqs ie jqs plugin dll TB TVvie fc ff f-c - abb- a - c cd d e - c program files tvvie g bar bin gbar dll TB FA EF- D- D - B F- A D - No File uRun TomTomHOME exe quot c program files tomtom home TomTomHOMERunner exe quot uRun InstallIQUpdater quot c program files w i installiqupdater InstallIQUpdater exe quot silent autorun uRun Comrade exe c program files gamespy comrade Comrade exe uRun ctfmon exe c windows system ctfmon exe uRun WMPNSCFG c program files windows media player WMPNSCFG exe mRun PHI... Read more

A:AVG keeps finding Trojan horse Rootkit-Pakes.BI

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appear Click OKDeFogger may ask you to reboot the machine, if it does - click OKDo not re-enable these drivers until otherwise instructed.Download DDS:Please download DDS by sUBs from one of the links below and save it to your desktop:
Download DDS and save it to your desktop

Link1
Link2
Link3

Please disable any anti-malware program that will block scripts from running before running DDS.

Double-Click on dds.scr and a command window will appear. This is normal.Shortly after two logs will appear:
DDS.txt Attach.txtA window will open instructing you save & post the logsSave the logs to a convenient place such as your desktopCopy the contents of both logs & post in your next replyScan With RKUnHookerPlease Download Rootkit Unhooker Save it to your desktop.Now double-click on RKUnhookerLE.exe to run it.Click the Report tab, then click Scan.Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.Wait till the scanner has finished and then click File, Save Report.Save the report somewhere where you can find it. Click Close.Copy the entire contents of the report and paste it in a reply here.Note** you may get this warning it is ok, just ignore"Rootkit Unhooker has detected a parasite inside itself!It is recommended to remove parasite, okay?""just click on Cancel, then Accept".information and logs:In your next post I need the following

.logs from DDSlog from RKUnHookerlet me know of any problems you may have hadGringo

http://www.bleepingcomputer.com/forums/t/392810/avg-keeps-finding-trojan-horse-rootkit-pakesbi/
Relevancy 104.06%

Please could somebody help me to rid my computer of this virus AVG keep identifying but not removing it I have read about it on other topics and the Hijack this seems to be the only option so I have taken the liberty of posting mine Any assistance will be gratefully received Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C HJT HijackThis exeR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localO - BHO AcroIEHlprObj Class - e f-c d - d -b d- b d be b - C Program Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Program Files AVG AVG avgssie dllO - BHO no name - C C A-E - b - D - CECB - no file O - BHO Search Helper - EBF - F- bff-A F-B E AAC B - C Program Files Microsoft Search Enhancement Pack Search Helper SEPsearchhelperie dllO - BHO Groove GFS Browser Helper - - c - d Horse included! help Rootkit log - Trojan - M Please HJT Pakes -b f - bbc d a e - C Program Files Microsoft Office Office GrooveShellExtensions dllO - BHO Windows Live ID Sign-in Helper - D - C - ABF- ECC- C - C Trojan Horse Rootkit Pakes M - Please help - HJT log included! Program Files Common Trojan Horse Rootkit Pakes M - Please help - HJT log included! Files Microsoft Shared Windows Live WindowsLiveLogin dllO - BHO no name - af de - d - -b fa-ce b ad d - no file O - BHO Windows Live Toolbar Helper - E A DC - - A - EA-DC EC ACF - C Program Files Windows Live Toolbar wltcore dllO - Toolbar amp Windows Live Toolbar - FA EF- D- D - B F- A D - C Program Files Windows Live Toolbar wltcore dllO - HKLM Run SystemTray SysTray ExeO - HKLM Run CanonSolutionMenu C Program Files Canon SolutionMenu CNSLMAIN exe logonO - HKLM Run KernelFaultCheck systemroot system dumprep -kO - HKLM Run CanonMyPrinter C Program Files Canon MyPrinter BJMyPrt exe logonO - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottimeO - HKLM Run GrooveMonitor quot C Program Files Microsoft Office Office GrooveMonitor exe quot O - HKLM Run AVG TRAY C PROGRA AVG AVG avgtray exeO - HKLM Run muBlinder C Documents and Settings pc Desktop muBlinder exe -startupO - HKLM Run iTunesHelper quot C Program Files iTunes iTunesHelper exe quot O - HKCU Run kdx C Program Files Kontiki KHost exe -allO - HKCU Run BgMonitor E - C C- d f- C - D A B AA quot C Program Files Common Files Ahead Lib NMBgMonitor exe quot O - HKCU Run CTFMON EXE C WINDOWS system ctfmon exeO - HKCU Policies Explorer Run C Documents and Settings pc Application Data Microsoft Windows jcxcontainer exeO - HKUS S- - - - - - - Run kdx C Program Files Kontiki KHost exe -all User O - HKUS S- - - - - - - Run BgMonitor E - C C- d f- C - D A B AA quot C Program Files Common Files Ahead Lib NMBgMonitor exe quot User O - HKUS S- - - - - - - Run CTFMON EXE C WINDOWS system ctfmon exe User O - HKUS S- - - - - - - Policies Explorer Run C Documents and Settings pc Application Data Microsoft Windows jcxcontainer exe User O - HKUS S- - - Run CTFMON EXE C WINDOWS system CTFMON EXE User O - HKUS S- - - RunOnce Printing Migration rundll exe C WINDOWS system spool migrate dll ProcessWin xNetworkPrinters User O - HKUS DEFAULT Run CTFMON EXE C WINDOWS system CTFMON EXE User Default user O - HKUS DEFAULT RunOnce Printing Migration rundll exe C WINDOWS system spool migrate dll ProcessWin xNetworkPrinters User Default user O - Global Startup Windows Search lnk C Program Files Windows Desktop Search WindowsSearch exeO - Extra context... Read more

A:Trojan Horse Rootkit Pakes M - Please help - HJT log included!

Hey salvagewithasmile,Welcome to Bleepingcomputer! I'm Ltangelic and I'll be helping you fix your computer problem.Before we proceed, here are some things that you can take note of so that the cleaning up process will be more smooth and efficient. Do not worry, the points below are not any form of rules, it's just a few pointers that can ensure that you will get the best help from me. To ensure that you are informed of the latest replies to your thread, you may like to right click on Options at the top right hand corner of this page and select "Subscribe to this forum". That way, you will be notified via email when a reply was posted to your thread. If you have any doubts or uncertainty about any part of my instructions, feel free to post on here and ask me about them. Please do NOT attempt to run any tools or do any fixing on your own unless I tell you to, this will avoid any confusion that can occur during the cleaning process. Furthermore, fixing malware problems without sufficient knowledge can be dangerous at times and you can mess up your own computer without knowing. Please do not PM me for malware removal assistance, any request for malware removal assistance should be posted in this thread only. The only time you can and should PM me is when I have not been replying to you for several days (usually around 4 days) and you need an explanation. If that's the case, just send me a message to me on here. ;) Please do not start multiple topics (especially when you are already being assisted by an authorised staff). All staff are volunteers on here, starting multiple topics will waste the limited resource of manpower we have here at Bleepingcomputer and this can further hinder our ability to assist other users. Please be considerate and stick to one thread.I'm looking at your log now and will be back with a fix soon. Thanks for your patience and understanding.

http://www.bleepingcomputer.com/forums/t/304908/trojan-horse-rootkit-pakes-m-please-help-hjt-log-included/
Relevancy 104.06%

Hello My Presario notebook is infected with a trojan horse Rootkit-pakes u in drivers atapi sys whitelisted file I ran hjt and the log is below I m really Rootkit-Pakes.U horse infection Trojan not sure what to do next I appreciate any help Thanks in advance Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows Vista SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C Windows system Dwm exeC Windows system taskeng exeC Program Files Apoint K Apoint Trojan horse Rootkit-Pakes.U infection exeC Program Files Apoint K ApMsgFwd exeC Program Files Windows Defender MSASCui exeC Program Files Apoint K Apntex exeC Program Files iTunes iTunesHelper exeC Program Trojan horse Rootkit-Pakes.U infection Files IDT WDM sttray exeC Program Files HP QuickPlay QPService Trojan horse Rootkit-Pakes.U infection exeC Windows ehome ehtray exeC Windows ehome ehmsas exeC Windows system wuauclt exeC Windows explorer exeC Program Files Mozilla Firefox firefox exeC Program Files AVG AVG avgtray exeC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Start Page http www gamesville com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http ie redirect hp com svs rdr TYPE a rio amp pf cnnbR - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName O - Hosts localhostO - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelperShim dllO - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Program Files AVG AVG avgssie dllO - BHO no name - C C A-E - b - D - CECB - no file O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dllO - BHO Java Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files Java jre bin jp ssv dllO - HKLM Run Apoint C Program Files Apoint K Apoint exeO - HKLM Run UpdateLBPShortCut quot C Program Files CyberLink LabelPrint MUITransfer MUIStartMenu exe quot quot C Program Files CyberLink LabelPrint quot UpdateWithCreateOnce quot Software CyberLink LabelPrint quot O - HKLM Run UpdatePSTShortCut quot C Program Files CyberLink DVD Suite MUITransfer MUIStartMenu exe quot quot C Program Files CyberLink DVD Suite quot UpdateWithCreateOnce quot Software CyberLink PowerStarter quot O - HKLM Run UCam Menu quot C Program Files CyberLink YouCam MUITransfer MUIStartMenu exe quot quot C Program Files CyberLink YouCam quot update quot Software CyberLink YouCam quot O - HKLM Run Windows Defender ProgramFiles Windows Defender MSASCui exe -hideO - HKLM Run Malwarebytes Anti-Malware reboot quot C Program Files Malwarebytes Anti-Malware mbam exe quot runcleanupscriptO - HKLM Run Adobe Reader Speed Launcher quot C Program Files Adobe Reader Reader Reader sl exe quot O - HKLM Run Adobe ARM quot C Program Files Common Files Adobe ARM AdobeARM exe quot O - HKLM Run QuickTime Task quot C Program Files QuickTime QTTask exe quot -atboottimeO - HKLM Run iTunesHelper quot C Program Files iTunes iTunesHelper exe quot O - HKLM Run SysTrayApp C Program Files IDT WDM sttray exeO - HKLM Run QPService quot C Program Files HP QuickPlay QPService exe quot O - HKCU Run ehTray exe C Windows ehome ehTray exeO - HKCU Run WMPNSCFG C Program Files Windows Media Player WMPNSCFG exeO - Extra context menu item E amp xport to Microsoft Excel - res C PROGRA MICROS Office EXCEL EXE O - Extra button Send to OneNote - A- - f c- - EE C C - C PROGRA MICROS Office ONBttnIE dllO - Extra Tools menuitem S amp end to OneNote - A- - f c- - EE C C - C PROGRA MICROS Office ONBttnIE dllO - Extra button PokerStars - AD F C-... Read more

A:Trojan horse Rootkit-Pakes.U infection

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.[We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEnetsvcsmsconfigsafebootminimalsafebootnetworkactivexdrivers32%systemroot%\system32\*.dll /lockedfiles%systemroot%\Tasks\*.job /lockedfiles/md5starteventlog.dllscecli.dllnetlogon.dllcngaudit.dllsceclt.dllntelogon.dlllogevent.dlliaStor.sysnvstor.sysatapi.sysIdeChnDr.sysviasraid.sysAGP440.sysvaxscsi.sysnvatabus.sysviamraid.sysnvata.sysnvgts.sysiastorv.sysViPrt.syseNetHook.dllahcix86.sysKR10N.sysnvstor32.sysahcix86s.sysnvrd32.sys/md5stop%systemroot%\*. /mp /sPush the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt<--Will be minimizedIn the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.regards myrti

http://www.bleepingcomputer.com/forums/t/294813/trojan-horse-rootkit-pakesu-infection/
Relevancy 104.06%

Hi I have a bit HP PC running Windows XP SP AVG is reporting that Trojan Horse Rootkit-Pakes BI has infected c windows system driver volsnap sys I have attached a screen shot of the AVG report I have tried many things over the last couple of weeks try and get rid of it I cannot list everything I done because its all happened in a bit of a mess Most recently I have Run combofix I have attached the report I followed this by running the online scanner from eset which detected nothing Previously I have tried to run malware bytes anti-malware which also detected nothing Any help is most appreciated Matt ComboFix - - - Administrator - x Microsoft Windows XP Professional GMT Running from c documents and settings Administrator Desktop Malware Removal ComboFix exe AV AVG Anti-Virus Free Edition Disabled Updated DDD - FF- F- E B- D D BF Files Created from - - to - - - - - - -------- d-----w- c documents and settings Administrator Application Data SUPERAntiSpyware com - - - - -------- d-----w- c program files SUPERAntiSpyware - - - - -------- d-----w- c documents and settings All Users Application Data SUPERAntiSpyware com - - - - -------- d-----w- c documents and settings Administrator AppData - - - - -------- d-----w- c documents and settings Administrator Application Data Search Settings - - - - -------- d-----w- c program files Application Updater - - - - -------- d-----w- c program files IObit Apps Toolbar - - - - -------- d-----w- c program files Common Files Spigot - - - - -------- d-----w- c documents and settings Administrator Local Settings Application Data libimobiledevice - - - - -------- d-----w- C MGtools - - - - -------- d-----w- c program files HitmanPro - - - - -------- d-----w- c Detected Rootkit-Pakes.BI by Trojan AVG Horse documents and settings All Users Application Data HitmanPro - - - - -------- d-----w- C TDSSKiller Quarantine - - - - -------- d-----w- c documents and settings Administrator Application Data Malwarebytes - - - - -------- d-----w- c documents and settings All Users Application Data Malwarebytes - - - - Trojan Horse Rootkit-Pakes.BI Detected by AVG -------- d-----w- c program files Malwarebytes' Anti-Malware - - - - ----a-w- c windows system drivers mbam sys - - - - -------- d-----w- c documents and settings Administrator Application Data IObit Apps - - - - -------- d-----w- c documents and settings Administrator Application Data AVG - - - - -------- d-----w- c documents and settings Administrator Application Data TuneUp Software - - - - -------- d-----w- c documents and settings All Users Application Data AVG - - - - -------- d-----w- C AVG - - - - -------- d-----w- c program files AVG - - - - -------- d--h--w- c documents and settings All Users Application Data Common Files - - - - -------- d-----w- c documents and settings All Users Application Data MFAData - - - - -------- d-----w- c documents and settings Administrator Local Settings Application Data Avg - - - - -------- d-----w- c documents and settings Administrator Local Settings Application Data MFAData - - - - -------- d-----w- c documents and settings All Users Application Data CED F A- F- EC-B C- EAF D DB A - - - - ----a-w- C cc reg Find M Report - - - - ----a-w- c windows system FlashPlayerApp exe - - - - ----a-w- c windows system FlashPlayerCPLApp cpl - - - - ----a-w- C MGlogs zip Reg Loading Points Note empty entries amp legit default entries are not shown REGEDIT HKEY LOCAL MACHINE software microsoft windows currentversion explorer shelliconoverlayidentifiers DropboxExt FB ED -A - B - E -CDD E AF B HKEY CLASSES ROOT CLSID FB ED -A - B - E -CDD E AF B - - ----a-w- c documents and settings Administrator Application Data Dropbox bin DropboxExt dll HKEY LOCAL MACHINE software microsoft windows currentversion explorer shelliconoverlayidentifiers DropboxExt FB EDA-A - B - E -CDD E AF B HKEY CLASSES ROOT CLSID FB EDA-A - B - E -CDD E AF B - - ----a-w- c documents and settings Administrator Application Data Dropbox bin DropboxExt dll HKEY LOC... Read more

A:Trojan Horse Rootkit-Pakes.BI Detected by AVG

Hello scatymaty Welcome to The Forums!!Around here they call me Gringo and I'll be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.-Security Check-Download Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.-AdwCleaner-Please download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Delete.Confirm each time with Ok.Your computer will be rebooted automatically. A text file will open after the restart.Please post the content of that logfile with your next answer.You can find the logfile at C:\AdwCleaner[S1].txt as well.--RogueKiller--Download & SAVE to your Desktop RogueKiller or from here Quit all programs that you may have started.Please disconnect any USB or external drives from the computer before you run this scan!For Vista or Windows 7, right-click and select "Run as Administrator to start"For Windows XP, double-click to start.Wait until Prescan has finished ...Then Click on "Scan" buttonWait until the Status box shows "Scan Finished"click on "delete"Wait until the Status box shows "Deleting Finished"Click on "Report" and copy/paste the content of the Notepad into your next reply.The log should be found in RKreport[1].txt on your DesktopExit/Close RogueKiller+Gringo

http://www.bleepingcomputer.com/forums/t/486662/trojan-horse-rootkit-pakesbi-detected-by-avg/
Relevancy 104.06%

Hi, Please help me rid my computer of this virus. It does not seem to be affecting my browsing experience, but AVG keeps popping up with this SKYNET infection Trojan horse Rootkit-Pakes.L. I remove them and they keep coming back. Thanks in advance.

A:AVG detecting Trojan horse Rootkit-Pakes.L

Hello and welcome. Let's do these.Next run MBAM (MalwareBytes):NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list of any malware that was found.Make sure that everything is checked, and click Remove Selected.When removal is completed, a log report will open in Notepad.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Exit MBAM when done.Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.We Need to check for Rootkits with RootRepealDownload RootRepeal from the following location and save it to your desktop.Zip Mirrors (Recommended)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorExtract RootRepeal.exe from the archive.Open on your desktop.Click the tab.Click the button.Check all seven boxes: Push OkCheck the box for your main system drive (Usually C:), and press Ok.Allow RootRepeal to run a scan of your system. This may take some time.Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

http://www.bleepingcomputer.com/forums/t/248867/avg-detecting-trojan-horse-rootkit-pakesl/
Relevancy 103.63%

Today I turned on my computer and a message from AVAST said that the file C Windows System Drivers szkimzl sys and C WINDOWS and C:\WINDOWS\system32\drivers\atapi.sys C:\Windows\System32\Drivers\szkimzl.sys system drivers atapi sys was infected So I pressed 'delete' and I turned on my internet which was working fine the other day C:\Windows\System32\Drivers\szkimzl.sys and C:\WINDOWS\system32\drivers\atapi.sys and it wouldn't work I thought it might have been firefox but I tried IE Chrome and Opera none of the worked I have three other computers which are all on the same modem and they all work fine DDS Log DDS Ver - - - NTFSx Run by HP Administrator at on Sat Internet Explorer BrowserJavaVersion Microsoft Windows XP Professional GMT - AV AVG Anti-Virus Free On-access scanning disabled Outdated DDD - FF- F- E B- D D BF AV avast antivirus VPS - On-access scanning enabled Outdated DB - F - A -B - A FD D FW Norton Internet Worm Protection disabled F - CEE- EA-A A-D ADD EA E Running Processes C WINDOWS system nvsvc exe C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs svchost exe svchost exe C Program Files Alwil Software Avast aswUpdSv exe C Program Files Alwil Software Avast ashServ exe C WINDOWS Explorer EXE C WINDOWS system ctfmon exe C PROGRA ALWILS Avast ashDisp exe C WINDOWS system RUNDLL EXE C WINDOWS ehome ehtray exe C Program Files SUPERAntiSpyware SUPERAntiSpyware exe C WINDOWS system spoolsv exe svchost exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C WINDOWS arservice exe C Program Files Bonjour mDNSResponder exe C WINDOWS eHome ehRecvr exe C WINDOWS eHome ehSched exe C Program Files Java jre bin jqs exe C Program Files Common Files LightScribe LSSrvc exe C Program Files MySQL MySQL Server bin mysqld-nt exe svchost exe C WINDOWS system svchost exe -k imgsvc C Program Files Alwil Software Avast ashWebSv exe C WINDOWS system wscntfy exe C WINDOWS system dllhost exe C WINDOWS eHome ehmsas exe C Documents and Settings HP Administrator Desktop dds scr Pseudo HJT Report uStart Page hxxp www comcast net uInternet Connection Wizard ShellNext iexplore uInternet Settings ProxyServer http BHO d -ce - - - d d a e - c windows system awttSlmm dll BHO Windows Live Sign-in Helper d - c - abf- ecc- c - c program files common files microsoft shared windows live WindowsLiveLogin dll BHO JQSIEStartDetectorImpl Class e e f - ce- c -bc -eabfe f c - c program files java jre lib deploy jqs ie jqs plugin dll TB E BD F- B D- E- BE-BE DF D AE - No File TB A A -BACC- D - - A E E - No File TB Yahoo Toolbar ef bd -c fb- d - f- d f - uRun ctfmon exe c windows system ctfmon exe uRun SUPERAntiSpyware c program files superantispyware SUPERAntiSpyware exe mRun avast c progra alwils avast ashDisp exe mRun NvCplDaemon RUNDLL EXE c windows system NvCpl dll NvStartup mRun NvMediaCenter RUNDLL EXE c windows system NvMcTray dll NvTaskbarInit mRun ftutil rundll exe ftutil dll SetWriteCacheMode mRun ehTray c windows ehome ehtray exe mRun AlwaysReady Power Message APP ARPWRMSG EXE dRun ctfmon exe c windows system ctfmon exe dRun vmamyovr c windows system config systemprofile local settings application data jaahjq nnitsysguard exe dRun ygua e yhuiesfha yfauy fe c windows temp ma xj exe dPolicies-explorer NoFolderOptions x dPolicies-system DisableRegistryTools x IE E amp xport to Microsoft Excel - c progra micros office EXCEL EXE IE Save YouTube Video IE Save YouTube Video as MP IE E D D B- - a -B F- D D C - c windows pchealth helpctr vendors cn hewlett-packard l cupertino s ca c us iebutton support htm IE e e dd -d - - b -f ba - windir Network Diagnostic xpnetdiag exe IE FB F -F - d -BB E- C F - c program files messenger msmsgs exe IE A- - f c- - EE C C - E -E D - - C-F F E C - c progra micros office ONBttnIE dll IE B - CC- C -B BE- C C A - FF E -CC A- E E-BF B- E D - c progra micros office REFIEBAR DLL DPF ECD A- D - AF -BA A- F B D - hxxp xiah gamescampus com luncher GamesC... Read more

A:C:\Windows\System32\Drivers\szkimzl.sys and C:\WINDOWS\system32\drivers\atapi.sys

Hello iJoe,

Is there any reason you ran RootRepeal instead of gmer? I'd prefer a log from gmer as outlined in our pre-posting topic.



Download GMER Rootkit Scanner from here or here. Extract the contents of the zipped file to desktop.
Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.



Click the image to enlarge it


In the right panel, you will see several boxes that have been checked. Uncheck the following ... Sections
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Please attach the ark.txt in your next reply

http://www.techsupportforum.com/forums/f50/c-windows-system32-drivers-szkimzl-sys-and-c-windows-system32-drivers-atapi-sys-452479.html
Relevancy 102.77%

Hi there I ve gotten Please Rootkit-Pakes.U! remove the Trojan threat! horse help Trojan horse Rootkit-Pakes U somehow and my Resident Alert shield has been popping up frequently with messages about it being opened The infected file C Windows System drivers atapi sys is quot white-listed critical system file that should not be removed quot on AVGs infections page Trojan horse Rootkit-Pakes.U! Please help remove the threat! so I cannot seem to do anything about it Any help would be greatly appreciated thanks so much Any way to remove it would be welcome Here is my HJT logfile Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows Vista SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C Windows system Dwm exe C Windows system taskeng exe C Windows Explorer EXE C Windows system taskeng exe C Program Files Sony Wireless Switch Setting Utility Switcher exe Trojan horse Rootkit-Pakes.U! Please help remove the threat! C Program Files Sony VAIO Update VAIOUpdt exe C Program Files Windows Defender MSASCui exe C Program Files Synaptics SynTP SynTPEnh exe C Program Files Adobe Acrobat Acrobat Acrotray exe C Program Files Sony ISB Utility ISBMgr exe C Program Files Java jre bin jusched exe C Program Files iTunes iTunesHelper exe C Program Files AVG AVG avgtray exe C Windows system wuauclt exe C Program Files ATI Technologies ATI ACE Core-Static MOM EXE C Program Files Spybot - Search amp Destroy TeaTimer exe C Program Files WIDCOMM Bluetooth Software BTTray exe C Program Files WIDCOMM Bluetooth Software BtStackServer exe C Program Files ATI Technologies ATI ACE Core-Static CCC exe C Users Anton AppData Local Google Chrome Application chrome exe C Users Anton AppData Local Google Chrome Application chrome exe C Users Anton AppData Local Google Chrome Application chrome exe C Users Anton AppData Local Google Chrome Application chrome exe C Users Anton AppData Local Google Chrome Application chrome exe C Users Anton AppData Local Google Chrome Application chrome exe C Users Anton AppData Local Google Chrome Application chrome exe C Program Files AVG AVG avgui exe C Program Files AVG AVG avgcsrvx exe C Program Files Trend Micro HijackThis HijackThis exe C Windows system SearchFilterHost exe C Program Files AVG AVG avgcsrvx exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL http www club-vaio com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www club-vaio com R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName O - Hosts localhost O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO flashget urlcatch - F -AA - B - F D- A B E EF - C Program Files FlashGet jccatch dll O - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Program Files AVG AVG avgssie dll O - BHO Spybot-S amp D IE Protection - - F - D - - D F - C Program Files Spybot - Search amp Destroy SDHelper dll O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dll O - BHO Adobe PDF Conversion Toolbar Helper - AE CD -E - f- - EE - C Program Files Adobe Acrobat Acrobat AcroIEFavClient dll O - BHO Browser Address Error Redirector - CA C - B - E-A -A C DB F - C PROGRA GOOGLE BAE dll O - BHO Java tm Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files Java jre bin jp ssv dll O - BHO FlashGet GetFlash Class - F ... Read more

A:Trojan horse Rootkit-Pakes.U! Please help remove the threat!

Well, I've seem to have fixed it.

The infected atapi.sys is a file for my Intel ICH8M 3 port Serial ATA controller. I uninstalled the driver, then it reinstalled itself automatically. I don't get any messages about it being there any more. Hopefully it's gone for good.
 

https://forums.techguy.org/threads/trojan-horse-rootkit-pakes-u-please-help-remove-the-threat.870022/
Relevancy 102.34%

DDS TXT Log DDS Ver - - - NTFSx Run by OEM Preinstall at on Fri Internet Explorer Microsoft Windows XP Home Edition GMT - AV AVG Anti-Virus Free On-access scanning enabled Updated DDD - FF- F- E B- D D BF AV AntiVir Desktop On-access scanning enabled Updated AD - F - A-A -FDD C AV McAfee VirusScan On-access scanning enabled Updated B EE - - CDE-A A-DD BA FAD FW McAfee Personal Firewall enabled B - C F- -BDA - CA DA E Running Processes C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs C WINDOWS system svchost exe -k WudfServiceGroup svchost exe svchost exe C Program Files AVG AVG avgchsvx exe C Program Files AVG AVG avgrsx exe C Program Files AVG AVG avgcsrvx exe C WINDOWS system spoolsv exe C Program Files Avira AntiVir Desktop sched exe svchost exe C Program Files comcasttb ComcastSpywareScan ComcastAntiSpyService exe C Program Files Avira AntiVir in with located Pakes.u Infected C:/windows/system32/drivers/atapisys.dll Desktop avguard exe C Infected with Pakes.u located in C:/windows/system32/drivers/atapisys.dll Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files AVG AVG avgwdsvc exe C WINDOWS system gearsec exe C Program Files CA PPRT bin ITMRTSVC exe C Program Files Java jre bin jqs exe C PROGRA McAfee MSC mcmscsvc exe c Infected with Pakes.u located in C:/windows/system32/drivers/atapisys.dll PROGRA COMMON mcafee mna mcnasvc exe c PROGRA COMMON mcafee mcproxy mcproxy exe C Program Files AVG AVG avgnsx exe C PROGRA McAfee VIRUSS mcshield exe C Program Files McAfee MPF MPFSrv exe C WINDOWS system svchost exe -k imgsvc C Program Files providerComcast bin tgsrvc exe C WINDOWS system SearchIndexer exe c PROGRA mcafee com agent mcagent exe C WINDOWS Explorer EXE C WINDOWS system igfxpers exe C Program Files Java jre bin jusched exe C Program Files CyberLink PowerDVD PDVDServ exe C Program Files HP HP Software Update HPWuSchd exe C Program Files QuickTime QTTask exe C PROGRA AVG AVG avgtray exe C Program Files Avira AntiVir Desktop avgnt exe C Program Files comcasttb ComcastSpywareScan ComcastAntispy exe C WINDOWS system ctfmon exe C Program Files HP Digital Imaging bin hpqtra exe C Program Files Nikon PictureProject NkbMonitor exe C Program Files Windows Desktop Search WindowsSearch exe C PROGRA McAfee VIRUSS mcsysmon exe C Program Files HP Digital Imaging bin hpqSTE exe C Program Files HP Digital Imaging bin hpqimzone exe C Program Files comcasttb CIDGlobalLight exe C Program Files Internet Explorer IEXPLORE EXE C Program Files Internet Explorer IEXPLORE EXE C Program Files Internet Explorer IEXPLORE EXE C Documents and Settings OEM Preinstall Desktop dds scr C WINDOWS system SearchProtocolHost exe Pseudo HJT Report mStart Page hxxp www google com uInternet Settings ProxyOverride lt local gt uURLSearchHooks H - No File BHO AVG Safe Search ca f - f e- b -a e- e e c c - c program files avg avg avgssie dll BHO scriptproxy db d a - - e -b d- f c - c progra mcafee viruss scriptsn dll TB Comcast Toolbar ceea e-c - - e b- b a f b - c program files comcasttb comcastdx dll TB E BD F- B D- E- BE-BE DF D AE - No File uRun updateMgr c program files adobe acrobat reader AdobeUpdateManager exe AcRdB uRun ComcastAntispyClient quot c program files comcasttb comcastspywarescan ComcastAntispy exe quot hide uRun ctfmon exe c windows system ctfmon exe mRun igfxtray c windows system igfxtray exe mRun igfxhkcmd c windows system hkcmd exe mRun igfxpers c windows system igfxpers exe mRun SunJavaUpdateSched quot c program files java jre bin jusched exe quot mRun NeroFilterCheck c program files common files ahead lib NeroCheck exe mRun RemoteControl quot c program files cyberlink powerdvd PDVDServ exe quot mRun HP Software Update c program files hp hp software update HPWuSchd exe mRun QuickTime Task quot c program files quicktime QTTask exe quot -atboottime mRun iTunesHelper quot c program files itunes iTunesHelper exe quot mRun mcagent exe quot c program file... Read more

A:Infected with Pakes.u located in C:/windows/system32/drivers/atapisys.dll

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.regards _temp_

http://www.bleepingcomputer.com/forums/t/268170/infected-with-pakesu-located-in-cwindowssystem32driversatapisysdll/
Relevancy 101.91%

when i try to install windows service pack 4 it says that
c:\windows\system32\drivers\atapi.sys is open or in use by another application
 

A:c:\windows\system32\drivers\atapi.sys

Found this on google.
do you have a cd-emulator (like daemon-tools) installed ?
I needed to uninstall it to get sp1 running.
 

https://forums.techguy.org/threads/c-windows-system32-drivers-atapi-sys.337823/
Relevancy 101.91%

I know my computer is infected becasue when I try to click on a link I m redirected to another site and sometimes I get some weird popups I ran SUPERAntiSpyware and AVG and it just says I have C:\WINDOWS\system32\drivers\atapi.sys tracking ads but C:\WINDOWS\system32\drivers\atapi.sys nothing else but every so often I get a warning from AVG about C C:\WINDOWS\system32\drivers\atapi.sys WINDOWS system drivers atapi sys being infected but nothing happensThanks for your help DDS Ver - - - NTFSx Run by Administrator at on Thu Internet Explorer Microsoft Windows XP Professional GMT - AV Paladin Antivirus On-access scanning enabled Outdated e e b- e- - c-f c d b Running Processes C WINDOWS system svchost -k DcomLaunchsvchost exeC WINDOWS System svchost exe -k netsvcsC WINDOWS system S EvMon exeC Program Files AVG AVG avgchsvx exeC Program Files AVG AVG avgrsx exeC Program Files Common Files Microsoft Shared Ink KeyboardSurrogate exesvchost exesvchost exeC Program Files AVG AVG avgcsrvx exeC WINDOWS system spoolsv exeC Program Files AVG AVG Identity Protection Agent Bin AVGIDSAgent exesvchost exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files AVG AVG avgwdsvc exeC Program Files AVG AVG avgfws exeC Program Files Bonjour mDNSResponder exeC WINDOWS System digtizer exeC Program Files Java jre bin jqs exeC Program Files Common Files Microsoft Shared VS Debug mdm exeC WINDOWS system RegSrvc exeC Program Files AVG AVG avgam exeC Program Files AVG AVG avgnsx exeC Program Files AVG AVG avgcsrvx exeC WINDOWS system ZCfgSvc exeC WINDOWS SYSTEM WISPTIS EXEC WINDOWS System tabbtnu exeC WINDOWS Explorer EXEC WINDOWS system ctfmon exeC WINDOWS system XConfig exeC Program Files Common Files Microsoft Shared Ink TCServer exeC WINDOWS AGRSMMSG exeC Program Files Fujitsu Utils fjevents exeC Program Files Fujitsu Utils FjDspMon exeC Program Files Fujitsu Utils FjMnuIco exeC Program Files Fujitsu Fujitsu Hotkey Utility IndicatorUty exeC Program Files Fujitsu BtnHnd BtnHnd exeC Program Files Java jre bin jusched exeC Program Files iTunes iTunesHelper exeC PROGRA AVG AVG avgtray exeC Program Files SUPERAntiSpyware SUPERAntiSpyware exeC WINDOWS system igfxext exeC Program Files Common Files Microsoft Shared Ink TabTip exeC Program Files AVG AVG Identity Protection agent bin avgidsmonitor exeC Program Files iPod bin iPodService exeC Program Files Internet Explorer iexplore exeC Program Files iTunes iTunes exeC Program Files Adobe Acrobat Reader AcroRd exeC WINDOWS system calc exeC Documents and Settings Administrator Local Settings Temporary Internet Files Content IE XUKRUP Defogger exeC Documents and Settings Administrator Local Settings Temporary Internet Files Content IE V GGL Z dds scr Pseudo HJT Report uStart Page hxxp www google com uInternet Connection Wizard ShellNext hxxp us fujitsu com computersBHO AcroIEHlprObj Class e f-c d - d -b d- b d be b - c program files adobe acrobat reader activex AcroIEHelper dllBHO AVG Safe Search ca f - f e- b -a e- e e c c - c program files avg avg avgssie dllBHO Java Plug-In SSV Helper dbc -a - b-bc - c c c a - c program files java jre bin jp ssv dllBHO JQSIEStartDetectorImpl Class e e f - ce- c -bc -eabfe f c - c program files java jre lib deploy jqs ie jqs plugin dllTB CCC A -B CA- -B A - F DD - No FileuRun ctfmon exe c windows system ctfmon exeuRun MSMSGS quot c program files messenger msmsgs exe quot backgrounduRun SUPERAntiSpyware c program files superantispyware SUPERAntiSpyware exemRun TabletWizard c windows help SplshWrp exemRun TabletTip quot c program files common files microsoft shared ink tabtip exe quot resumemRun HotKeysCmds c windows system hkcmd exemRun AGRSMMSG AGRSMMSG exemRun lt NO NAME gt mRun FjEvents c program files fujitsu utils fjevents exemRun FjDspMon c program files fujitsu utils FjDspMon exemRun Fujitsu Menu c program files fujitsu utils FjMnuIco exemRun IndicatorUtility c p... Read more

A:C:\WINDOWS\system32\drivers\atapi.sys

Hi aweber422,Welcome to Virus/Trojan/Spyware/Malware Removal (VTSMR) forum. I am going to assist you with your problem.Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. Please let me know in your next reply if you agree with this.************Your log(s) show that you are using so called peer-to-peer or file-sharing programs. These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."Removal InstructionsDownload ComboFix from one of these locations:Link 1Link 2Link 3* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools. (Information on A/V control HERE)Double click on ComboFix.exe & follow the prompts.You will get a warning about the not trusted download sites for ComboFix, click Yes.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please copy and paste the C:\ComboFix.txt in your next reply.

http://www.bleepingcomputer.com/forums/t/304114/cwindowssystem32driversatapisys/
Relevancy 101.91%

Once I started my computer Pop-ups from AVAST said that C WINDOWS system drivers C:\WINDOWS\system32\drivers\atapi.sys atapi sys was infected I do not know how to remove or fix the problem Here's the DDS DDS Ver - - - NTFSx Run by HP Administrator C:\WINDOWS\system32\drivers\atapi.sys at on Tue Internet Explorer BrowserJavaVersion Microsoft Windows XP Professional GMT - AV AVG Anti-Virus Free On-access scanning disabled Outdated DDD - FF- F- E B- D D BF AV avast antivirus VPS - On-access scanning enabled Updated DB - F - A -B - A FD D FW Norton Internet Worm Protection disabled F - CEE- EA-A A-D ADD EA E Running Processes C WINDOWS system nvsvc exe C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs svchost exe svchost C:\WINDOWS\system32\drivers\atapi.sys exe C Program Files Alwil Software Avast aswUpdSv exe C Program Files Alwil Software Avast ashServ exe C WINDOWS Explorer EXE C WINDOWS system ctfmon exe C PROGRA ALWILS Avast ashDisp exe C WINDOWS system RUNDLL EXE C Program Files Common Files Real Update OB realsched exe C Program Files Common Files InstallShield UpdateService issch exe C WINDOWS system spoolsv exe C Program Files Pando Networks Media Booster PMB exe svchost exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C WINDOWS arservice exe C Program Files Bonjour mDNSResponder exe C WINDOWS eHome ehRecvr exe C WINDOWS eHome ehSched exe C Program Files Java jre bin jqs exe C Program Files AIM aolsoftware exe C Program Files Common Files LightScribe LSSrvc exe C Program Files MySQL MySQL Server bin mysqld-nt exe svchost exe C WINDOWS system svchost exe -k imgsvc C Program Files Alwil Software Avast ashMaiSv exe C WINDOWS system wscntfy exe C Program Files Alwil Software Avast ashWebSv exe C WINDOWS system dllhost exe C Program Files Adobe Acrobat Reader AcroRd exe C Program Files Mozilla Firefox firefox exe C Program Files Windows Live Messenger msnmsgr exe C Program Files Windows Live Contacts wlcomm exe C Documents and Settings HP Administrator Desktop dds scr Pseudo HJT Report uStart Page hxxp www daum net uInternet Connection Wizard ShellNext iexplore BHO d -ce - - - d d a e - c windows system awttSlmm dll BHO Windows Live Sign-in Helper d - c - abf- ecc- c - c program files common files microsoft shared windows live WindowsLiveLogin dll BHO JQSIEStartDetectorImpl Class e e f - ce- c -bc -eabfe f c - c program files java jre lib deploy jqs ie jqs plugin dll TB E BD F- B D- E- BE-BE DF D AE - No File TB A A -BACC- D - - A E E - No File TB Yahoo Toolbar ef bd -c fb- d - f- d f - uRun SUPERAntiSpyware c program files superantispyware SUPERAntiSpyware exe uRun ctfmon exe c windows system ctfmon exe uRun PlayNC Launcher uRun Aim quot c program files aim aim exe quot d locale en-US ee aol imApp uRun Pando Media Booster c program files pando networks media booster PMB exe mRun avast c progra alwils avast ashDisp exe mRun NvCplDaemon RUNDLL EXE c windows system NvCpl dll NvStartup mRun nwiz nwiz exe install mRun NvMediaCenter RUNDLL EXE c windows system NvMcTray dll NvTaskbarInit mRun TkBellExe quot c program files common files real update ob realsched exe quot -osboot mRun ISUSScheduler quot c program files common files installshield updateservice issch exe quot -start mRun QuickTime Task quot c program files quicktime QTTask exe quot -atboottime mRun Malwarebytes Anti-Malware reboot quot c program files malwarebytes' anti-malware mbam exe quot runcleanupscript mRun ISUSPM Startup c progra common instal update isuspm exe -startup dRun ctfmon exe c windows system ctfmon exe IE E amp xport to Microsoft Excel - c progra micros office EXCEL EXE IE Save YouTube Video IE Save YouTube Video as MP IE E D D B- - a -B F- D D C - c windows pchealth helpctr vendors cn hewlett-packard l cupertino s ca c us iebutton support htm IE e e dd -d - - b -f ba - windir Network Diagnostic xpnetdiag exe... Read more

A:C:\WINDOWS\system32\drivers\atapi.sys

Hello and welcome to Bleeping Computer! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREElle

http://www.bleepingcomputer.com/forums/t/280819/cwindowssystem32driversatapisys/
Relevancy 100.62%

This ATAPI.SYS infection seems to have installed on my PC. So far I'm not having too many problems on Windows 7 32 bit apart from AVG Free popping up and telling me that it detected an infection. I want to get rid of it though. I googled the problem and read that it could be removed with ComboFix. I ran it twice and AVG still sees the file. I read afterwards that I shouldn't have ran the file myself.....I want to post the log file of ComboFix's first scan, but unfortunately the second one overwrote it...Here's the second one: http://rapidshare.com/files/348612046/ComboFix.txt.htmlAnyone have any ideas on what I could do to get this cleaned up?

A:Windows/system32/drivers/atapi.sys problem

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

http://www.bleepingcomputer.com/forums/t/294645/windowssystem32driversatapisys-problem/
Relevancy 100.62%

Hello, I need help with this virus, as it has infected my core system files, namely
C:\WINDOWS\system32\drivers\ntfs.sys with Trojan Horse Rootkit-Pakes.M
C:\WINDOWS\system32\braviax.exe with Trojan horse Injector.FH
C:\WINDOWS\system32\dllcache\fiagaro.sys with Trojan horse BackDoor.Generic11.AINT
and a non core system file
C:\Documents and Settings\Leon\msword98.exe with Trojan Horse Crypt.GHK

as reported by AVG. Windows failed to boot because of the ntfs.sys file missing and i had to replace it from disk, and i think it has been corrupted. I googled a bit, Is the Injector the source of the virus?
I also need help, as HijackThis cannot install, when i press install, the program seems to unpack HijackThis, but the program Hiackthis itself does not work. Will try to get a log of it.
thanks in advance.
 

A:XP Trojan horse Rootkit-Pakes.M , BackDoor.Generic11.AINT and Injector.FH

https://forums.techguy.org/threads/xp-trojan-horse-rootkit-pakes-m-backdoor-generic11-aint-and-injector-fh.851925/
Relevancy 99.76%

I am trying to download SP3 for windows xp but the error message "c:\windows\system32\drivers\atapi.sys is open or in use by another application. close all other applications and click retry." I have uninstalled (and deleted the folders) all virtual drivers, and even the cd/dvd drive. I have scanned my computer for viruses, malware, and spyware and removed all threats as well. I have also tried moving "atapi" to a different folder and renaming it but when I try a message comes up that says it is in use. I have no more ideas and the internet solutions are not working or don't apply. I am very frusterated! Please help!
 

A:Solved: c:\windows\system32\drivers\atapi.sys is open or in use

Solve 1:

This may occur if u have these programs installed
Alcohol 120% ,Daemon tools
http://support.microsoft.com/kb/884675/en-us
Check this link to continue with ur installation..

Solve 2:

If you are unable to determine which 3rd-party software is causing this issue, then here is a method of installing SP3 that avoids most 3rd-party conflicts:​ - download the stand-alone SP3 installer from http://www.microsoft.com/downloads/...A8-5E76-401F-BE08-1E1555D4F3D4&displaylang=en and save it at a known place on hard disk.​ - use "msconfig" to select "Diagnostic Startup", and re-boot Windows.​ - dismiss "msconfig" when it pops up after restart.​ - now launch the SP3 updater from the known place where you saved it.​ - when the SP3 update has all finished (involves at least one restart), use "msconfig" to select "Normal Startup", and re-boot Windows.

Solve 3:

Check out this 3 step process:-

Step1:
Go google "Unlocker Assistance" and download the software (or the link is provided below), it's free and very useful program. This program can unlock or kill or delete any files that's being used, no matter what situation the file is on, it can unlock the file or kill the process which is using it. (The icon looks like a star magic wand, that's the right program)
Download the software below if you have trouble finding it.
http://ccollomb.free.fr/unlocker/

Step 2:
After you install the program, then go in your My Computer, and right click on the C:\ and click on Search. Then find the keyword "atapi.sys" that the error message mentioned. You will see an icon that looks like a white sheet of paper, right click on that and choose "Unlocker" on the menu. This might start by default . After that a window should pop up showing you which program is currently using the file, I think it was "System". Now you need to click either on the "Unlock" or "Unlock All".

Step 3:
After that, the "atapi.sys" file should be unlocked. Now, go back to the error message and you should see "Retry" or something like that, then just click on that. the process will continue on.

BEFORE INSTALLING SP3: (items in bold are imperative)
Run CCleaner to get rid of unnecessary junk on my system
Make sure to have at least 900MB of available disk space on the C: (system) drive
Run CHKDSK on my C: (system) drive to make sure it is OK
Run a full scan with anti-virus and anti-spyware apps to make sure there is no malware on my system
Run the defragmenter
Make a full backup of my C: (system) drive(for restoring if things dont work out well)
Shut down all user applications and processes
Disable my network connection
Shut down my firewall
Disable all active anti-virus and anti-spyware applications
Disable any other security software

 

https://forums.techguy.org/threads/solved-c-windows-system32-drivers-atapi-sys-is-open-or-in-use.923813/
Relevancy 99.76%

Hi there My computer is infected and restore points have been deleted by the invaders so I d really appreciate your help Logfile of Trend Micro HijackThis v Scan saved at on - - Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C Program Files Windows Defender MsMpEng exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C horse Rootkit-Pakes.M, Infected braviax.exe and virus - BackDoor.Generic11 Trojan Program Infected - Trojan horse Rootkit-Pakes.M, BackDoor.Generic11 and braviax.exe virus Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C PROGRA AVG AVG avgwdsvc exe C Infected - Trojan horse Rootkit-Pakes.M, BackDoor.Generic11 and braviax.exe virus WINDOWS System CTsvcCDA exe C Program Files Java jre bin jqs exe C WINDOWS System svchost exe C Program Files Google Update GoogleUpdate exe C Program Files Google Update GoogleCrashHandler exe C WINDOWS System MsPMSPSv exe C PROGRA AVG AVG avgrsx exe C Program Files iPod bin iPodService exe C WINDOWS System svchost exe C WINDOWS System svchost exe C WINDOWS System svchost exe C WINDOWS Explorer EXE C WINDOWS system dla tfswctrl exe C Program Files iTunes iTunesHelper exe C PROGRA AVG AVG avgtray exe C Program Files Common Files Real Update OB realsched exe C WINDOWS system LVCOMSX EXE C Program Files Logitech Video LogiTray exe C WINDOWS system msword exe C WINDOWS system msword exe C WINDOWS System svchost exe C WINDOWS System svchost exe C Program Files Messenger msmsgs exe C WINDOWS System svchost exe C WINDOWS System svchost exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Program Files Skype Phone Skype exe C WINDOWS system ctfmon exe C Documents and Settings User msword exe C Documents and Settings User msword exe C WINDOWS System svchost exe C WINDOWS System svchost exe C WINDOWS System svchost exe C WINDOWS System svchost exe C Program Files Logitech Video FxSvr exe C Program Files uTorrent utorrent exe C Program Files Skype Plugin Manager skypePM exe C Program Files Internet Explorer iexplore exe C Program Files Microsoft Office Office EXCEL EXE C Program Files AVG AVG avgcsrvx exe C WINDOWS system wuauclt exe C Program Files Trend Micro HijackThis HijackThis exe R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localhost R - URLSearchHook no name - CFBFAE - A - D - CB- C FD - no file R - URLSearchHook AVG Security Toolbar BHO - A BC A - F - -AA - D C - C Program Files AVG AVG Toolbar IEToolbar dll O - BHO Skype add-on mastermind - BF B-C D - d - A -A F BA C - C Program Files Skype Toolbars Internet Explorer SkypeIEPlugin dll O - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Program Files AVG AVG avgssie dll O - BHO Java tm Plug-In SSV Helper - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO AVG Security Toolbar BHO - A BC A - F - -AA - D C - C Program Files AVG AVG Toolbar IEToolbar dll O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - C Program Files Google Google Toolbar GoogleToolbar dll O - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Program Files Google GoogleToolbarNotifier swg dll O - BHO Google Dictionary Compression sdch - C D FE-E D- -BB - C E E C E - C Program Files Google Google Toolbar Component fastsearch A FB BD dll O - BHO Java tm Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files Java... Read more

A:Infected - Trojan horse Rootkit-Pakes.M, BackDoor.Generic11 and braviax.exe virus

https://forums.techguy.org/threads/infected-trojan-horse-rootkit-pakes-m-backdoor-generic11-and-braviax-exe-virus.852721/
Relevancy 97.61%

Request your help in removing the virus from my system. I'm not a tech savvy and hence request your assistance in removing this.

A:"C:\Windows\System32\drivers\atapi.sys";"Virus identified Win32/Patched.CG"

Your help is highly appreciated

http://www.bleepingcomputer.com/forums/t/307335/cwindowssystem32driversatapisys;virus-identified-win32patchedcg/
Relevancy 97.18%

This morning I got a trojan warning out of the blue while browsing a webpage where local taxi companies were compiled I am using Windows XP Service Pack AVG antivirus and SpyBot Search and Destroy While AVG gave me the warning Spybot said that I needed to allow some system startup values I couldn t do anything however as Spybot froze and my computer started lagging a lot I was forced to crtl-alt-del to end the spybot process and AVG wouldn t let system32\drivers(dllcahce)\atapi.sys Trojan packer me do anything else than Ignore the threat I ran system32\drivers(dllcahce)\atapi.sys Trojan packer a full scan on AVG and in the end it said that the threats had been healed and asked me to do a system reboot On startup however AVG still gave me the warning Then I was able to remove threat again I m adding some pictures below Ignore the picture names I panicked Also what happened is that suddenly all my rememberd passwords in facebook my picture gallery and a couple of forums have been forgotten and I am logged off http www picturepush com photo a Myself fun bmp - location details http www picturepush com photo a Myself fun bmp - after startup EDIT - Spybot is still bugging me about some startup registries but I can t do anything since it freezes all the time I might of managed to hit deny access once but I couldn t check the remember decision box I wasn t able to see the name of the registry since the box always goes grey-ish EDIT again - the startup entry spybot is bugging me about is C WINDOWS system av md exe and regedit Right now I m denying them access but I don t want to hit the quot remember decision quot box until I know what s going on nbsp

Relevancy 96.75%

hey folks googling how to find the answer to this question led me here where apparently the same problem rootkit.pakes.u atapi.sys infecting got fixed on someone else s computer just a few days ago I m hoping I ll have similar luck Anyway a rootkit.pakes.u infecting atapi.sys few days ago AVG started notifying me that Rootkit rootkit.pakes.u infecting atapi.sys Pakes U was infecting atapi sys I started running Malwarebytes and while it did successfully quarantine a rootkit.pakes.u infecting atapi.sys rootkit tdss the first time I ran it it hasn t found anything on subsequent attempts I keep getting the AVG notifications and worse it seems to be infecting every program I run now Computer games are popping up as infected when I open them even HijackThis said it was infected when I scanned my system Anyway here s my HijackThis log any help anyone can provide would be much appreciated Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system Ati evxx exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system Ati evxx exe C WINDOWS system spoolsv exe C WINDOWS Explorer EXE C WINDOWS ehome ehtray exe C windows system hpsysdrv exe C HP KBD KBD EXE C WINDOWS AGRSMMSG exe C WINDOWS SOUNDMAN EXE C Program Files ATI Technologies ATI Control Panel atiptaxx exe C WINDOWS ALCWZRD EXE C WINDOWS ALCMTR EXE C PROGRA AVG AVG avgtray exe C Program Files HP HP Software Update HPWuSchd exe C Program Files Java jre bin jusched exe C Program Files iTunes iTunesHelper exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C PROGRA AVG AVG avgwdsvc exe C Program Files Bonjour mDNSResponder exe C WINDOWS system ctfmon exe C WINDOWS eHome ehRecvr exe C WINDOWS eHome ehSched exe C Program Files Spybot - Search amp Destroy TeaTimer exe C Program Files AIM aim exe C Program Files Java jre bin jqs exe C Program Files HP Digital Imaging bin hpqtra exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE C WINDOWS system HPZipm exe C WINDOWS system svchost exe C Program Files Viewpoint Common ViewpointService exe C PROGRA AVG AVG avgrsx exe C PROGRA AVG AVG avgnsx exe C Program Files HP Digital Imaging bin hpqgalry exe c Program Files Common Files Symantec Shared Security Center SymWSC exe C Program Files AIM aolsoftware exe C Program Files iPod bin iPodService exe C WINDOWS system dllhost exe C Program Files Yahoo Messenger ymsgr tray exe C WINDOWS eHome ehmsas exe C WINDOWS system NOTEPAD EXE C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL http ie redirect hp com svs rdr TYPE amp tp iehome amp locale EN US amp c Q amp bd pavilion amp pf desktop R - HKCU Software Microsoft Internet Explorer Main Default Search URL http ie redirect hp com svs rdr TYPE amp tp iesearch amp locale EN US amp c Q amp bd pavilion amp pf desktop R - HKCU Software Microsoft Internet Explorer Main Search Bar http ie redirect hp com svs rdr TYPE amp tp iesearch amp locale EN US amp c Q amp bd pavilion amp pf desktop R - HKCU Software Microsoft Internet Explorer Main Search Page http ie redirect hp com svs rdr TYPE amp tp iesearch amp locale EN US amp c Q amp bd pavilion amp pf desktop R - HKCU Software Microsoft Internet Explorer Main Start Page http ie redirect hp com svs rdr TYPE amp tp iehome amp locale EN US amp c Q amp bd pavilion amp pf desktop R - HKLM Software Microsoft Internet Explorer Main Default Page URL http ie redirect hp com svs rdr TYPE amp tp iehome amp locale EN US amp c Q amp bd pavilion amp pf desktop R - HKLM Software Microsoft Internet Explorer Main Default Search URL http ie redirect hp com svs rdr TYPE amp tp iesearch amp locale EN US amp c Q amp bd pavilion amp pf desktop R - HKLM Software Microsoft Inte... Read more

https://forums.techguy.org/threads/rootkit-pakes-u-infecting-atapi-sys.869615/
Relevancy 96.75%

I'm running AVG Free 8.5 on Windows XP Home. This morning, I used it to track down and remove two Trojan horse viruses. There was a third that a slow scan found later on. Trojan Horse Rootkit-Pakes.U. It was infecting the white-listed file atapi.sys. I recognize no negative activity on my computer YET, however I have read horror stories with this baby as the big bad villain. I would appreciate any and all advice I could get. I have the installers for several programs at the ready and will be able to download any others that I might not already have on hand.

I appreciate the time and effort it takes to help someone out of a situation like this, and thanks in advance.

http://www.bleepingcomputer.com/forums/t/289399/rootkit-pakesu-infecting-atapisys-on-xp/
Relevancy 96.75%

i have a laptop running windows xp. my free avg detected a trojan.rootkit.pakes virus in a file named atapi.sys. the detection keeps popping up but the software will not remove it because its a system file. the laptop performance has been slow since the infection and now the laptop will not boot in safe mode, normal , or any mode... i am somewhat competent and have fixed problems on my own in the past but the fixes i found through google searches have been technical to the point i don't understand... can someone please help! fyi, i cannot find my original windows discs... any help is much appreciated. this is my college computer and holds very valuable school notes/ projects. i would like to retrieve them, but not needed. thanks in advance!Edit: Moved topic from XP to the more appropriate forum. ~ Animal

A:avg detected rootkit.pakes.atapi.sys?

Hi njensen, and welcome to BC forums.If your AVG Free can't remove it, you should use something, that can remove by rebooting. That should be a Malwarebytes' Anti-Malware, or an a-squared (can get some false positives).Hope this helps,rhinoP.S. If you're using AVG Free, it's pretty confusing how it can detect a rootkit, becuase such ability was disabled from a version 8 or so.P.P.S. For not catching such sh*t, you should get a good anti-virus (with anti-spyware) with a real time protection from rootkits, etc.. These could be (Google it) Avira Free, avast! Home, etc.. If you have a genuine OS, you can get Microsoft SE (Microsoft Security Essentials). That should do.P.P.P.S. As a protection from hackers, you could use (Google it as well) Outpost firewall, from Agnitum (Free version). If you install it, place an auto-learn mode (1-day, 1-hour or 1-week).P.P.P.P.S. You really should find your OS disc(s). Having them is very handy...

http://www.bleepingcomputer.com/forums/t/275377/avg-detected-rootkitpakesatapisys/
Relevancy 96.75%

Please find the logDDS Ver - - - NTFSx Run by Shankar at on Mon Internet Explorer Microsoft Windows Vista Home Premium GMT AV AVG Anti-Virus On-access scanning enabled Updated colorc SP AVG Anti-Virus enabled Updated colorc SP Windows Defender disabled Outdated coloro blue Running Processes C Windows system wininit exeC Windows system lsm exeC Windows system svchost exe -k DcomLaunchC Windows system nvvsvc exeC Windows system svchost exe -k rpcssC Windows System svchost exe -k secsvcsC Windows System svchost exe -k LocalServiceNetworkRestrictedC Windows System svchost exe -k LocalSystemNetworkRestrictedC Windows system svchost exe -k netsvcsC Windows system svchost exe -k GPSvcGroupC Windows system SLsvc exeC Windows system svchost exe -k LocalServiceC Windows is... identified Win32/Patched.CG";"Object "C:\Windows\System32\drivers\atapi.sys";"Virus system svchost exe -k NetworkServiceC Windows system rundll exeC Windows system WLANExt exeC Windows system svchost exe -k LocalServiceNoNetworkC Program Files Common Files ABBYY FineReader Licensing PE NetworkLicenseServer exeC Program Files Common Files Apple "C:\Windows\System32\drivers\atapi.sys";"Virus identified Win32/Patched.CG";"Object is... Mobile Device Support AppleMobileDeviceService exeC "C:\Windows\System32\drivers\atapi.sys";"Virus identified Win32/Patched.CG";"Object is... PROGRA AVG AVG avgwdsvc exeC Program Files Bonjour mDNSResponder exeC Program Files Common Files LightScribe LSSrvc exeC Program Files Microsoft Search Enhancement Pack SeaPort SeaPort exeC Program Files Airtel NetXpert bin sprtsvc exeC Program Files TeamViewer Version TeamViewer Service exeC Windows System TUProgSt exeC Windows System svchost exe -k WerSvcGroupC Windows system DRIVERS xaudio exeC PROGRA AVG AVG avgam exeC Program Files Hewlett-Packard Shared hpqwmiex exeC PROGRA AVG AVG avgrsx exeC PROGRA AVG AVG avgnsx exeC Windows system taskeng exeC Windows system Dwm exeC Windows Explorer EXEC Program Files IObit Advanced SystemCare AWC exeC Windows system taskeng exeC Program Files Windows Defender MSASCui exeC Program Files Synaptics SynTP SynTPEnh exeC Program Files Hewlett-Packard HP Wireless Assistant HPWAMain exeC Program Files Hewlett-Packard HP Wireless Assistant WiFiMsg exeC Windows WindowsMobile wmdSync exeC Program Files AVG AVG avgtray exeC Windows ehome ehtray exeC Windows system wbem wmiprvse exeC Program Files Spybot - Search amp Destroy TeaTimer exeC Windows ehome ehmsas exeC Windows system svchost exe -k WindowsMobileC Windows System mobsync exeC Program Files Hewlett-Packard Shared HpqToaster exeC Windows system taskeng exeC Program Files Synaptics SynTP SynTPHelper exec Program Files Hewlett-Packard HP Health Check hphc service exeC Program Files Windows Media Player wmpnetwk exeC Users Shankar AppData Local Google Chrome Application chrome exeC Users Shankar AppData Local Google Chrome Application chrome exeC Users Shankar AppData Local Google Chrome Application chrome exeC Users Shankar AppData Local Google Chrome Application chrome exeC Users Shankar AppData Local Google Chrome Application chrome exeC Users Shankar AppData Local Google Chrome Application chrome exeC Users Shankar AppData Local Google Chrome Application chrome exeC Windows system wuauclt exeC Windows system DllHost exeC Users Shankar Music Documents Downloads dds comC Windows system wbem wmiprvse exe Pseudo HJT Report uWindow Title Windows Internet Explorer provided by Yahoo uInternet Settings ProxyOverride localuURLSearchHooks The Pirate Bay Toolbar coloro blue - c program files the pirate bay tbThe dlluURLSearchHooks Yahoo Toolbar coloro blue - c program files yahoo companion installs cpn yt dllmURLSearchHooks The Pirate Bay Toolbar coloro blue - c program files the pirate bay tbThe dllBHO amp Yahoo Toolbar Helper coloro blue - c program files yahoo companion installs cpn yt dllBHO Acro... Read more

A:"C:\Windows\System32\drivers\atapi.sys";"Virus identified Win32/Patched.CG";"Object is...

Hello Shankar.ish, to Bleeping Computer Virus, Trojan, Spyware, and Malware Removal Logs Forum. My Nick is Net_Surfer I'll be glad to help you with your computer problems. I will be working on your Malware issues, this may or may not solve other issues you may have with your machine. Please note that whatever repairs we make, are for fixing "your computer problems only" and by no means should be used on another computer.I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!Please take note of the following which will make our fix go more smoothly:1. The cleaning process is not instant. Very seldom can we remove the entire infection in one go. Many of today's infections install other infections and for the most part they do not like to go quietly. Please continue to review my answers until I tell you your machine is clean. Just because a symptom "disappears" does not mean your system is clean. 2. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process. 3. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post. Please set aside enough time to complete all the steps in each post and follow the instructions in the order stated. 4. If you are running P2P filesharing program(s). My recommendation is you uninstall it/them. 5. Do NOT run any extra scans or fix programs not requested by me as it could change the results in the reports I request. 6. If there's anything that you don't understand, stop and ask your question(s) before proceeding with the fixes. 7. The forum is busy and we need to have replies as soon as possible. After 5 days if a topic is not replied to we assume it has been abandoned and it is closed. If you have circumstances that you are aware of that will delay your response, then please let me know. This is to ensure that your topic remains open and I don't close it to start a new post. NOTE: In the upper right hand corner of the topic you will see a button called Options. If you click on this button, a drop-down menu will expand. By choosing Track this topic and then choosing Immediate Email Notification, followed by clicking Proceed, you will be advised when I respond to your topic. This facilitates the cleaning procedure.Because the e-mail notification system is not completely reliable, please check your topic once a day for responses.Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. If you can do these things, everything should go smoothly. One or more of the identified infections is a backdoor trojan/Rootkit.This allows hackers to remotely control your computer, steal critical system information and download and execute files.I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?When Should I Format... Read more

http://www.bleepingcomputer.com/forums/t/307357/cwindowssystem32driversatapisys;virus-identified-win32patchedcg;object-is-white-listed-criticalsystem-file-that-should-not-be-removed/
Relevancy 95.89%

Hi everybody My AVG Free Edition recently detected a virus that seems like it can t be removed AVG whitelisted it and every so often it would pop up I ve seen other people have this problem but I read that their fixes are specific to their own machines please help Thanks for reading this Here s my Hijack This virus and remove rootkit-pakes.u - can't atapi.sys report Logfile of Trend Micro HijackThis v BETA Scan saved at AM on atapi.sys and rootkit-pakes.u virus - can't remove Platform Unknown Windows WinNT MSIE Internet Explorer v Boot mode Normal Running processes C Windows system Dwm exe C Windows Explorer EXE C Windows system taskhost exe C Windows System igfxtray exe atapi.sys and rootkit-pakes.u virus - can't remove C Windows System hkcmd exe C Windows System igfxpers exe C Program Files Synaptics SynTP SynTPEnh exe C Windows system igfxsrvc atapi.sys and rootkit-pakes.u virus - can't remove exe C Program Files Synaptics SynTP SynToshiba exe C Program Files Synaptics SynTP SynTPHelper exe C Program Files AVG AVG avgtray exe C Program Files Java jre bin jusched exe C Program Files Microsoft Office Office GrooveMonitor exe C Program Files iTunes iTunesHelper exe C Program Files Windows Sidebar sidebar exe C Apps ProcessExplorer procexp exe C Program Files Lavasoft Ad-Aware AAWTray exe C Program Files Mozilla Firefox firefox exe C Windows system SearchFilterHost exe C Program Files TrendMicro HiJackThis HiJackThis exe R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http www xunlei com id R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName R - URLSearchHook Radio Bar Toolbar - fc f d- - -a - a d c - C Program Files Radio Bar tbRadi dll O - BHO Radio Bar Toolbar - fc f d- - -a - a d c - C Program Files Radio Bar tbRadi dll O - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll O - BHO BitComet ClickCapture - F E - A- B A-BCAF- B BFDFEA - C Program Files BitComet tools BitCometBHO dll O - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Program Files AVG AVG avgssie dll O - BHO no name - C C A-E - b - D - CECB - no file O - BHO Groove GFS Browser Helper - - C - D -B F - BBC D A E - C Program Files Microsoft Office Office GrooveShellExtensions dll O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO Ask Toolbar BHO - D C F- A- -A AD- D - C Program Files Ask com GenericAskToolbar dll O - BHO Java tm Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files Java jre bin jp ssv dll O - Toolbar FrostWire Toolbar - D C F- A- -A AD- D - C Program Files Ask com GenericAskToolbar dll O - Toolbar Radio Bar Toolbar - fc f d- - -a - a d c - C Program Files Radio Bar tbRadi dll O - HKLM Run IgfxTray C Windows system igfxtray exe O - HKLM Run HotKeysCmds C Windows system hkcmd exe O - HKLM Run Persistence C Windows system igfxpers exe O - HKLM Run SynTPEnh C Program Files Synaptics SynTP SynTPEnh exe O - HKLM Run Adobe Reader Speed Launcher quot C Program Files Adobe Reader Reader Reader sl exe quot O - HKLM Run Adobe ARM quot C Program Files Common Files Adobe ARM AdobeARM exe quot O - HKLM Run A... Read more

https://forums.techguy.org/threads/atapi-sys-and-rootkit-pakes-u-virus-cant-remove.904221/
Relevancy 95.89%

What I need to know is where to find the information on the drive to send to you for analysis. I normally take care of these things myself, but I know nothing about rootkits or how to eliminate them.

My desktop is used as a family computer that contracted the above virus/trojan. The drive crashed and I am not able to get into the GUI for repair.

When I slaved the drive to my laptop and went to f-secure backlight and ran their on-line scanner, the virus crashed my laptop into rebooting during scanning. So far it looks like my lap top is ok.

THe desktop drive is intact. there is no data loss. It just keeps rebooting over and over and over again.
 

A:rootkit-pakes.u in atapi.sys crashed drive

THanks for reading my rants. I figured out how to recover from the infected bootloader phase. I am up and running again. Rootkits su.... well, you know.
 

https://forums.techguy.org/threads/rootkit-pakes-u-in-atapi-sys-crashed-drive.876575/
Relevancy 94.6%

AVG keeps giving alerts saying the the above virus has infected my system. I have tried spyware removals, antivirus software but to no avail. Could someone please help me. I am running windows XP.
 

https://forums.techguy.org/threads/rootkit-pakes-u-infected-system-atapi-file.906515/
Relevancy 90.3%

hello,

"C:\Windows\System32\services.exe, Trojan horse Patched_c.LXT, Object is white-listed (critical/system file that should not be removed)"

thats what it says on my avg scanner.

no idea how to remove it

help?

thanks!

Relevancy 89.87%

This appears in scans after using a CD that contains a user guide for a monitor I just bought-

c:\\WINDOWS\system32\drivers\cdrom.sys
Trojan horse Rootkit-Agent.EL

It's driving me mad, don't know how to get rid of it as AVG has it as "white listed". Any help would really be appreciated
 

Relevancy 89.44%

Hello I have in rootkit C:\WINDOWS\system32\drivers\gasfkybavmluoy.sys been receiving help from rootkit in C:\WINDOWS\system32\drivers\gasfkybavmluoy.sys boopme in the am i infected forum They have had me run a number of scans and found a rootkit in C WINDOWS system drivers gasfkybavmluoy sys They sent me here for futher assistance The most noticeable problem I have been having is google search result links either leading to an quot internet explorer could not open this page quot the web address has a lot of numbers and capital letters in it or taking me to ad sites At the very beginning of my problem I received alerts - times that my computer was infected and it showed that my drives and documents were all infected There was a pop up box with a program it told me to run to clean it which I didn't do DDS Ver - - - NTFSx Run by Michelle at on Tue Internet Explorer Microsoft Windows XP Home Edition GMT - AV Trend Micro Internet Security On-access scanning enabled Updated D BC- CC- - E- E AF FW Trend Micro Personal Firewall enabled E E E- A D- -A F - EC F EB Running Processes C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs C Program Files Intel Wireless Bin EvtEng exe C Program Files Intel Wireless Bin S EvMon exe svchost exe svchost exe C Program Files Lavasoft Ad-Aware AAWService exe C WINDOWS system spoolsv exe C WINDOWS Explorer EXE svchost exe C Program Files Trend Micro BM TMBMSRV exe C Program Files Common Files ArcSoft Connection Service Bin ACService exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C Program Files Microsoft SQL Server MSSQL VAIO VEDB Binn sqlservr exe C Program Files Apoint Apoint exe C WINDOWS RTHDCPL EXE C Program Files Java jre bin jusched exe C Program Files Sony VAIO Power Management SPMgr exe C Program Files Sony ISB Utility ISBMgr exe C Program Files Sony VAIO Update VAIOUpdt exe C Program Files Apoint Apntex exe C Program Files Common Files InstallShield UpdateService issch exe C WINDOWS system nvsvc exe C Program Files Sony VAIO Zone Remote Commander AvRmtCtr exe C Program Files HP HP Software Update HPWuSchd exe C Program Files Intel Wireless Bin RegSrvc exe C Program Files Common Files ArcSoft Connection Service Bin ACDaemon exe C Program Files Trend Micro Internet Security UfSeAgnt exe C Program Files Trend Micro Internet Security SfCtlCom exe C Program Files Adobe Photoshop Album Starter Edition Apps apdproxy exe C Program Files QuickTime QTTask exe C Program Files iTunes iTunesHelper exe C Program Files Messenger msmsgs exe C WINDOWS system svchost exe -k imgsvc C WINDOWS system ctfmon exe C Program Files Trend Micro Internet Security TmPfw exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Program Files SUPERAntiSpyware SUPERAntiSpyware exe C Program Files Trend Micro Internet Security TmProxy exe C Program Files HP Digital Imaging bin hpqtra exe C Program Files Microsoft Office Office ONENOTEM EXE C Program Files Sony VAIO Event Service VESMgr exe C Program Files Common Files Sony Shared VAIO Entertainment Platform VCSW VCSW exe C Program Files Common Files Sony Shared VAIO Entertainment Platform VzCdb VzCdbSvc exe C Program Files Common Files Sony Shared VAIO Entertainment Platform VzCdb VzFw exe C Program Files HP Digital Imaging bin hpqimzone exe C Program Files HP Digital Imaging bin hpqSTE exe C Program Files Common Files Sony Shared VAIO Entertainment VzRs VzRs exe C Program Files iPod bin iPodService exe C WINDOWS system wuauclt exe C Program Files Lavasoft Ad-Aware AAWTray exe C Program Files Internet Explorer iexplore exe C Program Files Internet Explorer iexplore exe C Program Files Microsoft Office Office WINWORD EXE C Documents and Settings Michelle Desktop dds scr Pseudo HJT Report uStart Page hxxp www weather com uSearch Page hxxp www google com uSearch Bar hxxp www google com ie uS... Read more

A:rootkit in C:\WINDOWS\system32\drivers\gasfkybavmluoy.sys

Hello Let's run Mbam and Combofix.Malwarebytes' Anti-MalwareDownload Malwarebytes' Anti-Malware here and save to your desktop.Double-click mbam-setup.exe and follow the prompts to install the program.At the end, be sure a checkmark is placed next to:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-MalwareThen click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select Perform full scan, then click Scan.When the scan is complete, click OK, then Show Results to view the results.Be sure that everything is checked, and click Remove Selected.When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
Note:The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txtOr via the Logs tab when Malwarebytes' Anti-Malware is started.Install Recovery Console and Run ComboFixDownload Combofix from any of the links below, and save it to your desktop. Link 1Link 2 Link 3Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.Close any open windows, including this one.Double click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. If you did not have it installed, you will see the prompt below. Choose YES.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help youshould your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).Leave your computer alone while ComboFix is running.ComboFix will restart your computer if malware is found; allow it to do so.Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.Please post Mbam results and Combofix log back here

http://www.bleepingcomputer.com/forums/t/262668/rootkit-in-cwindowssystem32driversgasfkybavmluoysys/
Relevancy 89.44%

Hello I can't seem to remove a Root Kit agent called quot C WINDOWS drivers system str sys C:/WINDOWS/drivers/system32/str.sys HELP! Rootkit.Agent quot sucessfully Malwarebytes keeps just telling me re-start my computer after the scan I have three times and each time I do another scan to make sure it's gone it still comes up This is the family computer and it's HELP! Rootkit.Agent C:/WINDOWS/drivers/system32/str.sys used to check multiple bank accounts and whatnot so I need this to be removed A S A P Any help to remove this would be greatly apperciated Here's my HijackThis log Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system Ati evxx exe C WINDOWS system svchost exe C HELP! Rootkit.Agent C:/WINDOWS/drivers/system32/str.sys WINDOWS System svchost exe C WINDOWS system spoolsv exe C WINDOWS system Ati evxx exe C WINDOWS Explorer EXE C Program Files CyberLink PowerDVD PDVDServ exe C Program Files Digital Media Reader readericon G exe C Program Files Canon MyPrinter BJMyPrt exe C Program Files ScanSoft OmniPageSE OpwareSE exe C Program Files iTunes iTunesHelper exe C WINDOWS RTHDCPL EXE C Program Files Messenger msmsgs exe C WINDOWS system ctfmon exe C Program Files TomTom HOME HOMERunner exe C Program Files Kodak Kodak EasyShare software bin EasyShare exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C WINDOWS system bgsvcgen exe C Program Files Java jre bin jqs exe C Program Files Common Files New Boundary PrismXL PRISMXL SYS C WINDOWS system svchost exe C Program Files iPod bin iPodService exe C WINDOWS system wscntfy exe C Program Files iTunes iTunes exe C Program Files Malwarebytes' Anti-Malware mbam exe C Program Files Internet Explorer iexplore exe c WINDOWS Microsoft NET Framework v Windows Communication Foundation infocard exe C Program Files trend micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www roadrunner com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId O - BHO Java tm Plug-In SSV Helper - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO JQSIEStartDetectorImpl - E E F - CE- C -BC -EABFE F C - C Program Files Java jre lib deploy jqs ie jqs plugin dll O - Toolbar Easy-WebPrint - C -E D- c -AA D- AC BABA C - C Program Files Canon Easy-WebPrint Toolband dll O - HKLM Run RemoteControl quot C Program Files CyberLink PowerDVD PDVDServ exe quot O - HKLM Run readericon quot C Program Files Digital Media Reader readericon G exe quot O - HKLM Run Recguard quot C WINDOWS SMINST RECGUARD EXE quot O - HKLM Run CanonMyPrinter quot C Program Files Canon MyPrinter BJMyPrt exe quot logon O - HKLM Run SSBkgdUpdate quot C Program Files Common Files Scansoft Shared SSBkgdUpdate SSBkgdupdate exe quot -Embedding -boot O - HKLM Run OpwareSE quot C Program Files ScanSoft OmniPageSE OpwareSE exe quot O - HKLM Run iTunesHelper quot C Program Files iTunes iTunesHelper exe quot O - HKLM Run IMJPMIG quot C WINDOWS IME imjp IMJPMIG EXE quot Spoil RemAdvDef Migration O - HKLM Run Malwarebytes Anti-Malware reboot quot C Program Files Malwarebytes' Anti-Malware mbam exe quot runcleanupscript O - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottime O - HKLM Run RTHDCPL quot RTHDCPL EXE quot O - HKLM Run Alcmtr quot ALCMTR EXE quot O - HKCU Run MSMSGS quot C Program Files Messenger msmsgs exe quot background O - HKCU Run ctfmon ex... Read more

A:HELP! Rootkit.Agent C:/WINDOWS/drivers/system32/str.sys

Hi,

Please do the following:

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.Disable any script blocking protection
Double click dds.pif to run the tool.
When done, two DDS.txt's will open.
Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.

NEXT



Download GMER Rootkit Scanner from here or here. Extract the contents of the zipped file to desktop.
Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.


Click the image to enlarge it
In the right panel, you will see several boxes that have been checked. Uncheck the following ... Sections
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and post it in your next reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

http://www.techsupportforum.com/forums/f284/help-rootkit-agent-c-windows-drivers-system32-str-sys-425522.html
Relevancy 89.01%

Hi Before I go into more detail I wanted to let you know my issue was originally posted here asking for help with this problem and they after many attempts at removal recommended I come here Here is the link Trojan Horse Generic yaf c windows system compstu dll This will not go away no matter WHAT I do Here's a summary of where I started and where I am now I am utilizing AVG antivirus as my main AV I also am currently running Spyware Terminator as well as occasionally running the AVG rootkit program The problem is that AVG keeps locating a virus and lists the following OBJECT C Windows System compstu dll RESULT Trojan horse Generic YAF STATUS Infected I downloaded MBAM and utilized it This did clean out the quot house quot however it did not see the compstu dll and as a matter of fact I don't even recall having seen it scan the file as I observed the entire process The file ALWAYS comes back The AVG error that pops up Generic8.yaf/ Trojan (c:\windows\system32\compstu.dll) Downlad-gen/n_bho Horse Trojan is quot Threat Detected While opening file C Windows system compstu dll Trojan horse Generic YAF The file has also been identified as Trojan Download-Gen N BHO by another of my programs Since my original post SAS ATF and SDFix have been downloaded and utilized according to the instructions I had received from Chewy and others Many of the logs would come Trojan Horse Generic8.yaf/ Trojan Downlad-gen/n_bho (c:\windows\system32\compstu.dll) up clean one time and then dirty Trojan Horse Generic8.yaf/ Trojan Downlad-gen/n_bho (c:\windows\system32\compstu.dll) the next with various registy entries and of course the ever present Compstu library that can be found at C Windows System Compstu dll Also of note is that many times after downloading SAS updates the file would update again the next time I opened it requesting it update again and retrieving the same file I downloaded the first time Don't know if that is relevent but it sure is irritating Another oddity is a black DOS box that pops up and disappears faster than I can identify it So without further ado here are logs requested Deckard's System Scanner v Run by Toni too on - - Computer is in Normal Mode ---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------System Restore is disabled attempting to re-enable success -- Last Restore Point s -- - - UTC - RP - System CheckpointBacked up registry hives Performed disk cleanup -- HijackThis run as Toni too exe --------------------------------------------Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system svchost exeC WINDOWS System WLTRYSVC EXEC WINDOWS System bcmwltry exeC WINDOWS system spoolsv exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC PROGRA Grisoft AVG avgamsvr exeC PROGRA Grisoft AVG avgupsvc exeC PROGRA Grisoft AVG avgemc exeC Program Files WIDCOMM Bluetooth Software bin btwdins exeC Program Files Common Files Microsoft Shared VS DEBUG Trojan Horse Generic8.yaf/ Trojan Downlad-gen/n_bho (c:\windows\system32\compstu.dll) MDM EXEC Program Files Microsoft SQL Server MSSQL MICROSOFTSMLBIZ Binn sqlservr exeC PROGRA SPYWAR sp rsser exeC WINDOWS system svchost exeC Program Files Common Files Symantec Shared CCPD-LC symlcsvc exeC Program Files Pure Networks Network Magic nmsrvc exeC WINDOWS system lxcrcoms exeC Program Files iPod bin iPodService exeC WINDOWS Explorer EXEC WINDOWS system ctfmon exeC Program Files Java jre bin jusched exeC WINDOWS system WLTRAY exeC WINDOWS stsystra exeC Program Files Synaptics SynTP SynTPEnh exeC Program Files Common Files Ins... Read more

A:Trojan Horse Generic8.yaf/ Trojan Downlad-gen/n_bho (c:\windows\system32\compstu.dll)

Hello Spunky3174 and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully and install the Recovery Console first (not for Windows Vista users !).The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you. (WinXP SP3 users, please download the appropriate SP2 file, Home or Pro, to install the RC)In the event you already have Combofix, delete your current version and download the latest version as described in the tutorial.It must be saved directly to your desktop.Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. If you have any questions along the way, STOP and ask them before proceeding !!Greetings,Thunder

http://www.bleepingcomputer.com/forums/t/150876/trojan-horse-generic8yaf-trojan-downlad-genn-bho-cwindowssystem32compstudll/
Relevancy 88.58%

I have been struggling with this for a couple of days now. Some kind of malware(?) that keeps warning me that I have a virus and need to buy their anitvirus software. I have use Adaware, SmitFraudFix, Vundofix, CCleaner, and Ewido which seemed to find and clear a bunch of stuff. I thought I had got rid of it, but it keeps coming back. I seem to have gotten rid of some of it though as I'm not getting the "warning" messages all the time. My AVG keeps telling me I have a trojan (Trojan horse Dropper Agent.BTI and Trojan horse Pakes.U) but can't seem to fix it. I have no idea what to do!! Please help!

A:malware Trojan horse Pakes.U/Trojan horse Dropper Agent.BTI

Logfile of HijackThis v1.99.1
Scan saved at 10:59:21, on 05/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Apps\ActivBoard\nhksrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Documents and Settings\Johanna\Desktop\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\system32\UAService7.exe
C:\Apps\ActivBoard\MMKeybd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Documents and Settings\Johanna\Desktop\ewido anti-spyware 4.0\ewido.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Apps\ActivBoard\OSD.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Documents and Settings\Johanna\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://free.grisoft.com/register
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer brought to you by Planetis
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [!ewido] "C:\Documents and Settings\Johanna\Desktop\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\COMMON~1\TEKNUM~1\update.exe /startup
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: hp psc 1000 series.lnk = ?
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C6... Read more

http://www.techsupportforum.com/forums/f100/malware-trojan-horse-pakes-u-trojan-horse-dropper-agent-bti-115400.html
Relevancy 88.15%

Norton finds this trojan horse but it can t remove it I can manually delete the file but it just automatically comes back The VundoFix doesn t find any viruses Heres my log theres an entry with this dat file in it Logfile of HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Program Files Common Files Symantec Shared ccSetMgr exe C WINDOWS Explorer EXE C Program Files Common Files Symantec Shared ccEvtMgr exe C WINDOWS system spoolsv exe C C:Windows/System32/Sulimo.dat Trojan Horse Program Files QuickTime qttask exe C Program Files Common Files Symantec Shared ccApp exe C Program Files Java jre bin jusched exe C WINDOWS System CTsvcCDA exe C WINDOWS System nvsvc exe C WINDOWS System svchost exe C Program Files Common Files Symantec Shared CCPD-LC symlcsvc exe C WINDOWS System MsPMSPSv exe C WINDOWS system svchost exe C Program Files AIM aim exe C Program Files internet explorer iexplore exe C temp HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http fantasysports yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www dell me com myway R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyServer O - BHO SSVHelper Class - BB-D F - C-B EB-D C:Windows/System32/Sulimo.dat Trojan Horse DAF D D - C Program Files Java jre bin ssv dll O - Toolbar DAP Bar - - FC- baf- C:Windows/System32/Sulimo.dat Trojan Horse C C-BCE BD F - C Program Files DAP DAPIEBar dll file missing O - Toolbar amp Radio - E - F- D - E- A C - C WINDOWS System msdxm ocx O - Toolbar Norton AntiVirus - CDD BF- FFB- - AD - DF B D - C Program Files Norton AntiVirus NavShExt dll O - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottime O - HKLM Run mmtask quot C Program Files MUSICMATCH MUSICMATCH Jukebox mmtask exe quot O - HKLM Run ccApp quot C Program Files Common Files Symantec Shared ccApp exe quot O - HKLM Run Symantec NetDriver Monitor C PROGRA SYMNET SNDMon exe O - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM RunServices USB Driver system exe O - Extra context menu item amp Download with amp DAP - C PROGRA DAP dapextie htm O - Extra context menu item Download amp all with DAP - C PROGRA DAP dapextie htm O - Extra context menu item E amp xport to Microsoft Excel - res C PROGRA MICROS Office EXCEL EXE O - DPF C A- BE- B -A BB- B FE A ewidoOnlineScan Control - http downloads ewido net ewidoOnlineScan cab O - HKLM System CCS Services Tcpip BB - C - -BED -B CBAE NameServer O - HKLM System CS Services Tcpip Parameters NameServer O - HKLM System CS Services Tcpip BB - C - -BED -B CBAE NameServer O - HKLM System CCS Services Tcpip Parameters NameServer O - AppInit DLLs C WINDOWS System sulimo dat O - Winlogon Notify ljjgfde - ljjgfde dll file missing O - Winlogon Notify WRNotifier - WRLogonNTF dll file missing O - Service Symantec Event Manager ccEvtMgr - Symantec Corporation - C Program Files Common Files Symantec Shared ccEvtMgr exe O - Service Symantec Password Validation ccPwdSvc - Symantec Corporation - C Program Files Common Files Symantec Shared ccPwdSvc exe O - Service Symantec Settings Manager ccSetMgr - Symantec Corporation - C Program Files Common Files Symantec Shared ccSetMgr exe O - Service Creative Service for CDROM Access - Creative Technology Ltd - C WINDOWS System CTsvcCDA exe O - Service InstallDriver Table Manager IDriverT - Macrovision Corporation - C Program Files Common Files InstallShield Driver Intel IDriverT exe O - Service Norton AntiVirus Auto Protect Service navapsvc - Symantec Corporation - C Program Files Norton AntiVirus navapsvc exe O - Service Intel NCS NetService NetSvc - Intel R Corporation - C Program Files Intel NCS Sync NetSvc exe O - Service NVIDIA Driver H... Read more

Relevancy 88.15%

This computer is running windows XP and has AVG free. At startup displays a Resident Shield alert for multiple threats to file WINDOWS\system32\zehekilo.dll
Trojan Horse Generic 16.AAYX
If I try to remove the infections I get a warning that forced removal could case the system to not operate. How do I clear these infections?

A:WINDOWS\system32\zehekilo.dll Trojan Horse

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

http://www.techsupportforum.com/forums/f100/windows-system32-zehekilo-dll-trojan-horse-451820.html
Relevancy 88.15%

Running Windows XP. I've been having google searches redirected for about three weeks and results often come up in German. Have always used AVG free and recently downloaded superantispyware, malwarebytes, ad aware trying to fix my current issue.

Running malwarebytes I found this C:\WINDOWS\system32\drivers\rwbog.sys (Rootkit.Agent) and was prompted to reboot to complete removal. Upon reboot, I get a black screen saying boot up failed and I could not boot into safe mode, so I restored to most recent known setting and I can boot back up, but then I run scans again and the issue is still there and just repeats itself.

Through my research, I wonder if I should run combofix, but thought I'd do this the "right way" and post the issue first. lil help would be much appreciated.

A:C:\WINDOWS\system32\drivers\rwbog.sys (Rootkit.Agent)

Hello and welcome to Bleeping Computer.Please subscribe to your topic so that you will be notified as soon as I post a reply, instead of you having to check the topic all of the time. This will allow you to get an email notification when I reply.To subscribe, go to your topic, and at the top right hand corner by your first post, click the Options button and then click Track this topic. Then bullet the immediate notification bubble. Finally, press submit.Please download Dr. Web the free version & save it to your desktop. DO NOT perform a scan yet.Scan with Dr. Web Cureit as follows: ? Double-click on launch.exe to open the program and click Start. (There is no need to update if you just downloaded the most current version ? Read the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs. ? The Express scan will automatically begin.(This is a short scan of files currently running in memory, boot sectors, and targeted folders). ? If prompted to dowload the Full version Free Trial, ignore and click the X to close the window. ? If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All. ? When complete, click Select All, then choose Cure > Move incurable.(This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)? Now put a check next to Complete scan to scan all local disks and removable media. ? In the top menu, click Settings > Change settings, and UNcheck "Heuristic analysis" under the "Scanning" tab, then click Ok. ? Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo. ? When the scan is complete, a message will be displayed at the bottom indicating if any viruses were found. ? Click "Yes to all" if asked to cure or move the file(s) and select "Move incurable". ? In the top menu, click file and choose save report list. ? Save the DrWeb.csv report to your desktop. ? Exit Dr.Web Cureit when done. ? Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot. ? After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

http://www.bleepingcomputer.com/forums/t/280315/cwindowssystem32driversrwbogsys-rootkitagent/
Relevancy 88.15%

I have got quite a few issues that i really don't know what to do with before i shut down to do all the scans you have advised Unknown Rootkit C:\WINDOWS\SYSTEM32\drivers\oem-drv86.sys I believe my machine is hijacked and my head is bursting with months of constantly researching files Finding malware rootkits browsers Unknown Rootkit C:\WINDOWS\SYSTEM32\drivers\oem-drv86.sys my control buttons all changing to other misleading images I don't know who is genuine Microsoft and who are hijackers I am finding my pc being advertized very openly on game sites My IP address and all information My emails been hacked for second Unknown Rootkit C:\WINDOWS\SYSTEM32\drivers\oem-drv86.sys time different account Iost three pc's at the end of last year When i got new windows put on i was taken over straight away I cant connect with my own provider as all the defaults change and they are not secure Or i find bat files I am trying to learn but it's all too much I am pleased that i have managed to keep my pc from getting closed down like the others But i cant go on staying up for days just removing and researching My proper window OS disappears and i have clung on to my USB using it for all my work which is mainly images I have Faronics Deep Freeze which i think is the only thing that has stopped me loosing my pc's I always work with So i am now realizing the viruses are passed back and forth There seems to be a problem with all keys start up and clocks when windows updates I think it is because the old drivers don't mix Or it can be the Ethernet driver I found this file Even though it is beyond me i think it may be the answer to the change from window to Then i find out that MS are installing part of windows sneakily http www edugeek net forums enterprise-software -java- -update- -silent-install-via-sccm- html I got this file from here http www bleepingcomputer com forums t windows- - x-unbootable-problem-code- THIS WAS WHAT I FOUND WHEN I RESEARCHED A DESK TOP ini notepad https bugzilla redhat com show bug cgi id instead of me being safely connected to my Provider with a password i am connected to this and i cant get on the site to comment http forum tp-link com showthread php -UPNP-Problem http www tp-link com en products categoryid i am sorry i have just ranted and don't really know what i am asking you to help me with now I will be changing operating systems and getting as far away from sharing and caring with IT It is not for me I have Tunnel Adapter Isatap dlink com which is the link above stopping me connecting to my Provider I am not sure whether to run combo fix before i know what to do with this rootkit And a big Thanks You Bleebing Computers have helped me more than you know I am very new to pcs as you probably guessed I would be very grateful for a little advice please

A:Unknown Rootkit C:\WINDOWS\SYSTEM32\drivers\oem-drv86.sys

Hello Oscar, with rootkit infections it is best to get a deeper look for proper removal.Please follow this Preparation Guide and post in a new topic.Let me know if all went well.

http://www.bleepingcomputer.com/forums/t/568001/unknown-rootkit-cwindowssystem32driversoem-drv86sys/
Relevancy 87.29%

AVG Virus Threat Detected While Opening file C WINDOWS SYSTEM CTL DV dll Trojan Horse Generic HET --- This keeps popping up on my CPU I have Windows XP 10.het C:\windows\system32|ctl3dv.dll Horse Trojan Generic Home -- SP - AVG Virus Software I can got online and it pops up I can explore any drive and it pops up I have tried to heal file and it keeps coming back Ive tried to delete file unable to do so I have tried to move to vault It tells me that the file has been healed sucessfully or that it has been move to vault sucessfully but C:\windows\system32|ctl3dv.dll Trojan Horse Generic 10.het it always pops back up the next time I go to do something Every time that the virus program does a scan it shows that this file is infected and it Quaranteens it but it always comes back I have pasted my HijackThis log file and my ComboFix log file below Any help is greatly appreciated Thanks Wilma HIJACKTHIS LOG FILELogfile C:\windows\system32|ctl3dv.dll Trojan Horse Generic 10.het of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC Program Files Windows Defender MsMpEng exeC WINDOWS System svchost exeC WINDOWS system LEXBCES EXEC WINDOWS system spoolsv exeC WINDOWS system LEXPPS EXEC WINDOWS Explorer EXEC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Grisoft AVG Anti-Spyware guard exeC PROGRA Grisoft AVG avgamsvr exeC PROGRA LEXMAR LXBRKsk exeC Program Files Lexmark Series lxbrbmgr exeC WINDOWS System DSentry exeC PROGRA Grisoft AVG avgupsvc exeC PROGRA Grisoft AVG avgemc exeC WINDOWS SM BG EXEC Program Files Lexmark Series lxbrbmon exeC WINDOWS system rundll exeC Program Files Office Mouse moffice exeC WINDOWS System svchost exeC Program Files Windows Defender MSASCui exeC Program Files Java jre bin jusched exeC WINDOWS system nvsvc exeC PROGRA Grisoft AVG avgcc exeC Program Files Grisoft AVG Anti-Spyware avgas exeC Program Files Lexmark Series lxbrcmon exeC WINDOWS system ctfmon exeC WINDOWS System svchost exeC Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exeC Program Files Office Mouse MOUSE A DATC Program Files Linksys EasyLink Advisor LinksysAgent exeC Program Files Windows Media Player WMPNSCFG exeC Program Files Creative Home Hallmark Card Studio Express Planner PLNRnote exeC Program Files Kodak Kodak EasyShare software bin EasyShare exeC Program Files Kodak KODAK Software Updater Program Kodak Software Updater exeC Program Files internet explorer iexplore exeC Program Files Trend Micro HijackThis HijackThis exeR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Local Page R - HKLM Software Microsoft Internet Explorer Main Local Page O - BHO Yahoo Toolbar Helper - D -C F - EFB- B - ECA - C Program Files Yahoo Companion Installs cpn yt dllO - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - BHO no name - BDC E - B- AB-A FA- E F C - C WINDOWS system CTL DV dllO - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dllO - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Program Files Google GoogleToolbarNotifier swg dllO - Toolbar Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Compa... Read more

A:C:\windows\system32|ctl3dv.dll Trojan Horse Generic 10.het

HiOpen notepad and copy/paste the text in the code box below into it:NOTE* make sure to only highlight and copy what is inside the code box nothing out side of it.Also .. Pay particular attention to this :-Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)File::
C:\WINDOWS\SYSTEM32\CTL3DV.dll
C:\WINDOWS\system32\drivers\dajebtxt.dat

Driver::
rrcvuekm

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95BDC0E4-630B-44AB-A7FA-48E528543F6C}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"p2pnetwork"=- Save this as "CFScript.txt"Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below. This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.let me know if this resolves your problem ?steam

http://www.bleepingcomputer.com/forums/t/141996/cwindowssystem32ctl3dvdll-trojan-horse-generic-10het/
Relevancy 87.29%

Hey there I am utilizing AVG antivirus as my main AV I (c:\windows\system32\compstu.dll) Horse Trojan Generic8.yaf also am currently running Spyware Terminator as well as occasionally running the AVG rootkit program The problem is that AVG keeps locating a virus and lists the following OBJECT C Windows System compstu dll RESULT Trojan horse Generic YAF STATUS Infected I downloaded MBAM and utilized Trojan Horse Generic8.yaf (c:\windows\system32\compstu.dll) it This did clean out the quot house quot however it did not see the compstu Trojan Horse Generic8.yaf (c:\windows\system32\compstu.dll) dll and as a matter of fact I don t even recall having seen it scan the file as I observed the entire process Also of note I started Windows in safe mode and ran MBAM as well as my AV program but I am still getting the box popping up telling my there is virus warning giving me the same info I gave above When I try to heal it or move it to the vault the computer says it needs to be rebooted to complete the operation The only problem is that no matter how many times I reboot the system the file is always there when I come back Can anyone PLEASE help me out with this problem It seems to be the last barrier to a nice clean computer home Thanks in advance for any and all help Buggy in Florida

A:Trojan Horse Generic8.yaf (c:\windows\system32\compstu.dll)

Try a scan with SuperAntiSpyware in Safe Mode. You'll have to download, install it and update the definitions in Normal Mode first.

http://www.bleepingcomputer.com/forums/t/150140/trojan-horse-generic8yaf-cwindowssystem32compstudll/
Relevancy 87.29%

AVG found this trojan and supposedly removed it but it is still there I think I also have McAfee Security Suite Downloader.VB.BSZ" horse "C:\WINDOWS\system32\mst122.dll";"Trojan and when I ran a scan with it before the AVG scan it did not find it but days after AVG said it removed it McAfee popped up "C:\WINDOWS\system32\mst122.dll";"Trojan horse Downloader.VB.BSZ" saying it found "C:\WINDOWS\system32\mst122.dll";"Trojan horse Downloader.VB.BSZ" it on opening and I had to reboot to remove it I think it is still there now anyway Firefox has been acting extremely slow at times recently as well DDS Ver - - - NTFSx Run by Rick Sutton at on Fri Internet Explorer BrowserJavaVersion Microsoft Windows XP Home Edition GMT - AV AVG Anti-Virus Free On-access scanning enabled Updated AV McAfee VirusScan On-access scanning enabled Updated FW McAfee Personal Firewall enabled Running Processes C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs svchost exe svchost exe C WINDOWS system spoolsv exe C PROGRA COMMON AOL ACS AOLacsd exe C Program Files Common Files AOL TopSpeed aoltsmon exe C PROGRA AVG AVG avgwdsvc exe C Program Files Bonjour mDNSResponder exe C WINDOWS System svchost exe -k HTTPFilter C Program Files Java jre bin jqs exe C Program Files Common Files LightScribe LSSrvc exe C Program Files McAfee MBK MBackMonitor exe C PROGRA AVG AVG avgrsx exe C PROGRA AVG AVG avgnsx exe C PROGRA McAfee MSC mcmscsvc exe c program files common files mcafee mna mcnasvc exe c PROGRA COMMON mcafee mcproxy mcproxy exe C Program Files McAfee VirusScan McShield exe C Program Files McAfee MPF MPFSrv exe C WINDOWS Explorer EXE C WINDOWS System spool DRIVERS W X HPZIPM EXE C Program Files Analog Devices SoundMAX SMAgent exe c PROGRA mcafee com agent mcagent exe C WINDOWS system svchost exe -k imgsvc C WINDOWS wanmpsvc exe C PROGRA AVG AVG avgemc exe C Program Files AVG AVG avgcsrvx exe C WINDOWS system igfxtray exe C Program Files Analog Devices SoundMAX SMax PNP exe C WINDOWS AGRSMMSG exe C Program Files Apoint K Apoint exe C Program Files hpq HP Wireless Assistant HP Wireless Assistant exe C Program Files HPQ Quick Launch Buttons EabServr exe C Program Files Common Files AOL ee AOLSoftware exe C Program Files Apoint K Apntex exe C Program Files McAfee MBK McAfeeDataBackup exe C PROGRA AVG AVG avgtray exe C Program Files Java jre bin jusched exe C Program Files HPQ SHARED HPQWMI exe C Utopia Angel Angel exe C Program Files SUPERAntiSpyware SUPERAntiSpyware exe C Program Files DNA btdna exe C Program Files Windows Live Messenger msnmsgr exe C Program Files Windows Media Player WMPNSCFG exe C Program Files America Online b waol exe C Program Files America Online b shellmon exe C Program Files Internet Explorer iexplore exe C Program Files mIRC mirc exe C Documents and Settings Rick Sutton Desktop dds scr Pseudo HJT Report uSearch Page uSearch Bar uSearchMigratedDefaultURL hxxp www google com search q searchTerms amp sourceid ie amp rls com microsoft en-US amp ie utf amp oe utf uStart Page hxxp comcast net uInternet Settings ProxyOverride local mURLSearchHooks IAOLTBSearch Class ea - - db- f -d ca fb c d - c program files aol toolbar aoltb dll BHO IE Pro BHO -e - df-a - fcd b bf - c program files iepro iepro dll BHO Adobe PDF Reader Link Helper e f-c d - d -b d- b d be b - c program files adobe acrobat activex AcroIEHelper dll BHO AVG Safe Search ca f - f e- b -a e- e e c c - c program files avg avg avgssie dll BHO Java Plug-In SSV Helper bb-d f - c-b eb-d daf d d - c program files java jre bin ssv dll BHO scriptproxy db d a - - e -b d- f c - c program files mcafee virusscan scriptsn dll BHO Windows Live Sign-in Helper d - c - abf- ecc- c - c program files common files microsoft shared windows live WindowsLiveLogin dll BHO AVG Security Toolbar a a -bacc- d - - a e e - c progra avg avg AVGTOO DLL BHO Google Toolbar Helper aa ed ... Read more

A:"C:\WINDOWS\system32\mst122.dll";"Trojan horse Downloader.VB.BSZ"

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instructed to do so! Let me know if any of the links do not work or if any of the tools do not work. Tell me about problems or symptoms that occur during the fix. Do not run any other programs or open any other windows while doing a fix. Ask any questions that you have regarding the fix(es), the infection(s), the performance of your computer, etc.Thanks.

http://www.bleepingcomputer.com/forums/t/201169/cwindowssystem32mst122dll;trojan-horse-downloadervbbsz/
Relevancy 87.29%

Hello This is my first post so bear with me I am helping a friend with a serious virus problem Her operating system is Windows XP Home She was using AVG antivirus protection She kept getting antivirus messages about several different Trojan viruses I installed a C:\Windows\System32\ssqro.dll found in Trojan Horse Norton Internet Security software and did a scan It deleted infections and were quarantined There was another that we were to either choose to exclude in the next scan or skip We chose exclude since we just were not sure what to do We then got the message that there were still more viruses on the computer The six we excluded were in files for Zango and Netscape I reluctantly went into the registry and deleted any files related to those names Also deleted Openme exe file that I read was connected to the Trojan Horse virus At this point the only Norton message I was for Trojan Horse in the file C Windows System ssqro dll and it could not help with it I started another scan and at files I had viruses detected and fixed I was probably opening up to many other things at the same time and it locked up I decided to let it rest and myself Now I m home and looking for some advise on how to deal with this Trojan Horse problem Can you please help Thanks much Putergal nbsp

Relevancy 87.29%

Hello,

I have been searching everywhere for a fix for my problem but I could not find a fix easy enough for me.
An IT friend of mine suggested I should come in here as here are the most knowledgeable people around and I should seek help.

I have this virus and tried everything to remove it but I get this message saying that it can not be removed.I think I got infected when I clicked on a small window that look like a Flash update notice.

I am running Windows 7 Ultimate 32 bit OS with Service Pack 1 and AVG 9. I will upgrade to 12 if this would help.

Can you please give me some directions in how to get this virus removed? I would really appreciate it.

thanks in advance.
Felix

A:Trojan horse Patched_c.LYU in Windows/System32/services.exe

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster. NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer. NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appear Click OKDeFogger may ask you to reboot the machine, if it does - click OKDo not re-enable these drivers until otherwise instructed.Security CheckDownload Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.Download DDS:Please download DDS by sUBs from one of the links below and save it to your desktop:
Download DDS and save it to your desktop

Link1
Link2
Link3

Please disable any anti-malware program that will block scripts from running before running DDS.

Double-Click on dds.scr and a command window will appear. This is normal.Shortly after two logs will appear:
DDS.txt Attach.txtA window will open instructing you save & post the logsSave the logs to a convenient place such as your desktopCopy the contents of both logs & post in your next replyinformation and logs:In your next post I need the following

.logs from DDSlet me know of any problems you may have hadGringo

http://www.bleepingcomputer.com/forums/t/458361/trojan-horse-patched-clyu-in-windowssystem32servicesexe/
Relevancy 87.29%

I recently got a High Risk Trojan Horse threat alert from Norton Antivirus C WINDOWS System winuns dll Norton tells me to fix the windows registry but doesnt specify what needs to be erased I tried this and other things like editing the win ini file but it hasn't worked out This alert happened last week and since then my File C:\WINDOWS\System32\winuns32.dll - Log Trojan Horse computer crashes randomly whenever I run programs Also keep getting pop ups such as fixregnow com but they seem fake So I decided to search elsewhere and I found HiJackThis Here is my Log file Logfile of HijackThis v Trojan Horse C:\WINDOWS\System32\winuns32.dll - Log File Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS System Ati evxx exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Program Files TGTSoft StyleXP StyleXPService exe C Program Files Common Files Symantec Shared ccSetMgr exe C Program Files Norton Personal Firewall NISUM EXE C Program Files Common Files Symantec Shared ccEvtMgr exe C WINDOWS system spoolsv exe C Program Files Norton Personal Firewall ccPxySvc exe C Program Files Norton AntiVirus navapsvc exe C Program Files Norton AntiVirus AdvTools NPROTECT EXE C WINDOWS System svchost exe C Program Files Common Files Symantec Shared CCPD-LC symlcsvc exe C Program Files Norton AntiVirus SAVScan exe C WINDOWS system Ati evxx exe C WINDOWS Explorer EXE C Program Files Common Files Symantec Shared ccApp exe C WINDOWS System CTHELPER EXE C Program Files Java jre bin jusched exe C Program Files Common Files E E - F- - - Update exe C Program Files CursorXP CursorXP exe C Program Files Messenger msmsgs exe D Program Files Mozilla Firefox firefox exe C PROGRA Grisoft AVGFRE avgupsvc exe C PROGRA Grisoft AVGFRE avgamsvr exe C PROGRA Grisoft AVGFRE avgemc exe C Program Files Grisoft AVG Free avgcc exe C Documents and Settings Deeves Desktop VundoFix exe C WINDOWS regedit exe C WINDOWS system NOTEPAD EXE D Program Files Hijackthis HijackThis exe O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - D Program Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO CNavExtBho Class - BDF E -B - AD-A -FADC B - C Program Files Norton AntiVirus NavShExt dll O - Toolbar amp Radio - E - F- D - E- A C - C WINDOWS System msdxm ocx O - Toolbar Norton AntiVirus - CDD BF- FFB- - AD - DF B D - C Program Files Norton AntiVirus NavShExt dll O - Toolbar Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dll O - Toolbar Webshots Toolbar - C D -ECB - b - -F DCC - D Program Files Webshots WSToolbar IE dll O - HKLM Run ccApp quot C Program Files Common Files Symantec Shared ccApp exe quot O - HKLM Run ccRegVfy C Program Files Common Files Symantec Shared ccRegVfy exe O - HKLM Run SSC UserPrompt C Program Files Common Files Symantec Shared Security Center UsrPrmpt exe O - HKLM Run WINDVDPatch CTHELPER EXE O - HKLM Run Jet Detection quot C Program Files Creative SBLive PROGRAM ADGJDet exe quot O - HKLM Run Advanced Tools Check C PROGRA NORTON AdvTools ADVCHK EXE O - HKLM Run Adobe Photo Downloader quot D Program Files Adobe Photoshop Album Starter Edition Apps apdproxy exe quot O - HKLM Run SunJavaUpdateSched C Program Files Java jre bin jusched exe O - HKLM Run DAEMON Tools quot d Program Files DAEMON Tools daemon exe quot -lang O - HKLM Run AVG CC C PROGRA Grisoft AVGFRE avgcc exe STARTUP O - HKCU Run CursorXP C Program Files CursorXP CursorXP exe -s O - HKCU Run MSMSGS quot C Program Files Messenger msmsgs exe quot background O - HKCU Run STYLEXP C Program Files TGTSoft StyleXP StyleXP exe -Hide O - Startup Webshots lnk D Program Files Webshots Launcher exe O - Global Startup Adobe Reader Speed Launch lnk D Program Files Adobe Acrobat Reader reader ... Read more

A:Trojan Horse C:\WINDOWS\System32\winuns32.dll - Log File

You may want to print out these instructions or save it as a text document, and use them as a reference. If you have any questions regarding the fix, please ask us before proceeding. It is also important for you to don't miss a step and perform everything in the right order.

=====================================

Download KillboxSave it to your Desktop.
In the event you already have Killbox, this is a new version that I need you to download.
Double-click on Killbox.exe to run it.
Select Delete on Reboot.
Click on the All Files button.
Copy the words below (blue) by highlighting all of them and pressing Ctrl + C on your keyboard.

C:\WINDOWS\SYSTEM32\winuns32.dll

Return to Killbox, go to the File menu, and choose Paste from Clipboard.
Click the Unregister .dll Before Deleting button.
Click the red-and-white Delete File button. Click Yes when prompted to restart your computer.
NOTES : If your computer does not restart automatically, please restart it manually.
If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.
=====================================

Reboot into Safe ModeRestart your computer.
Before the Windows logo appear, tap F8 repeatedly.
A menu should appear, select Safe Mode from the menu using your arrow keys and then hit Enter on your keyboard.
This will take a while than usual, so just wait.
=====================================



Please open HijackThis, click Do a system scan only, and then place a checkmark beside each of these entries:

O20 - Winlogon Notify: winuns32 - C:\WINDOWS\SYSTEM32\winuns32.dll

After placing all the checkmarks, close all windows (except HJT), and then hit Fix Checked. When it finishes, exit HJT.

=====================================

THIS IS AN IMPORTANT STEP, MAKE SURE YOU HAVE DONE THIS CORRECTLY :

Clear IE's Cookies and CacheClose all instances of Outlook Express and Internet Explorer.
Go to Control Panel ? Internet Options ? General tab.
Click the Delete Cookies.
Next to it, Click the Delete Files button.
When prompted, place a check in: Delete all offline content, click OK.
Clear Firefox' Cookies ( in case you also have the Firefox browser )Open Firefox.
Click Tools ? Options.
Click the Privacy tab, then the Cookies tab.
Click the Clear Cookies Now button.
Then click OK to exit.
Clean Temporary FilesGo to Start ? Run ? type: cleanmgr ? OK.
Choose (C:) and then click OK.
Make sure these are the only ones that are checked :Temporary Internet Files
Temporary Files
Recycle Bin

Click OK to remove them.
Click Yes to confirm the deletion.
=====================================

Restart your computer first, then :

Run an online scan at Panda's ActiveScan Please go here using Internet Explorer.
Once you are on the Panda site click the Scan your PC button.
A new window will open, click the big Check Now button.Enter your Country.
Enter your State/Province.
Enter your e-mail address and click send.
Select either Home User or Company.
Click the big Scan Now button.

If it wants to install an ActiveX component allow it.
It will start downloading the files it requires for the scan.
When the download is complete, click on My Computer to start the scan.
When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
NOTE: Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.

=====================================

In your next reply, please include these log(s):HijackThis log (new)
Panda

http://www.techsupportforum.com/forums/f284/trojan-horse-c-windows-system32-winuns32-dll-log-file-110008.html
Relevancy 87.29%

Hi I got these (Rootkit.Agent) -> No C:\WINDOWS\system32\drivers\eceuh.sys action taken. nasty viruses on my computer and you guys have been awesome in helping me in the past so I used that knowledge to clean out my computer but my computer still has some more funk C:\WINDOWS\system32\drivers\eceuh.sys (Rootkit.Agent) -> No action taken. in it that I need to get rid of and i dont know how to deal with it Here is a scan I ran and this is what comes up Please help I want to completely purge my comp if that is at all possible Thanks Geo Malwarebytes Anti-Malware Database version Windows Service Pack Internet Explorer PM mbam-log- - - - - txt Scan type Quick Scan Objects scanned Time elapsed minute s second s Memory Processes Infected Memory Modules Infected Registry Keys Infected Registry Values Infected Registry Data Items C:\WINDOWS\system32\drivers\eceuh.sys (Rootkit.Agent) -> No action taken. Infected Folders Infected Files Infected Memory Processes Infected No malicious items detected Memory Modules Infected C:\WINDOWS\system32\drivers\eceuh.sys (Rootkit.Agent) -> No action taken. No malicious items detected Registry Keys Infected No malicious items detected Registry Values Infected No malicious items detected Registry Data Items Infected No malicious items detected Folders Infected No malicious items detected Files Infected C WINDOWS system drivers eceuh sys Rootkit Agent - gt No action taken

A:C:\WINDOWS\system32\drivers\eceuh.sys (Rootkit.Agent) -> No action taken.

As no logs have been posted, I am shifting this topic from the specialized Malware Removal forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.Please describe the issues you are experiencing with your computer.

http://www.bleepingcomputer.com/forums/t/295382/cwindowssystem32driverseceuhsys-rootkitagent-no-action-taken/
Relevancy 87.29%

AVG reports in Pakes.U system32\drivers Trojan Rootkit-Pakes U in system drivers iastor sys I m unable to delete this file as it is in system folder I have pasted my HJT log please help me remove this Trojan Thanks in advance Logfile of Trend Micro HijackThis Pakes.U in system32\drivers v Pakes.U in system32\drivers Scan saved at on Platform Windows Vista SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C Windows system Dwm exe C Windows system taskeng exe C Windows Explorer EXE C Program Files Synaptics SynTP SynTPEnh exe C Program Files TOSHIBA ConfigFree NDSTray exe C Windows System igfxtray exe C Windows System hkcmd exe C Windows System igfxpers exe C Windows RtHDVCpl exe C Program Files Pakes.U in system32\drivers TOSHIBA Power Saver TPwrMain exe C Program Files TOSHIBA SmoothView SmoothView exe C Program Files TOSHIBA FlashCards TCrdMain exe C Program Files Common Files aol ee aolsoftware exe C Program Files iTunes iTunesHelper exe C Program Files Java jre bin jusched exe C Windows system igfxsrvc exe C Program Files Windows Sidebar sidebar exe C Program Files TOSHIBA TOSCDSPD TOSCDSPD exe C Windows ehome ehtray exe C Windows ehome ehmsas exe C Program Files Windows Media Player wmpnscfg exe C Windows system igfxext exe C Program Files TOSHIBA ConfigFree CFSwMgr exe C Program Files Synaptics SynTP SynTPHelper exe C Windows system wuauclt exe C Windows system SearchFilterHost exe C Windows system SearchProtocolHost exe C Program Files Trend Micro HijackThis HijackThis exe R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName O - Hosts localhost O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Program Files AVG AVG avgssie dll O - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dll O - BHO UrlHelper Class - BF -DF - f-B DA- D FC E E - C Program Files BearShare Applications BearShare MediaBar BearShareIEHelper dll file missing O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - C Program Files Google Google Toolbar GoogleToolbar dll O - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Program Files Google GoogleToolbarNotifier swg dll O - BHO Google Dictionary Compression sdch - C D FE-E D- -BB - C E E C E - C Program Files Google Google Toolbar Component fastsearch B C AC BB E dll O - BHO Java tm Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files Java jre bin jp ssv dll O - Toolbar BearShare MediaBar - D DEE F-DB - BEB- FF -E F A E A - C Program Files BearShare Applications BearShare MediaBar BearShareMediaBar dll file missing O - Toolbar no name - FFDE - - f -B D-FC A F C - no file O - Toolbar Google Toolbar - C B - - d - B - A CD F - C Program Files Google Google Toolbar GoogleToolbar dll O - HKLM Run Windows Defender ProgramFiles Windows Defender MSASCui exe -hide O - HKLM Run SynTPEnh C Program Files Synaptics SynTP SynTPEnh exe O - HKLM Run NDSTray exe NDSTray exe O - HKLM Run cfFncEnabler exe cfFncEnabler exe O - HKLM Run Adobe Reader Speed Launcher quot C Program Files Adobe Reader Reader Reader sl exe quot O - HKLM Run Google EULA Launcher c Program Files Google Google EULA GoogleEULALauncher exe IE PA O - HKLM Run Toshiba TEMPO C Program Files Toshiba TEMPRO Toshiba Tempo UI TrayApplication exe O - HKLM Run topi C Program Files TOSHIBA Toshiba Online Product Information topi exe -startup O - HKLM Run IgfxTray C Windows system ig... Read more

https://forums.techguy.org/threads/pakes-u-in-system32-drivers.877067/
Relevancy 87.29%

I've been browsing this site for about an hour now i've read a few things about a malwarebyte's removal software which doesnt seem to work i installed once missing a dll file i got it rebooted and still when i go to open the file no UI pops up but task manager shows it running mbam exe i believe So after some more googling i came across a yahoo questions thing which then lead me BACK to this site so now i've created an account and am seeking some help In the description i've stated im including a DDS report that i followed from this link - http www bleepingcomputer com forums t preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help - which ultimately lead me to starting a new post right here Below is my Horse with Trohan Pakes.l Infected Rootkit copy pasted DDS txt file ---------------------------------------------------------------------------DDS Ver - - - NTFSx Run by Amanda at on Fri Internet Explorer Microsoft Windows XP Professional QNAN GMT - AV AVG Anti-Virus Free On-access scanning enabled Updated DDD - FF- F- E B- D D BF Running Processes C WINDOWS system svchost -k DcomLaunchsvchost exeC WINDOWS System svchost exe -k netsvcsC WINDOWS system svchost exe -k WudfServiceGroupsvchost exesvchost exeC WINDOWS system spoolsv exeC WINDOWS Explorer EXEsvchost exeC Program Files Common Files Apple Infected with Trohan Horse Rootkit Pakes.l Mobile Device Support bin AppleMobileDeviceService exeC PROGRA AVG AVG avgwdsvc exeC Program Files Infected with Trohan Horse Rootkit Pakes.l Bonjour mDNSResponder exeC WINDOWS system nvsvc exeC WINDOWS system svchost exe -k imgsvcC Program Files ScanSoft OmniPageSE opware exeC PROGRA AVG AVG avgtray exeC WINDOWS system RUNDLL EXEC Program Files QuickTime qttask exeC Program Files iTunes iTunesHelper exeC WINDOWS system ctfmon exeC PROGRA AVG AVG avgemc exeC PROGRA AVG AVG avgrsx exeC PROGRA AVG AVG avgnsx exeC Program Files AVG AVG avgcsrvx exeC Documents and Settings Amanda Desktop zztoy exeC DOCUME Amanda LOCALS Temp is-V H J tmp zztoy tmpC Program Files iPod bin iPodService exeC Documents and Settings Amanda Local Settings Application Data Google Chrome Application chrome exeC Documents and Settings Amanda Local Settings Application Data Google Chrome Application chrome exeC Program Files Malwarebytes' Anti-Malware mbam exeC Program Files Common Files Microsoft Shared Source Engine OSE EXEC Documents and Settings Amanda Local Settings Application Data Google Chrome Application chrome exeC Documents and Settings Amanda Local Settings Application Data Google Chrome Application chrome exeC Documents and Settings Amanda Desktop dds scr Pseudo HJT Report uSearch Page hxxp www google comuSearch Bar hxxp www google com ieuInternet Settings ProxyOverride localmSearchAssistant hxxp www google com ieuURLSearchHooks AVG Security Toolbar BHO a bc a - f - -aa - d c - c program files avg avg toolbar IEToolbar dllmURLSearchHooks AVG Security Toolbar BHO a bc a - f - -aa - d c - c program files avg avg toolbar IEToolbar dllBHO D -C F - efb- B - ECA - No FileBHO RealPlayer Download and Record Plugin for Internet Explorer c e -b - bc - - c ca - c program files real realplayer rpbrowserrecordplugin dllBHO AVG Safe Search ca f - f e- b -a e- e e c c - c program files avg avg avgssie dllBHO XML Class bca - a - eaf- - c b d - c windows system msxml dllBHO EWPBrowseObject Class f e- - e - aaf- bc a a be - c program files canon easy-webprint EWPBrowseLoader dllBHO SSVHelper Class bb-d f - c-b eb-d daf d d - c program files java jre bin ssv dllBHO AVG Security Toolbar BHO a bc a - f - -aa - d c - c program files avg avg toolbar IEToolbar dllTB Easy-WebPrint c -e d- c -aa d- ac baba c - c program files canon easy-webprint Toolband dllTB AVG Security Toolbar ccc a -b ca- -b a - f dd - c program files avg avg toolbar IEToolbar dllTB EF BD -C FB- D - F- D F - No FileTB A A -BACC- D - - A E E - No FileuRun Google Update c documents and settings amanda local settings application data google up... Read more

A:Infected with Trohan Horse Rootkit Pakes.l

Edit* i bumped it and was then told not to, so i'm taking back my bump and recreating this post with an additional, hopefully helpful, post.

In this reply, i've attached my HJT log to go along with my original post with my other attachments.

hopefully my self-bumping wont delay, but in fact make things easier.

sorry, and THANKS!

http://www.bleepingcomputer.com/forums/t/249683/infected-with-trohan-horse-rootkit-pakesl/
Relevancy 86.86%

Hello i was informed recently that one of my computers is infected with a virus beyond detection from my current f-secure virus protection so after several full f-secure scans i then used malwarebytes and found Trojan rootkit: with system32\drivers\jsjqsr.sys Files Infected Trojan with rootkit: system32\drivers\jsjqsr.sys C Users Owner AppData Roaming avdrn dat Malware Trace then Trojan with rootkit: system32\drivers\jsjqsr.sys C Users Owner AppData Local Temp TME F tmp Trojan Downloader i then used Trojan Remover it detected a suspicious file system drivers jsjqsr sys but couldn t delete modify it after several attempts so this must be the culprit rootkit which GMER confirmed can someone please help me get rid of this thing thanksDDS Ver - - - NTFSx Run by Owner at on Fri Internet Explorer BrowserJavaVersion Microsoft Windows Vista Home Premium GMT AV F-Secure Anti-Virus for Workstations On-access scanning enabled Updated E ED - - B D-AF A- D F F SP Windows Defender disabled Updated D DDC A- F- FAE- E -DA C ACF SP F-Secure Anti-Virus for Workstations enabled Updated C B - D E- -B - E C A FW F-Secure Internet Security enabled D - - EB- - F BF Running Processes C Windows system wininit exeC Windows system lsm exeC Windows system svchost exe -k DcomLaunchC Windows system svchost exe -k rpcssC Windows System svchost exe -k secsvcsC Windows System svchost exe -k LocalServiceNetworkRestrictedC Windows System svchost exe -k LocalSystemNetworkRestrictedC Windows system svchost exe -k netsvcsC Windows system svchost exe -k GPSvcGroupC Windows system SLsvc exeC Windows system svchost exe -k LocalServiceC Windows system svchost exe -k NetworkServiceC Windows System spoolsv exeC Windows system svchost exe -k LocalServiceNoNetworkC Windows system Dwm exeC Windows system taskeng exeC Windows system CTsvcCDA exeC Acer Empowering Technology eDataSecurity eDSService exeC Program Files Synaptics SynTP SynTPEnh exeC Program Files Common Files Symantec Shared PIF B E DD - - c -B F- F FCA A PIFSvc exeC Acer Empowering Technology eLock Service eLockServ exeC Program Files Common Files Java Java Update jusched exeC Acer Empowering Technology eNet eNet Service exeC Windows RtHDVCpl exeC Windows System igfxpers exeC Program Files F-Secure Anti-Virus fsgk st exeC Program Files F-Secure Common FSMA EXEC Program Files F-Secure Anti-Virus FSGK EXEC Program Files Launch Manager LManager exeC Program Files Common Files LightScribe LSSrvc exeC Program Files F-Secure Common FSMB EXEC Program Files Common Files Symantec Shared PIF B E DD - - c -B F- F FCA A PifSvc exeC Windows system svchost exe -k NetworkServiceNetworkRestrictedC Windows system svchost exe -k imgsvcC Program Files F-Secure Common FCH EXEC Windows System svchost exe -k WerSvcGroupC Windows system SearchIndexer exeC Program Files F-Secure Anti-Virus fsqh exeC Acer Empowering Technology eRecovery eRecoveryService exeC Program Files F-Secure Common FAMEH EXEC Acer Empowering Technology ePower ePowerSvc exeC Program Files F-Secure Common FSM EXEC Acer Empowering Technology eDataSecurity eDSloader exeC Program Files Windows Media Player wmpnscfg exeC Windows system WUDFHost exeC Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exeC Windows system igfxsrvc exeC Windows system wbem wmiprvse exeC Program Files Windows Sidebar sidebar exeC Windows ehome ehtray exeC Windows system wbem wmiprvse exeC Windows system wbem unsecapp exeC Windows ehome ehmsas exeC Program Files F-Secure Anti-Virus fssm exeC Program Files F-Secure Common FNRB EXEC Program Files F-Secure FSAUA program fsaua exeC Program Files F-Secure Common FIH EXEC Windows System mobsync exeC Program Files Windows Media Player wmpnetwk exeC Program Files Last fm LastFM exeC Program Files F-Secure Anti-Virus fsav exeC Program Files F-Secure FSGUI fsguidll exeC Windows system igfxext exeC Program Files Symantec LiveUpdate AluSchedulerSvc exeC Windows system conime exeC Windows system notepad exeC W... Read more

A:Trojan with rootkit: system32\drivers\jsjqsr.sys

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREPlease download GMER from one of the following locations and save it to your desktop:Main MirrorThis version will download a randomly named file (Recommended)Zipped MirrorThis version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply.Exit GMER and re-enable all active protection when done.-- If you encounter any problems, try running GMER in Safe Mode.

http://www.bleepingcomputer.com/forums/t/313815/trojan-with-rootkit-system32driversjsjqsrsys/
Relevancy 86.43%

A few Trojan/Rootkit (Trojan.Win32/Alureon.gen.!U C:\WINDOWS\system32\gasfkygnybnltp.dll days ago my sister was infected with a rogue antispyware so i removed it and now im getting some reports back from my real C:\WINDOWS\system32\gasfkygnybnltp.dll Trojan/Rootkit (Trojan.Win32/Alureon.gen.!U anivirus that theres a rootkit in the C WINDOWS system gasfkygnybnltp dll directory I have no idea how to remove rootkits myself so i really need your help you guys Thanks Here is my HJT log C:\WINDOWS\system32\gasfkygnybnltp.dll Trojan/Rootkit (Trojan.Win32/Alureon.gen.!U Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS SYSTEM winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exec Program Files Microsoft Security Essentials MsMpEng exeC WINDOWS System svchost exeC Program Files Intel Wireless Bin EvtEng exeC Program Files Intel Wireless Bin S EvMon exeC WINDOWS Explorer EXEC WINDOWS system spoolsv exeC Program Files a-squared Free a service exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Bonjour mDNSResponder exeC Program Files TOSHIBA ConfigFree CFSvcs exeC WINDOWS Microsoft NET Framework v mscorsvw exeC WINDOWS system DVDRAMSV exeC WINDOWS eHome ehRecvr exeC WINDOWS eHome ehSched exeC Program Files Hotspot Shield bin openvpnas exeC Program Files Hotspot Shield HssWPR hsssrv exeC Program Files Java jre bin jqs exeC Program Files Malwarebytes' Anti-Malware mbamservice exeC Program Files iDumpPro NMSAccessU exeC Program Files Intel Wireless Bin RegSrvc exec TOSHIBA IVP swupdate swupdtmr exeC Program Files TOSHIBA TOSHIBA Applet TAPPSRV exeC Program Files Viewpoint Common ViewpointService exeC WINDOWS system dllhost exeC Program Files TOSHIBA TOSHIBA Controls TFncKy exeC WINDOWS system TDispVol exeC WINDOWS system igfxtray exeC WINDOWS system hkcmd exeC WINDOWS system igfxpers exeC WINDOWS ehome ehtray exeC WINDOWS eHome ehmsas exeC Program Files Toshiba Toshiba Applet thotkey exeC WINDOWS System svchost exeC Program Files Synaptics SynTP SynTPEnh exeC Program Files ltmoh Ltmoh exeC WINDOWS AGRSMMSG exeC Program Files TOSHIBA ConfigFree NDSTray exeC Program Files Synaptics SynTP Toshiba exeC Program Files Toshiba Tvs TvsTray exeC WINDOWS system TPSMain exeC Program Files TOSHIBA TOSHIBA Zooming Utility SmoothView exeC WINDOWS system dla DLACTRLW exeC toshiba ivp ism pinger exeC Program Files Intel Wireless bin ZCfgSvc exeC Program Files Hotspot Shield bin openvpntray exeC Program Files Intel Wireless Bin ifrmewrk exeC Program Files Canon MyPrinter BJMyPrt exeC WINDOWS system TPSBattM exeC Program Files QuickTime QTTask exeC Program Files Malwarebytes' Anti-Malware mbamgui exeC Program Files Microsoft Security Essentials msseces exeC Program Files Malwarebytes' Anti-Malware mbam exeC WINDOWS system ctfmon exeC WINDOWS system wscntfy exeC Program Files Messenger msmsgs exeC Program Files TOSHIBA TOSCDSPD toscdspd exeC Program Files AIM aim exeC PROGRA Intel Wireless Bin Dot XCfg exeC WINDOWS system RAMASST exeC Program Files Microsoft Office Office ONENOTEM EXEC Program Files PowerMenu PowerMenu exeC Program Files Secunia PSI psi exeC Program Files AIM aolsoftware exeC WINDOWS system msiexec exeC Program Files Wyzo wyzo exeC WINDOWS system rundll exeC Program Files Java jre bin java exeC WINDOWS system MsiExec exeC WINDOWS system MsiExec exeC WINDOWS system MsiExec exeC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Start Page http www toshibadirect com dpdstartR - HKLM Software Microsoft Internet Explorer Main Default Page URL http www toshibadirect com dpdstartR - HKCU Software Microsoft Internet Explorer Main Local Page R - HKLM Software Microsoft Internet Explorer Main Local Page O - Hosts localh... Read more

A:C:\WINDOWS\system32\gasfkygnybnltp.dll Trojan/Rootkit (Trojan.Win32/Alureon.gen.!U

Hello sinister65Welcome to Welcome to BleepingComputer Please request that this topic be closed please:http://www.malwarebytes.org/forums/index.p...mp;#entry146148Having 2 people help on the same issue is a waste of the helpers time.=====================Download OTL to your desktop.Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.When the window appears, underneath Output at the top change it to Minimal Output.Under the Standard Registry box change it to All.Check the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.===========Download This file. Note its name and save it to your root folder, such as C:\.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.Click on this link to see a list of programs that should be disabled.Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")Allow the driver to load if asked.You may be prompted to scan immediately if it detects rootkit activity.If you are prompted to scan your system click "Yes" to begin the scan.If not prompted, click the "Rootkit/Malware" tab.On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.Select all drives that are connected to your system to be scanned.Click the Scan button to begin. (Please be patient as it can take some time to complete)When the scan is finished, click Save to save the scan results to your Desktop.Save the file as Results.log and copy/paste the contents in your next reply.Exit the program and re-enable all active protection when done.

http://www.bleepingcomputer.com/forums/t/265758/cwindowssystem32gasfkygnybnltpdll-trojanrootkit-trojanwin32alureongenu/
Relevancy 86.43%

I have issues My AVG internet security resident shield regularly comes up with an alert stating that a threat has been detected It says File name c Windows System services exe Threat name trojan horse patched c LXT detected in with horse c:\Windows\System32\services.exe patched_c.LXT" "Trojan a infected on open beneath infected with a "Trojan horse patched_c.LXT" in c:\Windows\System32\services.exe this box there is usually a button which will move the malware into the quot virus vault quot But in this case there is nothing but a button giving me the option to ignore the threat AVG also finds this same malware during the whole computer scan but because services exe is a system file AVG says that the file is quot white listed quot and so AVG just ignores it AVG first found the trojan on So far i have been unable to remove it I am running Windows Service pack bit - therefore i have not posted a GMER log as advised in the instructions topic luha sirfef a AVG said in the whole computer scan days ago that it found luha sirefef a I did another whole computer scan today and it could not find the luha sirefef a I have disconnected my laptop from the internet due to the luha sirefef a and services exe trojan does this mean that the virus is gone I am a bit suspicious as i had not taken any steps to remove the sirefef other than deleting a registry file that was mentioned to be malicious on many websites HKEY CURRENT USER Software Microsoft Windows CurrentVersion Internet Settings quot Certoficate Revocation quot quot o quot Now that the virus is no longer being found in AVG i cannot be sure of the location in which it was found does it mean that becuase avg is no longer finding this virus it is no longer there - i repeat that i had not taken any steps against it apart from the deletion of the registry file mentioned I don t even know what luhe sirefef a is and it is not in the microsoft malware encyclopedia the dds report was taken when my infected laptop was disconnected from the internet thank you roy DDS Ver - - - NTFSAMD Internet Explorer Run by Surroy Samsung at on - - Microsoft Windows Home Premium GMT AV AVG Internet Security Enabled Updated A B -DEE -F A-FBCD-ADB C F SP AVG Internet Security Enabled Updated E A -F D -F D -C D- C DBE F D SP Windows Defender Disabled Updated D DDC A- F- fae- E -DA C ACF FW AVG Internet Security Enabled CC - -F -D - E EA B Running Processes C PROGRA AVG AVG avgrsa exe C Program Files x AVG AVG avgcsrva exe C windows system wininit exe C windows system lsm exe C windows system svchost exe -k DcomLaunch C windows system nvvsvc exe C windows system svchost exe -k RPCSS C windows System svchost exe -k LocalServiceNetworkRestricted C windows System svchost exe -k LocalSystemNetworkRestricted C windows system svchost exe -k netsvcs C windows system svchost exe -k LocalService C windows system svchost exe -k NetworkService C windows System spoolsv exe C Program Files x Common Files Adobe ARM armsvc exe C Program Files NVIDIA Corporation Display NvXDSync exe C Program Files Intel BluetoothHS BTHSAmpPalService exe C Program Files x Common Files Apple Mobile Device Support AppleMobileDeviceService exe C Program Files x AVG AVG avgfws exe C Program Files x AVG AVG avgwdsvc exe C Program Files x Intel Bluetooth devmonsrv exe C Program Files Bonjour mDNSResponder exe C windows system svchost exe -k bthsvcs C Program Files Intel BluetoothHS BTHSSecurityMgr exe C windows System svchost exe -k LocalServiceNoNetwork C Program Files x Canon IJPLM IJPLMSVC EXE C Program Files x Kodak AiO Center EKAiOHostService exe C Program Files x PANDORA TV PanService PandoraService exe C windows system taskhost exe C windows SysWOW PnkBstrA exe C Program Files x CyberLink Shared files RichVideo exe C Program Files x Microsoft Application Virtualization Client sftvsa exe C windows system svchost exe -k imgsvc C windows system Dwm exe C Program Files x Common Files AVG Secure Search ... Read more

A:infected with a "Trojan horse patched_c.LXT" in c:\Windows\System32\services.exe

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster. NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer. NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.Security CheckDownload Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 31. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Double click on combofix.exe & follow the prompts.When finished, it will produce a report for you. Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stallNote 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer"information and logs"In your next post I need the following
Log from Combofixlet me know of any problems you may have had
How is the computer doing now?Gringo

http://www.bleepingcomputer.com/forums/t/464083/infected-with-a-trojan-horse-patched-clxt-in-cwindowssystem32servicesexe/
Relevancy 86.43%

HI I m having a problem with a malware and I tryed to remove them using quot Malwarebytes Antimalware quot It detected a bunch of files infected It cleaned them successfull except for two files C WINDOWS system Drivers ntndis sys Rootkit Agent - gt Delete on reboot C WINDOWS system C:\WINDOWS\system32\Drivers\ntndis.sys (Rootkit.Agent) on Delete reboot. -> ipsecndis sys Rootkit Agent - gt Delete on reboot I ran the software several times and even I ran it in safe mode and after reboot the C:\WINDOWS\system32\Drivers\ntndis.sys (Rootkit.Agent) -> Delete on reboot. computer the software C:\WINDOWS\system32\Drivers\ntndis.sys (Rootkit.Agent) -> Delete on reboot. still detecting this files infected The problem is that after my computer got infected the internet conection does not work properly some time it finds the webpage sometimes does not IPconfig shows the right IP add but it could not find the webpage Would any body help me with this issue Attached is the log of Malwarebytes Malwarebytes Anti-Malware www malwarebytes orgDatabase version Windows Service Pack Internet Explorer PMmbam-log- - - - - txtScan type Quick scanObjects scanned Time elapsed minute s second s Memory Processes Infected Memory Modules Infected Registry Keys Infected Registry Values Infected Registry Data Items Infected Folders Infected Files Infected Memory Processes Infected No malicious items detected Memory Modules Infected No malicious items detected Registry Keys Infected No malicious items detected Registry Values Infected No malicious items detected Registry Data Items Infected No malicious items detected Folders Infected No malicious items detected Files Infected C WINDOWS system Drivers ntndis sys Rootkit Agent - gt Delete on reboot C WINDOWS system ipsecndis sys Rootkit Agent - gt Delete on reboot THIS IS THE LOGS FOR THE REST OF THE SCAN I DID DDS TXT DDS Ver - - - NTFSx Run by vera at on Mon Internet Explorer Microsoft Windows XP Professional GMT - Running Processes C WINDOWS system svchost -k DcomLaunchsvchost exeC WINDOWS System svchost exe -k netsvcssvchost exesvchost exeC WINDOWS Explorer EXEC WINDOWS system spoolsv exeC WINDOWS system igfxtray exeE Program Files iTunes iTunesHelper exeC Program Files LogMeIn Hamachi hamachi- -ui exeC Program Files Windows Live Messenger msnmsgr exeC WINDOWS system ctfmon exeC WINDOWS system rundll exeC WINDOWS System svchost exeC WINDOWS System svchost exeC WINDOWS System svchost exeC WINDOWS System svchost exesvchost exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files LogMeIn Hamachi hamachi- exeC WINDOWS System svchost exeC WINDOWS System svchost exeC WINDOWS system HPZipm exeC WINDOWS System svchost exe -k imgsvcE Program Files RealVNC VNC WinVNC exeC Program Files iPod bin iPodService exeC WINDOWS System svchost exe -k HTTPFilterC Program Files Internet Explorer iexplore exeC WINDOWS system NOTEPAD EXEC Documents and Settings vera Desktop dds scr Pseudo HJT Report uStart Page hxxp www google com uInternet Connection Wizard ShellNext iexploreuInternet Settings ProxyServer http uInternet Settings ProxyOverride lt local gt BHO Adobe PDF Link Helper df c-e ad- -a -fa c ebdc - c program files common files adobe acrobat activex AcroIEHelperShim dllBHO C C A-E - b - D - CECB - No FileBHO Windows Live Sign-in Helper d - c - abf- ecc- c - c program files common files microsoft shared windows live WindowsLiveLogin dllBHO Google Toolbar Helper aa ed - dd- d - -cf f - c program files google google toolbar GoogleToolbar dllBHO Google Toolbar Notifier BHO af de - d - -b fa-ce b ad d - c program files google googletoolbarnotifier swg dllTB Google Toolbar c b - - d - b - a cd f - c program files google google toolbar GoogleToolbar dllEB - a - b-a - c a a - No FileuRun msnmsgr quot c program files windows live messenger msnmsgr exe quot backgrounduRun ctfmon exe c windows system ctfmon exeuRun... Read more

A:C:\WINDOWS\system32\Drivers\ntndis.sys (Rootkit.Agent) -> Delete on reboot.

Closing topic, Op has reformatted.QUOTEMy computer just crash up... For some reason Windows Xp did not start. Is corrupted... I have to reinstall O.S. and application. Any ways, thanks for the intention, but do not advice the same process because it cause Windows to crash....Thank you for letting us know. In reality it was the malware /rootkit that is crashing the PC.

http://www.bleepingcomputer.com/forums/t/340521/cwindowssystem32driversntndissys-rootkitagent-delete-on-reboot/
Relevancy 85.57%

I did a Trendmicro Housecall scan and it found that trojan How do I go about getting rid of it I tried searching around but I didnt quite understand I also tried Killbox but that couldn't delete it either Here's my HJT log Log was analyzed using KRC HijackThis Analyzer - Updated on Get updates at http www greyknight com download htm programs Security Programs Detected C Program Files Zone Labs ZoneAlarm zlclient exe C Program Files Microsoft AntiSpyware gcasServ exe C Program Files Spybot - Search amp Destroy TeaTimer exe C Program Files Microsoft AntiSpyware gcasDtServ exe C WINDOWS SYSTEM ZoneLabs vsmon exe O - HKLM Run gcasServ quot trojan rootkit.e C:\WINDOWS\SYSTEM32\rdriv.sys C Program Files Microsoft AntiSpyware gcasServ exe quot O - HKCU Run SpybotSD TeaTimer C Program Files Spybot - Search amp Destroy TeaTimer exe Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C Program Files America Online a aoltray exe C Program Files America Online a waol exe C Program Files America Online a shellmon exe C Program Files Common Files Aol aoltpspd exe C Program Files HijackThis HijackThis exe R - HKCU Software Microsoft C:\WINDOWS\SYSTEM32\rdriv.sys trojan rootkit.e Internet Explorer Main Default Page URL http www dellnet com O - BHO Yahoo Companion BHO - D -C F - efb- B - ECA - C Program Files Yahoo Companion C:\WINDOWS\SYSTEM32\rdriv.sys trojan rootkit.e Installs cpn ycomp dll O - BHO no name - C B A - DB - A -A CB-D BBFEB - no file O - Toolbar Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn ycomp dll O - HKLM Run Zone Labs Client C Program Files Zone C:\WINDOWS\SYSTEM32\rdriv.sys trojan rootkit.e Labs ZoneAlarm zlclient exe O - HKCU Run jgpl C WINDOWS SYSTEM jgpl exe O - Global Startup America Online Tray Icon lnk C Program Files America Online a aoltray exe O - Extra context menu item Download using FlashGet - C Documents and Settings Pam Desktop jc link htm O - DPF Yahoo MahJong - http download games yahoo com game ts y ot x cab O - DPF E E - AF- - C -A ADCBF BD HouseCall Control - http housecall trendmicro com housecall xscan cab O - DPF BC F - A - D -BEB - AA B AE Symantec AntiVirus scanner - http security symantec com sscv S in AvSniff cab O - DPF - F - BB - D -FA D F A AB YInstStarter Class - http us dl yimg com download yaho st cab O - DPF C -EFAC- D- A- FADAC E EGamesPlugin Class - https www e-games com my com EGamesPlugin cab O - DPF E F- D - A - DD -E EEEC Symantec RuFSI Utility Class - http security symantec com sscv S bin cabsa cab O - DPF BA C -DAE - CE - BB- C A F B GSDACtl Class - http launch gamespyarcade com soft ch alaunch cab O - DPF D D - - D -BDCD- C F A B HouseCall Control - http a g akamai net ll xscan cab O - DPF B E - ECB- DA- C A- F A FF MsnMessengerSetupDownloadControl Class - http messenger msn com download Ms Downloader cab O - DPF D FCA ED- - DE- BD - A B NPKCX Control - http guard gunbound net nProtect keyCrypt npkcx cab O - HKLM System CCS Services Tcpip BA - A - CD- B -D E A A NameServer O - HKLM System CS Services Tcpip BA - A - CD- B -D E A A NameServer O - Service AOL Spyware Protection Service AOLService - Unknown owner - C Program Files Common Files AOL AOL Spyware Protection aolserv exe O - Service Windows lsass Service lsass - Unknown owner - C WINDOWS lsass exe O - Service npkcsvc - INCA Internet Co Ltd - C WINDOWS System npkcsvc exe O - Service TrueVector Internet Monitor vsmon - Zone Labs LLC - C WINDOWS SYSTEM ZoneLabs vsmon exe End of KRC HijackThis Analyzer Log hope someone can help

A:C:\WINDOWS\SYSTEM32\rdriv.sys trojan rootkit.e

Hello saucecake and Welcome to TSF!

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst. I will be back with a fix for your problem as soon as possible.

Please be patient with me during this time.

We also suggest that you Subscribe to this thread to be notified of fixes as soon as they are posted by our Team. You can do this simply by clicking the "Thread Tools" button located in the original thread line and selecting "Subscribe to this Thread".

http://www.techsupportforum.com/forums/f284/c-windows-system32-rdriv-sys-trojan-rootkit-e-58986.html
Relevancy 85.57%

SYSINFO Tech Support Guy System Info Utility version OS Version Microsoft Windows Home Premium Service Pack bit Processor Intel R Celeron R CPU GHz Intel Family Model Stepping Processor Count POSSIBLE ISSUE W HighjackThis For some reason your | c:\windows\System32\services.exec Horse Dropper.Generic_c.MMI Trojan system denied write access to the Hosts file If any hijacked domains are in this file HijackThis c:\windows\System32\services.exec | Trojan Horse Dropper.Generic_c.MMI may NOT be able to fix this If that happens you need to edit the file yourself HighjackThis LOG Logfile of c:\windows\System32\services.exec | Trojan Horse Dropper.Generic_c.MMI Trend Micro HijackThis v Scan saved at PM on Platform Windows SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C Program Files x Motorola MotoHelper MotoHelperAgent exe C Program Files x Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Users Owner AppData Roaming Spotify Data SpotifyWebHelper exe C Program Files x AVG AVG avgtray exe C Program Files x AVG Secure Search vprot exe C Program Files x Candleworks FXTS FXTSpp exe C Users Owner Desktop FXPRO terminal exe C Program Files x AVG AVG avgui exe C Program Files x Internet Explorer iexplore exe C Program Files x Internet Explorer iexplore exe C Program Files x Google Google Toolbar GoogleToolbarUser exe C Windows SysWOW Macromed Flash FlashUtil ActiveX exe C Users Owner Desktop SysInfo exe C Program Files x Internet Explorer iexplore exe C Users Owner Desktop HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Search Bar Preserve R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http espn go com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http g msn com CQNOT R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId amp homepage http g msn com CQNOT R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKLM Software Microsoft Internet Explorer Main Local Page C Windows SysWOW blank htm R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName F - REG system ini UserInit userinit exe O - BHO vShare Plugin - C - BB- -AF E- FAEDACF - C Program Files x vShare vshare toolbar dll O - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files x Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll O - BHO RealPlayer Download and Record Plugin for Internet Explorer - C E -B - BC - - C CA - C ProgramData Real RealPlayer BrowserRecordPlugin IE rpbrowserrecordplugin dll O - BHO AVG Do Not Track - EEF-CB F- F-AFEB-D E A B BA - C Program Files x AVG AVG avgdtiex dll O - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Program Files x AVG AVG avgssie dll O - BHO Windows Live ID Sign-in Helper - D - C - ABF- ECC- C - C Program Files x Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO AVG Security Toolbar - B C- C F- BF -B - A - C Program Files x AVG Secure Search AVG Secure Search toolbar dll O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - C Program Files x Google Google Toolbar GoogleToolbar dll O - BHO SkypeIEPluginBHO - AE - E C- ED - F B-F F A - C Program Files x Skype Toolbars Internet Explorer skypeieplugin dll O - BHO Java tm Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files x Java jre bin jp ssv dll O - Toolbar Microsoft Live Search Toolbar - E ED C- CB - d -B E -AB C C - c Program Files x MSN Toolbar msneshellx dll O - Toolbar vShare Plugin - C - BB- -AF E- FAEDACF - C Program Files x vShare vshare toolbar dll O - Toolbar no name - CCC A -B CA... Read more

A:c:\windows\System32\services.exec | Trojan Horse Dropper.Generic_c.MMI

Hi Charlesz and welcome to TSG. My name is Mark and I will be helping you.

Please provide the last log from Malwarebytes, then run another scan with it and post that log also.
Open Malwarebytes and click on the Logs tab.
Scroll down the list to find the relative scan dates.
Click on the entry and then click on Open.
Copy and paste the log into your next post.

Please run Malwarebytes and post the log as follows:

Open Malwarebytes and allow it to update with the latest definitions, then run a Quick Scan.
When finished, a message box will say "The scan completed successfully. Click Show Results to display all objects found".
Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
Make sure that everything is checked and then click Remove Selected.
When removal is completed, a log report will open in Notepad.
The log is automatically saved and can be viewed by clicking the Logs tab .
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
Exit Malwarebytes when done.
If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
 

https://forums.techguy.org/threads/c-windows-system32-services-exec-trojan-horse-dropper-generic_c-mmi.1058542/
Relevancy 85.57%

Hi AVG keeps telling me it s there but i cannot get rid of it This is the hijackthis log Logfile of Trend Micro HijackThis v BETA Scan saved at on Platform Windows XP Szervizcsomag WinNT Boot mode Normal Running processes in horse Solved: Downloader.Generic6.WIR c:\windows\system32\cfgmgr3.dll Trojan C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System S EvMon exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C Program Files Grisoft AVG Anti-Spyware guard exe C PROGRA Grisoft AVG avgamsvr exe C PROGRA Grisoft AVG avgupsvc exe C Solved: Trojan horse Downloader.Generic6.WIR in c:\windows\system32\cfgmgr3.dll Program Files Executive Software Diskeeper DkService exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE C WINDOWS System RegSrvc exe C WINDOWS System wbem wmiapsrv exe C WINDOWS system ZCfgSvc exe C WINDOWS System XConfig exe C Program Files Intel NCS PROSet PRONoMgr exe C PROGRA Grisoft AVG avgcc exe C Program Files Grisoft AVG Anti-Spyware avgas exe C WINDOWS System ctfmon exe C Program Files Internet Explorer iexplore exe C WINDOWS explorer exe C Documents and Settings V nky Sebastian Asztal HiJackThis v exe R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName Hivatkoz sok O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO no name - E D -D - FB- -EBAB B - C WINDOWS System Solved: Trojan horse Downloader.Generic6.WIR in c:\windows\system32\cfgmgr3.dll cfgmgr dll O - BHO Spybot-S amp Solved: Trojan horse Downloader.Generic6.WIR in c:\windows\system32\cfgmgr3.dll D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dll O - HKLM Run PRONoMgr exe C Program Files Intel NCS PROSet PRONoMgr exe O - HKLM Run AVG CC C PROGRA Grisoft AVG avgcc exe STARTUP O - HKLM Run AVG Anti-Spyware quot C Program Files Grisoft AVG Anti-Spyware avgas exe quot minimized O - HKCU Run CTFMON EXE C WINDOWS System ctfmon exe O - HKUS S- - - Run CTFMON EXE C WINDOWS System CTFMON EXE User HELYI SZOLG LTAT S O - HKUS S- - - Run AVG Run C PROGRA Grisoft AVG avgw exe RUNONCE User HELYI SZOLG LTAT S O - HKUS S- - - Run CTFMON EXE C WINDOWS System CTFMON EXE User H L ZATI SZOLG LTAT S O - HKUS S- - - Run CTFMON EXE C WINDOWS System ctfmon exe User SYSTEM O - HKUS DEFAULT Run CTFMON EXE C WINDOWS System ctfmon exe User Default user O - Extra context menu item E amp xport l s Microsoft Excel form tumba - res C PROGRA OFFICE OFFICE EXCEL EXE O - Extra button no name - B E C - FCB- CF-AAA - C - C Program Files Java jre bin npjpi dll O - Extra Tools menuitem Sun Java Console - B E C - FCB- CF-AAA - C - C Program Files Java jre bin npjpi dll O - Extra button Kutat s - B - CC- C -B BE- C C A - C PROGRA OFFICE OFFICE REFIEBAR DLL O - Extra button no name - DFB A - F - C -A - CAB FD A - C PROGRA SPYBOT SDHelper dll O - Extra Tools menuitem Spybot - Search amp Destroy Configuration - DFB A - F - C -A - CAB FD A - C PROGRA SPYBOT SDHelper dll O - DPF B-B - D-A D -FCFDF E C WUWebControl Class - http update microsoft com windowsupdate v V Controls en x client wuweb site cab O - SharedTaskScheduler Browseui el amp bet lt amp je - C -A BA- D -B B- A C E - C WINDOWS System browseui dll O - SharedTaskScheduler Komponenskateg ri k gyors t t raz si szolg ltat sa - C EF- B - d -BE - C - C WINDOWS System browseui dll O - Service AVG Anti-Spyware Guard - GRISOFT s r o - C Program Files Grisoft AVG Anti-Spyware guard exe O - Service AVG Alert Manager Server Avg Alrt - GRISOFT s r o - C PROGRA Grisoft AVG avgamsvr exe O - Service AVG Update Service Avg UpdSvc - GRISOFT s r o - C PROGRA Grisoft AVG avgupsvc exe O - Service Diskeeper - Executive Software International Inc - C Program Files Executive Software Diskeeper DkService exe O - Service Logikai lemezkezel amp fel gyeleti szolg ltat s dmadmin - Unknown owner - C WINDOWS System dmadmin exe O - Service E... Read more

A:Solved: Trojan horse Downloader.Generic6.WIR in c:\windows\system32\cfgmgr3.dll

https://forums.techguy.org/threads/solved-trojan-horse-downloader-generic6-wir-in-c-windows-system32-cfgmgr3-dll.670944/
Relevancy 85.57%

I was helping my Father in Law with his computer I was assisted 0xf4035a92 at Rootkit address Detected! Hooked MBR by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" by garmanma and he helped to clean the computer Many THANKS I decided to run the same diagnostics on my other computers while I MBR Rootkit Detected! Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf4035a92 was at it reassure myself that all was OK In that process I ran ATF cleaner Dr Web MBAM and SAS MBR Rootkit Detected! Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf4035a92 All showed clean computers Then I ran Root Repeal and really ran into issues I am going to ask for assistance to tackle the issues one computer at a time Here is the first post in the Am I infected forum http www bleepingcomputer com forums t root-repeal-log-help This computer is no longer connected to the internet nor the LAN I will do nothing further with it until I hear from someone here I was told to post the Root Repeal Log and the DDs log so here they are I have also attached the Attach txt from DDS Any help you can provide will be greatly appreciated DDS log DDS Ver - - - NTFSx Run by Dan Neinas at on Sat Internet Explorer Microsoft Windows XP Professional GMT - AV COMODO Antivirus On-access scanning enabled Updated A - F - ef -AFC -F E A B FW COMODO Firewall enabled A - F - ef -AFC -F E A B Running Processes C WINDOWS system svchost -k DcomLaunchsvchost exeC Program Files COMODO COMODO Internet Security cmdagent exeC WINDOWS system svchost exe -k netsvcssvchost exesvchost exeC WINDOWS Explorer EXEC WINDOWS system spoolsv exesvchost exeC Program Files Apache Software Foundation Apache bin httpd exeC Documents and Settings All Users Application Data EPSON EPW SSRP E S RP EXEC Program Files FileZilla Server FileZilla Server exeC Program Files Java jre bin jqs exeC Program Files Macrium Reflect ReflectService exeC WINDOWS system slserv exeC WINDOWS system svchost exe -k imgsvcC Program Files TeamViewer Version TeamViewer Service exeC Program Files Compact Wireless-G USB Adapter Wireless Network Monitor WLService exeC Program Files Compact Wireless-G USB Adapter Wireless Network Monitor WUSB GC exeC Program Files Apache Software Foundation Apache bin httpd exeC Program Files TeamViewer Version TeamViewer exeC Program Files HP HP Software Update HPWuSchd exeC Program Files COMODO COMODO Internet Security cfp exeC WINDOWS system ctfmon exeC Program Files HP Digital Imaging bin hpqtra exeC Program Files Apache Software Foundation Apache bin ApacheMonitor exeC WINDOWS system wscntfy exeC Program Files HP Digital Imaging bin hpqgalry exeC WINDOWS system wuauclt exeC Documents and Settings Dan Neinas Desktop dds scr Pseudo HJT Report uStart Page hxxp mail yahoo com BHO Java Plug-In SSV Helper dbc -a - b-bc - c c c a - c program files java jre bin jp ssv dllBHO JQSIEStartDetectorImpl Class e e f - ce- c -bc -eabfe f c - c program files java jre lib deploy jqs ie jqs plugin dlluRun ctfmon exe c windows system ctfmon exeuRun EPSON PictureMate PM c windows system spool drivers w x e fatibca exe fu c windows temp E S B tmp EF HKCU mRun hplampc c windows system hplampc exemRun FileZilla Server Interface c program files filezilla server FileZilla Server Interface exe mRun HP Software Update c program files hp hp software update HPWuSchd exe mRun COMODO Internet Security c program files comodo comodo internet security cfp exe -hStartupFolder c docume alluse startm programs startup hpdigi lnk - c program files hp digital imaging bin hpqtra exeStartupFolder c docume alluse startm programs startup hpimag lnk - c program files hp digital imaging bin hpqthb exeStartupFolder c docume alluse startm programs startup monito lnk - c program files apache software foundation apache bin ApacheMonitor exeIE e e dd -d - - b -f ba - windir Network Diagnostic xpnetdiag exeIE FB F -F - d -B... Read more

A:MBR Rootkit Detected! Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf4035a92

Hello bomber1712Welcome to BleepingComputer Hi that file cmdguard.sys is related to Comodo.==========================Download OTL to your desktop.Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.When the window appears, underneath Output at the top change it to Minimal Output.Under the Standard Registry box change it to All.Check the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.===========Download This file. Note its name and save it to your root folder, such as C:\.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.Click on this link to see a list of programs that should be disabled.Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")Allow the driver to load if asked.You may be prompted to scan immediately if it detects rootkit activity.If you are prompted to scan your system click "Yes" to begin the scan.If not prompted, click the "Rootkit/Malware" tab.On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.Select all drives that are connected to your system to be scanned.Click the Scan button to begin. (Please be patient as it can take some time to complete)When the scan is finished, click Save to save the scan results to your Desktop.Save the file as Results.log and copy/paste the contents in your next reply.Exit the program and re-enable all active protection when done.

http://www.bleepingcomputer.com/forums/t/268405/mbr-rootkit-detected-hooked-by-cwindowssystem32driverscmdguardsys-at-address-0xf4035a92/
Relevancy 85.14%

Please help My computer is infected with Trojan Horses There are of them Trojan Horse Pakes U Trojan Horse Downloader Generic NEA and Trojan Horse Generic ALS They keep coming back after removal They are alway in Temporary Internet Files directory and windows system directory I have AVG Spybot Ad-aware awido antispyware windows defender installed in my computer I also downloaded SmitfraudFix combofix exe KillBox exe Look Me-Destroyer exe VirtumundoBeGone exe VundoFix exe and autoruns exe after reading your forum However I didn t run some of them as I don t know how to use it Attached my HJT log Thank you Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C Horse Generic2.ALS Trojan Trojan Pakes.U, Generic2.NEA, Solved: Horse Downloader Horse Trojan WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system Ati evxx exe C WINDOWS system svchost exe C Program Files Windows Defender MsMpEng exe C WINDOWS Solved: Trojan Horse Pakes.U, Trojan Horse Downloader Generic2.NEA, Trojan Horse Generic2.ALS System svchost exe C WINDOWS system spoolsv exe c program files common files logitech lvmvfm LVPrcSrv exe C WINDOWS system Ati evxx exe C WINDOWS Explorer EXE C Program Files CyberLink PowerDVD PDVDServ exe C ACER PSM EXE C WINDOWS AGRSMMSG exe C Program Files Java jre bin jusched exe C WINDOWS SOUNDMAN EXE C WINDOWS ALCWZRD EXE C WINDOWS ALCMTR EXE C PROGRA Grisoft AVGFRE avgamsvr exe C Program Files iTunes iTunesHelper exe C Program Files ZyDAS Technology Corporation ZyDAS Wireless LAN ZDConfig EXE C Program Files Common Files PCSuite DataLayer DataLayer exe C Program Files acer eRecovery Monitor exe C PROGRA Grisoft AVGFRE avgupsvc exe C Program Files ewido anti-spyware guard exe C Program Files Nokia Nokia PC Suite LaunchApplication exe C WINDOWS system LVCOMSX EXE C Program Files Logitech Video CameraAssistant exe C WINDOWS system svchost exe C WINDOWS system ElkCtrl exe C Program Files Windows Defender MSASCui exe C PROGRA Grisoft AVGFRE avgcc exe C WINDOWS system ctfmon exe C PROGRA COMMON PCSuite Services SERVIC EXE C Program Files MSN Messenger MsnMsgr Exe C Program Files iPod bin iPodService exe D Downloaded software anti adware virus etc HJT HJT exe R - HKCU Software Microsoft Internet Explorer Main SearchAssistant about blank R - HKCU Software Microsoft Internet Explorer Main Start Page http sg yahoo com R - HKCU Software Microsoft Internet Connection Wizard ShellNext http O - BHO ThunderIEHelper Class - A D-D - B A- F - D F - C WINDOWS system xunleibho v dll O - BHO Yahoo Toolbar Helper - D -C F - EFB- B - ECA - C Program Files Yahoo Companion Installs cpn yt dll O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO no name - - F - D - - D F - C PROGRA SPYBOT SDHelper dll O - BHO QQBrowserHelperObject Class - EBD A- BC - B- A- A CA - C Program Files Tencent QQ QQIEHelper dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO no name - a f - - d- d -b b e fcca - C WINDOWS system ixt dll file missing O - HKLM Run LaunchApp Alaunch O - HKLM Run High Definition Audio Property Page Shortcut HDAudPropShortcut exe O - HKLM Run eRecoveryService C Windows System Check exe O - HKLM Run RemoteControl quot C Program Files CyberLink PowerDVD PDVDServ exe quot O - HKLM Run MPS C ACER PSM EXE O - HKLM Run IMJPMIG quot C WINDOWS IME imjp IMJPMIG EXE quot Spoil RemAdvDef Migration O - HKLM Run MSPY C WINDOWS system IME PINTLGNT ImScInst exe SYNC O - HKLM Run PHIME ASync C WINDOWS system IME TINTLGNT TINTSETP EXE SYNC O - HKLM Run PHIME A C WINDOWS system IME TINTLGNT TINTSETP EXE IMEName O - HKLM Run AGRSMMSG AGRSMMSG exe O - HKLM Run SunJavaUpdat... Read more

A:Solved: Trojan Horse Pakes.U, Trojan Horse Downloader Generic2.NEA, Trojan Horse Generic2.ALS

https://forums.techguy.org/threads/solved-trojan-horse-pakes-u-trojan-horse-downloader-generic2-nea-trojan-horse-generic2-als.498877/
Relevancy 84.71%

Hello I am in dire need of technical help My system performance has been very slow My virtual memory is always low and the AVG detects the viruses namely C windows system cmcfg dll and Trojan Horse Downloader Delf AN but cannot heal or remove them I am getting virus detected pop ups whenever I launch the Internet Explorer The following process names are infected C Windows Explorer exe C Program Files Internet Explorer Iexplorer exe It takes a long time to boot up my system Everytime it boots up the time and date resets to AM I believe that there are a lot of applications that are automatically loaded but I rarely horse Virus downloader C:/windows/system32/cmcfg3.dll delf.12.an Trojan Found: and need Most of the time I will be getting a message of low virtual memory and sometimes out of memory And during shut down it takes half an hour or more to complete it I am attaching the HJT log of my personal laptop that I ran last If you need me to run it again or use the DSS program then kindly inform me Thank you in advance Virus Found: C:/windows/system32/cmcfg3.dll and Trojan horse downloader delf.12.an Regards mhoji

A:Virus Found: C:/windows/system32/cmcfg3.dll and Trojan horse downloader delf.12.an

Hello and welcome to the BleepingComputer.com! In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Please post back and let me know if you're still experiencing problems and post the logs from RSIT:Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)regards _temp_

http://www.bleepingcomputer.com/forums/t/227986/virus-found-cwindowssystem32cmcfg3dll-and-trojan-horse-downloader-delf12an/
Relevancy 84.71%

Hello I am having problems with a Trojan horse BackDoor generic ARRA virus It is in my C WINDOWS system avica dll file I name)C:\WINDOWS\system32\avica.dll horse Generic10.ARRA Trojan BackDoor (file have tried everything to get rid of it I have spybot search and destroy AVG virus protection and hijackthis AVG will detect the virus and try Trojan horse BackDoor Generic10.ARRA (file name)C:\WINDOWS\system32\avica.dll to heal it unsuccessfully and quot put it in the vault quot when it puts it in the vault it Trojan horse BackDoor Generic10.ARRA (file name)C:\WINDOWS\system32\avica.dll does virtually nothing because I constantly get the threat detection from AVG I cannot manually delete the file because it always tells me that access is denied I ever tried to go through the command center and delete it that way but it still denies me access Here is my Hijackthis reportDDS Ver - - - NTFSx Run by Courtney at on Wed Internet Explorer BrowserJavaVersion Microsoft Windows XP Professional GMT - AV AVG Anti-Virus Free On-access scanning enabled Updated Running Processes C WINDOWS system svchost -k DcomLaunchC WINDOWS system svchost -k rpcssC WINDOWS System svchost exe -k netsvcsC Program Files Intel Wireless Bin EvtEng exeC Program Files Intel Wireless Bin S EvMon exeC Program Files Intel Wireless Bin WLKeeper exeC WINDOWS system svchost exe -k NetworkServiceC WINDOWS system svchost exe -k LocalServiceC Program Files Intel Wireless Bin ZcfgSvc exeC WINDOWS Explorer EXEC WINDOWS system spoolsv exeC PROGRA Intel Wireless Bin XConfig exeC PROGRA AVG AVG avgwdsvc exeC Program Files Bonjour mDNSResponder exeC Program Files Java jre bin jqs exeC Program Files Intel Wireless Bin RegSrvc exeC WINDOWS system svchost exe -k imgsvcC Program Files Viewpoint Common ViewpointService exeC PROGRA AVG AVG avgemc exeC PROGRA AVG AVG avgrsx exeC Program Files AVG AVG avgcsrvx exeC WINDOWS System alg exeC WINDOWS system igfxsrvc exeC WINDOWS system igfxpers exeC WINDOWS system ctfmon exeC Program Files Dell Photo AIO Printer dlbtbmgr exeC PROGRA AVG AVG avgtray exeC Program Files Dell Photo AIO Printer dlbtbmon exeC Program Files Java jre bin jusched exeC WINDOWS System svchost exe -k HTTPFilterC Program Files MSN Messenger usnsvc exeC Program Files Java jre bin jucheck exeC Program Files Mozilla Firefox firefox exeC PROGRA AVG AVG avgnsx exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC WINDOWS system ntvdm exeC Program Files Trend Micro HijackThis HijackThis exeC Documents and Settings Courtney My Documents dds scrC WINDOWS system wbem wmiprvse exe Pseudo HJT Report uStart Page www google com uSearch Page hxxp www google comuSearch Bar hxxp www google com ieuSearchMigratedDefaultURL hxxp www google com search q searchTerms amp sourceid ie amp rls com microsoft en-US amp ie utf amp oe utf uInternet Settings ProxyOverride localuSearchURL Default hxxp www google com keyword smSearchAssistant hxxp www google com iemURLSearchHooks AIM Toolbar Search Class f - dc - -bc - e fefafe - c program files aim toolbar aimtb dllBHO D -C F - efb- B - ECA - No FileBHO Adobe PDF Reader Link Helper e f-c d - d -b d- b d be b - c program files common files adobe acrobat activex AcroIEHelper dllBHO AVG Safe Search ca f - f e- b -a e- e e c c - c program files avg avg avgssie dllBHO dbf edb-ddf - e- - f e c b - c windows system avica dllBHO Spybot-S amp D IE Protection - f - d - - d f - c progra spybot SDHelper dllBHO Yahoo IE Services Button bab b b- bc- b - d - fc de a - c program files yahoo common yiesrvc dllBHO E D - A- EC-A -BA D E E - No FileBHO Windows Live Sign-in Helper d - c - abf- ecc- c - c program files common files microsoft shared windows live WindowsLiveLogin dllBHO AVG Security Toolbar a a -bacc- d - - a e e - c progra avg avg AVGTOO DLLBHO AIM Toolbar Loader b cda -b - eef-a - a ac dbf - c program files aim toolbar aimtb dllBHO Windows Live Toolbar Helper bdbd dad-c - a -... Read more

A:Trojan horse BackDoor Generic10.ARRA (file name)C:\WINDOWS\system32\avica.dll

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERER,K

http://www.bleepingcomputer.com/forums/t/219748/trojan-horse-backdoor-generic10arra-file-namecwindowssystem32avicadll/
Relevancy 84.28%

Infected with Trojan horse Rootkit-Agent DI in C Windows system drivers ndis sys usually opened by Etrust Antivirus InoRT exe got rid of it with but it came back - trying to find the root Rootkit-Agent.DI in Trojan with horse Infected drivers\ndis.sys cause Ideas Temporary internet files ndis sys was falsely restored from restore System is generally infected all over Just Infected with Trojan horse Rootkit-Agent.DI in drivers\ndis.sys got reinfected from external source I am not behind NAT DDS DDS Ver - - - NTFSx Run by Turloch O'Tierney at on Internet Explorer BrowserJavaVersion Microsoft Windows XP Home Edition GMT AV AVG Anti-Virus Free On-access scanning enabled Updated DDD - FF- F- E B- D D BF Running Processes C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs svchost exe svchost exe C WINDOWS system LEXBCES EXE C WINDOWS system LEXPPS EXE C WINDOWS system spoolsv exe svchost exe C PROGRA AVG AVG avgwdsvc exe svchost exe C Program Files CyberLink PowerCinema Infected with Trojan horse Rootkit-Agent.DI in drivers\ndis.sys Kernel TV CLCapSvc exe C Program Files CyberLink PowerCinema Kernel TV CLSched exe C Program Files Cisco Systems VPN Client cvpnd exe C Program Files CyberLink Shared Files CLML NTService CLMLServer exe C Program Files CyberLink Shared Files CLML NTService CLMLService exe C WINDOWS System svchost exe -k HTTPFilter C Program Files CA eTrust Antivirus InoRpc exe C Program Files CA eTrust Antivirus InoRT exe C PROGRA AVG AVG avgrsx exe C PROGRA AVG AVG avgnsx exe C Program Files Java jre bin jqs exe C oraclexe app oracle product server BIN tnslsnr exe C WINDOWS system svchost exe -k imgsvc C PROGRA AVG AVG avgemc exe C Program Files AVG AVG avgcsrvx exe C WINDOWS Explorer EXE C WINDOWS system VTTimer exe C WINDOWS SOUNDMAN EXE C WINDOWS system carpserv exe C Program Files USB Storage RW DskWatch exe C PROGRA CA ETRUST realmon exe C Program Files CyberLink PowerCinema PCMService exe C Program Files Lexmark Series lxbvbmgr exe C WINDOWS system rundll exe C Program Files Common Files Real Update OB realsched exe C Program Files Java jre bin jusched exe C PROGRA AVG AVG avgtray exe C Program Files Lexmark Series lxbvbmon exe C WINDOWS system ctfmon exe C Program Files AIM aim exe C Program Files Common Files AOL ee AOLHostManager exe C Program Files Messenger msmsgs exe C Program Files Common Files AOL ee AOLServiceHost exe C Program Files Windows Media Player WMPNSCFG exe C Program Files Toshiba Bluetooth Toshiba Stack TosBtMng exe C Program Files Common Files Real Update OB RealOneMessageCenter exe C Program Files Toshiba Bluetooth Toshiba Stack TosA dp exe C Program Files OpenOffice org program soffice exe C Program Files Toshiba Bluetooth Toshiba Stack TosBtHsp exe C Program Files Common Files AOL ee AOLServiceHost exe C Program Files OpenOffice org program soffice bin C Program Files AVG AVG avgui exe C Program Files Mozilla Firefox firefox exe C Program Files Java jre bin jucheck exe C Program Files AVG AVG avgscanx exe C Program Files AVG AVG avgcsrvx exe C Program Files AVG AVG avgcsrvx exe C cygwin bin bash exe C turloch separation permanenttmp dds scr Pseudo HJT Report uStart Page hxxp www upc ie BHO Yahoo Companion BHO d -c f - efb- b - eca - c program files yahoo companion installs cpn ycomp dll BHO AcroIEHlprObj Class e f-c d - d -b d- b d be b - c program files adobe acrobat activex AcroIEHelper dll BHO AVG Safe Search ca f - f e- b -a e- e e c c - c program files avg avg avgssie dll BHO AVG Security Toolbar a a -bacc- d - - a e e - c progra avg avg AVGTOO DLL BHO Java Plug-In SSV Helper dbc -a - b-bc - c c c a - c program files java jre bin jp ssv dll BHO JQSIEStartDetectorImpl Class e e f - ce- c -bc -eabfe f c - c program files java jre lib deploy jqs ie jqs plugin dll TB Yahoo Companion ef bd -c fb- d - f- d f - c program files yahoo companion installs cpn ycomp dll TB AVG Security Toolbar a a -bacc- d - - a e e - c progra avg avg AVGTOO D... Read more

A:Infected with Trojan horse Rootkit-Agent.DI in drivers\ndis.sys

Hi,I have bad news for you I see you're dealing with Virut on top of the other nasty malware you are dealing with. In that case, it's unfortunately a lost case - Game over situation and a format and reinstall is the fastest and especially the safest solution.You may want to read this why:Virut and other File infectors - Throwing in the Towel? So, I suggest you to start backup all of your valuable data/documents/pictures/movies/songs/etc.. Do NOT backup any applications/installers and Do NOT backup any .exe/.scr/.htm/.html/.xml/.zip/.rar files...This because these files may be infected as well. If you back them up and replace them afterwards, it will infect your computer again.Read here for instructions how to format and reinstall Windows: http://web.mit.edu/ist/products/winxp/adva...all-format.html

http://www.bleepingcomputer.com/forums/t/230143/infected-with-trojan-horse-rootkit-agentdi-in-driversndissys/