Windows Support Forum

Please help with this: "Win32/Agent.BDSK trojan" and missing file "mshbobqj.dll"

Q: Please help with this: "Win32/Agent.BDSK trojan" and missing file "mshbobqj.dll"

Hi folks here's my problem it's wrecking havoc on my laptop and it's non-stop I really appreciate anyone taking the time to look with and file trojan" missing this: "mshbobqj.dll" help Please "Win32/Agent.BDSK and help I'm very good at following your instructions and will respond right away I really need your help Thanks for looking and helping Here's the problem I am running Windows XP Media Center Edition I have ESET Smart Security Dell Please help with this: "Win32/Agent.BDSK trojan" and missing file "mshbobqj.dll" Inpiron Laptop Upon boot up before windows finshes loading I immediately get this box error quot quot EXE - Unable To Locate Component quot the asterisk is intended as a file or application name quot This application has failed to start because mshbobjq dll was not found Re-installing the application may fix this problem quot This box is coming up several times each time a new file or application is name is in place of the Please help with this: "Win32/Agent.BDSK trojan" and missing file "mshbobqj.dll" quot quot Also Google Chrome browser no longer functions and something looks very odd with my startup files and desktop tray This started happening after ESET found this from the log AM Real-time file system protection file C WINDOWS SYSTEM MSHBOBJQ DLL Win Agent BDSK trojan cleaned by deleting after the next restart - quarantined NT AUTHORITY SYSTEM Event occurred during an attempt to access the file by the application C Program Files Common Files AOL ee AOLSoftware exe AM Real-time file system protection file C WINDOWS SYSTEM MSHBOBJQ DLL Win Agent BDSK trojan cleaned by deleting after the next restart - quarantined NT AUTHORITY SYSTEM Event occurred during an attempt to access the file by the application C WINDOWS System svchost exe AM Real-time file system protection file C WINDOWS system mshbobjq dll Win Agent BDSK trojan cleaned by deleting after the next restart - quarantined NT AUTHORITY SYSTEM Event occurred during an attempt to run the file by the application C WINDOWS system logonui exe AM Real-time file system protection file C WINDOWS SYSTEM MSHBOBJQ DLL Win Agent BDSK trojan cleaned by deleting after the next restart - quarantined NT AUTHORITY SYSTEM Event occurred during an attempt to access the file by the application C WINDOWS system winlogon exe Here's my DDS log which barely worked from all of the quot missing dll quot errors DDS Ver - - Microsoft Windows XP ProfessionalBoot Device Device HarddiskVolume Install Date PMSystem Uptime PM hours ago Motherboard Dell Inc X Processor Intel reg Pentium reg M processor GHz Microprocessor mhz Disk Partitions C is FIXED NTFS - GiB total GiB free D is CDROM Disabled Device Manager Items Class GUID D E -E - CE-BFC - BE Description Broadcom x Integrated ControllerDevice ID PCI VEN E amp DEV C amp SUBSYS amp REV amp FA amp amp F Manufacturer BroadcomName Broadcom x Integrated ControllerPNP Device ID PCI VEN E amp DEV C amp SUBSYS amp REV amp FA amp amp F Service bcm sbxpClass GUID D E -E - CE-BFC - BE Description Net AdapterDevice ID V NIC C B E FC Manufacturer MicrosoftName Net AdapterPNP Device ID V NIC C B E FC Service NIC System Restore Points RP PM - System CheckpointRP AM - System CheckpointRP PM - System CheckpointRP AM - System CheckpointRP AM - System CheckpointRP AM - System CheckpointRP AM - Software Distribution Service RP AM - System CheckpointRP AM - Software Distribution Service RP AM - Last known good configurationRP PM - System CheckpointRP PM - System CheckpointRP PM - System CheckpointRP AM - System CheckpointRP PM - System CheckpointRP PM - System CheckpointRP PM - System CheckpointRP PM - System CheckpointRP AM - System CheckpointRP PM - Installed ESET Smart SecurityRP PM - System CheckpointRP PM - System CheckpointRP PM - System CheckpointRP PM - System CheckpointRP AM - Installed Windows Internet Explorer RP AM - System CheckpointRP PM - System CheckpointRP PM - System CheckpointRP PM - System CheckpointRP AM - System CheckpointRP AM - System CheckpointRP AM - System CheckpointRP AM - Installed Windows XP KB RP AM - Installed Windows NLSDownlevelMapping RP AM - Installed Windows IDNMitigationAPIs RP AM - Installed Windows Internet Explorer RP PM - System CheckpointRP PM - System CheckpointRP AM - System CheckpointRP PM - System CheckpointRP PM - System CheckpointRP AM - System CheckpointRP AM - System CheckpointRP AM - System CheckpointRP PM - Installed Java Update RP AM - Removed Jasc Paint Shop Photo Album RP AM - Removed Symantec Technical Support Web ControlsRP AM - Removed Virtual Earth D Beta RP AM - System CheckpointRP AM - System CheckpointRP AM - System CheckpointRP AM - System CheckpointRP PM - System CheckpointRP PM - System CheckpointRP PM - System CheckpointRP AM - System CheckpointRP PM - System CheckpointRP PM - Software Distribution Service RP PM - Software Distribution Service RP PM - Installed Windows Media Player RP PM - Installed Windows XP Media Center Edition KB RP PM - Installed Windows XP Wudf RP PM - Installed Windows XP MSCompPackV RP AM - Software Distribution Service RP AM - Software Distribution Service RP AM - System CheckpointRP PM - System CheckpointRP PM - System CheckpointRP AM - System CheckpointRP AM - System CheckpointRP AM - System CheckpointRP AM - System CheckpointRP AM - System CheckpointRP AM - Removed Adobe Reader RP AM - Installed Adobe Reader RP PM - System CheckpointRP AM - System CheckpointRP AM - System CheckpointRP PM - Software Distribution Service RP PM - Restore Operation Installed Programs DVD Converter Video ConverterAcrobat comAdobe AIRAdobe Flash Player ActiveXAdobe Flash Player PluginAdobe Reader Adobe SVG Viewer ALPS Touch Pad DriverAOL Coach Version Build en AOL Uninstaller Choose which Products to Remove AOLIconApple Mobile Device SupportApple Software UpdateATI Control PanelATI Display DriverBanctec Service AgreementBluetooth Stack for Windows by ToshibaBroadcom Management Programs CardRd CCHelpCCScoreChoice GuardConexant D MDC V x ModemCR Dell Digital Jukebox DriverDell DJ ExplorerDell Driver Reset ToolDell Picture Studio v Dell System RestoreDellSupportDigital Line DetectESET Online ScannerESET Smart SecurityESSAdptESSANUPESSBrwrESSCAMESSCDBKESScoreESSCTESSguiESShelpESSiniESSPCDESSPDockESSSONICESSTUTORESSvpahtESSvpotFortune Tiles GoldGoogle Video UploaderHijackThis HLPCCTRHLPIndexHLPPDOCKHLPRFOHotfix for Windows Internet Explorer KB Hotfix for Windows Media Format SDK KB Hotfix for Windows Media Format SDK KB Hotfix for Windows Media Player KB Hotfix for Windows Media Player KB Hotfix for Windows XP KB -v Hotfix for Windows XP KB Hotfix for Windows XP KB Intel reg PROSet Wireless SoftwareInternal Network Card Power ManagementInternet Explorer Default PageiTunesJasc Paint Shop Pro Studio Dell EditonJasc Paint Shop Pro Studio Dell Edition PatchJava Update Java Update KODAK EASYSHARE Gallery Upload ActiveX ControlKodak EasyShare softwareKSUMacromedia Flash PlayermCoremDrWiFiMetaFrame Presentation Server Web Client for Win mHlpDellMicrosoft NET Framework Microsoft NET Framework Hotfix KB Microsoft NET Framework Beta Microsoft NET Framework Service Pack Microsoft Application Error ReportingMicrosoft Compression Client Pack for Windows XPMicrosoft Internationalized Domain Names Mitigation APIsMicrosoft National Language Support Downlevel APIsMicrosoft Plus Digital Media Edition InstallerMicrosoft Plus Photo Story LEMicrosoft Report Viewer Redistributable Microsoft User-Mode Driver Framework Feature Pack Microsoft Visual C RedistributablemIWAmIWCAmLogViewmMHouseModem HelperMove Networks Media Player for Internet ExplorerMove Networks Player for Internet ExplorermPfMgrmPfWizmProSafeMSNmSSOMSVCRTMSXML SP KB MSXML SP KB MSXML SP KB mToolkitmWlsSafemXMLMy Way Search AssistantmZConfigNetWaitingNotifierOpenOffice org Installer OTtBPOTtBPSDKOttoPCDLNCHPicasa PowerDVD QuickSetQuickTimeRealPlayerRegCure Security Update for CAPICOM KB Security Update for Step By Step Interactive Training KB Security Update for Step By Step Interactive Training KB Security Update for Windows Internet Explorer KB Security Update for Windows Internet Explorer KB Security Update for Windows Internet Explorer KB Security Update for Windows Internet Explorer KB Security Update for Windows Internet Explorer KB Security Update for Windows Internet Explorer KB Security Update for Windows Internet Explorer KB Security Update for Windows Internet Explorer KB Security Update for Windows Internet Explorer KB Security Update for Windows Internet Explorer KB Security Update for Windows Internet Explorer KB Security Update for Windows Internet Explorer KB Security Update for Windows Internet Explorer KB Security Update for Windows Internet Explorer KB Security Update for Windows Media Player KB Security Update for Windows Media Player KB Security Update for Windows Media Player KB Security Update for Windows Media Player KB Security Update for Windows Media Player KB Security Update for Windows Media Player KB Security Update for Windows Media Player KB Security Update for Windows XP KB Security Update for Windows XP KB Security Update for Windows XP KB Security Update for Windows XP KB Security Update for Windows XP KB Security Update for Windows XP KB Security Update for Windows XP KB Security Update for Windows XP KB Security Update for Windows XP KB -v Security Update for Windows XP KB Security Update for Windows XP KB Security Update for Windows XP KB Security Update for Windows XP KB Security Update for Windows XP KB Security Update for Windows XP KB Security Update for Windows XP KB Security Update for Windows XP KB Security Update for Windows XP KB Security Update for Windows XP KB Security Update for Windows XP KB Security Update for Windows XP KB Security Update for Windows XP KB Security Update for Windows XP KB Security Update for Windows XP KB Security Update for Windows XP KB Security Update for Windows XP KB Segoe UISFRSFR Sonic Audio moduleSonic DLASonic EncodersSonic RecordNow CopySonic RecordNow DataSonic Update ManagerSUPERAntiSpyware Free EditionTurboTax Deluxe TurboTax ItsDeductible Update for Windows XP KB -v Update for Windows XP KB Update for Windows XP KB Update Rollup for Windows XP Media Center Edition VCAMCENViewpoint Media PlayerVPRINTOLWal-Mart Music Downloads StoreWebFldrs XPWexTech AnswerWorksWindows Genuine Advantage Notifications KB Windows Genuine Advantage v Windows Genuine Advantage Validation Tool KB Windows Installer Clean UpWindows Internet Explorer Windows Live CallWindows Live Communications PlatformWindows Live EssentialsWindows Live MessengerWindows Live Sign-in AssistantWindows Live Upload ToolWindows Media Format runtimeWindows Media Player Windows Media Player Windows Search Windows XP Media Center Edition KB Windows XP Service Pack WordPerfect Office Xvid final uninstallYontoo Layers Client for Internet Explorer Event Viewer Messages From Past Week PM error Dhcp - The IP address lease for the Network Card with network address CE C CA has been denied by the DHCP server The DHCP Server sent a DHCPNACK message PM error Dhcp - Your computer was not assigned an address from the network by the DHCP Server for the Network Card with network address CE C CA The following error occurred The operation was canceled by the user Your computer will continue to try and obtain an address on its own from the network address DHCP server PM error Dhcp - The IP address lease for the Network Card with network address CE C CA has been denied by the DHCP server The DHCP Server sent a DHCPNACK message PM error Dhcp - The IP address lease for the Network Card with network address CE C CA has been denied by the DHCP server The DHCP Server sent a DHCPNACK message End Of File

Relevancy 100%
Preferred Solution: Please help with this: "Win32/Agent.BDSK trojan" and missing file "mshbobqj.dll"

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/directdownload.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Please help with this: "Win32/Agent.BDSK trojan" and missing file "mshbobqj.dll"

.

http://www.bleepingcomputer.com/forums/t/201559/please-help-with-this-win32agentbdsk-trojan-and-missing-file-mshbobqjdll/
Relevancy 86.49%

Hi I recently obtained a virus approx day after downloading google chrome not sure if this is releated I am using a Lenovo T running windows server bit with eset nod Win32/Agent.BDSK Infected trojan with AV Directly after nod detected Win Agent BDSK trojan and said it deleted the dll I get this when trying to lauch almost any application quot This application has failed to start because msfebl dll was not found Re-installing the application may fix this problem quot AM Real-time file Infected with Win32/Agent.BDSK trojan system protection file C WINDOWS SYSTEM MSFEBL DLL Win Agent BDSK trojan cleaned by deleting after the next restart After a reboot this happens multiple times on startup any everytime I try to launch almost any application I noticed on another thread where Fury had this same virus DVK was able to correct and remove the virus by providing a CFScript Perhaps that CFSript could correct my issue Also please let me know if you require any additional information Any help would be greatly appreciated Thank you Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C Program Files x DirecTV DirecTV Kernel DMP CLHNService exe C Program Files x Dell SysMgt dataeng bin dsm sa eventmgr exe C Program Files x Dell SysMgt dataeng bin dsm sa datamgr exe C Program Files x DirectUpdate v DUEngine exe C Program Files x Juniper Networks Common Files dsNcService exe C Program Files ESET ESET NOD Antivirus x ekrn exe c tools Srvany exe C Program Files x Dell SysMgt sm mr kserv exe C Program Files x Dell SysMgt oma bin dsm om shrsvc exe C Program Files x CyberLink Shared files RichVideo exe C Program Files x Dell SysMgt iws bin win dsm om connsvc exe C Program Files x Alcohol Soft Alcohol StarWind StarWindServiceAE exe C Program Files x VMware VMware Converter vmware-ufad exe C WINDOWS syswow snmp exe C Program Files x Viewpoint Common ViewpointService exe C Program Files x Common Files VMware VMware Virtual Image Editing vmount exe C WINDOWS SysWOW vmnat exe C Program Files x VMware VMware Workstation vmware-authd exe C WINDOWS SysWOW vmnetdhcp exe C Documents and Settings Default User Application Data mjusbsp magicJack exe C Program Files x AIM aim exe C Program Files x DirectUpdate v DUControl exe C WINDOWS SysWOW ctfmon exe H uncap files tftp tftpd exe C Program Files x Java jre bin jusched exe C Program Files x CyberLink PowerDVD PDVDServ exe C Program Files x VMware VMware Workstation vmware-tray exe C Program Files x AIM aolsoftware exe C Program Files x Viewpoint Viewpoint Manager ViewMgr exe C Program Files x Winamp winamp exe C Program Files x Internet Explorer iexplore exe C Program Files x Internet Explorer iexplore exe C Program Files x Adobe Reader Reader AcroRd exe C Program Files x Internet Explorer iexplore exe C Program Files x Internet Explorer iexplore exe C Program Files x Internet Explorer iexplore exe C Program Files x AIM aim exe C WINDOWS SysWOW ctfmon exe C Program Files x DirectUpdate v DUControl exe C Program Files x Java jre bin jusched exe C Program Files x CyberLink PowerDVD PDVDServ exe C Program Files x VMware VMware Workstation vmware-tray exe C Program Files x AIM aolsoftware exe C Program Files x NewsBin nbpro exe C Program Files x AIM anotify exe C Program Files x Internet Explorer iexplore exe C Program Files x Internet Explorer iexplore exe C Program Files x Common Files AOL Loader aolload exe C Program Files x Internet Explorer iexplore exe C Program Files x Internet Explorer iexplore exe C Program Files x Internet Explorer iexplore exe C Program Files x Internet Explorer iexplore exe C R FWJFW nircmd com C Program Files x Internet Explorer iexplore exe C WINDOWS SysWOW inetsrv w wp exe C Program Files x Internet Explorer iexplore exe C Program Files x Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL res shdoclc dll softAdmin htm R - HKCU Software Micr... Read more

https://forums.techguy.org/threads/infected-with-win32-agent-bdsk-trojan.802956/
Relevancy 106.64%

Hey guys I completely forgot to add my HijackThis Log Sorry I am running Windows XP Media Center Edition this? heck trojan" is What the "Win32/Agent.BDSK I have ESET Smart Security Dell Inpiron Laptop Upon boot up keep getting file error quot quot EXE - Unable To Locate Component quot the asterisk is intended as a file or application name quot This application has failed to start because mshbobjq dll was not found Re-installing the application may fix this problem quot This box is coming up several times each time a new file or application is name is What the heck is this? "Win32/Agent.BDSK trojan" in place of the quot quot Also ESET found this from the log AM Real-time file system protection file C WINDOWS SYSTEM MSHBOBJQ DLL Win Agent BDSK trojan cleaned by deleting after the next restart - quarantined NT AUTHORITY SYSTEM Event occurred during an attempt to access the file by the application C Program Files Common Files AOL ee AOLSoftware exe AM Real-time file system protection file C WINDOWS SYSTEM MSHBOBJQ DLL Win Agent BDSK trojan cleaned by deleting after the next restart - quarantined NT AUTHORITY SYSTEM Event occurred during an attempt to access the file by the application C WINDOWS System svchost exe AM Real-time file system protection file C WINDOWS system mshbobjq dll Win Agent BDSK trojan cleaned by deleting after the next restart - quarantined NT AUTHORITY SYSTEM Event occurred during an attempt to run the file by the application C WINDOWS system logonui exe AM Real-time file system protection file C WINDOWS SYSTEM MSHBOBJQ DLL Win Agent BDSK trojan cleaned by deleting after the next restart - quarantined NT AUTHORITY SYSTEM Event occurred during an attempt to access the file by the application C WINDOWS system winlogon exe Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system Ati evxx exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Program Files Intel Wireless Bin EvtEng exe C Program Files Intel Wireless Bin S EvMon exe C Program Files Intel Wireless Bin WLKeeper exe C WINDOWS system spoolsv exe C Program Files Intel Wireless Bin ZcfgSvc exe C WINDOWS system Ati evxx exe C PROGRA Intel Wireless Bin XConfig exe C WINDOWS Explorer EXE C WINDOWS ehome ehtray exe C Program Files Apoint Apoint exe C Program Files Intel Wireless Bin ifrmewrk exe C Program Files ATI Technologies ATI Control Panel atiptaxx exe C Program Files Dell QuickSet quickset exe C WINDOWS system dla tfswctrl exe C Program Files Common Files InstallShield UpdateService ISUSPM exe C Program Files iTunes iTunesHelper exe C Program Files Common Files AOL ee AOLSoftware exe C Program Files Java jre bin jusched exe C Program Files ESET ESET Smart Security egui exe C Program Files Messenger msmsgs exe C Program Files Toshiba Bluetooth Toshiba Stack TosBtMng exe C Program Files Windows Desktop Search WindowsSearch exe C PROGRA COMMON AOL ACS AOLacsd exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C WINDOWS eHome ehRecvr exe C WINDOWS eHome ehSched exe C Program Files ESET ESET Smart Security ekrn exe C Program Files Java jre bin jqs exe C Program Files Dell NICCONFIGSVC NICCONFIGSVC exe C Program Files Intel Wireless Bin RegSrvc exe C WINDOWS system svchost exe C WINDOWS wanmpsvc exe C WINDOWS system SearchIndexer exe C WINDOWS eHome ehmsas exe C WINDOWS system dllhost exe C Program Files Apoint Apntex exe C Program Files iPod bin iPodService exe C Program Files Internet Explorer IEXPLORE EXE C WINDOWS system SearchProtocolHost exe C Program Files Trend Micro HijackThis HijackThis exe R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL h... Read more

Relevancy 96.75%

KASPERSKY ONLINE SCANNER REPORTSaturday November Operating System Microsoft Windows XP Professional Service Pack build Kaspersky Online Scanner version Program database last update Friday November Records in database Scan settingsScan using the following database extendedScan archives yesScan mail databases yesScan area My ComputerC D E F Scan statisticsFiles scanned Threat name Infected objects Suspicious objects Duration of the scan File name Threat name Threats countC Documents and Settings All Users Application Data FreeApp exe Infected Infected: Backdoor.Win32.Agent.ubx IRC-Worm.Win32.Small.x, Trojan-Proxy.Win32.Agent.bcw, Trojan.Win32.Agent.arng, Trojan Win Agent arng C Qoobox Quarantine C Program Infected: Trojan.Win32.Agent.arng, Trojan-Proxy.Win32.Agent.bcw, IRC-Worm.Win32.Small.x, Backdoor.Win32.Agent.ubx Files tinyproxy tinyproxy exe vir Infected Trojan-Proxy Win Agent bcw C RECYCLER S- - - - - - - winse exe Infected IRC-Worm Win Small x C WINDOWS bolivar exe Infected Backdoor Win Agent ubx The selected area was Infected: Trojan.Win32.Agent.arng, Trojan-Proxy.Win32.Agent.bcw, IRC-Worm.Win32.Small.x, Backdoor.Win32.Agent.ubx scanned Infected: Trojan.Win32.Agent.arng, Trojan-Proxy.Win32.Agent.bcw, IRC-Worm.Win32.Small.x, Backdoor.Win32.Agent.ubx ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Logfile of random's system information tool written by random random Run by William Junior at - - Microsoft Windows XP Professional Service Pack System drive C has GB free of GBTotal RAM MB free Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC Program Files Intel Wireless Bin EvtEng exeC Program Files Intel Wireless Bin S EvMon exeC Program Files Lavasoft Ad-Aware aawservice exeC WINDOWS Explorer EXEC Program Files TortoiseSVN bin TSVNCache exeC WINDOWS system spoolsv exeC Program Files Apoint Apoint exeC WINDOWS RTHDCPL EXEC Program Files Java jre bin jusched exeC Program Files COMODO COMODO Internet Security cfp exeC Program Files iTunes iTunesHelper exeC WINDOWS system ctfmon exeC Program Files Spybot - Search amp Destroy TeaTimer exeC Program Files Internet Download Manager IDMan exeC Program Files Apoint Apntex exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Bonjour mDNSResponder exeC Program Files COMODO COMODO Internet Security cmdagent exeC Program Files Java jre bin jqs exeC WINDOWS system nvsvc exeC Program Files Intel Wireless Bin RegSrvc exeC WINDOWS system svchost exeC Program Files iPod bin iPodService exeC Program Files Internet Download Manager IEMonitor exeC Program Files Mozilla Firefox firefox exeC WINDOWS system winlogon exeC WINDOWS system wuauclt exeC Documents and Settings William Junior My Documents Downloads Programs RSIT exeC Program Files trend micro William Junior exeR - HKCU Software Microsoft Internet Explorer Main Start Page http www google ie R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId F - REG win ini load F - REG win ini run O - BHO IDM Helper - C - - B-A BF- B C A A - C Program Files Internet Download Manager IDMIECC ... Read more

A:Infected: Trojan.Win32.Agent.arng, Trojan-Proxy.Win32.Agent.bcw, IRC-Worm.Win32.Small.x, Backdoor.Win32.Agent.ubx

Hello and to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

http://www.bleepingcomputer.com/forums/t/182650/infected-trojanwin32agentarng-trojan-proxywin32agentbcw-irc-wormwin32smallx-backdoorwin32agentubx/
Relevancy 88.15%

I have an F-Secure internet security software suite on this computer and it is up-to-date and functioning Trojan-Spy.Win32.Agent.beaf, Trojan-Spy.Win32.Agent.bdzz, Infected with Adware.Win32.WebHancer.x and I also have MalwareBytes free installed and have been running it regularly and I use the ESET Infected with Trojan-Spy.Win32.Agent.bdzz, Trojan-Spy.Win32.Agent.beaf, and Adware.Win32.WebHancer.x Online Scanner as well The OS is Windows XP and it is up-to-date About three weeks ago I cleaned around three trojans from this computer using MBAM and the online scanner A few days ago Adware Win WebHancer x was found by F-Secure and is currently quarantined Today several instances of the two Trojan-Spy programs were found and quarantined by F-Secure they infect system files and system restore files I already looked up information on cleaning the system restore files by stopping and restarting system restore and scanning inbetween I deleted the quarantined files All of the Spy-Trojan s found are infecting in C hp recovery wizard fscommand The file names are AppRecoveryLink ret exeCDLogic ret exeCreatorLink ret exeRestoreLink ret exeRTCDLink ret exeRunLink ret exeSysRecoveryLink ret exeWizardLink ret exeThe Adware infected a dll file and I was advised not to delete it CDLogic ret exe is Agent bdzz the rest are Agent beafI have run my antivirus MBAM and the online scanner again and they picked up nothing Also the Adware and Trojan-Spy s were all found during MBAM scans but F-Secure picked them up I have attached a HiJackThis log and a DDS log GMER froze my computer partway through the scan when I used it I have ran a rootkit detection online scanner when the Adware appeared it was F-Secure Blacklight http www f-secure com en EMEA products t ies blacklight and it found no rootkits then

A:Infected with Trojan-Spy.Win32.Agent.bdzz, Trojan-Spy.Win32.Agent.beaf, and Adware.Win32.WebHancer.x

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREPlease download GMER from one of the following locations and save it to your desktop:Main MirrorThis version will download a randomly named file (Recommended)Zipped MirrorThis version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply.Exit GMER and re-enable all active protection when done.-- If you encounter any problems, try running GMER in Safe Mode.

http://www.bleepingcomputer.com/forums/t/301819/infected-with-trojan-spywin32agentbdzz-trojan-spywin32agentbeaf-and-adwarewin32webhancerx/
Relevancy 82.13%

I believe I was infected last night when a website somehow redirected me to liteautogreatest dot cn I m running XP Home SP and the ZoneAlarm Internet Security Suite just Trojan-Dropper.Win32.Agent.amzh, Infected Rootkit.Win32.Agent.ikz, with Trojans? Malware? updated earlier today ZoneAlarm continually finds a couple of problems and hibernates them but they do not go completely away after a Infected with Rootkit.Win32.Agent.ikz, Trojan-Dropper.Win32.Agent.amzh, Trojans? Malware? reboot The ZoneAlarm active monitor scan shows the following Trojan-Dropper Win Agent amzh was found in C Documents and Settings Don Local Settings Temp BNB tmp on Trojan-Dropper Win Agent amzh was found in C Documents and Settings Don Local Settings Temp BNA tmp on Trojan-Dropper Win Agent amzh was found in C Documents and Settings Don Local Settings Temp BN tmp on Trojan-Dropper Win Agent amzh was found in C Documents and Settings Don Local Settings Temp BN tmp on Trojan-Dropper Win Agent amzh was found in C Documents and Settings Don Local Settings Temp BN tmp on Trojan-Dropper Win Agent amzh was found in C Documents and Settings Don Local Settings Temp BN tmp on Rootkit Win Agent ikz was found in C WINDOWS system drivers systemntmi sys on Trojan-Dropper Win Agent amzh was found in C Documents and Settings Don Local Settings Temp BN tmp on Rootkit Win Agent ikz was found in C WINDOWS system drivers i si sys on Rootkit Win Agent ikz was found in C WINDOWS system drivers nicsk sys on earlier scans also found Rootkit Win Agent exThe ZoneAlarm log viewer shows that it is repeatedly blocking outbound traffic from svchost exe that is going to port email no with a DNS name of mxs mail ru this shows - attempts made every few minutes HiJackThis will not run and neither will RegEdit I saw those as symptoms of a similar Malware infection elsewhere on this page MalwareBytes Anti-Malware found the following Malwarebytes Anti-Malware Database version Windows Service Pack PMmbam-log- - - - - txtScan type Quick ScanObjects scanned Time elapsed minute s second s Memory Processes Infected Memory Modules Infected Registry Keys Infected Registry Values Infected Registry Data Items Infected Folders Infected Files Infected Memory Processes Infected No malicious items detected Memory Modules Infected No malicious items detected Registry Keys Infected HKEY CURRENT USER SOFTWARE Microsoft Windows CurrentVersion Ext Stats e df f- - d - -ebadf Rogue Installer - gt Quarantined and deleted successfully HKEY LOCAL MACHINE SYSTEM ControlSet Services systemntmi Rootkit Agent - gt Quarantined and deleted successfully HKEY LOCAL MACHINE SYSTEM CurrentControlSet Services systemntmi Rootkit Agent - gt Quarantined and deleted successfully Registry Values Infected No malicious items detected Registry Data Items Infected HKEY LOCAL MACHINE SYSTEM CurrentControlSet Control LSA Notification Packages Trojan Vundo H - gt Data capseap dll - gt Quarantined and deleted successfully Folders Infected No malicious items detected Files Infected C WINDOWS capseap dll Trojan Vundo H - gt Delete on reboot C WINDOWS system drivers systemntmi sys Rootkit Agent - gt Quarantined and deleted successfully After rebooting following the above scan a subsequent Malwarebytes scan turned up the following Malwarebytes Anti-Malware Database version Windows Service Pack PMmbam-log- - - - - txtScan type Quick ScanObjects scanned Time elapsed minute s second s Memory Processes Infected Memory Modules Infected Registry Keys Infected Registry Values Infected Registry Data Items Infected Folders Infected Files Infected Memory Processes Infected C WINDOWS exe Trojan Agent - gt No action taken Memory Modules Infected C WINDOWS Gqacohofafahin dat Trojan Agent - gt No action taken Registry Keys Infected HKEY LOCAL MACHINE SYSTEM CurrentControlSet Services amd si Rootkit Agent - gt No action taken HKEY LOCAL MACHINE SYSTEM CurrentControlSet Services ati si Rootkit Agent - gt No action taken HKEY LOCAL MACHINE SYSTEM Curren... Read more

A:Infected with Rootkit.Win32.Agent.ikz, Trojan-Dropper.Win32.Agent.amzh, Trojans? Malware?

Please download ATF Cleaner by Atribune & save it to your desktop. DO NOT use yet.alternate download linkThen download and install SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)In the Main Menu, click the Preferences... button.Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program.Do not run a scan just yet.Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox browser click Firefox at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser click Opera at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".Scan with SUPERAntiSpyware as follows:Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.On the left, make sure you check C:\Fixed Drive.On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".Make sure everything has a checkmark next to it and click "Next".A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.If asked if you want to reboot, click "Yes" and reboot normally.To retrieve the removal information after reboot, launch SUPERAntispyware again.Click Preferences, then click the Statistics/Logs tab.Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.Please copy and paste the Scan Log results in your next reply.Click Close to exit the program.If you cannot boot into safe mode, then perform your scans in normal mode.Now rescan again with MBAM but this time perform a Full Scan in normal mode and check all items found for removal. Don't forgot to check for database definition updates through the program's interface (preferable method) before scanning and to reboot afterward... Read more

http://www.bleepingcomputer.com/forums/t/220958/infected-with-rootkitwin32agentikz-trojan-dropperwin32agentamzh-trojans-malware/
Relevancy 82.13%

Hi It seems that I have trojan activity on my home pc I am running Vista and when I log in to my user profile I get a blue desktop with a box saying 'Warning Spyware detected on your computer Install an antivirus or spyware remover to clean your computer'I have tried a few malware removal programs Malwarebytes CCleaner Adaware and ran virus scans in an attemp to try and remove it myself without bothering you guys but I just can't shift it so I'm hoping - Trojan-spy.win32.keylogger.aa Trojan-clicker.win32.tiny.h, Vbs:malware-gen Trojan-downloader.win32.agent.bq, you may have the time to help What I have noticed is that I only get these warnings when I am logged into my user profile not as administrator or as another user on the pc I Vbs:malware-gen - Trojan-clicker.win32.tiny.h, Trojan-downloader.win32.agent.bq, Trojan-spy.win32.keylogger.aa also get no warnings when running in safe mode I run Avast and that brings up a warning soon after the blue desktop comes up that points to infection with C Users Guy AppsData Local Temp tt tmp vbs The numbers letters after the tt in this case change each time I log in It also states Malware Name VBS Malware-gen Malware Type Virus Worm VBS verison - which I try and delete from the warning box I then am greeted with a windows script host message box that will say the above file tt tmp vbs failed Access Vbs:malware-gen - Trojan-clicker.win32.tiny.h, Trojan-downloader.win32.agent.bq, Trojan-spy.win32.keylogger.aa Denied I also regularly get Windows security alert message boxes come up on the screen saying that Windows Firewall has detected activity of harmfull software with mention of one of many trojans These have been Trojan-Clicker Win Tiny hTrojan-Downloader Win Agent bqTrojan-Spy Win KeyLogger aaTrojan-Spy Win GreenScreenTrojan-Spy HTML Bankfraud dqThe only option these windows security alert message boxes give me is 'Enable Protection' which takes me to www antispyware-review info wmid amp pwebmid uWfLn pimL amp a which is Smartsoft reviews to buy PC Antispy or PC Clean pro I have ran Malwarebytes scan both in safe and normal mode and it identifies infected files which I clean but on the next startup there are still infected files and warning messages popping up I just can't seem to shift it I have also ran HijackThis Below are last nights Malwarebytes logs and HJT logs before and after cleaning with Malwarebytes see times of logs I hope the info I have given above is useful and hasn't been too confusing If you are able to help me with this it will be greatly appreciated ThanksGuyMalwarebytes' Anti-Malware Database version Windows Service Pack PM mbam-log- - - - - safe mode txtScan type Full Scan C Objects scanned Time elapsed minute s second s Memory Processes Infected Memory Modules Infected Registry Keys Infected Registry Values Infected Registry Data Items Infected Folders Infected Files Infected Memory Processes Infected No malicious items detected Memory Modules Infected No malicious items detected Registry Keys Infected HKEY CURRENT USER SOFTWARE uninstall Fake Dropped Malware - gt No action taken HKEY CURRENT USER SOFTWARE wkey Malware Trace - gt No action taken HKEY CURRENT USER SOFTWARE mwc Malware Trace - gt No action taken Registry Values Infected HKEY CURRENT USER SOFTWARE Microsoft Windows CurrentVersion Run lphctmdj ec e Trojan FakeAlert - gt No action taken HKEY CURRENT USER Control Panel Desktop wallpaper Hijack Wallpaper - gt No action taken HKEY CURRENT USER Control Panel Desktop originalwallpaper Hijack Wallpaper - gt No action taken HKEY CURRENT USER Control Panel Desktop convertedwallpaper Hijack Wallpaper - gt No action taken Registry Data Items Infected No malicious items detected Folders Infected No malicious items detected Files Infected No malicious items detected -----------------------------------------------------------------------------------------------Malwarebytes' Anti-Malware Database version Windows Service Pack PM mbam-log- - - - - txtScan type Full S... Read more

A:Vbs:malware-gen - Trojan-clicker.win32.tiny.h, Trojan-downloader.win32.agent.bq, Trojan-spy.win32.keylogger.aa

Hi,I am hoping you can help me.My computer keeps telling me it is infected with spyware/malware. I get a blue desktop on startup with regular warnings saying the computer is infected with:Trojan-Clicker.Win32.Tiny.hTrojan-Downloader.Win32.Agent.bqTrojan-Spy.Win32.KeyLogger.aaTrojan-Spy.Win32.GreenScreenTrojan-Spy.HTML.Bankfraud.dqStrange thing is that these only show up when I log in to my user account. If I log in as administrator, another user or as any user in safe mode I get no warnings and nothing shows up on scans.The pop up warings direct me to this site: www.antispyware-review.info/?wmid=46638&pwebmid=uWfLn0pimL&a= which is Smartsoft reviews to buy PC Antispy or PC Clean pro.Malwarebytes scan picks up Fake.Dropped.Malware, Malware.Trace, Trojan.FakeAlert and Hijack.Wallpaper and even if I remove these and restart the PC they come back.A spybot scan pointed to 2 entries of VirtumondeI'll attach the latest HJT log, Malwarebytes log and Spybot logs in case you need them. Please help me with this, I cant seem to shift it Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:54:34 AM, on 8/7/2008Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\Windows\RtHDVCpl.exeC:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exeC:\Program Files\Avast Antivirus\ashDisp.exeC:\Windows\System32\rundll32.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exeC:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Windows\System32\rundll32.exeC:\ProgramData\SmartShCom\hcfgfytg.exeC:\ProgramData\rcvsxmzo\nqlszova.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Windows\system32\wbem\unsecapp.exeC:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXEC:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\system32\SearchFilterHost.exeC:\Users\Guy\Desktop\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhostO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\... Read more

http://www.bleepingcomputer.com/forums/t/161790/vbsmalware-gen-trojan-clickerwin32tinyh-trojan-downloaderwin32agentbq-trojan-spywin32keyloggeraa/
Relevancy 81.27%

Hi here is my problem Everytime I download some movies or other things Win32.trojan.pws.onlinegames With Dropper.agent,logger.pcap.a,win32.generic.pws,win32.trojan.psw.delf And Infected by opening my computer overnight it must pop out a error window said -C Documents and setting KkianN Desktop is not accessible Not enough quota is available to process this command The icons only left on my screen were My Infected With Dropper.agent,logger.pcap.a,win32.generic.pws,win32.trojan.psw.delf And Win32.trojan.pws.onlinegames computer my network places and Internet explorer When I refresh my computer it came out the same message again this problem was occured when I opened my computer overnight by using Thunder this software to download things When I tried to shut down a message said You do not have permission to shut down this computer When I tried to use windows task manager to shut down once i click Ctrl Alt Del an application error message came out said -This application failed to initialize properly xc d Click on OK to terminate the application Then I just can reset my computer Actually I have posted in BleepingComputer com Infected With Dropper.agent,logger.pcap.a,win32.generic.pws,win32.trojan.psw.delf And Win32.trojan.pws.onlinegames gt Security gt Am I infected What do I do there Then I followed the instruction in quot Preparation Guide For Use Before Posting A Hijackthis Log quot Unfortunately i can't finish all the steps there For step I can't remove win generic pws win trojan psw delf Infected With Dropper.agent,logger.pcap.a,win32.generic.pws,win32.trojan.psw.delf And Win32.trojan.pws.onlinegames and Win trojan pws onlinegames by using Ad-aware While scanning by using spybot it stuck while scanning After that suddenly pop out a window said -Spybot-Search and destroy has detected an important registry entry that has been changed Category System Startup global entryChange Value deletedEvtry ravdh monold data C Program files Netmeeting ravdh mon exeMy decision is deny change because I don't know what is it For step it automatically turns off the Firewall although I manually turn on the Firewall For your information when I opened a program it will automatically close the program that I opened especially website such as www bleepingcomputer com So that I used another computer to post this message Here the Hijackthis log this log I copied from my infected virus computer Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system csrss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system svchost exeC WINDOWS system svchost exeC Program Files Lavasoft Ad-Aware aawservice exeC WINDOWS system spoolsv exeC Program Files Grisoft AVG Anti-Spyware guard exeC WINDOWS system nvsvc exeC WINDOWS system wdfmgr exeC WINDOWS System alg exeC WINDOWS system wscntfy exeC WINDOWS RTHDCPL EXEC WINDOWS system RUNDLL EXEC Program Files Lavasoft Ad-Aware AAWTray exeC Program Files Grisoft AVG Anti-Spyware avgas exeC WINDOWS system ctfmon exeC Program Files Common Files Ahead Lib NMBgMonitor exeC Program Files Common Files Ahead Lib NMIndexStoreSvr exeC Program Files Common Files Ahead Lib NMIndexingService exeC Program Files MSN Messenger usnsvc exeC WINDOWS system conime exeC Program Files Spybot - Search amp Destroy TeaTimer exeC WINDOWS explorer exeC Program Files Spybot - Search amp Destroy SpybotSD exeC Program Files Trend Micro HijackThis HijackThis exeC WINDOWS system wbem wmiprvse exeO - BHO Thunder AtOnce - AEC- FD - fd- C -E D C - C Program Files Thunder Network Thunder ComDlls TDAtOnce Now dllO - BHO ThunderBHO - D -C F - EFB- B - ECA - C Program Files Thunder Network Thunder ComDlls xunleiBHO Now dllO - BHO Yahoo Companion BHO - D -C F - efb- B - ECA - C Program Files Yahoo Compan... Read more

A:Infected With Dropper.agent,logger.pcap.a,win32.generic.pws,win32.trojan.psw.delf And Win32.trojan.pws.onlinegames

Hello, I had reformatted my computer since it could not open and stuck in the welcome window few days ago. So, now my computer is alright..thanks for viewing and trying to help me to fix the problem.

http://www.bleepingcomputer.com/forums/t/112093/infected-with-dropperagentloggerpcapawin32genericpwswin32trojanpswdelf-and-win32trojanpwsonlinegames/
Relevancy 80.84%

I have already deleted several items that keep popping up in my temp folder and used Hijackthis to get rid of some obvious problems but I might be missing something because it keeps replicating and Avast keeps catching Win32:Agent-BSU upon browser start-up.

Hijack this log: attached

Any Ideas?

A:csrssc.exe file and Win32:agent-BSU trojan virus

Hello Booch777Welcome to BleepingComputer ========================Please download DDS and save it to your desktop.Disable any script blocking protection Double click dds.scr to run the tool. When done, DDS.txt will open. Click Yes at the next prompt for Optional Scan. Save both reports to your desktop.---------------------------------------------------Please include the contents of the following in your next reply:DDS.txtAttach.txt. ================Download the GMER Rootkit Scanner. Unzip it to your Desktop.Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.Double-click gmer.exe. The program will begin to run.**Caution**These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!If possible rootkit activity is found, you will be asked if you would like to perform a full scan.Click NOIn the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.Now click the Scan button.
Once the scan is complete, you may receive another notice about rootkit activity.Click OK.GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt" Save it where you can easily find it, such as your desktop.Post the contents of GMER.txt in your next reply.

http://www.bleepingcomputer.com/forums/t/196531/csrsscexe-file-and-win32agent-bsu-trojan-virus/
Relevancy 80.84%

hi kaspersky scan included at the end came up with a few infections please help me with removal logs Logfile Worm.Win32.AutoRun.trh Trojan.Win32.Agent.asvc got Trojan-GameThief.Win32.Magania.amrr of random's system information tool written by random random Run by Yanai Michael at - - Microsoft Windows XP Home Edition Service Pack System drive C has GB free of GBTotal RAM MB free got Trojan.Win32.Agent.asvc Trojan-GameThief.Win32.Magania.amrr Worm.Win32.AutoRun.trh Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS System ibmpmsvc exeC WINDOWS system svchost exeC WINDOWS System svchost exeC Program Files Intel Wireless Bin EvtEng exeC Program Files Intel Wireless Bin S EvMon exeC WINDOWS system spoolsv exeC Program Files Bonjour mDNSResponder exeC Program Files CheckPoint SSL Network Extender slimsvc exeC Program Files Google Common Google Updater GoogleUpdaterService exeC Program Files IBM IBM Rapid Restore Ultra rrpcsb exeC Program Files Common Files Microsoft Shared VS Debug mdm exeC Program Files Microsoft LifeCam MSCamS exeC WINDOWS System QCONSVC EXEC Program Files Intel Wireless Bin RegSrvc exeC Program Files Analog Devices SoundMAX SMAgent exeC Program Files CheckPoint SecuRemote bin SR Service exeC Program Files CheckPoint SecuRemote bin SR WatchDog exeC WINDOWS System svchost exeC WINDOWS system TpKmpSVC exeC WINDOWS System svchost exeC WINDOWS Explorer EXEC WINDOWS system wscntfy exeC Program Files CheckPoint SecuRemote bin SR GUI ExeC WINDOWS system tp serv exeC WINDOWS system igfxtray exeC WINDOWS system hkcmd exeC PROGRA ThinkPad PkgMgr HOTKEY TPHKMGR exeC PROGRA ThinkPad UTILIT EzEjMnAp ExeC WINDOWS system dla tfswctrl exeC Program Files IBM Messages By IBM ibmmessages exeC IBMTOOLS UTILS ibmprc exeC Program Files ThinkPad ConnectUtilities QCWLICON EXEC Program Files ThinkPad PkgMgr HOTKEY TPONSCR exeC WINDOWS system rundll exeC Program Files ThinkPad PkgMgr HOTKEY TpScrex exeC Program Files Barak Barak L TP fts exeC Program Files Analog Devices SoundMAX SMax PNP exeC Program Files Java jre bin jusched exeC PROGRA ThinkPad CONNEC QCTray exeC Program Files SyncroSoft Pos H O cledx exeC Program Files QuickTime qttask exeC WINDOWS vVX exeC WINDOWS system ctfmon exeC Documents and Settings Yanai Michael Local Settings Application Data Google Update GoogleUpdate exeC Program Files Digital Line Detect DLG exeC Program Files ECI Telecoms ECI USB ADSL dslmon exeC Program Files Apache Software Foundation Apache bin ApacheMonitor exeC WINDOWS system calc exeC Program Files Common Files Real Update OB realsched exeC Program Files Mozilla Firefox firefox exeC Program Files Internet Explorer iexplore exeC Program Files Windows Media Player wmplayer exeC Documents and Settings Yanai Michael Local Settings Temp jkos-Yanai Michael binaries ScanningProcess exeC WINDOWS system NOTEPAD EXEC WINDOWS system NOTEPAD EXEC Documents and Settings Yanai Michael Desktop RSIT exeC Program Files trend micro Yanai Michael exeR - HKCU Software Microsoft Internet Explorer Main Start Page about blankR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localO - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO DriveLetterAccess - CA D E- - CF- E - - C WINDOWS system dla tfswshx dllO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C ... Read more

A:got Trojan.Win32.Agent.asvc Trojan-GameThief.Win32.Magania.amrr Worm.Win32.AutoRun.trh

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. After it has finished, two logs will open. Please post the contents of both. log.txt will be maximized and info.txt will be minimized. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. Thank you for your patience.If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instructed to do so! Let me know if any of the links do not work or if any of the tools do not work. Tell me about problems or symptoms that occur during the fix. Do not run any other programs or open any other windows while doing a fix. Ask any questions that you have regarding the fix(es), the infection(s), the performance of your computer, etc.Thanks.

http://www.bleepingcomputer.com/forums/t/186471/got-trojanwin32agentasvc-trojan-gamethiefwin32maganiaamrr-wormwin32autoruntrh/
Relevancy 80.84%

Hi, as I've seen a post earlier about this problem, I wanted to post to inquire about the same problem I have, which the "trojan-Downloader.Win32.Agent Variant" warning shows up when I try to open World of Warcraft, I've used Norton Anti Virus to scan but for some reason I found nothing.

As in the previous post it mentioned downloading hijickthis and posting the findings..I was wondering if anyone could assist me with this and the steps... much appreciated.

Regards,
Nick
 

A:Trojan-Downloader.Win32.Agent Variantder-win32-agent-variant.html

Here is the hijackthis log as follows, please assit on the next steps. thanks
Logfile of HijackThis v1.99.1
Scan saved at 1:44:31 AM, on 5/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Common Files\Virtual Token\vtserver.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\TPPALDR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Imation\ImationFlashDetect.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\PC Connectivity Solution\NclBTHandler.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Common Files\Symantec Shared\NMain.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijackthis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHe... Read more

https://forums.techguy.org/threads/trojan-downloader-win32-agent-variantder-win32-agent-variant-html.574374/
Relevancy 79.98%

Hi Please help me in getting rid of the pop ups which keep coming up trojan downloader win agent bqtrojan clicker win tiny htrojan spy win key logger aatrojan spy win green screentrojan spy html bankfraud dqHijakThis log file Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning Tiny.h Win32 / Win32 Screen Logger.aa/spy Win32 / Trojan Green Clicker With Infected Agent Bq Downloader Html Spy Win32 / B... Key processes C WINDOWS System smss exeC WINDOWS system csrss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system svchost exeC WINDOWS system svchost exeC Program Files Common Files Symantec Shared ccProxy exeC Program Files Common Files Symantec Shared ccSetMgr exeC Program Files Symantec Client Security Symantec Client Firewall ISSVC exeC Program Files Common Files Symantec Shared SNDSrvc exeC Program Files Common Files Symantec Shared SPBBC SPBBCSvc exeC Program Files Common Files Symantec Shared ccEvtMgr exeC WINDOWS system spoolsv exeC WINDOWS Explorer EXEC Program Files Hewlett-Packard HP Quick Launch Buttons QlbCtrl exeC Program Files Infected With Trojan Clicker Win32 Tiny.h / Downloader Win32 Agent Bq / Spy Win32 Key Logger.aa/spy Win32 Green Screen / Html B... hpq HP Wireless Infected With Trojan Clicker Win32 Tiny.h / Downloader Win32 Agent Bq / Spy Win32 Key Logger.aa/spy Win32 Green Screen / Html B... Assistant HP Wireless Assistant exeC Program Files HP QuickPlay QPService exeC Program Files Synaptics SynTP SynTPEnh exeC Program Files Winamp winampa exeC Program Files Common Files Symantec Shared ccApp exeC Program Files Hp HP Software Update HPWuSchd exeC Program Files Java j re bin jusched exeC Program Files Spyware Doctor pctsTray exeC Program Files Common Files Real Update OB realsched exeC PROGRA Sony SONICS SsAAD exeC PROGRA Comodo CBOClean BOC exeC Program Files Common Files LightScribe LightScribeControlPanel exeC WINDOWS system ctfmon exeC PROGRA WINDOW MESSEN msnmsgr exeC PROGRA Yahoo MESSEN YAHOOM EXEC Program Files Common Files Ahead lib NMBgMonitor exeC Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exeC Program Files Nokia Nokia PC Suite PCSuite exeC Program Files Nokia Nokia PC Suite PCSync exeC WINDOWS system absdubov exeC Program Files WIDCOMM Bluetooth Software BTTray exeC Program Files Hewlett-Packard HP Pavilion Webcam tsnp std exeC Program Files Sony Sony Picture Utility VolumeWatcher SPUVolumeWatcher exeC PROGRA WIDCOMM BLUETO BTSTAC EXEC Program Files Common Files Nokia MPAPI MPAPI s exeC Program Files Comodo CBOClean BOCORE exeC Program Files WIDCOMM Bluetooth Software bin btwdins exeC Program Files Symantec Client Security Symantec AntiVirus DefWatch exeC Program Files Google Common Google Updater GoogleUpdaterService exeC Program Files Common Files LightScribe LSSrvc exeC PROGRA McAfee MSC mcmscsvc exec PROGRA COMMON mcafee mna mcnasvc exec PROGRA COMMON mcafee mcproxy mcproxy exeC Program Files McAfee VirusScan McShield exeC Program Files McAfee MPF MPFSrv exeC Program Files McAfee MSK MskSrver exeC Program Files Symantec Client Security Symantec AntiVirus SavRoam exeC Program Files Spyware Doctor pctsAuxs exeC Program Files Spyware Doctor pctsSvc exec PROGRA mcafee com agent mcagent exeC WINDOWS system svchost exeC Program Files Symantec Client Security Symantec Client Firewall SymSPort exeC WINDOWS system wdfmgr exeC Program Files Hewlett-Packard Shared hpqwmiex exeC Program Files PC Connectivity Solution ServiceLayer exeC WINDOWS system wbem wmiprvse exeC Program Files PC Connectivity Solution Transports NclUSBSrv exeC Program Files PC Connectivity Solution Transports NclRSSrv exeC WINDOWS System alg exeC Program Files PC Connectivity Solution Transports NclMSBTSrv exeC Program Files PC Connectivity Solution Transports NclBCBTSrv exeC PROGRA hpq Shared HPQTO... Read more

A:Infected With Trojan Clicker Win32 Tiny.h / Downloader Win32 Agent Bq / Spy Win32 Key Logger.aa/spy Win32 Green Screen / Html B...

Sorry for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:Preparation Guide For Use Before Posting A Hijackthis LogPlease also post the problems you are having.

http://www.bleepingcomputer.com/forums/t/168101/infected-with-trojan-clicker-win32-tinyh-downloader-win32-agent-bq-spy-win32-key-loggeraaspy-win32-green-screen-html-bankfrauddq/
Relevancy 77.4%

I have been wondering what has been wrong with my XP Install for about a month now and I Win32/Agent.ODG Win32/RootKit.Agent.ODG or Virus Trojan just updated Nod to the latest version and as soon as the install was complete it came back at me with these Win Rootkit Agent ODG Trojan and Win32/RootKit.Agent.ODG Trojan or Win32/Agent.ODG Virus Win Agent ODG virus Tells me it is installed in the operating memory and it is unable to clean Anyone have any Ideas on this pesky Have tried to install and reinstall my paid for edition of SuperAntispyWare with no luck seems to block the instillation no matter how many times I try to install Have also tried to install Malwarebytes with no luck either seems to block what I m trying from the get go Have attached a HJT Log also if it will help I didn t see anything unusual but I sure could use some help here About a month ago I was on line doing some research and GOGGLING and all when I noticed the links in goggle were taking me to places that had nothing to do with the link Will stay in touch nbsp

A:Win32/RootKit.Agent.ODG Trojan or Win32/Agent.ODG Virus

Totally !!
 

https://forums.techguy.org/threads/win32-rootkit-agent-odg-trojan-or-win32-agent-odg-virus.826074/
Relevancy 77.4%

Hi I m a newbie and this is my first post Thanks ahead of Win32:Trojan-gen{Other}, and Trojan.Vundo, more Win32:Monder-GB[Trj], Adware.PopCap, Trojan.Agent time for existing and for helping me My computer is an HP AMD Athlon x GB Win32:Monder-GB[Trj], Win32:Trojan-gen{Other}, Adware.PopCap, Trojan.Vundo, Trojan.Agent and more RAM WIN XPsp desktop with lots of virus Trojan adware malwareNot sure where they all came from but the surfing the web for fantasy football stuff yesterday morning and landing on www athlonsports com or www grogansports com was the final virus Win32:Monder-GB[Trj], Win32:Trojan-gen{Other}, Adware.PopCap, Trojan.Vundo, Trojan.Agent and more that started me crashing and generating the wonderful Error Message Stop c a Fatal System Error The Session Manager Initialization System Process After failing to reboot multiple times and not being able to use my XP recovery disks the computer loaded up somehow in Normal Mode I disconnected from the Internet and I ran Avast Antivirus before it crashed again and it found the following virus etc Found by Avast AntivirusJS Redirector-B Trj in a temporary internet fileWMA Wimad Drp in a temporary internet fileWin Monder-GB Trj in c windows system opnmlccs dll file Win Trojan-gen Other in c Windows system prunnet exe file Win adware-gen Adw in a program that came with computer that I ve never used C program files online services peoplepc isp branding ppal ppc exe instdir ppcttoolbar dllI deleted quarantined those viruses and tried to do a system restore to a couple days before and it wouldn t let me do it although I had just saved a system restore on And the computer was clearly still not functioning completely normal I also ran CCleaner I had just downloaded and installed days ago a couple times and deleted the registry junk and temporary files on my computer Using a separate laptop I found your website and this link in particular and started following the initial stages of this posting http www bleepingcomputer com forums lof hp t htmlI ran quick scan of Malwarebytes Anti-Malware updated the definitions by downloading the update file separately and running it and found some more virus etc see log pasted below and deleted those one of which needed a reboot Then I ran quick scan of SUPERAntiSpyware in Normal Mode and found more virus see log pasted below and told it to delete them and now I m in the midst of running a complete scan of SUPERAntiSpyware in Safe Mode while I m posting this message I will post the log of the complete scan when its finished in the morning EST I used a separate laptop to post this message and to download all the software used in the post above and some but not all of the software recommended in this posting http www bleepingcomputer com forums topic html I used a memory stick to transfer them to the infected compute which is still disconnected from the Internet Given that a few of the viruses affected system files i m worried that even after I run all these virus malware trojan etc cleaners removers etc that my computer still won t run well Also the data on my harddrive is not backed-up in awhile including lots of digital photos for which my wife will castrate me if I lose them I have an external HD for backup but I haven t copied over files since the crashing began as I was afraid i would transfer a virus to my backup HD Thanks again for any help that s coming much much much appreciated Malwarebytes Anti-Malware Database version Windows Service Pack PMmbam-log- - - - - txtScan type Quick ScanObjects scanned Time elapsed minute s second s Memory Processes Infected Memory Modules Infected Registry Keys Infected Registry Values Infected Registry Data Items Infected Folders Infected Files Infected Memory Processes Infected No malicious items detected Memory Modules Infected No malicious items detected Registry Keys Infected HKEY CLASSES ROOT popcaploader popcaploaderctrl Adware PopCap - gt Quarantined and deleted succes... Read more

A:Win32:Monder-GB[Trj], Win32:Trojan-gen{Other}, Adware.PopCap, Trojan.Vundo, Trojan.Agent and more

Seneka Rootkit Please read this post by Quietman7http://www.bleepingcomputer.com/forums/ind...t&p=1074915and tell us how you want to procedeYou might want to procede with a partial cleanup so you can finish backing up those pictures

http://www.bleepingcomputer.com/forums/t/192399/win32monder-gbtrj-win32trojan-genother-adwarepopcap-trojanvundo-trojanagent-and-more/
Relevancy 76.54%

Hi I m running Windows XP - Internet Explorer v SP Yesterday Avast alerted me to a virus on my computer I neglected to write down the exact (Trj) [PUP] Agent-AMXO Win32: Win32: Kill Win32: [PUP], SpyInstall_HPPre.exe, & Trojan.FakeAlert.VGen, App-W Mirc-z message At the time only Gmail was open and an email was being written I ve had some issues with Avast occasionally reporting a false positive and since nothing was being downloaded at that time I took no action with Avast Instead I immediately did a Quick Scan with MalwareBytes to see if it would find anything MalwareBytes found and deleted the following C Documents and Settings HP Owner application data Trojan.FakeAlert.VGen, SpyInstall_HPPre.exe, Win32: Mirc-z [PUP], Win32: Kill App-W [PUP] & Win32: Agent-AMXO (Trj) Sun Java deployment cache b cac- c c Trojan Trojan.FakeAlert.VGen, SpyInstall_HPPre.exe, Win32: Mirc-z [PUP], Win32: Kill App-W [PUP] & Win32: Agent-AMXO (Trj) FakeAlert VGenC Documents and Settings HP Owner local settings temp exeTrojan FakeAlert VGenA second MalwareBytes scan was clean I looked quot Trojan FakeAlert VGen quot up on Google and then it clicked for the past few days Adobe Flash Player has been crashing an awful Trojan.FakeAlert.VGen, SpyInstall_HPPre.exe, Win32: Mirc-z [PUP], Win32: Kill App-W [PUP] & Win32: Agent-AMXO (Trj) lot When it crashes on Youtube for example it tells me the program is out of date and needs to be updated The weird thing was that sometimes it worked for a while before it crashed but I dismissed that as being some strange computer quirk I went to the Adobe web site and tried to install the newest version of Flash Player but was unable to I feel foolish but it never even occurred to me that a virus could be to blame It concerns me that assuming the Adobe Flash Player crashes are related the virus was on my computer for a few days but Avast only alerted me to it yesterday I disconnected my computer from the Internet and had Avast run a full scan overnight Avast found and deleted the following D I Apps APP src SpyInstall HPPre exeAvast then requested permission to reboot and do another scan which I granted On that scan it found the following C Documents and Settings HP Owner Doctor Web Quarantine mirc exe which it said was infected by Win Mirc-z PUP I selected quot Delete quot C hp bin KillIt exe which it said was infected by Win Kill App-W PUP I selected quot Delete quot File C System Volume Information restore A D- BB - E- - C B E RP A exe is infected by Win Mirc-Z PUP I selected quot Move to Chest quot File C System Volume Information restore A D- BB - E- - C B E RP A exe is infected by Win KillApp-W PUP I selected quot Move to Chest quot File D System Volume Information restore A D- BB - E- - C B E RP A exe is infected by Win Agent-AMXO Trj I selected quot Move to Chest quot With the aid of Secunia PSI I ve managed to bring my computer security up to It was initially at I m guessing my Adobe Flash Player Java weren t up to date and that s how I got the virus As for which web site the virus came from - I have no idea but I have recently done a lot of browsing on unfamiliar sites I feel I m in over my head with this - every time I think my computer is clean some other infection is identified I m also concerned because from what I ve read Trojan FakeAlert VGen is a serious threat and can be difficult to get rid of I m really hoping to avoid reformatting my computer but obviously security has to come first Right now the infected computer is shut off and disconnected from the Internet I m not sure how to proceed Guidance would be very much appreciated Thank you for your time

A:Trojan.FakeAlert.VGen, SpyInstall_HPPre.exe, Win32: Mirc-z [PUP], Win32: Kill App-W [PUP] & Win32: Agent-AMXO (Trj)

Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList last 10 Event Viewer logList Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform quick scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here.Be sure to restart the computer.The log can also be found here:C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txtOr at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt=============================================================================Please download GMER from one of the following locations and save it to your desktop:Main Mirror
This version will download a randomly named file (Recommended)Zipped Mirror
This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply.Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.IMPORTANT! If for some reason GMER refuses to run, try again.If it still fails, try to UN-check "Devices" in right pane.If still no joy, try to run it from Safe Mode.

http://www.bleepingcomputer.com/forums/t/409179/trojanfakealertvgen-spyinstall-hppreexe-win32-mirc-z-pup-win32-kill-app-w-pup-win32-agent-amxo-trj/
Relevancy 75.25%

It attacked IE first I used Ad-Aware and CCleaner It seemed to go away Then it came back and attacked Firefox I used Malwarebytes' Anti-Malware in conjunction with Ccleaner and it wouldn't go away After every use there would still be another DLL file to find and destroy even if Malwarebytes' Anti-Malware said it was successful Often the files that returned were different DLLs then before I have no Window's Explorer due to this infection Managed to run tasks anyway and found you guys on google when I entered in a DLL file name that I had originally found while scanning I can't recall the name of the offending DLL Ran the Kaspersky Scanner and the Highjack This Scanner All results are posted Trojan.Win32.Monder.aane Infected; Trojan.Win32.Agent.asjk, below KASPERSKY ONLINE SCANNER REPORTSaturday December Infected; Trojan.Win32.Agent.asjk, Trojan.Win32.Monder.aane Operating System Microsoft Windows XP Professional Service Pack build Kaspersky Online Scanner version Program database last update Saturday December Records in database Scan settingsScan using the following database extendedScan archives yesScan mail databases yesScan area Critical AreasC Documents and Settings All Users Start Menu Programs StartupC Documents and Settings Kienzle Start Menu Programs StartupC Program FilesC WINDOWSScan statisticsFiles scanned Threat name Infected objects Suspicious objects Duration of the scan File name Threat name Threats countC WINDOWS system hov BATU I X exe Infected Trojan Win Agent asjk C WINDOWS system ljJCvTmn dll Infected Trojan Win Monder aane Logfile of random's system information tool written by random random Run by Kienzle at - - Microsoft Windows XP Professional Service Pack System drive C has GB free of GBTotal RAM MB free Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC Program Files Lavasoft Ad-Aware aawservice exeC WINDOWS system spoolsv exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Bonjour mDNSResponder exeC WINDOWS eHome ehRecvr exeC WINDOWS eHome ehSched exeC WINDOWS System svchost exeC Program Files Intel Intel Matrix Storage Manager Iaantmon exeC Program Files Java jre bin jqs exeC Program Files Common Files Microsoft Shared VS DEBUG MDM EXEC WINDOWS system nvsvc exeC WINDOWS ehome RMSvc exeC WINDOWS system svchost exeC Program Files Canon CAL CALMAIN exeC WINDOWS system dllhost exeC WINDOWS system taskmgr exeC WINDOWS system ctfmon exeC Program Files Mozilla Firefox firefox exeC Downloaded Apps RSIT exeC Program Files trend micro Kienzle exeR - HKLM Software Microsoft Internet Explorer Main Default Page URL http www dell comR - HKLM Software Microsoft Internet Explorer Main Start Page http www dell comR - HKCU Software Microsoft Internet Connection Wizard ShellNext http www dell com R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localO - BHO no name - e -b af- a - f- d de - C WINDOWS system fezogevu dll file missing O - Toolbar Adobe PDF - -D C - - FA - E EAAC - C Program Files Adobe Acrobat Acrobat AcroIEFavClient dllO - Toolbar Contribute Toolbar - BDDE -E A - -B E- B B FC - C Program Files Adobe Adobe Contribute CS contributeieplugin dllO - Toolbar Mirar - AED DC- - B E-BE D- C F - C WINDOWS system winia dllO - HKLM Run ehTray C WINDOWS ehome ehtray exeO - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartupO - HKLM Run SigmatelSysTrayApp stsystra exeO - HKLM Run IAAnotif C Program Files Intel Intel Matrix Storage Manager Iaanotif exeO - HKLM Run DLA C WINDOWS System DLA DLACTRLW EXEO - HKLM Run ISUSPM Startup C PROGRA COMMON INSTAL UPDATE ISUSPM exe -startupO - HKLM Run ISUSScheduler quot C Program Files Common Files InstallShield UpdateS... Read more

A:Infected; Trojan.Win32.Agent.asjk, Trojan.Win32.Monder.aane

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I may ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.Please download ComboFix from one of these locations:Link 1Link 2Link 3Important!You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Make sure that you save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

http://www.bleepingcomputer.com/forums/t/184519/infected;-trojanwin32agentasjk-trojanwin32monderaane/
Relevancy 74.39%

This virus was unknowingly attached / Virus: With Win32.agent.gvu Trojan.downlader.agent.aejp Trouble to a game that was downloaded on my pc I am Trouble With Virus: Win32.agent.gvu / Trojan.downlader.agent.aejp using a different pc to post here as the virus prevents me from launching websites that offer support for its removal Other posts that I have read recommend running an online scanner from eset Unfortunately for me this would be one of the many sites the virus prohibits me from accessing If I attempt to locate a help site from a search engine I am redirected to other random sites If I Trouble With Virus: Win32.agent.gvu / Trojan.downlader.agent.aejp manually type the URL of a help site in the address bar the site is blocked I was able to run HijackThis and am providing this log Any assistance that you can offer will be greatly appreciated Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINNT System smss exeC WINNT system winlogon exeC WINNT system services exeC WINNT system lsass exeC WINNT system svchost exeC WINNT System svchost exeC WINNT system svchost exeC WINNT system spoolsv exeC WINNT system basfipm exeC Program Files Common Files Symantec Shared ccSetMgr exeC Program Files Cisco Systems VPN Client cvpnd exeC WINNT Explorer EXEC Program Files Symantec AntiVirus DefWatch exeC Program Files Symantec AntiVirus SavRoam exeC Program Files Spyware Terminator sp rsser exeC Program Files Symantec AntiVirus Rtvscan exec WINNT system ZuneBusEnum exeC Program Files Common Files Symantec Shared ccEvtMgr exeC WINNT system hkcmd exeC WINNT system dla tfswctrl exeC Program Files Microsoft IntelliType Pro type exeC Program Files Microsoft IntelliPoint point exeC Program Files Common Files Symantec Shared Trouble With Virus: Win32.agent.gvu / Trojan.downlader.agent.aejp ccApp exeC PROGRA SYMANT VPTray exeC WINNT system rundll exeC Program Files Spyware Terminator SpywareTerminatorShield exeC Program Files Common Files InstallShield UpdateService isuspm exeC Program Files Java jre bin jusched exeC WINNT system ctfmon exeC Program Files Mozilla Firefox firefox exeC Program Files Trend Micro HijackThis HijackThis exeC Program Files Internet Explorer Iexplore exeR - HKCU Software Microsoft Internet Explorer Main Default Page URL http www dell comR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dllO - BHO DriveLetterAccess - CA D E- - CF- E - - C WINNT system dla tfswshx dllO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO AcroIEToolbarHelper Class - AE CD -E - f- - EE - C Program Files Adobe Acrobat Acrobat AcroIEFavClient dllO - Toolbar Adobe PDF - -D C - - FA - E EAAC - C Program Files Adobe Acrobat Acrobat AcroIEFavClient dllO - HKLM Run Synchronization Manager SystemRoot system mobsync exe logonO - HKLM Run IgfxTray C WINNT system igfxtray exeO - HKLM Run HotKeysCmds C WINNT system hkcmd exeO - HKLM Run dla C WINNT system dla tfswctrl exeO - HKLM Run UpdateManager quot C Program Files Common Files Sonic Update Manager sgtray exe quot rO - HKLM Run type quot C Program Files Microsoft IntelliType Pro type exe quot O - HKLM Run IntelliPoint quot C Program Files Microsoft IntelliPoint point exe quot O - HKLM Run ccApp quot C Program Files Common Files Symantec Shared ccApp e... Read more

A:Trouble With Virus: Win32.agent.gvu / Trojan.downlader.agent.aejp

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please reply to this topic stating that you still need help and I will work with you on resolving your computer problems. If your problem has been resolved, please post a reply letting us know so we can close your topic.

Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, feel free to create a new one.

Once again, I apologize for the delay in responding to this topic.

http://www.bleepingcomputer.com/forums/t/168417/trouble-with-virus-win32agentgvu-trojandownladeragentaejp/
Relevancy 74.39%

old sony laptop with windows xp pro sp intel pentium with MB rami've got some nasty bugs on my laptop i can remove them with spybot or malwarebytes but they come back Laptop infected with and Trojan.Agent Spyware.Agent.H, win32.delf.uc, every time i restart the pc they are able to turn off windows firewall and symantec anti-virus autoprotect my laptop got infected after my desktop so both are only in safemode and off the network for now any help Laptop infected with win32.delf.uc, Spyware.Agent.H, and Trojan.Agent would be Laptop infected with win32.delf.uc, Spyware.Agent.H, and Trojan.Agent greatly appreciated from spybot win delf ucfrom malwarebytes HKEY LOCAL MACHINE SOFTWARE Microsoft Windows NT CurrentVersion Windows llpinit dlls Spyware Agent H - gt Quarantined and deleted successfully C WINDOWS system nvtpm dll Spyware Agent H - gt Delete on reboot C WINDOWS system D tmp Trojan Agent - gt Quarantined and deleted successfully C WINDOWS system E tmp Trojan Agent - gt Quarantined and deleted successfully C WINDOWS system F tmp Trojan Agent - Laptop infected with win32.delf.uc, Spyware.Agent.H, and Trojan.Agent gt Quarantined and deleted successfully C WINDOWS system azton mt Trojan Agent - gt Quarantined and deleted successfully Here is my log from HijackThis Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC Program Files Juniper NetScreen-Remote IPSecMon exeC Program Files Juniper NetScreen-Remote IreIKE exeC Program Files Common Files Symantec Shared ccSetMgr exeC WINDOWS system spoolsv exeC Program Files Symantec AntiVirus DefWatch exeC Program Files Timbuktu Pro tb launch exeC Program Files Google Update GoogleUpdate exeC WINDOWS Explorer EXEC Program Files Timbuktu Pro TimbuktuRemoteConsole exeC WINDOWS system igfxtray exeC WINDOWS system hkcmd exeC Program Files NETGEAR WG Utility WG WLU exeC Program Files Timbuktu Pro minitb exeC Program Files Common Files Symantec Shared ccApp exeC PROGRA SYMANT VPTray exeC Program Files Java jre bin jusched exeC Program Files Common Files Real Update OB realsched exeC Program Files Adobe Reader Reader Reader sl exeC WINDOWS system ctfmon exeC Program Files Spybot - Search amp Destroy TeaTimer exeC Program Files palmOne Hotsync exeC Program Files Juniper NetScreen-Remote SafeCfg exeC WINDOWS system wuauclt exeC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Connection Wizard ShellNext http go microsoft com fwlink LinkId O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dllO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - BHO Google Gears Helper - E FEFE -FBF - AE-BA - CA E FB - C Program Files Google Google Gears Internet Explorer gears dllO - HKLM Run IgfxTray C WINDOWS system igfxtray exeO - HKLM Run HotKeysCmds C WINDOWS system hkcmd exeO - HKLM Run WG WLU C Program Files NETGEAR WG Utility WG WLU exe -hideO - HKLM Run TLogonPath quot C Program Files Timbuktu Pro minitb exe quot O - HKLM Run ccApp quot C Program Files Common Files Symantec Shared ccApp exe quot O - HKLM Run vptra... Read more

A:Laptop infected with win32.delf.uc, Spyware.Agent.H, and Trojan.Agent

you can close this out as i actually just did a clean reinstall of the OS. however, if anyone can help me with my other PC i'd prefer to not reinstall it as well:http://www.bleepingcomputer.com/forums/t/207842/desktop-infected-with-trojanagent-more/it has:trojan.agentadware.cometadware.starwaretrojan.dnschangerthanks!

http://www.bleepingcomputer.com/forums/t/207843/laptop-infected-with-win32delfuc-spywareagenth-and-trojanagent/
Relevancy 73.96%

My computer has been with and Infected trojan Win32/Olmarik.JU trojan Win32/Rootkit.Agent.ODG infected with Win Rootkit Agent ODG trojan and Win Olmarik JU trojan AVG ESET NOD and Avira couldn't delete it and I want to delete it It redirected Infected with Win32/Rootkit.Agent.ODG trojan and Win32/Olmarik.JU trojan all Google searches and slows down my computer Can you please help me Thanks ahead to anyone who can help Here is the HJT logfile Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system Ati evxx exeC WINDOWS system svchost exeC Program Files Windows Defender MsMpEng exeC WINDOWS System svchost exeC WINDOWS system svchost exeC WINDOWS system ZoneLabs vsmon exeC Program Files CheckPoint ZAForceField IswSvc exeC WINDOWS system LEXBCES EXEC WINDOWS system spoolsv exeC WINDOWS system LEXPPS EXEC WINDOWS Explorer EXEC Program Files Avira AntiVir Desktop sched exeC Program Files Avira AntiVir Desktop avguard exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Bonjour mDNSResponder exeC Program Files WIDCOMM Bluetooth Software bin btwdins exeC Program Files Compaq Compaq Management Agents cpqalert exeC PROGRA Compaq COMPAQ CPQWEB WebDmi exeC WINDOWS Cpqdiag Cpqdfwag exeC Program Files ESET ESET NOD Antivirus ekrn exeC WINDOWS AGRSMMSG exeC Program Files Synaptics SynTP SynTPLpr exeC Program Files Synaptics SynTP SynTPEnh exeC Program Files ATI Technologies ATI Control Panel atiptaxx exeC Program Files EPSON Projector EPSON USB Display V EMP UDSA exeC PROGRA Compaq COMPAQ CHKADMIN EXEC Program Files HPQ Quick Launch Buttons EabServr exeC Program Files Windows Defender MSASCui exeC Program Files Lexmark Series lxczbmgr exeC Program Files Unlocker UnlockerAssistant exeC Program Files Zone Labs ZoneAlarm zlclient exeC Program Files Java jre bin jusched exeC Program Files Lexmark Series lxczbmon exeC Program Files Common Files Real Update OB realsched exeC Program Files ESET ESET NOD Antivirus egui exeC WINDOWS system ctfmon exeC Program Files Java jre bin jqs exeC Program Files Common Files Nero Lib NMBgMonitor exeC Program Files Sandboxie SbieCtrl exeC Program Files Common Files Microsoft Shared VS DEBUG MDM EXEC Program Files Spybot - Search amp Destroy TeaTimer exeC Program Files DNA btdna exeC Program Files Nero Nero Nero BackItUp NBService exeC Program Files Sandboxie SbieSvc exeC Program Files WIDCOMM Bluetooth Software BTTray exeC Program Files Windows Desktop Search WindowsSearch exeC Program Files Analog Devices SoundMAX SMAgent exeC WINDOWS system svchost exeC WINDOWS System TUProgSt exeC Program Files Compaq Compaq Management Agents Dmi Win bin Win sl exeC Program Files Webroot Washer WasherSvc exeC Program Files Avira AntiVir Desktop avmailc exeC Program Files Avira AntiVir Desktop AVWEBGRD EXEC PROGRA Compaq COMPAQ cpqdmi exeC PROGRA ZONELA ZONEAL MailFrontier mantispm exeC Program Files CheckPoint ZAForceField forcefield exeC Program Files Common Files Nero Lib NMIndexingService exeC Program Files CheckPoint ZAForceField ISWMGR exeC Program Files CheckPoint ZAForceField ISWMGR exeC Program Files Internet Download Manager IDMan exeC Program Files Internet Download Manager IEMonitor exeC Program Files Windows Live Messenger msnmsgr exeC Program Files Windows Live Messenger usnsvc exeC Program Files Mozilla Firefox firefox exeC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page www dogpile com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink Li... Read more

A:Infected with Win32/Rootkit.Agent.ODG trojan and Win32/Olmarik.JU trojan

Hello and to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.-----------------------------------------------------------We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREKind regardsNet_Surfer

http://www.bleepingcomputer.com/forums/t/250584/infected-with-win32rootkitagentodg-trojan-and-win32olmarikju-trojan/
Relevancy 73.96%

There are several trojan horse detected such as Trojan-Backdoor Win Agent sp Trojan-Downloader Win QQhelper kb Trojan-PSW Win OnlineGame qy Trojan-PSW Win OnlineGame yn Trojan-BAT KillAV es Trojan-proxy Win small du Trojan-Downloader Win Zlob gj and many more I do not know how to remove those trojan pls HELP Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exeC WINDOWS system csrss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system Ati evxx exeC WINDOWS system svchost exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system svchost exeC WINDOWS system Ati evxx exeC WINDOWS system svchost exeC WINDOWS system spoolsv exeC WINDOWS Explorer EXEC Program Files CyberLink PowerDVD PDVDServ exeC Program Files Lavasoft Ad-Aware aawservice exeC Program Files Microsoft Office Office GrooveMonitor exeC WINDOWS FixCamera exeC WINDOWS tsnp std exeC WINDOWS vsnp .qqhelper.kb Several Trojan-backdoor.win32.agent.sp, Such Trojan As Downloader.win32 std exeC WINDOWS system spool drivers w x hpztsb exeC Program Files FlashGet FlashGet exeC Program Files Common Files Microsoft Shared VS DEBUG MDM EXEC WINDOWS system ctfmon exeC Program Files MSN Messenger MsnMsgr ExeD Program Files eMule emule Several Trojan Such As Trojan-backdoor.win32.agent.sp, Downloader.win32 .qqhelper.kb exeC Several Trojan Such As Trojan-backdoor.win32.agent.sp, Downloader.win32 .qqhelper.kb Program Files CyberLink Shared files RichVideo exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system sys exeC WINDOWS System alg exeC Program Files Internet Explorer iexplore exeC Program Files Microsoft Office Office WINWORD EXEC Program Files MSN Messenger usnsvc exeC Program Files Internet Explorer iexplore exeC Program Files Internet Explorer iexplore exeC Program Files Kaspersky Lab Kaspersky Anti-Virus avp exeC Program Files Kaspersky Lab Kaspersky Anti-Virus avp exeC WINDOWS system rsvp exeC WINDOWS system wuauclt exeC WINDOWS system Several Trojan Such As Trojan-backdoor.win32.agent.sp, Downloader.win32 .qqhelper.kb wuauclt exeC Downloads HijackThis exeO - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO flashget urlcatch - F -AA - B - F D- A B E EF - C Program Files FlashGet jccatch dllO - BHO no name - - F - D - - D F - C Program Files Spybot - Search amp Destroy SDHelper dllO - BHO Groove GFS Browser Helper - - C - D -B F - BBC D A E - C PROGRA MICROS Office GRA E DLLO - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO FlashGet GetFlash Class - F E- EF- C- - BA DBA - C Program Files FlashGet getflash dllO - HKLM Run IMJPMIG quot C WINDOWS IME imjp IMJPMIG EXE quot Spoil RemAdvDef Migration O - HKLM Run MSPY C WINDOWS system IME PINTLGNT ImScInst exe SYNCO - HKLM Run PHIME ASync C WINDOWS system IME TINTLGNT TINTSETP EXE SYNCO - HKLM Run PHIME A C WINDOWS system IME TINTLGNT TINTSETP EXE IMENameO - HKLM Run NeroFilterCheck C WINDOWS system NeroCheck exeO - HKLM Run RemoteControl quot C Program Files CyberLink PowerDVD PDVDServ exe quot O - HKLM Run LanguageShortcut quot C Program Files CyberLink PowerDVD Language Language exe quot O - HKLM Run Adobe Reader Speed Launcher quot C Program Files Adobe Reader Reader Reader sl exe quot O - HKLM Run GrooveMonitor quot C Program Files Microsoft Office Office GrooveMonitor exe quot O - HKLM Run FixCamera C WINDOWS FixCamera exeO - HKLM Run tsnp std C WINDOWS tsnp std exeO - HKLM Run snp std C WINDOWS vsnp std exeO - HKLM Run HPDJ Taskbar Utility C WINDOWS system spool drivers w x hpztsb exeO - HKLM Run TIMHost C WINDOWS TIMHost exeO - HKLM Run Flashget quot C Program Files FlashGet FlashGet exe quot minO - HKLM Run AVP quot C Program Files Kaspersky Lab Kaspersky Anti-Virus avp exe quot O - HKLM Run Microsoft Autorun C WINDOWS system mosou exeO - HKLM Run Mi... Read more

A:Several Trojan Such As Trojan-backdoor.win32.agent.sp, Downloader.win32 .qqhelper.kb

Sorry for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:Preparation Guide For Use Before Posting A Hijackthis LogPlease also post the problems you are having.

http://www.bleepingcomputer.com/forums/t/98913/several-trojan-such-as-trojan-backdoorwin32agentsp-downloaderwin32-qqhelperkb/
Relevancy 73.96%

i am sorry to post a log over here as i have read through the forum and try to resolve the problem on my own but i failed since i had ran the comboFix so i feel that it may be of help to post it sorry and trojan trojan win32/Olmarik.JU with win32/rootkit.agent.ODG Infected for the trouble here's the log Infected with win32/rootkit.agent.ODG trojan and win32/Olmarik.JU trojan file ComboFix - - - Bentley - NTFSx Microsoft Windows Vista Ultimate GMT Running from c users Bentley Desktop ComboFix exeSP SUPERAntiSpyware disabled Updated A C- - e- F- E AC DA SP Windows Defender enabled Updated D DDC A- F- FAE- Infected with win32/rootkit.agent.ODG trojan and win32/Olmarik.JU trojan E -DA C ACF Created a new restore point Other Deletions c windows Install txtc windows system tmp bkc windows system tmp bkc windows system tmp bkc windows system tmp bkc windows system tmp bkc windows system tmp bkc windows system tmp bkc windows system tmp bkc windows system tmp bkc windows system tmp bkc windows system tmp bkc windows system tmp bkc windows system tmp bkc windows system tmp bkc windows system tmp bkc windows system tmp bkc windows system tmp bkc windows system tmp bkc windows system tmp bkc windows system tmp bkc windows system tmp bkc windows system tmp bkc windows system tmp bkc windows system tmp bkc windows system tmp bkc windows system tmp bkc windows system tmp bkc windows system tmp bkc windows system tmp bkc windows system tmp bkc windows system tmp bkc windows system tmp bk Files Created from - - to - - - - - - ----a-w- c windows system drivers pctgntdi sys - - - - ----a-w- c windows system drivers PCTCore sys - - - - ----a-w- c windows system drivers PCTAppEvent sys - - - - -------- d-----w- c program files Common Files PC Tools - - - - ----a-w- c windows system drivers pctplsg sys - - - - -------- d-----w- c program files Spyware Doctor - - - - -------- d-----w- c users Bentley AppData Roaming PC Tools - - - - -------- d-----w- c progra PC Tools - - - - ----a-w- c windows system msxml dll - - - - -------- d-----w- c program files Trend Micro - - - - -------- d-----w- c users Bentley AppData Roaming Malwarebytes - - - - ----a-w- c windows system drivers mbamswissarmy sys - - - - -------- d-----w- c program files Malwarebytes' Anti-Malware - - - - -------- d-----w- c progra Malwarebytes - - - - ----a-w- c windows system drivers mbam sys - - - - -------- d-----w- c program files Gabest - - - - -------- d-----w- c users Bentley AppData Roaming Download Manager - - - - -------- d-----w- c users Bentley AppData Local VirtuaTennis - - - - -------- d-----w- c users Bentley AppData Local Google - - - - ----a-w- c windows system t embed dll - - - - ----a-w- c windows system fontsub dll - - - - ----a-w- c windows system dciman dll - - - - ----a-w- c windows system atmfd dll - - - - -------- d-----w- c program files SEGA - - - - -------- d-----w- c users Bentley AppData Local CAPCOM - - - - -------- d-----w- c program files CAPCOM - - - - ----a-w- c windows system d dx dll - - - - ----a-w- c windows system D DX dll - - - - ----a-w- c windows system D DCompiler dll - - - - ----a-w- c windows system XAPOFX dll - - - - ----a-w- c windows system XAudio dll - - - - ----a-w- c windows system xactengine dll Find M Report - - - - ----a-w- c windows system perfh dat - - - - ----a-w- c windows system perfc dat - - - - ----a-w- c windows gdrv sys - - - - ----a-w- c windows bthservsdp dat - - - - ----a-w- c users Bentley AppData Roaming SUPERAntiSpyware com SUPERAntiSpyware SDDLLS UIREPAIR DLL - - - - -------- d-----w- c progra GoBit Games - - - - ----a-w- c users Bentley AppData Local d d caps dat - - - - -------- d-----w- c program files SUPERAntiSpyware - - - - -------- d-----w- c program files Microsoft Silverlight - - - - -------- d-----w- c program files Windows Live Safety Center - - - - ----a-w- c windows system wininet dll - - - - ----a-w- c windows system iesysprep dll - - - - ----a-w- c windows system iesetup dll - - - - ----a-w- c window... Read more

A:Infected with win32/rootkit.agent.ODG trojan and win32/Olmarik.JU trojan

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

http://www.bleepingcomputer.com/forums/t/245259/infected-with-win32rootkitagentodg-trojan-and-win32olmarikju-trojan/
Relevancy 73.96%

The last two days my computer has frozen up while trying to surf around online This seemed weird so I ran a full system scan with symantec endpoint both days Both times the logs came back with no risks detected Today I started getting internet explorer pops directing me to sites I knew at this point I had an Infected With Trojan.win32.monder.bcb & Trojan-downloader.win32.agent.xxa infection that endpoint was not picking up I disabled my network card and used another computer to download some of the suggest programs I've seen on this site I has hoping to at least get the problem quarantined so that Infected With Trojan.win32.monder.bcb & Trojan-downloader.win32.agent.xxa I would feel safe enough to enable the network card again After running the utilities I am not freezing when surfing web pages and have resumed using the computer I would like help making sure that my computer is clean since endpoint obviously isn't catching this problem Below are the logs for Kaspersky Online Scan amp DSS Deckard's System Scanner v Run by bgedeon on - - Computer is in Normal Mode ---------------------------------------------------------------------------------- HijackThis run as bgedeon exe ---------------------------------------------Logfile of Trend Micro HijackThis v Scan saved at on - - Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC Program Files Symantec Symantec Endpoint Protection Smc exeC Program Files Common Files Symantec Shared ccSvcHst exeC WINDOWS system spoolsv exeC Program Files Google Common Google Updater GoogleUpdaterService exeC Program Files Common Files Microsoft Shared VS DEBUG MDM EXEC Program Files Symantec Symantec Endpoint Protection Rtvscan exeC Program Files Symantec Symantec Endpoint Protection SmcGui exeC Program Files Java jre bin jusched exeC WINDOWS LTMSG exeC WINDOWS system VTTimer exeC WINDOWS system S trayp exeC WINDOWS RTHDCPL EXEC Program Files Common Files Symantec Shared ccApp exeC WINDOWS system ctfmon exeC Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exeC Program Files NETGEAR GA Adapter GA exeC Program Files Logitech SetPoint SetPoint exeC Program Files Common Files Intuit QuickBooks QBUpdate qbupdate exeC Program Files Common Files Logishrd KHAL KHALMNPR EXEC WINDOWS explorer exeC Documents and Settings bgedeon Desktop dss exeC PROGRA TRENDM HIJACK bgedeon exeR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dllO - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Program Files Google GoogleToolbarNotifier swg dllO - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dllO - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run Kernel and Hardware Abstraction Layer KHALMNPR EXEO - HKLM Run Adobe Reader Speed Launcher quot C Program Files Adobe Reader Reader Reader sl exe quot O - HKLM Run JobHisInit C Program Files RMClient JobHisInit exeO - HKLM Run MplSetUp C Program Files RMClient MplSetUp exeO - HKLM Run LTMSG LTMSG exe O - HKLM Run VTTimer VTTimer exeO - HKLM Run S Trayp S trayp exeO - HKLM Run RTHDCPL RTHDCPL EXEO - HKLM Run ccApp quot C Program Files Common Files Symantec Shared ccApp exe quot O - HKCU Run ctf... Read more

A:Infected With Trojan.win32.monder.bcb & Trojan-downloader.win32.agent.xxa

I continued to investigate on my own. Combofix quaratined some files, but did not delete them. A scheduled full system scan with endpoint finally picked up some infections with the newest updates loaded. Symantec scan labels the infections as Trojan.Vundo and Trojan.Metajuan. Metajuan was removed automatically, but Vundo proved to be a little more pesky. Symantec offers a removal tool for Vundo on there website. I opted to try out Malwarebytes' Anti-Malware (mbam). It was able to located the files that were in quaratine and some infected files that were in system restore. I disable system restore to avoid any problems and mbam was able to delete all the files. After a system restart, I scanned with Symantec Vundo tool and found no further signs of infection. Mbam did a good job Re-enabled system restore and recreated a fresh restore point. I'm hoping that this will be in the end of this problem, but would still be interested in someone combing through some of my logs to see if anything was missed. I'm still a little miffed that endpoint had not picked these infections up when they are not exactly new threats and I had the most current definitions when I ran my previous scans.

http://www.bleepingcomputer.com/forums/t/160400/infected-with-trojanwin32monderbcb-trojan-downloaderwin32agentxxa/
Relevancy 72.67%

PLEASE NOTE This is a DIFFERENT computer than the one I am currently working on with Agent ST Because I was paranoid about this one I ran an ESET Online scan to check my computer and it Need Java/Agent.DU Win32/TrojanDownloader.Tracur, and... help Win32/InstallCore.D, JS/Agent.NDJ, trojans..Win32/Toolbar.Zugo, with reported Need help with trojans..Win32/Toolbar.Zugo, Win32/InstallCore.D, JS/Agent.NDJ, Win32/TrojanDownloader.Tracur, Java/Agent.DU and... at several different trojans Win Toolbar Zugo variants of Win InstallCore D JS Agent NDJ Win TrojanDownloader Tracur Need help with trojans..Win32/Toolbar.Zugo, Win32/InstallCore.D, JS/Agent.NDJ, Win32/TrojanDownloader.Tracur, Java/Agent.DU and... F Java Agent DU and probably a few more I am not sure exactly how many because I inadvertently closed Internet Explorer before the scan completed I did not set ESET to remove anything that was found I was just scanning So here I am needing help for yet another computer in my house It seems to be running fine but since this is the one I use for working at home communicating with clients online banking etc I need to be sure it s clean I am a web developer so I am very familiar with Windows etc however virus removal is not my expertise so I need to ask for help Here is the contents of the DDS log DDS Ver - - - NTFSx Internet Explorer BrowserJavaVersion Run by Dona at on - - Microsoft Windows XP Professional GMT - AV AVG Anti-Virus Free Edition Disabled Updated DDD - FF- F- E B- D D BF Running Processes C WINDOWS system Ati evxx exe C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs svchost exe svchost exe C WINDOWS system spoolsv exe C Program Files Common Files logishrd LVMVFM UMVPFSrv exe C WINDOWS system Ati evxx exe svchost exe C Program Files Common Files Apple Mobile Device Support AppleMobileDeviceService exe C Program Files AVG AVG avgwdsvc exe C Program Files Bonjour mDNSResponder exe C Program Files Verizon IHA MessageCenter Bin Verizon IHAMessageCenter exe C Program Files Common Files Intuit Update Service IntuitUpdateService exe C Program Files Java jre bin jqs exe C Program Files Common Files Logishrd LVMVFM LVPrcSrv exe C Program Files Common Files Motive McciCMService exe C Program Files Verizon VSP ServicepointService exe C WINDOWS system svchost exe -k imgsvc C Program Files TomTom HOME TomTomHOMEService exe C Program Files Common Files AVG Secure Search vToolbarUpdater ToolbarUpdater exe C WINDOWS Explorer EXE C Program Files Analog Devices Core smax pnp exe C Program Files Common Files InstallShield UpdateService issch exe C Program Files CyberLink PowerDVD DX PDVDDXSrv exe C Program Files Roxio Drag-to-Disc DrgToDsc exe C Program Files Verizon McciTrayApp exe C Program Files ScanSoft PaperPort pptd nt exe C Program Files Brother Brmfcmon BrMfcWnd exe C Program Files HP HP Software Update HPWuSchd exe C Program Files Logitech LWS Webcam Software LWS exe C Program Files AVG AVG avgtray exe C Program Files AVG Secure Search vprot exe C Program Files Brother ControlCenter brccMCtl exe C Program Files iTunes iTunesHelper exe C Program Files Verizon VSP VerizonServicepoint exe C Program Files Common Files Java Java Update jusched exe C WINDOWS system ctfmon exe C Program Files Logitech LWS Webcam Software CameraHelperShell exe C Program Files Brother Brmfcmon BrMfcmon exe C Program Files Adobe Acrobat Distillr acrotray exe C Program Files Common Files Logishrd LQCVFX COCIManager exe C Program Files HP Digital Imaging bin hpqtra exe C Program Files iPod bin iPodService exe C Program Files AVG AVG Identity Protection agent bin avgidsmonitor exe C Program Files HP Digital Imaging bin hpqSTE exe C Program Files Logitech LWS LU LULnchr exe C Program Files Logitech LWS LU LogitechUpdate exe C Program Files Skype Toolbars Shared SkypeNames exe C Program Files Internet Explorer iexplore exe C Program Files Internet Explorer iexplore exe C Program Files AVG AVG avgui exe C WINDOWS system wscntf... Read more

A:Need help with trojans..Win32/Toolbar.Zugo, Win32/InstallCore.D, JS/Agent.NDJ, Win32/TrojanDownloader.Tracur, Java/Agent.DU and...

Hi Dona!Peek a boo! Guess who?Can you try and zip up the GMER log file for me to review?---------------------Can you see if ESET Online Scanner dropped a log file in this location?Browse to this location: C:\Program Files\ESET\ESET Online Scanner\It should be named: log.txt if it was saved. If it is, please post that for me.---------------------You seem to have 2 versions of Skype installed. One of them seems to be a bit outdated.Lets remove that one now.You can go to the Control Panel and click on Add/Remove Programs and remove this one: Skype™ 4.1---------------------You're version of Firefox is also outdated by two versions. Open up Firefox and go to the Help menu click on About Firefox.It should check for updates, and download the updates that are required. Once it's completed downloading the update it'll present you with a button that says Apply Update. Please click on that. It will close Firefox and then apply the update to your computer.---------------------Please run these scans for me as well: Malwarebytes' Anti-Malware I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings: Open Malwarebytes' Anti-MalwareSelect the Update tabClick Check for UpdatesAfter the update have been completed, Select the Scanner tab.Select Perform quick scan, then click on ScanLeave the default options as it is and click on Start ScanWhen done, you will be prompted. Click OK, then click on Show ResultsChecked (ticked) all items and click on Remove SelectedAfter it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latestExtra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.NEXT:Running OTLWe need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorMirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtras.txt <-- Will be minimizedI look forward to your replies.Kindest Regards,Agent ST.

http://www.bleepingcomputer.com/forums/t/442151/need-help-with-trojanswin32toolbarzugo-win32installcored-jsagentndj-win32trojandownloadertracur-javaagentdu-and-probably-a-few-more/
Relevancy 72.24%

I recently ran Advanced System Care to clean up my PC and make it more stable for the Skyrim release, however it's malware tool detected Win.32 Trojan Agent(and scanned another file called Win.32 Trojan Vundo... and something Frauder... didn't catch the name.

I clicked fix problem and assumed it was alright, but Ad-Aware recently said it detected it. But ad-aware bugged out and crashed, I ran ad-aware again and nothing was detected.

Summary:
-Multiple Virus scans detected Win32.Trojan Agent
-Later Deep scans failed to find it again.
-Some scans were shown to be scanning files called Win32.Trojan Vundo and Frauder.
-Currently scans are not locating them.

I am a little paranoid at this point, and would like to see if I can get these suckers removed. You guys have helped me in the past and have done great work, so I know I am in good hands here. Thank you very much in advance.

A:Win32.Trojan Agent and Win32.Trojan Vundo found.

I recently ran Advanced System CareRegistry cleaners/optimizers are not recommended for several reasons: Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.Ed Bott's Webog: Why I don't use registry cleanersDo I need a Registry Cleaner?=======================================================================================Let's do some checking....Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' ... Read more

http://www.bleepingcomputer.com/forums/t/427396/win32trojan-agent-and-win32trojan-vundo-found/
Relevancy 72.24%

Just yesterday I appear to have found contracted a virus. No matter what method I use to remove it, everytime I restart my computer, it is back. Hopefully someone will be able to help me. Per Ad-Ware, this is what was found:
Trojan.Win32.Generic!BT - c:\windows\system32\d-link_st3402.dll
Win32.Trojan.Agent - c:\windows\system32\d-link_st3402.dll

I ran the MiniToolBox and have attached the results of that. I tried running going into safe mode and running RKill, then SAS, then rebooting into normal mode and running MBAN but it always seems to come back. I also attached the MBAN log as well.

I hope someone can help, otherwise it looks like a long night of reformatting is ahead of me......

A:Infected with Trojan.Win32.Generic!BT & Win32.Trojan.Agent

Since we're dealing here with ZeroAccess rootkit....Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

http://www.bleepingcomputer.com/forums/t/449190/infected-with-trojanwin32genericbt-win32trojanagent/
Relevancy 72.24%

It started two days ago My Kaspersky detected a trojan intrusion win agent I tried to delete it but it just won't go away It crashed a few times today I used the autoruns Trojan.win32.startpage.amg&trojan-downloader.win32.agent.bbc to remove the nonessential items comparing to the startup list After I used the spybo and adware to scan and clean it all this time my virus Trojan.win32.startpage.amg&trojan-downloader.win32.agent.bbc scan is going crazy trying to delete these two intrusions but nothing has worked I'm just about to give up and reinstall windows Please Help Logfile of HijackThis v Scan saved at on - - Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Program Files Intel Wireless Bin EvtEng exe C Program Files Intel Wireless Bin S EvMon exe C Program Files Intel Wireless Bin WLKeeper exe C Program Files Intel Wireless Bin ZcfgSvc exe C WINDOWS system ctfmon exe C WINDOWS system ZONELABS vsmon exe C WINDOWS Explorer EXE C WINDOWS system spoolsv exe C Program Files Kaspersky Lab Kaspersky Anti-Virus avp exe C WINDOWS system svchost exe C PROGRA Intel Wireless Bin XConfig exe C Program Files Kaspersky Lab Kaspersky Anti-Virus avp exe C Program Files iTunes iTunesHelper exe C WINDOWS system hkcmd exe C WINDOWS system igfxpers exe C Program Files Synaptics SynTP SynTPEnh exe C Program Files Intel Wireless Bin ifrmewrk exe C Program Files Zone Labs ZoneAlarm zlclient exe D Program Files Adobe Acrobat Distillr Acrotray exe C Program Files MSN Messenger msnmsgr exe C Program Files iPod bin iPodService exe C WINDOWS system igfxsrvc exe C Program Files Mozilla Firefox firefox exe C WINDOWS System svchost exe C WINDOWS system conime exe C Program Files HijackThis HijackThis exe R - Default URLSearchHook is missing O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - D Program Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO IExpress - E DE - - CF- A E-FA A B - C WINDOWS system iexpress dll O - BHO no name - - F - D - - D F - C PROGRA SPYBOT SDHelper dll O - BHO AcroIEToolbarHelper Class - AE CD -E - f- - EE - D Program Files Adobe Acrobat Acrobat AcroIEFavClient dll O - Toolbar Dr eye WebPage Translation - B FE- E - BCA- D- CE F - D Program Files Inventec Dreye DreyeMT DreyeIEBar dll O - Toolbar Adobe PDF - -D C - - FA - E EAAC - D Program Files Adobe Acrobat Acrobat AcroIEFavClient dll O - HKLM Run IMJPMIG quot C WINDOWS IME imjp IMJPMIG EXE quot Spoil RemAdvDef Migration O - HKLM Run PHIME ASync C WINDOWS system IME TINTLGNT TINTSETP EXE SYNC O - HKLM Run PHIME A C WINDOWS system IME TINTLGNT TINTSETP EXE IMEName O - HKLM Run kav quot C Program Files Kaspersky Lab Kaspersky Anti-Virus avp exe quot O - HKLM Run iTunesHelper quot C Program Files iTunes iTunesHelper exe quot O - HKLM Run igfxtray C WINDOWS system igfxtray exe O - HKLM Run igfxhkcmd C WINDOWS system hkcmd exe O - HKLM Run igfxpers C WINDOWS system igfxpers exe O - HKLM Run SynTPEnh C Program Files Synaptics SynTP SynTPEnh exe O - HKLM Run IntelWireless C Program Files Intel Wireless Bin ifrmewrk exe tf Intel PROSet Wireless O - HKLM Run UserFaultCheck systemroot system dumprep -u O - HKLM Run Zone Labs Client quot C Program Files Zone Labs ZoneAlarm zlclient exe quot O - HKLM Run Acrobat Assistant quot D Program Files Adobe Acrobat Distillr Acrotray exe quot O - HKLM Run dcaqsq C WINDOWS system rundll exe C WINDOWS system dcaqsq dll DllCanUnloadNow O - HKCU Run ctfmon exe C WINDOWS system ctfmon exe O - HKCU Run msnmsgr quot C Program Files MSN Messenger msnmsgr exe quot background O - Extra context menu item Convert link target to Adobe PDF - res D Program Files Adobe Acrobat Acrobat AcroIEFavClient dll AcroIECapture html O - Extra context menu item Convert link target to existing PDF - res D Program Files Adobe Acrobat Acrobat AcroIEFavClient dll Ac... Read more

A:Trojan.win32.startpage.amg&trojan-downloader.win32.agent.bbc

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download ComboFix and save it to your desktop.Double click combofix.exe and follow the prompts.When it's done running it will produce a log for you. Please post that log in your next reply.Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

http://www.bleepingcomputer.com/forums/t/71771/trojanwin32startpageamgtrojan-downloaderwin32agentbbc/
Relevancy 72.24%

I have a nasty infection that has taken over my machine and which I WIN32 WIN32 TDSS Infected Agent Trojan and with trojan cannot remove The infection seems to hijack the google page and any links that I click from this page take me to what appears to be Infected with WIN32 Trojan Agent and WIN32 trojan TDSS rogue websites which want me to download their stuff I am currently running ESET Nod and Ad-aware Anniversary Edition Both these programs are picking up the trojan infections but are unable to clean I have tried to install malwarebytes but have been unable to do so I did try changing the exe name of malwarebytes as advised on this site but the program does not fully complete the installation I have downloded the DDS tool ran the scan and have now attached the lod to this post Also here is a copy of the Ad-aware scan log I did not complete the scan due to the computer constantly crashing Logfile created Lavasoft Ad-Aware version Extended engine version User performing scan SYSTEM Definitions database information Lavasoft definition file Extended engine definition file Scan results Scan profile name Smart Scan ID smart Objects scanned Objects detected Type Detected Processes Registry entries Hostfile entries Files Folders LSPs Cookies Browser hijacks MRU objects Skipped items Description C WINDOWS SYSTEM DRIVERS UAClxylbbevdpultow sys Family Name Win Trojan Agent Clean status Success Item ID Family ID Description globalroot systemroot system uacnoftqsmqhixryij dll Family Name Win Trojan TDSS Clean status Success Item ID Family ID Description C WINDOWS SYSTEM UACehqpcxeuyfwosth dll Family Name Win Trojan TDSS Clean status Success Item ID Family ID Description C WINDOWS SYSTEM UACidvujravcklxdap dll Family Name Win Trojan TDSS Clean status Success Item ID Family ID Description C WINDOWS SYSTEM UACkkoblphsrgjhtit dll Family Name Win Trojan TDSS Clean status Success Item ID Family ID Description C WINDOWS SYSTEM UACnoftqsmqhixryij dll Family Name Win Trojan TDSS Clean status Success Item ID Family ID Description C WINDOWS SYSTEM UACurhkgsrcaqvxewm dll Family Name Win Trojan TDSS Clean status Success Item ID Family ID Scan and cleaning complete Stopped by request after seconds Settings Scan profile ID smart enabled value Smart Scan ID scancriticalareas enabled value true ID scanrunningapps enabled value true ID scanregistry enabled value true ID scanlsp enabled value true ID scanads enabled value false ID scanhostsfile enabled value false ID scanmru enabled value false ID scanbrowserhijacks enabled value true ID scantrackingcookies enabled value true ID closebrowsers enabled value false ID folderstoscan enabled value ID scanrootkits enabled value true ID usespywareheuristics enabled value true ID extendedengine enabled value true ID useheuristics enabled value true ID heuristicslevel enabled value mild domain medium mild strict ID filescanningoptions enabled ID archives enabled value false ID onlyexecutables enabled value true ID skiplargerthan enabled value Scan global ID global enabled ID addtocontextmenu enabled value true ID playsoundoninfection enabled value false ID soundfile enabled value to be filled in automatically alert wav Scheduled scan settings lt Empty gt Update settings ID updates enabled ID launchthreatworksafterscan enabled value normal domain normal off silently ID displaystatus enabled value false ID deffiles enabled value downloadandinstall domain dontcheck downloadandinstall ID autodetectproxy enabled value false ID useautoconfigscript enabled value false ID autoconfigurl enabled value ID useproxy enabled value false ID proxyserver enabled value ID softwareupdates enabled value downloadandinstall domain dontcheck downloadandinstall ID licenseandinfo enabled value downloadandinstall domain dontcheck downloadandinstall ID schedules enabled value true ID updatedaily enabled value Daily ID time enabled value Wed Jun ID frequency enabled value daily domain daily monthly once systemstart weekly ID weekdays enabled... Read more

A:Infected with WIN32 Trojan Agent and WIN32 trojan TDSS

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you.Disable Realtime ProtectionAntimalware programs can interfere with ComboFix and other tools we need to run. Please temporarily disable all realtime protections you have enabled. Refer to this page, if you are unsure how.Download and Run ComboFixDownload Combofix by sUBs from any of the links below, and save it to your desktop.Link 1, Link 2, Link 3 Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.Double click on ComboFix.exe and follow the prompts. If you are using Windows Vista, right click the icon and select "Run as Administrator". You will not recieve the prompts below if you are not using Windows XP. ComboFix will check to see if you have the Windows Recovery Console installed.If you did not have it installed, you will see the prompt below. Choose YES.
When the Recovery Console has been installed, you will see the prompt below. Choose YES.
When finished, ComboFix will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.Download and Run Scan with GMERWe will use GMER to scan for rootkits.Please download GMER to your desktop. Note that the file will be randomly named to prevent active malware from stopping the download.Close all other open programs as there is a slight chance your computer will crash.Double click the GMER program ******.exe. Your security programs may detect GMER's driver trying to load. Allow it.You may see a warning saying "GMER has detected rootkit activity". If so, select NO.Leaving the settings at default, click Scan.When the scan is complete, click Save and save the log onto your desktop.Please include the log in your next reply.In your next reply include:-the ComboFix log-the GMER scan logPlease also tell me of any changes you have made to your computer since you started your topic.With Regards,The Panda

http://www.bleepingcomputer.com/forums/t/233678/infected-with-win32-trojan-agent-and-win32-trojan-tdss/
Relevancy 72.24%

eSets found and removed several Trojans Just wanted to make sure the system is actually clean The eSet trojan Win32/Bifrose.NTA and trojan Win32/TrojanDownloader.Agent.RIJ log is below as well as the DDS scan Thanks for your help Carl eSet Win32/Bifrose.NTA trojan and Win32/TrojanDownloader.Agent.RIJ trojan Log C Users Carl AppData Local cjcwyim exe probably a variant of Win TrojanDownloader Agent RIJ trojan cleaned Win32/Bifrose.NTA trojan and Win32/TrojanDownloader.Agent.RIJ trojan by deleting - quarantined C Users Carl AppData Local qjsngankgyvd exe probably a variant of Win TrojanDownloader Agent RIJ trojan cleaned by deleting - quarantined F Users Carl Downloads Audio W NP exe Win Bifrose NTA trojan cleaned by deleting - quarantined F Users Carl Downloads Setup exe a variant of Win Adware iBryte C application cleaned by deleting - quarantined H Users Carl AppData Local cjcwyim exe probably a variant of Win TrojanDownloader Agent RIJ trojan cleaned by deleting - quarantined H Users Carl AppData Local qjsngankgyvd exe probably a variant of Win TrojanDownloader Agent RIJ trojan cleaned by deleting - quarantined DDS Scan DDS Ver - - - NTFS AMD Internet Explorer BrowserJavaVersion Run by Carl at on - - Microsoft Windows Ultimate GMT - AV Microsoft Security Essentials Enabled Updated B BF E- BB- - AB-A A C A C SP Microsoft Security Essentials Enabled Updated A EAA- - E -AA B- E E EC SP Windows Defender Disabled Outdated D DDC A- F- fae- E -DA C ACF Running Processes C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system nvvsvc exe C Program Files x NVIDIA Corporation D Vision nvSCPAPISvr exe C Windows system svchost exe -k RPCSS C Program Files Microsoft Security Client MsMpEng exe C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows system svchost exe -k GPSvcGroup C Windows system svchost exe -k LocalService C Windows system svchost exe -k NetworkService C Windows SysWOW brsvc a exe C Windows System spoolsv exe C Windows system svchost exe -k LocalServiceNoNetwork C Program Files NVIDIA Corporation Display nvxdsync exe C Windows system nvvsvc exe C Program Files SUPERAntiSpyware SASCORE EXE C Program Files x Common Files Apple Mobile Device Support AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C Program Files x EaseUS Todo Backup bin Agent exe C Program Files x EaseUS Todo Backup bin GuardAgent exe C Program Files x Secunia PSI sua exe C Windows system svchost exe -k imgsvc C Program Files x TeamViewer Version TeamViewer Service exe C Windows system Dwm exe C Windows SysWOW brss a exe C Windows Explorer EXE C Program Files x Google Chrome Application chrome exe C Program Files x Siber Systems AI RoboForm robotaskbaricon exe C Program Files SUPERAntiSpyware SUPERAntiSpyware exe C Program Files x PGP Corporation PGP Universal PGPUniv exe C Program Files x JustCloud JustCloud exe C Program Files x EaseUS Todo Backup bin EuWatch exe C Program Files x EaseUS Todo Backup bin TrayNotify exe C Program Files x TeamViewer Version TeamViewer exe C Program Files NVIDIA Corporation Display nvtray exe C Windows system SearchIndexer exe C Windows System vds exe C Program Files x TeamViewer Version tv w exe C Program Files Microsoft Security Client NisSrv exe C Program Files x TeamViewer Version tv x exe C Windows system svchost exe -k bthsvcs C Program Files Windows Media Player wmpnetwk exe C Windows system svchost exe -k LocalServiceAndNoImpersonation C Windows system svchost exe -k NetworkServiceNetworkRestricted C Windows System svchost exe -k LocalServicePeerNet C Program Files x JustCloud BackupStack exe C Program Files x NVIDIA Corporation NVIDIA Update Core daemonu exe C Program Files Common Files Microsoft Shared OfficeSoftwareProtectionPlatform OSPPSVC EXE C Program Files Microsoft Office Office OUTLOOK EXE C Program Files x Nuance NaturallySpeaking Program n... Read more

A:Win32/Bifrose.NTA trojan and Win32/TrojanDownloader.Agent.RIJ trojan

Please do the following:Download the appropriate version for your system of the Farbar Recovery Scan Tool and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter Note: Replace letter e with the drive letter of your flash drive.[*]The tool will start to run.[*]When the tool opens click Yes to the disclaimer.[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there[*]Press Scan button.[*]type exit and reboot the computer normally[*]FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.[/list]

http://www.bleepingcomputer.com/forums/t/477840/win32bifrosenta-trojan-and-win32trojandownloaderagentrij-trojan/
Relevancy 72.24%

Hello I am on a laptop running Windows and a couple of days ago Ad-aware found two viruses Trojan Win Generic BT amp Win Trojan Agent - see details on quarantined items pasted at the bottom of this note I ve tried numerous times to remove the viruses by rebooting as Trojan.Win32.Generic!BT with Infected Win32.Trojan.Agent & recommended and rescanning but it s only gotten worse I can now Infected with Trojan.Win32.Generic!BT & Win32.Trojan.Agent no longer access most of my programs including any virus scan programs Adaware Malwarebytes I was able to download RKill but when I try to run Infected with Trojan.Win32.Generic!BT & Win32.Trojan.Agent any of the different versions nothing happens - have tried renaming with no sucess When using Internet Explorer Google search is redirected to other sites I ve Infected with Trojan.Win32.Generic!BT & Win32.Trojan.Agent tried using safe mode with the same results Please let me know if you can help Here s the virus scan log from a few days ago when I was actually able to run Adaware Thanks in advance Scan Log Quarantined items Description c programdata f d f b a a a b eb f d f b a a a b eb exe Family Name Trojan Win Generic BT Engine Clean status Success Item ID Family ID MD f c eafd Description c windows assembly gac desktop ini Family Name Trojan Win Generic BT Engine Clean status Reboot required Item ID Family ID MD F B DA CB FCBDF ABD A F Description c windows assembly temp u Family Name Trojan Win Generic BT Engine Clean status Success Item ID Family ID MD b c cacb b cdcc Description c windows assembly temp u Family Name Trojan Win Generic BT Engine Clean status Success Item ID Family ID MD cad f b a ec cb b d Description c users brian appdata local temp f tmp Family Name Win TrojanDropper Injector Engine Clean status Success Item ID Family ID MD cca de f ae d ff Description c users brian appdata locallow sun java deployment cache f fbfc- bfd Family Name Trojan Win Generic pak cobra Engine Clean status Success Item ID Family ID MD a b dd f faf e dd Description c windows assembly gac desktop ini Family Name Win Trojan Agent Engine Clean status Reboot required Item ID Family ID MD D EC E AC CBE EF AE B

A:Infected with Trojan.Win32.Generic!BT & Win32.Trojan.Agent

Hello, let see if we can do these.If RKill still fails ,move on.Please click Start > Run, type inetcpl.cpl in the runbox and press enter.Click the Connections tab and click the LAN settings option.Verify if "Use a proxy..." is checked, if so, UNcheck it and click OK/OK to exit.Please download MiniToolBox, save it to your desktop and run it. Checkmark the following checkboxes: Flush DNS Report IE Proxy Settings Reset IE Proxy Settings Report FF Proxy Settings Reset FF Proxy Settings List content of Hosts List IP configuration List Winsock Entries List last 10 Event Viewer log List Installed Programs List Devices List Users, Partitions and Memory size. List Minidump FilesClick Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Reboot into Safe Mode with Networking How to enter safe mode(XP/Vista)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode with Networking using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. >>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.Run RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
If nothing happens or if the tool does not run, please let me know in your next replyDo not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.Next run Superantisypware (SAS): Download and scan with SUPERAntiSpyware Free for Home UsersDouble-click SUPERAntiSpyware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)In the Main Menu, click the Preferences... button.Click the Scanning Control tab.Under Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen.Back on the main screen, under "Scan for Harmful Software" click Scan your computer.On the left, make sure you check C:\Fixed Drive.On the right, under "Complete Scan", choose Perform Complete Scan.Click "Next" to start the scan. Please be patient while it scans your computer.After the scan is complete, a Scan Summary box will ap... Read more

http://www.bleepingcomputer.com/forums/t/446129/infected-with-trojanwin32genericbt-win32trojanagent/
Relevancy 72.24%

I Trojan-spy.win32.greenscreen, Trojan-downloader.win32.agent.bq, Etc. have followed all the preparation steps before posting but am still getting a variety of Windows Security Alerts popups about Trojans First was Trojan-Downloader Win Agent bq and then Trojan-Spy Win GreenScreen and the latest is a Windows Security Alerts popup with sort of a section of a screen shot of a verizon yahoo search results page for antispyware-review Running Windows XP on a Pentium PC DesktopHJT log Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Trojan-downloader.win32.agent.bq, Trojan-spy.win32.greenscreen, Etc. Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC Program Files Lavasoft Ad-Aware aawservice exeC WINDOWS Explorer EXEC WINDOWS system LEXBCES EXEC WINDOWS system LEXPPS EXEC WINDOWS system spoolsv exeC WINDOWS system dllhost exeC Program Files Google Common Google Updater GoogleUpdaterService exeC WINDOWS sm hlpr exeC WINDOWS system tcpsvcs exeC WINDOWS system SearchIndexer exeC Program Files BroadJump Client Foundation CFD exeC Program Files Lexmark X Series lxbkbmgr exeC WINDOWS SOUNDMAN EXEC Program Files Lexmark X Series lxbkbmon exeC Program Files Java jre bin jusched exeC WINDOWS system ctfmon exeC Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exeC Documents and Settings thom-anthony furtado Local Settings Application Data Google Update GoogleUpdate exeC WINDOWS system qfgdsbcp exeC Program Files Windows Desktop Search WindowsSearch exeC WINDOWS system svchost exeC Documents and Settings thom-anthony furtado Local Settings Application Data Google Chrome Application chrome exeC Documents and Settings thom-anthony furtado Local Settings Application Data Google Chrome Application chrome exeC Documents and Settings thom-anthony furtado Desktop RSIT exeC WINDOWS system qfgdsbcp exeC Program Files hjt thom-anthony furtado exeR - HKCU Software Microsoft Internet Explorer Main Start Page http www marketamerica com mothernurture R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride R - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dllO - BHO amp Yahoo Toolbar Helper - D -C F - efb- B - ECA - C Program Files Yahoo Companion Installs cpn yt dllO - BHO Trend Micro Antifraud Toolbar - - E- D -A DE-E DA BE - C PROGRA TRENDM INTERN PccIeBar dllO - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO Java Plug-In SSV Helper - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dllO - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Program Files Google GoogleToolbarNotifier swg dllO - BHO Java Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files Java jre bin jp ssv dllO - BHO SingleInstance Class - FDAD DA - A - FD - C - F AC - C Program Files Yahoo Companion Installs cpn YTSingleInstance dllO - Toolbar Trend Micro Antifraud Toolbar - F FD- A - -A - AB CFF AF - C PROGRA TRENDM INTERN PccIeBar dllO - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dllO - Toolbar Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dllO - HKLM Run SMSERIAL sm hlpr exeO - HKLM Run Cmaudio RunDll cmicnfg cpl CMICtrlWndO - HKLM Run BJCFD quot C Program Files BroadJump Client Foundation CFD exe quot O - HKLM Run Lexmark X Series quot C Program Files Lexmark X Series lxbkbmgr exe quot O - HKLM Run SoundMan SOUNDMAN EXEO - HKLM Run Adobe Reader Speed Launcher quot C Program Files Adobe Reader Reader Reader sl exe quot O - HKLM Run SunJavaUpdateSched quot C Program Files Jav... Read more

A:Trojan-downloader.win32.agent.bq, Trojan-spy.win32.greenscreen, Etc.

Hello and welcome to BCApologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so we can have a look at the current condition of your machine.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.
Note: If you are using Windows Vista, right click at RSIT.exe and select 'Run as administrator'.

Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)NextPlease do a scan with Kaspersky Online ScannerNote: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.Click on the Accept button and install any components it needs.The program will install and then begin downloading the latest definition files.After the files have been downloaded on the left side of the page in the Scan section select My ComputerThis will start the program and scan your system.The scan will take a while, so be patient and let it run.Once the scan is complete, click on View scan reportNow, click on the Save Report as button.Save the file to your desktop.Copy and paste that information in your next post.In your next reply please post back with the following reports:RSIT log.txtRSIT info.txtKaspersky reportRegards

http://www.bleepingcomputer.com/forums/t/169085/trojan-downloaderwin32agentbq-trojan-spywin32greenscreen-etc/
Relevancy 72.24%

DDS log below I re-installed my AV after running without it for a while and found that I had quite a few bad things going on picked up by Nod including see attachment for more detail Win Olmarik ZCJava TrojanDownloader Agent NBEa variant of Win problem WinXP t... rootkit? trojan Win32/Cimag.CL Win32/Olmarik.UL + a Win32/Olmarik.ZC Java/TrojanDownloader.Agent.NBE variant of Olmarik UL trojanWin Cimag CL trojanI also get multiple outbound connection attempts which are at least partially being blocked by Nod to weird cc cn and a few com domain urls this happens after performing a google search Also getting some browser redirects going on and homepage changes I tried setting nod to pre-release updates and performing a full scan this picked up the above and removed them but after a reboot there are still things going on Before reading the steps on this site I ran the latest ComboFix twice which picked up a rootkit in intelide sys both times but appears to come back each time While I disabled nod when I ran ComboFix it re-enabled upon reboot automatically not sure if that matters I ve also been getting a startup delay of around minute after logon in this time nothing appears to be going on no apparent CPU or disk activity but wireless AV and other startup items do not run Then a minute later everthing fires up I ve tried running GMER several times but this keeps giving me a BSOD with IRQL NOT LESS OR EQUALLast scan with nod came up clean but still getting outbound connections and browser redirects Looking to sort this out once and for all DDS Ver - - - NTFSx Run by Paul at on Internet Explorer BrowserJavaVersion Microsoft Windows XP Professional GMT AV ESET NOD Antivirus On-access scanning disabled Updated E E D - - F - FB -D ACA F C Running Processes C WINDOWS system svchost -k DcomLaunchsvchost exeC WINDOWS System svchost exe -k netsvcsC WINDOWS system svchost exe -k WudfServiceGroupsvchost exesvchost exeC WINDOWS System WLTRYSVC EXEC WINDOWS System bcmwltry exeC WINDOWS system spoolsv exeC WINDOWS Explorer EXEC WINDOWS system WLTRAY exeC Program Files iTunes iTunesHelper exeC Program Files Common Files Java Java Update jusched exeC Program Files ESET ESET NOD Antivirus egui exeC Program Files Windows Live Messenger msnmsgr exeC Program Files DynDNS Updater DynTray exesvchost exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Bonjour mDNSResponder exesvchost exeC Program Files DynDNS Updater DynUpSvc exeC Program Files ESET WinXP rootkit? problem + Win32/Olmarik.ZC Java/TrojanDownloader.Agent.NBE a variant of Win32/Olmarik.UL trojan Win32/Cimag.CL t... ESET NOD Antivirus ekrn exeC WINDOWS system inetsrv inetinfo exeC Program Files Java jre bin jqs WinXP rootkit? problem + Win32/Olmarik.ZC Java/TrojanDownloader.Agent.NBE a variant of Win32/Olmarik.UL trojan Win32/Cimag.CL t... exec Program Files Microsoft SQL Server Shared sqlwriter exeC WINDOWS system svchost exe -k imgsvcC Program Files iPod bin iPodService exeC Program Files Opera opera exeC Program Files Spotify spotify exeC WINDOWS system wscntfy exeC Documents and Settings Paul Desktop dds scr Pseudo HJT Report uStart Page hxxp google co uk uInternet Connection Wizard ShellNext hxxp dt-updates com activate query Q Ps HZPE buuaVgYnMdiq tjJPN PPJFKDVJD P zT IjfjDBuH BO QQoleEv ZqUpKZYeLsxwaBTY AUfFaj Pj yRNWx i hQ fg Ti uRvvIodf oWvYDrnKvOm fktvDUUBnyq lgj DEEAOXTyaNB b bbxYwwBDiXY deXPtXvskefDQY PNq fnibjqBHSgaiyLGbCdVGw Il jiHQq fICx ibOx Y mO J ctlJQbcWTIrRzKyVD tjIq Y KIyOXs qNR fn bWHBv z uSkjxtqu yvgZU duInternet Settings ProxyServer http https uSearchURL Default hxxp www google com search q sBHO Adobe PDF Link Helper df c-e ad- -a -fa c ebdc - c program files common files adobe acrobat activex AcroIEHelperShim dllBHO C C A-E - b - D - CECB - No FileBHO Groove GFS Browser Helper - c - d -b f - bbc d a e - c program files microsoft office office GrooveShellExtensions dllBHO Windows Live Sign-in Helper d - c - abf- ec... Read more

A:WinXP rootkit? problem + Win32/Olmarik.ZC Java/TrojanDownloader.Agent.NBE a variant of Win32/Olmarik.UL trojan Win32/Cimag.CL t...

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.----------------------------------------------Please download GMER from one of the following locations and save it to your desktop:Main MirrorThis version will download a randomly named file (Recommended)Zipped MirrorThis version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply.Exit GMER and re-enable all active protection when done.-- If you encounter any problems, try running GMER in Safe Mode.

http://www.bleepingcomputer.com/forums/t/327880/winxp-rootkit-problem-win32olmarikzc-javatrojandownloaderagentnbe-a-variant-of-win32olmarikul-trojan-win32cimagcl-trojan/
Relevancy 71.81%

Hi I need help in removing these viruses please see dds txt and attach txt attached I recently deleted a file c program files gateway hpa uninstal exe - is this crucial to my computer It said it was infected so I had Comodo remove it but I don't think that was ideal DDS Ver - - - NTFSx Run by Authorized User at on Mon Internet Explorer Microsoft Windows XP Professional GMT - AV COMODO Antivirus On-access scanning enabled Updated A - F - ef -AFC -F E A B AV AVG Anti-Virus Free On-access scanning enabled Updated DDD - FF- F- E among [email protected] [email protected] others & B- D D BF AV Symantec AntiVirus Corporate Edition On-access scanning disabled Updated FB E- B - A- F -E D C FW COMODO Firewall enabled A - F - ef -AFC -F E A [email protected] & [email protected] among others B Running Processes C WINDOWS system svchost -k DcomLaunch svchost exe C Program Files COMODO COMODO Internet Security cmdagent exe C WINDOWS system svchost exe -k netsvcs svchost exe svchost exe C Program Files Common Files Symantec Shared ccSetMgr exe C Program Files Common [email protected] & [email protected] among others Files Symantec Shared ccEvtMgr exe C WINDOWS system spoolsv exe svchost exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C Program Files Symantec AntiVirus DefWatch exe C Program Files Java jre bin jqs exe C Program Files Symantec AntiVirus [email protected] & [email protected] among others Rtvscan exe C WINDOWS Explorer EXE C WINDOWS system igfxtray exe C WINDOWS GWMDMMSG exe C Program Files Synaptics SynTP SynTPLpr exe C Program Files Synaptics SynTP SynTPEnh exe C Program Files Adobe Acrobat Distillr Acrotray exe C Program Files Common Files Symantec Shared ccApp exe C PROGRA SYMANT VPTray exe C Program Files Java jre bin jusched exe C WINDOWS system ctfmon exe C Program Files Internet Explorer iexplore exe C Program Files Internet Explorer iexplore exe C Program Files Internet Explorer iexplore exe C PROGRA AVG AVG avgwdsvc exe C PROGRA AVG AVG avgnsx exe C Program Files a-squared Free a service exe C PROGRA AVG AVG avgrsx exe C Documents and Settings Authorized User Desktop dds scr Pseudo HJT Report uStart Page hxxp www google com uWindow Title eat it and get out uURLSearchHooks AVG Security Toolbar BHO a bc a - f - -aa - d c - c program files avg avg toolbar IEToolbar dll uURLSearchHooks H - No File BHO AVG Safe Search ca f - f e- b -a e- e e c c - c program files avg avg avgssie dll BHO Spybot-S amp D IE Protection - f - d - - d f - c progra spybot SDHelper dll BHO AVG Security Toolbar BHO a bc a - f - -aa - d c - c program files avg avg toolbar IEToolbar dll BHO D AB A - F - BD-F - BBC C - No File TB Adobe PDF -d c - - fa - e eaac - c program files adobe acrobat acrobat AcroIEFavClient dll TB AVG Security Toolbar ccc a -b ca- -b a - f dd - c program files avg avg toolbar IEToolbar dll EB Adobe PDF ec be- - c -a -beb d a b - c program files adobe acrobat acrobat AcroIEFavClient dll uRun ctfmon exe c windows system ctfmon exe uRun updateMgr quot c program files adobe acrobat acrobat AdobeUpdateManager exe quot AcPro -reboot mRun IgfxTray c windows system igfxtray exe mRun HotKeysCmds c windows system hkcmd exe mRun GWMDMMSG GWMDMMSG exe mRun GWMDMpi c windows GWMDMpi exe mRun SynTPLpr c program files synaptics syntp SynTPLpr exe mRun SynTPEnh c program files synaptics syntp SynTPEnh exe mRun Acrobat Assistant quot c program files adobe acrobat distillr Acrotray exe quot mRun ccApp quot c program files common files symantec shared ccApp exe quot mRun vptray c progra symant VPTray exe mRun SunJavaUpdateSched quot c program files java jre bin jusched exe quot mRun QuickTime Task quot c program files quicktime qttask exe quot -atboottime mRun COMODO Internet Securit... Read more

Relevancy 71.81%

Hello I have trouble with my computer I found this forum online and now I hope that you can help me Infected Virus.win32.sality.k; With: Trojan-proxy.win32.agent.ii I suspected that I had a virus so I installed Infected With: Virus.win32.sality.k; Trojan-proxy.win32.agent.ii a anti-virus program It found Infected With: Virus.win32.sality.k; Trojan-proxy.win32.agent.ii files with the names virus win sality k and trojan-proxy win agent II on my computer After desinfecting those files I always got an error message when I turned the computer on It kept telling me file vmmdiag exe cannot be found Then I found this forum and saw that other people had the same problem and that this is still a consequence of the virus I don t know how to get rid of it Then I found your preparation guide for use before posting a hijackthis log and checked my computer with the programs you adviced Now that errormessage has disappeared but I have the impression that my computer doesn t work properly anymore It s getting slower and the anti-virus programm always finds new infected files Sometimes when I turn the computer on it gets stuck while it is booting up and I have to press F to continue Now there s a problem with the audio too - I don t know if it is also a result of the virus It tells me bad directsound driver please install proper drivers or select another device in configuration error code and the only sound the computer makes is a terrible peep sound I have never had a virus before I didn t have internet on my computer so I m a little bit helpless and I would really appreciate it if you could help me I also did the Hijackthis here is the result Kind regardsLogfile of HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC Program Files Intel Wireless Bin EvtEng exeC Program Files Intel Wireless Bin S EvMon exeC Program Files Intel Wireless Bin WLKeeper exeC WINDOWS system ZONELABS vsmon exeC WINDOWS Explorer EXEC WINDOWS system spoolsv exeC Program Files Kaspersky Lab Kaspersky Anti-Virus avp exeC DOCUME ADMINI LOCALS Temp tmpC Program Files Prevx PXAgent exeC Program Files Intel Wireless Bin RegSrvc exeC Program Files Kaspersky Lab Kaspersky Anti-Virus avp exeC Program Files Winamp winampa exeC Program Files Picasa PicasaMediaDetector exeC WINDOWS system igfxpers exeC WINDOWS system hkcmd exeC WINDOWS System DLA DLACTRLW EXEC Program Files Zone Labs ZoneAlarm zlclient exeC Program Files Prevx PXConsole exeC PROGRA Yahoo MESSEN YAHOOM EXEC Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exeC Program Files Skype Phone Skype exeC WINDOWS system igfxsrvc exeC WINDOWS system ctfmon exeC WINDOWS system svchost exeC Program Files Spybot - Search amp Destroy TeaTimer exeC Program Files Yahoo Widgets YahooWidgetEngine exeC Program Files Google Gmail Notifier gnotify exeC Program Files Yahoo Widgets YahooWidgetEngine exeC Program Files Yahoo Widgets YahooWidgetEngine exeC Program Files Yahoo Widgets YahooWidgetEngine exeC Program Files Yahoo Widgets YahooWidgetEngine exeC Program Files Mozilla Firefox firefox exeC Program Files HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Start Page http de yahoo comR - HKLM Software Microsoft Internet Explorer Main Default Page URL http de yahoo comR - HKLM Software Microsoft Internet Explorer Main Search Page http de rd yahoo com customize ie defaul earch yahoo comR - HKLM Software Microsoft Internet Explorer Main Start Page http de yahoo comR - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dllO - BHO Yahoo Toolbar Helper - D -C F - EFB- B - ECA - C Program Files Yahoo Companion Installs cpn yt dllO - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX ... Read more

A:Infected With: Virus.win32.sality.k; Trojan-proxy.win32.agent.ii

Hi schag1,

If you still need help please post a fresh HijackThis log and I'll be happy to look at it for you.

Thanks for your patience.

http://www.bleepingcomputer.com/forums/t/88484/infected-with-viruswin32salityk;-trojan-proxywin32agentii/
Relevancy 71.81%

Bonsoir,
Suite ? une navigation sur un forum d'avis pour des restaurant. J'ai "r?cup?r?" adware.win32.webhancer que j'ai essay? de supprimer avec Fsecure. Ce matin j'ai lanc? un scan complet de l'ordi d?connect? d'internet et je me retrouve avec 9 virus sur le PC.

Trojan-spy.win32.agent.beaf
Trojan-spy.win32.agent.bdzz

et l? impossible de les supprimer. Fsecure les d?tecte mais ne fait pas de mise en quarantaine ou de nettoyage.
J'ai booter sur CD avec bitdefender mais celui-ci ne trouve rien.
Merci pour vos conseils et aide.
Cordialement
Thierry

A:adware.win32.webhancer/Trojan-spy.win32.agent.beaf et .bdzz

Hello and welcome .. Sorry I do not speak French and hope you can understand this English.EDIT: if you need French please let me know.I see your infection and want to do another scan ..Run...TFC by OTPlease download TFC by Old Timer and save it to your desktop. alternate download linkSave any unsaved work. TFC will close ALL open programs including your browser! Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator. Click the Start button to begin the cleaning process and let it run uninterrupted to completion. Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware (v1.44) and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list of any malware that was found.Make sure that everything is checked, and click Remove Selected.When removal is completed, a log report will open in Notepad.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Exit MBAM when done.Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

http://www.bleepingcomputer.com/forums/t/301862/adwarewin32webhancertrojan-spywin32agentbeaf-et-bdzz/
Relevancy 71.81%

Hi there Sorry for this repetitive question but I'm new to antivirus forum discussion I'm trying to get rid not-a-virus:AdWare.Win32.Agent.jok and Trojan.Win32.Monder.aort of the above mentioned malware virus I've tried running webroot Symantec endpoint and smitfraudfix in Trojan.Win32.Monder.aort and not-a-virus:AdWare.Win32.Agent.jok safe mode webroot and symantec were run one at a time while the other software was disabled Webroot and symantec found and quarantined a few threats but I ran KASPERSKY ONLINE SCANNER REPORT which identified these threats still found in my computer C Program Files GetPack GetPack exe Infected not-a-virus AdWare Win Agent jok C WINDOWS system wpv cpx Infected not-a-virus AdWare Win Agent jok C WINDOWS system xxyyxwxY dll Infected Trojan Win Monder aort THe Getpack folder I deleted but who knows if it will return Don't know how to get rid of the other two threats - Trojan Win Monder aort and not-a-virus AdWare Win Agent jok Ran Hijack this and the log result is the following Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C Program Files Webroot WebrootSecurity WRConsumerService exe C WINDOWS system ibmpmsvc exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Program Files Symantec Symantec Endpoint Protection Smc exe C Program Files Intel Wireless Bin S EvMon exe C Program Files Common Files Symantec Shared ccSvcHst exe C WINDOWS system spoolsv exe c program files common files logishrd lvmvfm LVPrcSrv exe C WINDOWS system IPSSVC EXE C Program Files ThinkPad ConnectUtilities AcPrfMgrSvc exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C Program Files Diskeeper Corporation Diskeeper DkService exe C Program Files Intel Wireless Bin EvtEng exe C WINDOWS System svchost exe C Program Files Common Files InterVideo RegMgr iviRegMgr exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE C Program Files Intel Wireless Bin RegSrvc exe C WINDOWS system svchost exe c program files lenovo system update suservice exe C Program Files Symantec Symantec Endpoint Protection Rtvscan exe C Program Files Common Files Lenovo tvt reg monitor svc exe C WINDOWS System TPHDEXLG exe C Program Files Lenovo Rescue and Recovery rrpservice exe C Program Files Lenovo Rescue and Recovery rrservice exe c Program Files Common Files Lenovo Scheduler tvtsched exe C Program Files Lenovo Rescue and Recovery ADM IUService exe C Program Files Webroot WebrootSecurity SpySweeper exe C Program Files Common Files Lenovo Logger logmon exe C Program Files ThinkPad ConnectUtilities AcSvc exe C WINDOWS Explorer EXE C Program Files Common Files Lenovo Scheduler scheduler proxy exe C Program Files Google Google Desktop Search GoogleDesktop exe C Program Files iTunes iTunesHelper exe C Program Files Common Files Research In Motion Auto Update RIMAutoUpdate exe C Program Files Google Google Desktop Search GoogleDesktop exe C Program Files Webroot WebrootSecurity SpySweeperUI exe C WINDOWS system ctfmon exe C Program Files Windows Live Messenger msnmsgr exe C Program Files Common Files Installshield UpdateService ISUSPM exe C Program Files Adobe Acrobat Distillr AcroTray exe C Program Files Digital Line Detect DLG exe C Program Files Diskeeper Corporation Diskeeper DkIcon exe C Program Files Google Google Desktop Search GoogleDesktop exe C Program Files Symantec Symantec Endpoint Protection SmcGui exe C Program Files iPod bin iPodService exe C WINDOWS system wscntfy exe C Program Files Webroot WebrootSecurity SSU EXE C Program Files ThinkPad ConnectUtilities SvcGuiHlpr exe C WINDOWS system NOTEPAD EXE C Program Files Mozilla Firefox firefox exe C Documents and Settings Ahn Desktop HiJackThis exe R - HKLM Software Microsoft Internet Exp... Read more

A:Trojan.Win32.Monder.aort and not-a-virus:AdWare.Win32.Agent.jok

Hello, ahns75
Welcome to TSF

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:In the meantime, please refrain from making any changes to your computer.
Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
Finally, please reply using the button in the lower left hand corner of your screen.
Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount of time I will have to assume you have "vanished" .

Please follow the instructions located here:

http://www.techsupportforum.com/f50/...lp-305963.html

Then reply back with the generated reports.

In your next reply, please include the following:DDS.txt
Attach.txt (Zipped and attached)
Ark.txt (Zipped and attached)

BillyIII

http://www.techsupportforum.com/forums/f100/trojan-win32-monder-aort-and-not-a-virus-adware-win32-agent-jok-336195.html
Relevancy 71.81%

My son has managed to get his laptop infected with multiple trojans and malware i have discovered Although he has not been complaining of any specific issues with it to be honest Any help you could give me to remove all of these completely would be much appreciated DDS LogDDS Ver - - - NTFSx infections Multiple Backdoor.Win32.IRCBot.efv and including Trojan.Win32.Agent.azob Run by Jonah at on Internet Explorer Microsoft Windows Multiple infections including Trojan.Win32.Agent.azob and Backdoor.Win32.IRCBot.efv Vista Home Premium GMT Running Processes C Windows system wininit exeC Windows system lsm exeC Windows system svchost exe -k DcomLaunchC Windows Microsoft Net Framework v WPF PresentationFontCache exeC Windows system svchost exe Multiple infections including Trojan.Win32.Agent.azob and Backdoor.Win32.IRCBot.efv -k rpcssC Windows System svchost Multiple infections including Trojan.Win32.Agent.azob and Backdoor.Win32.IRCBot.efv exe -k secsvcsC Windows System svchost exe -k LocalServiceNetworkRestrictedC Windows System svchost exe -k LocalSystemNetworkRestrictedC Windows system svchost exe -k netsvcsC Windows system SLsvc exeC Windows system svchost exe -k LocalServiceC Windows system svchost exe -k NetworkServiceC Program Files Alwil Software Avast aswUpdSv exeC Program Files Alwil Software Avast ashServ exeC Windows System spoolsv exeC Windows system svchost exe -k LocalServiceNoNetworkC Windows system agrsmsvc exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Bonjour mDNSResponder exeC Program Files TOSHIBA ConfigFree CFSvcs exeC Program Files Windows Live Family Safety fsssvc exeC Program Files Google Common Google Updater GoogleUpdaterService exeC Windows system taskeng exeC Program Files Intel Intel Matrix Storage Manager IAANTMon exeC PROGRA MYWEBS bar bin mwssvc exeC Windows system svchost exe -k NetworkServiceNetworkRestrictedC Program Files TOSHIBA TOSHIBA DVD PLAYER TNaviSrv exeC Windows system TODDSrv exeC Program Files TOSHIBA Power Saver TosCoSrv exeC Windows System svchost exe -k WerSvcGroupC Windows system SearchIndexer exeC Windows system wbem wmiprvse exeC Windows system taskeng exeC Windows system Dwm exeC Windows Explorer EXEC Program Files Windows Defender MSASCui exeC Windows system igfxsrvc exeC Program Files TOSHIBA Utilities KeNotify exeC Windows RtHDVCpl exeC Program Files TOSHIBA Power Saver TPwrMain exeC Program Files TOSHIBA SmoothView SmoothView exeC Program Files Windows Media Player wmpnscfg exeC Program Files TOSHIBA FlashCards TCrdMain exeC Program Files Windows Media Player wmpnetwk exeC Program Files TOSHIBA ConfigFree NDSTray exeC Windows system wbem unsecapp exeC Program Files IDM Desktop SMS DesktopSMS exeC Windows System igfxtray exeC Windows System igfxpers exeC Program Files Apoint K Apoint exeC Program Files TOSHIBA Registration ToshibaRegistration exeC Program Files Intel Intel Matrix Storage Manager IAAnotif exeC Program Files Windows Live Family Safety fssui exeC Program Files MyWebSearch bar bin M SRCHMN EXEC Program Files MyWebSearch bar bin MWSOEMON EXEC Program Files Java jre bin jusched exeC Program Files Alwil Software Avast ashDisp exeC Program Files Windows Sidebar sidebar exeC Program Files TOSHIBA TOSCDSPD TOSCDSPD exeC Windows ehome ehtray exeC Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exeC Users Jonah AppData Local Google Update GoogleUpdate exeC Users Jonah AppData Local wiies exeC Program Files Apoint K ApMsgFwd exeC Program Files Microsoft Office Office ONENOTEM EXEC Windows ehome ehmsas exeC Program Files Apoint K Apntex exeC Program Files TOSHIBA ConfigFree CFSwMgr exeC Program Files Windows Mail WinMail exeC Program Files Alwil Software Avast ashMaiSv exeC Program Files Alwil Software Avast ashWebSv exeC Program Files Internet Explorer ieuser exeC Program Files Internet Explorer iexplore exeC Program Files Common Files Microsoft Shared Windows Live WLLoginProxy exeC Windows System ... Read more

A:Multiple infections including Trojan.Win32.Agent.azob and Backdoor.Win32.IRCBot.efv

Hi My name is Extremeboy (or EB for short), and I will be helping you with your log.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.If you do not make a reply in 5 days, we will need to close your topic.You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.Please take note of some guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself. Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply.Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.Download and run OTListIT2We need to create an OTListIt2 ReportPlease download OTListIt2 from one of the following mirrors:This is the MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:
OTListIt.txt <-- Will be openedExtra.txt <-- Will be minimizedPost both logs in your next reply please.Download and Run Scan with GMERWe will use GMER to scan for rootkits.Download gmer.zip and save to your desktop.
Alternate Download Site 1
Alternate Download Site 2
Alternate Download Site 3
Unzip/extract the file to its own folder. Right-Click and select Extract All...Click Next on seeing the Welcome to the Compressed (zipped) Folders Extraction Wizard.Click on the Browse button. Click on Desktop. Then click OK.Click Next. It will now start extracting.Once it is done, check (tick) the Show extracted files box and click FinishWhen you have done this, disconnect from the Internet and close all running programs.
There is a small chance this application may crash your computer so save any work you have open.Right click on gmer.exe and select Run as administrator to run it. It will start running a scan.
If it detects rootkit activity, you will receive a prompt to run a full scan. Click Yes..When it's done scanning, you may receive another notice. Click OK if prompted.Click on Save ... to save the log on your desktop.
Save the log as GMER.txt when you save it on your desktop.Close Gmer and copy and paste the contents of GMER.txt in your next reply.If you receive no notice, click on the Scan button near the bottom.It will start scanning again like before.When it is done, Click on Save ... to save the log on your desktop.
Save the log as GMER.txt when you save it on your desktop.Close Gmer and copy a... Read more

http://www.bleepingcomputer.com/forums/t/204753/multiple-infections-including-trojanwin32agentazob-and-backdoorwin32ircbotefv/
Relevancy 71.81%

I have been clearing a computer from numerous infections I uninstalled the outdated since McAfee AV I have installed Microsoft Security Essentials MBAM and SuperAntiSpyware I used this combination as well as several online Infected with: Trojan & Trojan.Dropper/SVCHost-Fake,Trojan.Agent/Gen-FakeAlert, Win32/Unruy.D. Downloader: scanners to remove over infections Every time I run a scan with SAS the log comes back with the following infections Trojan Dropper SVCHost-FakeC SYSTEM VOLUME INFORMATION RESTORE D FFFA B B SVCHOST EXEC SYSTEM VOLUME INFORMATION RESTORE D FFFA B B SVCHOST EXETrojan Agent Gen-FakeAlertC SYSTEM VOLUME Infected with: Trojan.Dropper/SVCHost-Fake,Trojan.Agent/Gen-FakeAlert, & Trojan Downloader: Win32/Unruy.D. INFORMATION RESTORE D FFFA B B SMSS EXEC SYSTEM VOLUME INFORMATION RESTORE D FFFA B B SMSS EXEMicrosoft Security Essentials pops up during the scan with the following infection Trojan Downloader Win Unruy D C SYSTEM VOLUME INFORMATION RESTORE D FFFA B B SMSS EXE I created a new restore point and deleted all previous points yet these infections still remain I was receiving help from another moderator who had me try several things before directing me here Topic referenced is here http www bleepingcomputer Infected with: Trojan.Dropper/SVCHost-Fake,Trojan.Agent/Gen-FakeAlert, & Trojan Downloader: Win32/Unruy.D. com forums t cannot-remove-trojan OB I am posting the DDS log GMER log and attaching Infected with: Trojan.Dropper/SVCHost-Fake,Trojan.Agent/Gen-FakeAlert, & Trojan Downloader: Win32/Unruy.D. the attach txt file Thank you in advance for any and all help you can provide DDS Ver - - - NTFSx Run by Phillips at on Tue Internet Explorer Microsoft Windows XP Home Edition GMT - AV Microsoft Security Essentials On-access scanning enabled Updated BCF -A - -AEDE-D FCBCFCDF Running Processes Executable exe C WINDOWS system svchost -k DcomLaunchsvchost exec Program Files Microsoft Security Essentials MsMpEng exeC WINDOWS System svchost exe -k netsvcsC WINDOWS system svchost exe -k WudfServiceGroupsvchost exesvchost exeC WINDOWS system spoolsv exesvchost exeC PROGRA COMMON AOL ACS AOLacsd exeC Program Files Java jre bin jqs exeC Program Files Common Files Motive McciCMService exeC Program Files Common Files Microsoft Shared VS DEBUG MDM EXEC WINDOWS system wuauclt exeC WINDOWS Explorer EXEC Program Files Analog Devices Core smax pnp exeC Program Files Intel Modem Event Monitor IntelMEM exeC Program Files Microsoft Security Essentials msseces exeC Program Files Unlocker UnlockerAssistant exeC Program Files Common Files Java Java Update jusched exeC Program Files SUPERAntiSpyware SUPERAntiSpyware exeC WINDOWS system ctfmon exeC Program Files IncrediMail bin IMApp exeC Documents and Settings Phillips DDGKJJ Desktop dds scr Pseudo HJT Report uStart Page hxxp www google com uSearchMigratedDefaultURL hxxp www google com search q searchTerms uInternet Settings ProxyServer http uInternet Settings ProxyOverride uSearchURL Default hxxp www google com search q sBHO Java Plug-In SSV Helper dbc -a - b-bc - c c c a - c program files java jre bin jp ssv dllBHO JQSIEStartDetectorImpl Class e e f - ce- c -bc -eabfe f c - c program files java jre lib deploy jqs ie jqs plugin dllTB BA B -B - c -B - F F - No FileEB amp Research ff e -cc a- e e-bf b- e d - c progra micros office REFIEBAR DLLuRun IncrediMail c program files incredimail bin IncMail exe cuRun SUPERAntiSpyware c program files superantispyware SUPERAntiSpyware exeuRun ctfmon exe c windows system ctfmon exemRun SoundMAXPnP c program files analog devices core smax pnp exemRun IntelMeM c program files intel modem event monitor IntelMEM exemRun MSSE c program files microsoft security essentials msseces exe -hide -runkeymRun UnlockerAssistant c program files unlocker UnlockerAssistant exe mRun SunJavaUpdateSched c program files common files java java update jusched exe dRun DWQueuedReporting c progra common micros dw dwtrig exe -tdRunOnce FlashPlayerUpdate c ... Read more

A:Infected with: Trojan.Dropper/SVCHost-Fake,Trojan.Agent/Gen-FakeAlert, & Trojan Downloader: Win32/Unruy.D.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREPlease download GMER from one of the following locations and save it to your desktop:Main MirrorThis version will download a randomly named file (Recommended)Zipped MirrorThis version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply.Exit GMER and re-enable all active protection when done.-- If you encounter any problems, try running GMER in Safe Mode.

http://www.bleepingcomputer.com/forums/t/319178/infected-with-trojandroppersvchost-faketrojanagentgen-fakealert-trojan-downloader-win32unruyd/
Relevancy 71.38%

I believe that I have been infected by the following Virus Rootkit Agent Gen-DNSHack WIN Downloader Small afwj Win Trojan Dropper VB TR They were all removed by either Zone Alarm Anti-Spyware and SuperAntiSpyware However I continue to have the symptoms sporadic hijack of my keyboard so keystrokes are exected in what appears to be a random fashion I say it's random because most of the time what's typed by the virus doesn't make any sese I was working with FAX in the ZoneAlarm user forum who recomended the malware removal tools and suggested I post my Hijackthis log if all else failed All else has failed Following is the log Thanks for your help nbsp hijackthis log nbsp nbsp KB nbsp nbsp downloadsLogfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows Vista WIN32.Downloader.Small.afwj; by Infection Rootkit.Agent/Gen-DNSHack; Win32.Trojan.Dropper.VB.TR SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C Program Files x Siber Systems AI RoboForm robotaskbaricon exeC Program Files x WinZip WZQKPICK EXEC Program Files x WordWeb wweb exeC Program Files x Hewlett-Packard Media DVD DVDAgent exeC Program Files x Hewlett-Packard TouchSmart Media TSMAgent exeC Program Files x Hewlett-Packard TouchSmart Media Kernel CLML CLMLSvc exeC Program Files x HPQ HP Connection Infection by Rootkit.Agent/Gen-DNSHack; WIN32.Downloader.Small.afwj; Win32.Trojan.Dropper.VB.TR Manager bin gbxApp exeC Program Files x Hewlett-Packard HP Quick Launch Buttons QLBCTRL exeC Program Files x Java jre bin jusched exeC Program Files x Hp HP Software Update hpwuSchd exeC program files x hpq hp connection manager bin gbx log exeC Program Files x Common Files Real Update OB realsched exeC Program Files x Hewlett-Packard Media TV TVAgent exeC Program Files x Zone Labs ZoneAlarm zlclient exeC Program Files x Hewlett-Packard Shared hpqToaster exeC Program Files x Infection by Rootkit.Agent/Gen-DNSHack; WIN32.Downloader.Small.afwj; Win32.Trojan.Dropper.VB.TR Internet Explorer iexplore exeC Program Files x Internet Explorer iexplore exeC Program Files x Windows Live Toolbar wltuser exeC Program Files x Internet Explorer iexplore exeC Windows SysWow Infection by Rootkit.Agent/Gen-DNSHack; WIN32.Downloader.Small.afwj; Win32.Trojan.Dropper.VB.TR Macromed Flash FlashUtil b exeC Program Files x Internet Explorer iexplore exeC Program Files x Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Default Page URL http ie redirect hp com svs rdr TYPE a ion amp pf cnnbR - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Page URL http ie redirect hp com svs rdr TYPE a ion amp pf cnnbR - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http ie redirect hp com svs rdr TYPE a ion amp pf cnnbR - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKLM Software Microsoft Internet Explorer Main Local Page C Windows SysWOW blank htmR - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyServer http gopher ftp https socks R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName O - Hosts localhostO - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files x Common Files Adobe Acrobat ActiveX AcroIEHelperShim dllO - BHO RealPlayer Download and Record Plugin for Internet Explorer - C E -B - BC - - C CA - C Program Files Real RealPlayer rpbrowserrecordplugin dllO - BHO no name - C C A-E - b - D - CECB - no file O - BHO Search Helper - EBF - F- bff-A F-B E AAC B - C Program Files x Microsoft Search Enhancement Pack Search Helper SEPsearchhelperie dllO - BHO RoboForm - d a - d - d - - e a -... Read more

A:Infection by Rootkit.Agent/Gen-DNSHack; WIN32.Downloader.Small.afwj; Win32.Trojan.Dropper.VB.TR

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTListIt.txt <-- Will be openedExtra.txt <-- Will be minimizedregards _temp_

http://www.bleepingcomputer.com/forums/t/237332/infection-by-rootkitagentgen-dnshack;-win32downloadersmallafwj;-win32trojandroppervbtr/
Relevancy 71.38%

Some time ago i have noticed popping up advert Shoot iPhones when i was exploring quot home page quot on my web browser At the begining i though that this is one of the normal adverts but this situation have been taking too long in my opinion So i decided to reserch the internet and have found some threads about rootkits malwares trojans Before i have found the guide quot First Steps quot i had used Malwarebytes software full scan done Registry Keys infected Files Infected and ESET online scaner Adware ADON Agent CAFVEUT trojan I have removed deleted infections under Malwarebytes only Win32/Agent.CAFVEUT , Win32/Adware.ADON trojan Then i have fallowed the guide quot First Step quot prepared system to scan downloaded DDS GMER Combofix Then i run DDS GMER Malwarebytes taking no action Generally excluding annoing popping up advert i have noticed nothing suspicious Win32/Adware.ADON , Win32/Agent.CAFVEUT trojan sometime slowing down system and quite often router's hungs Win32/Adware.ADON , Win32/Agent.CAFVEUT trojan disconections I have HP laptop with recovery partition I do not have access to Windows Install Disc Boot Disc Recently i red some articles about cyber crimes I am terrified I defenatly need HELP -------------------------------------------------------------------------- DDS Ver - - - NTFSx Run by Piotr at on - - Internet Explorer Microsoft Windows XP Home Edition GMT AV Norton Internet Security On-access scanning disabled Updated E A - - -B - C C F FW Norton Internet Security disabled C A C -F F- AC -B -A E C F Running Processes C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs C WINDOWS system svchost exe -k WudfServiceGroup svchost exe svchost exe C WINDOWS system spoolsv exe svchost exe C Program Files Symantec LiveUpdate ALUSchedulerSvc exe C Program Files WIDCOMM Bluetooth Software bin btwdins exe C WINDOWS system FsUsbExService Exe C WINDOWS system gtdetectsc exe C WINDOWS system GtFlashSwitch exe C Program Files Java jre bin jqs exe C Program Files Norton Internet Security Engine ccSvcHst exe C WINDOWS Explorer EXE C Program Files Norton PC Checkup Engine SymcPCCULaunchSvc exe C Program Files Norton PC Checkup Engine ccSvcHst exe C WINDOWS system svchost exe -k imgsvc C Program Files Norton PC Checkup Engine ccSvcHst exe C WINDOWS system ntvdm exe C WINDOWS system wfxsnt exe C Program Files HP QuickPlay QPService exe C Program Files Common Files InstallShield UpdateService issch exe C WINDOWS system igfxtray exe C WINDOWS system igfxpers exe C Program Files Common Files Java Java Update jusched exe C Program Files Norton Internet Security Engine ccSvcHst exe C WINDOWS system ctfmon exe C Program Files WIDCOMM Bluetooth Software BTTray exe C Program Files Synaptics SynTP SynTPEnh exe C PROGRA WIDCOMM BLUETO BTSTAC EXE C WINDOWS System svchost exe -k HTTPFilter C WINDOWS system wuauclt exe C Program Files Internet Explorer IEXPLORE EXE C Program Files Internet Explorer IEXPLORE EXE C WINDOWS system wscntfy exe C Documents and Settings Piotr Desktop dds com Pseudo HJT Report uStart Page hxxp www wp pl uSearch Page hxxp www google com uSearch Bar hxxp www google com ie uInternet Connection Wizard ShellNext iexplore uInternet Settings ProxyServer hxxp proxy-service de uSearchAssistant hxxp www google com ie uSearchURL Default hxxp www google com search q s mSearchAssistant hxxp www google com ie uWindows load c ydpdict watch exe BHO AcroIEHlprObj Class e f-c d - d -b d- b d be b - c program files adobe acrobat activex AcroIEHelper dll BHO Skype add-on mastermind bf b-c d - d - a -a f ba c - c program files skype toolbars internet explorer SkypeIEPlugin dll BHO Spybot-S amp D IE Protection - f - d - - d f - c program files spybot - search amp destroy SDHelper dll BHO Symantec NCO BHO adb e- aff- - aa - dac dfa - c program files norton internet security engine coIEPlg dll BHO Symantec Intrusion Prevention d ec - aae- -aeee-f f c - c program files norton internet security engine I... Read more

Relevancy 71.38%

My computer is infected with Win Trojan Tdss and Win TrojanDownloader Agent I've been trying to remove them with Ad-Aware but they re-install themselves I've downloaded numorous other malware removers but the malware seems to disrupt won't allow them to install or work This includes the root repeal program mentioned in the preparation guide When I attempt to run root repeal I get the following With Infected Win32.TrojanDownloader.Agent Win32.Trojan.Tdss and error FOPS - DeviceIoControl Error Error Code xc Extended Info x d DeviceIoControl Infected With Win32.Trojan.Tdss and Win32.TrojanDownloader.Agent Error Error Code x e FOPS - DeviceIoControl Error Error Code xc Extended Info x d The most annoying thing that is happening is when I go to google something it will redirect me to somewhere else or will throw random pop-ups at me every now and then Also I tried to reformat re-install a fresh copy of Windows Vista but it seems this piece of malware makes it impossible to boot from disk Thank you in advance for your assistance Attached below is my dds txt log DDS Ver - - - NTFSx Run by Jeff at on Fri Internet Explorer Microsoft Windows Vista Home Premium GMT SP Lavasoft Ad-Watch Live disabled Updated DAE- F - D - Infected With Win32.Trojan.Tdss and Win32.TrojanDownloader.Agent - E CFFDAA SP Windows Defender enabled Updated D DDC A- F- FAE- E -DA C ACF Running Processes C Windows system wininit exe C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system svchost exe -k rpcss C Windows System svchost exe -k NetworkService C Windows system svchost exe -k netsvcs C Windows system nvvsvc exe C Windows System svchost exe -k secsvcs C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system SLsvc exe C Windows system svchost exe -k LocalService C Windows System spoolsv exe C Windows system svchost exe -k LocalServiceNoNetwork C Windows system rundll exe C Windows system Dwm exe C Windows system taskeng exe C Windows Explorer EXE C Program Files Windows Defender MSASCui exe C Windows System rundll exe C Program Files ClamWin bin ClamTray exe C Program Files uTorrent uTorrent exe C Program Files Windows Media Player wmpnscfg exe C Program Files Air Mouse Air Mouse Air Mouse exe C Program Files Samurize Client exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C Windows system svchost exe -k NetworkServiceNetworkRestricted C Windows system svchost exe -k imgsvc C Windows System svchost exe -k WerSvcGroup C Windows system SearchIndexer exe C Windows system taskeng exe C Program Files Windows Media Player wmpnetwk exe C Program Files Mozilla Firefox firefox exe C Windows system wuauclt exe C Windows system SearchProtocolHost exe C Windows system SearchFilterHost exe C Windows system wbem wmiprvse exe C Windows system taskeng exe C Windows system lpremove exe C Windows system lpksetup exe C Windows servicing TrustedInstaller exe C Users Jeff Desktop dds scr Pseudo HJT Report mWinlogon Taskman c recycler s- - - - - - - rundll exe uRun uTorrent quot c program files utorrent uTorrent exe quot uRun WMPNSCFG c program files windows media player WMPNSCFG exe mRun Windows Defender ProgramFiles Windows Defender MSASCui exe -hide mRun CmPCIaudio RunDll CMICNFG cpl CMICtrlWnd mRun NvCplDaemon RUNDLL EXE c windows system NvCpl dll NvStartup mRun NvMediaCenter RUNDLL EXE c windows system NvMcTray dll NvTaskbarInit mRun ClamWin quot c program files clamwin bin ClamTray exe quot --logon StartupFolder c users jeff appdata roaming micros windows startm programs startup client lnk - c program files samurize Client exe StartupFolder c progra micros windows startm programs startup airmou lnk - c program files air mouse air mouse Air Mouse exe mPolicies-system EnableLUA x IE E amp xport to Microsoft Excel - c progra micros office EXCEL EXE IE A- - f c- - EE C C - E -E D - ... Read more

A:Infected With Win32.Trojan.Tdss and Win32.TrojanDownloader.Agent

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

http://www.bleepingcomputer.com/forums/t/252939/infected-with-win32trojantdss-and-win32trojandownloaderagent/
Relevancy 71.38%

I use ESET NOD At startup it detects the win Kryptik in a start-up scan and later mentions the Win rootkit running in memory The scan log shows that it has detected this on each startup but it cannot delete because files are locked from removal I have not been able to tell what file NOD is trying to find Below is last log file post This same message win32/Rootkit.agent.odg.trojan with Infected Win32/Krptik.PF and is repeated in numerous restarts in the past hours PM Startup scanner file globalroot systemroot system gxvxctxujtymqsiltimrpcilnqyirvmqgrlhk dll a variant of Win Infected with Win32/Krptik.PF and win32/Rootkit.agent.odg.trojan Kryptik Infected with Win32/Krptik.PF and win32/Rootkit.agent.odg.trojan PF trojan cleaned by deleting after the next restart - quarantined PM Startup scanner operating memory Operating memory Win Rootkit Agent ODG trojan unable to clean I have run ESET in safe mode It didnot do anything to eliminate the problem Windows Defender has apparently not done anything either Finally I tried windows malicious software removal but apparently it could not do anything either Main problem I notice is delays in internet usage Happens both in firefox and ie I changed DNS settings from automatically detect to a fixed DNS setting from earthlink net Still same slow down in internet usage Appreciate any help you can give I have tried to find bad file but to no avail Thanks DDS Ver - - - NTFSx Run by Pop at on Tue Internet Explorer BrowserJavaVersion Microsoft Windows XP Home Edition GMT - AV ESET NOD Antivirus On-access scanning enabled Updated E E D - - F - FB -D ACA F C AV Symantec AntiVirus Corporate Edition On-access scanning disabled Updated FB E- B - A- F -E D C Running Processes C WINDOWS system svchost -k DcomLaunch svchost exe C Program Files Windows Defender MsMpEng exe C WINDOWS System svchost exe -k netsvcs svchost exe svchost exe C WINDOWS System WLTRYSVC EXE C WINDOWS System bcmwltry exe C WINDOWS system spoolsv exe svchost exe C Program Files ESET ESET NOD Antivirus ekrn exe C Program Files Java jre bin jqs exe C Program Files Dell QuickSet NICCONFIGSVC exe C WINDOWS system nvsvc exe C WINDOWS system svchost exe -k imgsvc C Program Files Canon CAL CALMAIN exe C WINDOWS system dllhost exe C WINDOWS Explorer EXE C WINDOWS system RUNDLL EXE C Program Files Wave Systems Corp Services Manager DocMgr bin docmgr exe C WINDOWS system WLTRAY exe C Program Files Apoint Apoint exe C Program Files Windows Defender MSASCui exe C Program Files ESET ESET NOD Antivirus egui exe C Program Files iTunes iTunesHelper exe C Program Files Java jre bin jusched exe C Program Files Dell QuickSet Quickset exe C Program Files Siber Systems AI RoboForm RoboTaskBarIcon exe C Program Files Apoint Apntex exe C Program Files Apoint HidFind exe C Program Files Digital Line Detect DLG exe C WINDOWS system ctfmon exe C Program Files Internet Explorer IEXPLORE EXE C Program Files VCOM PowerDesk pddlghlp exe C WINDOWS System svchost exe -k HTTPFilter C Program Files FreeWheel FreeWheel exe C Program Files JGsoft EditPadLite EditPad exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Internet Explorer iexplore exe C Program Files Common Files ParetoLogic PLAS plasservice exe C AcqURL AcqURL exe c program files mozilla firefox firefox exe C Documents and Settings Pop My Documents dds scr Pseudo HJT Report uStart Page hxxp www google com ig dell hl en amp client dell-usuk-rel amp channel us amp ibd uSearch Page hxxp www google com hws sb dell-usuk-rel en side html channel us uSearch Bar hxxp www google com hws sb dell-usuk-rel en side html channel us uDefault Page URL www google com ig dell hl en amp client dell-usuk-rel amp channel us amp ibd uSearchMigratedDefaultURL hxxp www google com search q searchTerms amp sourceid ie amp rls com microsoft en-US amp ie utf amp oe utf uInternet Connection Wizard ShellNext hxxp www google com ig dell hl en amp client dell-usuk-rel amp channe... Read more

A:Infected with Win32/Krptik.PF and win32/Rootkit.agent.odg.trojan

It now looks like I may have been able to repair my problem. I used a somewhat, haphazard, unguided approach to removal. The final solution came from AVG Rootkit removal ( http://download.cnet.com/AVG-Anti-Rootkit-...4-10662685.html ). Here is a list of all the steps I attempted. I was worried at times I could have hurt my system, but then I would have had to reinstall the OS. But, on the other hand, some internet posts I read were saying that was the only way to repair the situation. So, desperation took hold. I found my reinstall disks, just in case I needed them and proceeded. ATF Cleaner -- Who needs temp files anyway, especially if they might have trojans, I eliminated temp files this program would find.CC Cleaner - used this to clean out internet cache and history.Recycler folders - I had multiple recycler folders, one that had a rundll in it. I assumed you only have one recycle bin so you only need one of these folders. I had to reset the folder view options in exlorer to see all files and folders (hidden, system, etc.) I deleted the extra recycler folders I could find.System Restore - I turned off system restore. This would erase all the previous positions I had saved. This meant I could never go back to a prior position where my computer was running good, but I didn't know how to find out if I had virus/trojan in one of these saved files I then immediately turned back on the system restore after the old restore files were deleted.b]Windows defender[/b] - I tried this several times, thinking that a Microsoft product would certainly be strong enough to fix something. Guess not. I need to research what exactly this software I have running on my computer is supposed to do. Maybe I don't need the extra baggage.AVG Rootkit - Downloaded this, installed and ran. I worked pretty fast (in a quick scan mode) and identified 4 areas to delete. I said yes, crossed my fingers, and it seemed to work.After a reboot my internet usage is no longer interrupted. Seems to run much smoother. Interestingly, during the infectation, I had to use IE 7 for browsing more than Firefox. It seems Firefox suffered more problems than did IE. Can't explain this. Other comments. I had ESET NOD32, Windows Defender, and of course Malicious Software Removal running at the time of infectation. None of these were able to stop the infection from happening, nor were they able to remove it, once it occurred. Cross my fingers that everything is clean now. Only time will tell..

http://www.bleepingcomputer.com/forums/t/228170/infected-with-win32krptikpf-and-win32rootkitagentodgtrojan/
Relevancy 71.38%

system spec intel gig ram ATI HD unkown MB recently i noticed my pc getting others Trojan.Win32.Agent.dkai, plus Backdoor.Win32.Delf.nut a lot slower Trojan.Win32.Agent.dkai, Backdoor.Win32.Delf.nut plus others than normal IE scrolling down on an email would cause the window to stutter where normaly it would be smooth i ran a virus scan useing AVG paid version and it didnt come up with anything i also ran adaware and i tried to install spybot but it unable to connect to Trojan.Win32.Agent.dkai, Backdoor.Win32.Delf.nut plus others the server to install i tried the same spybot exe on a seperate machine and it installed fine the computer was still slow so i ran a kaspersky online scan which found a few trojans and backdoors see attached txt that Trojan.Win32.Agent.dkai, Backdoor.Win32.Delf.nut plus others AVG fails to detect DDS DDS Ver - - - NTFSx Run by L HALL at on Internet Explorer Microsoft Windows XP Professional GMT AV AVG Internet Security On-access scanning enabled Updated DDD - FF- F- E B- D D BF FW AVG Firewall enabled decf - - -b a-d d b Running Processes C WINDOWS system Ati evxx exe C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs svchost exe svchost exe C WINDOWS system Ati evxx exe C Program Files AVG AVG avgchsvx exe C Program Files AVG AVG avgrsx exe C WINDOWS system spoolsv exe C Program Files AVG AVG avgcsrvx exe svchost exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files AVG AVG avgwdsvc exe C Program Files AVG AVG avgfws exe C Program Files Bonjour mDNSResponder exe C Program Files Java jre bin jqs exe C WINDOWS system svchost exe -k imgsvc C Program Files AVG AVG avgemc exe C Program Files AVG AVG avgnsx exe C Program Files AVG AVG avgcsrvx exe C WINDOWS system wbem wmiapsrv exe C WINDOWS System svchost exe -k HTTPFilter C WINDOWS Explorer EXE C Program Files Common Files Adobe ARM AdobeARM exe C WINDOWS system ctfmon exe C Program Files AVG AVG avgcsrvx exe C WINDOWS system notepad exe C Program Files Internet Explorer iexplore exe C Program Files Internet Explorer iexplore exe C Program Files Internet Explorer iexplore exe C Documents and Settings L HALL Desktop dds com Pseudo HJT Report uStart Page about blank uSearch Page hxxp www google com uSearch Bar hxxp www google com ie mStart Page about blank uSearchURL Default hxxp www google com keyword s BHO Adobe PDF Link Helper df c-e ad- -a -fa c ebdc - c program files common files adobe acrobat activex AcroIEHelperShim dll BHO AVG Safe Search ca f - f e- b -a e- e e c c - c program files avg avg avgssie dll uRun ctfmon exe c windows system ctfmon exe uRun EPSON Stylus Photo R Series c windows system spool drivers w x e fatiboe exe fu quot c windows temp E S E tmp quot EF quot HKCU quot mRun Tweak UI RUNDLL EXE TWEAKUI CPL TweakMeUp mRun AVG TRAY c progra avg avg avgtray exe mRun Adobe Reader Speed Launcher quot c program files adobe reader reader Reader sl exe quot mRun Adobe ARM quot c program files common files adobe arm AdobeARM exe quot mRun QuickTime Task quot c program files quicktime qttask exe quot -atboottime mRun Spydig exe c program files spydig Spydig exe dRun CTFMON EXE c windows system CTFMON EXE uPolicies-explorer NoActiveDesktop uPolicies-explorer NoActiveDesktopChanges uPolicies-explorer NoSMMyDocs uPolicies-explorer NoSMMyPictures IE FB F -F - d -BB E- C F - c program files messenger msmsgs exe DPF AD C - E- D -B E - F D - hxxp java sun com update jinstall- -windows-i cab DPF CAFEEFAC- - - -ABCDEFFEDCBA - hxxp java sun com update jinstall- -windows-i cab DPF CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA - hxxp java sun com update jinstall- -windows-i cab Handler linkscanner - F C- F - D -A D -FBDDE F D - c program files avg avg avgpp dll Handler skype com - FFC B - B - DFF- - C DD F D - c progra common skype SKYPE DLL Notify AtiExtEvent - Ati evxx dll Notify avgrsstarter - avgrsstx dll SSODL WPDShServiceObj - AAA BA- A C- B - D - D DB - c windows sy... Read more

A:Trojan.Win32.Agent.dkai, Backdoor.Win32.Delf.nut plus others

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Please post the C:\ComboFix.txt in your next reply for further review.

Please re-enable your antivirus before posting the ComboFix.txt log.

------------------------------------------------------

http://www.techsupportforum.com/forums/f100/trojan-win32-agent-dkai-backdoor-win32-delf-nut-plus-others-509070.html
Relevancy 71.38%

I did my best to follow the pre-posting instructions and there's still the same issues as before Please help me fix this Logfile of Trend Win32.trojandownloader.zlob, Win32.trojan.agent, Pe_trats.a Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon Win32.trojan.agent, Win32.trojandownloader.zlob, Pe_trats.a exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system Ati evxx exeC WINDOWS system svchost exeC WINDOWS System svchost exeC Program Files TGTSoft StyleXP StyleXPService exeC WINDOWS system Ati evxx exeC Program Files Sygate SPF smc exeC Program Files Common Files Symantec Shared CCPD-LC symlcsvc exeC Program Files Lavasoft Ad-Aware aawservice exeC WINDOWS system spoolsv exeC WINDOWS Explorer EXEC Program Files Adobe Adobe Version Cue CS bin VersionCueCS exeC Program Files Win32.trojan.agent, Win32.trojandownloader.zlob, Pe_trats.a Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Bonjour mDNSResponder exeC WINDOWS system fpsuqsiw exeC WINDOWS eHome ehRecvr exeC WINDOWS eHome ehSched exeC WINDOWS System svchost exeC Program Files Common Files Microsoft Shared VS DEBUG MDM EXEC WINDOWS system HPZipm exeC Program Files Adobe Adobe Version Cue CS data database bin mysqld-nt exeC WINDOWS ehome RMSvc exeC WINDOWS system svchost exeC Program Files Compact Wireless-G USB Network Adapter with SpeedBooster WLService exeC Program Files Compact Wireless-G USB Network Adapter with SpeedBooster WUSB GSC exeC Program Files Mozilla Firefox firefox exeC WINDOWS system dllhost exeC WINDOWS stsystra exeC Program Files HP HP Software Update HPWuSchd exeC Program Files iTunes iTunesHelper exeC WINDOWS system Rundll exeC WINDOWS system ctfmon exeC Program Files Spybot - Search amp Destroy TeaTimer exeC Program Files HP HP Software Update HPWuSchd exeC Program Files iTunes iTunesHelper exeC Program Files Spybot - Search amp Destroy TeaTimer exeC WINDOWS ehome RMSysTry exeC Program Files HP Digital Imaging bin hpqtra exeC Program Files Last fm LastFMHelper exeC Program Files Nikon PictureProject NkbMonitor exeC Program Files iPod bin iPodService exeC Program Files HP Digital Imaging bin hpqgalry exeC Documents and Settings Matt Desktop HiJackThis exeR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localF - REG win ini load C WINDOWS system jkkll exeO - Toolbar Norton Internet Security - B EAC - D - b e- B -A C A A - C Program Files Common Files Symantec Shared AdBlocking NISShExt dllO - Toolbar MSN - BDAD DAD-C - A -ADC - B B FF D - C Program Files MSN Apps MSN Toolbar en-us msntb dllO - HKLM Run ehTray C WINDOWS ehome ehtray exeO - HKLM Run SigmatelSysTrayApp stsystra exeO - HKLM Run ATIPTA quot C Program Files ATI Technologies ATI Control Panel atiptaxx exe quot O - HKLM Run DMXLauncher C Program Files Dell Media Experience DMXLauncher exeO - HKLM Run ISUSPM Startup quot C Program Files Common Files InstallShield UpdateService isuspm exe quot -startupO - HKLM Run ISUSScheduler quot C Program Files Common Files InstallShield UpdateService issch exe quot -startO - HKLM Run DLA C WINDOWS System DLA DLACTRLW EXEO - HKLM Run RealTray C Program Files Real RealPlayer RealPlay exe SYSTEMBOOTHIDEPLAYERO - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run UserFaultCheck systemroot system dumprep -uO - HKLM Run HP Software Update C Program Files HP HP Software Update HPWuSchd exeO - HKLM Run Adobe V... Read more

A:Win32.trojan.agent, Win32.trojandownloader.zlob, Pe_trats.a

Welcome to the BleepingComputer HijackThis Logs and Analysis forum. My name is Richie and i'll be helping you to fix your problems.Apologies for the late response,as i'm sure you can appreciate we are extremely busy.If you've already recieved help at another forum and your issues have been resolved,or you're presently recieving help elsewhere then please let us know.If you still require help,please post a new Hijackthis log into this topic in your next reply.Also post a detailed description of the issues you're experiencing.*Note*Post all reports/logs directly into this topic,not as attachments,thanks.

http://www.bleepingcomputer.com/forums/t/128646/win32trojanagent-win32trojandownloaderzlob-pe-tratsa/
Relevancy 71.38%

MY PROBLEM i was using win xp sp since may my system was very clean yesterday due to a crash i have to re-install the windows so i switched to sp than i used a flash stick of a friend that has viruses and my kasper AV was not updated that time to detect them now i have updated my kasper AV it has detected some viruses and removed them they were svchost exe in windows directory RavMon exe in every partitaion of my disk trojan win found. AV win32.hidrage.a trojan.win32.agent.abt, probs. etc many agent abt email-worm win brontok q win hidrage a kasper AV also known as win jeefo MDM exe in c windows where it says open amp explore there are some strange symbols those symbols still there and when i double click any of the partitaion to open it it opens a dialog box saying quot open with quot choose the program to open the file c or D here is screenshot yea and another problem i can't see hidden files when i enable show hidden files and click ok but again don't show hidden files option is selected other than this i haven't noticed anything else im hopeful that i will get good response thanks in advance LOGS Emulating logfile of HijackThis v Scan saved at - - Platform Windows XP Service Pack MSIE Internet Explorer Running processes C WINDOWS system smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS explorer exe C WINDOWS system spoolsv exe C Program Files Kaspersky Lab Kaspersky Anti-Virus avp exe C WINDOWS system lvhidsvc exe C WINDOWS system igfxtray exe C WINDOWS system hkcmd exe C Program Files Kaspersky Lab Kaspersky Anti-Virus avp exe C Program Files Messenger msmsgs exe C WINDOWS system wuauclt exe C Documents many probs. AV found. trojan.win32.agent.abt, win32.hidrage.a etc and Settings Administrator Desktop dss exe O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Reader Reader ActiveX AcroIEHelper ocx O - HKLM Run IgfxTray C WINDOWS system igfxtray exe O - HKLM Run HotKeysCmds C WINDOWS system hkcmd exe O - HKLM Run kav quot C Program Files Kaspersky Lab Kaspersky Anti-Virus avp exe quot O - HKLM RunServices LvHidSvc C WINDOWS system lvhidsvc exe O - HKCU Run MSMSGS quot C Program Files Messenger msmsgs exe quot background O many probs. AV found. trojan.win32.agent.abt, win32.hidrage.a etc - Global Startup Microsoft Office lnk C Program Files Microsoft Office Office OSA EXE O - Extra context menu item E amp xport to Microsoft Excel - res C PROGRA MICROS Office EXCEL EXE O - Extra button Web Anti-Virus - F - A - D - CA -AA ACF ED E - file missing O - Extra 'Tools' menuitem no name - F - A - D - CA -AA ACF ED E - file missing O - Extra button Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exe O - Extra 'Tools' menuitem Windows Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exe O - DPF A A - DA - DAF-B - F E E ActiveScan Installer Class - http acs pandasoftware com actives ree asinst cab O - Protocol cdo - CD A- B - D - DB- C FB D - C Program Files Common Files Microsoft Shared Web Folders PKMCDO DLL O - Protocol mso-offdap - D F FA- A - D -BE - D - C Program Files Common Files Microsoft Shared Web Components OWC DLL O - Winlogon Notify klogon - C WINDOWS system klogon dll O - Service Kaspersky Anti-Virus AVP - Kaspersky Lab - quot C Program Files Kaspersky Lab Kaspersky Anti-Virus avp exe quot -r O - Service Lifeview HID Remote Controller Service lvhidsvc - Animation Technologies Inc - C WINDOWS system lvhidsvc exe O - Service TuneUp WinStyler Theme Service TUWinStylerThemeSvc - TuneUp Software GmbH - quot C Program Files TuneUp Utilities WinStylerThemeSvc exe quot -- File Associations ----------------------------------------------------------- All associations okay -- Drivers -Boot -System -Auto -Demand -Disabled --------------------- R LVCap TV Card WDM Video Capture - c windows system drivers lvcap sys lt Not Verified Animation T... Read more

A:many probs. AV found. trojan.win32.agent.abt, win32.hidrage.a etc

hi guys.. im still waiting for the reply... so i can avoide formating...
or shall i go with formating??

http://www.techsupportforum.com/forums/f284/many-probs-av-found-trojan-win32-agent-abt-win32-hidrage-a-etc-166631.html
Relevancy 71.38%

Hi Backdoor.win32.ircbot.dhk/dfk Trojan-ddos.win32.agent.ca And all I installed COMODO Firewall a few days ago and have been noticing strange programs trying to access the Internet apcupsl exe acledits exe and ansii exeAll three were picked up by the Kaspersky Online Scanner as viruses See nbsp kaspersky html nbsp nbsp KB Backdoor.win32.ircbot.dhk/dfk And Trojan-ddos.win32.agent.ca nbsp nbsp downloads Many thanks in advance for Backdoor.win32.ircbot.dhk/dfk And Trojan-ddos.win32.agent.ca any suggestions advice Here's the main DSS HJT log Deckard's System Scanner v Run by Owner on - - Computer is in Normal Mode ---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point -- Last Restore Point s -- - - UTC - RP - Deckard's Backdoor.win32.ircbot.dhk/dfk And Trojan-ddos.win32.agent.ca System Scanner Restore Point - - UTC - RP - ComboFix created restore point - - UTC - RP - Installed Windows XP KB - - UTC - RP - Installed Windows XP KB - - UTC - RP - Installed Windows XP KB -- First Restore Point -- - - UTC - RP - System CheckpointBacked up registry hives Performed disk cleanup -- HijackThis run as Owner exe -----------------------------------------------Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system csrss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system svchost exeC WINDOWS system svchost exeF avast aswUpdSv exeF avast ashServ exeC WINDOWS Explorer EXEC WINDOWS CTHELPER EXEC WINDOWS system RUNDLL EXEC Program Files Creative SBAudigy ZS Surround Mixer CTSysVol exeC Program Files Creative SBAudigy ZS DVDAudio CTDVDDET EXEF iTunes iTunesHelper exeF Spyware Doctor pctsTray exeF Comodo Firewall CPF exeC WINDOWS system ctfmon exeC Program Files Logitech SetPoint SetPoint exeC Program Files Common Files Logishrd KHAL KHALMNPR EXEC WINDOWS system spoolsv exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Bonjour mDNSResponder exeF Comodo Firewall cmdagent exeC WINDOWS system svchost exeC WINDOWS system nvsvc exeF Spyware Doctor pctsAuxs exeF Spyware Doctor pctsSvc exeC WINDOWS system svchost exeC WINDOWS system wdfmgr exeF avast ashMaiSv exeF avast ashWebSv exeC Program Files iPod bin iPodService exeC WINDOWS System alg exeC Documents and Settings Owner Desktop dss exeC WINDOWS system wbem wmiprvse exeC PROGRA TRENDM HIJACK Owner exeR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localO - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dllO - HKLM Run CTHelper CTHELPER EXEO - HKLM Run CTxfiHlp CTXFIHLP EXEO - HKLM Run Adobe Reader Speed Launcher quot C Program Files Adobe Reader Reader Reader sl exe quot O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartupO - HKLM Run nwiz nwiz exe installO - HKLM Run NvMediaCenter RUNDLL EXE C WINDOWS system NvMcTray dll NvTaskbarInitO - HKLM Run Kernel and Hardware Abstraction Layer KHALMNPR EXEO - HKLM Run IMJPMIG quot C WINDOWS IME imjp IMJPMIG EXE quot Spoil RemAdvDef Migration O - HKLM Run MSPY C WINDOWS system IME PINTLGNT ImScInst exe SYNCO - HKLM Run PHIME ASync C WINDOWS system... Read more

A:Backdoor.win32.ircbot.dhk/dfk And Trojan-ddos.win32.agent.ca

Hi,Any idea how you got this infection? It was installed a couple of minutes later than software from ACD Systems. Did you use a crack there or something?Anyway... * Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixThis includes installing the Windows XP Recovery Console in case you have not installed it yet.Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

http://www.bleepingcomputer.com/forums/t/150266/backdoorwin32ircbotdhkdfk-and-trojan-ddoswin32agentca/
Relevancy 71.38%

At first it started as pop-up internet explorer windows while browsing in Firefox and re-directs in Google when I clicked on a link (however I can copy the link from a google search and paste it in a new window). Then whatever I have seemed to disable my internet connection after a couple of minutes (almost like it new I was trying to figure out how to get rid of it!). I have done some work at trying to remove the problem and it seems like everything is better EXCEPT that Google keeps redirecting - so I know not everything has been cleaned! I have a spotty and slow wireless connection for this computer so I would rather not use an online scanner if I don't have to but I will do what it takes if that is the case.

Looking forward to some help. Attached is my HiJackThis Log from earlier today. Thanks!

A:Trojan.Agent, VBS/Disabler.NAB Trojan, Win32/Kryptik.AKJ Trojan and maybe others! Google Redirect in Firefox

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I'll ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.Please download ComboFix from one of these locations:Link 1Link 2Link 3Important!You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Make sure that you save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please copy and paste the contents of C:\ComboFix.txt in your next reply.

http://www.bleepingcomputer.com/forums/t/271664/trojanagent-vbsdisablernab-trojan-win32kryptikakj-trojan-and-maybe-others-google-redirect-in-firefox/
Relevancy 70.95%

m ades windows xp sp to whomever Rootkit.Win32.ZAccess.e, Value: -> infected Trojan.Win32.Patched.mf,, with HiddenFile.Multi.Generic, Backdoor.Agent.Gen) Sh... can help- i tried to remove some viruses using info from bleeping but am not having infected with Rootkit.Win32.ZAccess.e, HiddenFile.Multi.Generic, Trojan.Win32.Patched.mf,, Backdoor.Agent.Gen) -> Value: Sh... any luck i downloaded a file that i thought could help me on another matter but it had a virus that zone alarm s active scan did not catch it was a rootkit virus i tried tdsskiller several times as well as malwarebytes and thought i finally got rid of it then another virus popped up despite my not having connected to the internet another was this patch virus that kept redirecting my opera browser malwarebytes did not see this but zone alarm did i tried to get rid of it and used tdsskiller and thought i did i had to keep switching between safe mode and normal mode to do it i had no problems for two weeks then both seemed to pop up again my guess is that i never actually got rid of them i tried zone alarm malwarebytes and tdsskiller over and over again with no luck then my ability to connect to the net went away i gave up and restored my hdd using the file i made just after i thought i had gotten rid of the problems so that though i would still have the viruses i would get back the net using tdsskiller and malwarebytes still did not work and a new virus showed up i m including the logs from zone alarm malwarebytes and tdsskiller i would really appreciate help first to show up used tdsskiller seemed to be removed kept showing back up Forged C WINDOWS system DRIVERS intelppm sys Real md bcdcdc c a d c b a a f Fake md c d f eb f bb b b intelppm Rootkit Win ZAccess e second to show up used mbam seemed to be removed kept showing back up HKLM SYSTEM ControlSet services cf efbe - will be deleted on reboot HKLM SYSTEM ControlSet services cf efbe - will be deleted on reboot C WINDOWS exe - will be deleted on reboot cf efbe HiddenFile Multi Generic - User select action Delete C WINDOWS system DRIVERS intelppm sys - will be cured on reboot intelppm Rootkit Win ZAccess e - User select action Cure third to show up- shown in zone alarm not in mbam or tdsskiller since i needed the files i removed by replacing file and deleting no-name file in dos some have shown back up Trojan Win Patched mf c program files widcomm bluetooth software bin btwdins exe Trojan Win Patched mf c program files lsi softmodem agrsmsvc exe Trojan Win Patched mf c program files java jre bin jqs exe Trojan Win Patched mf c program files visioneer onetouch otservice exe Trojan Win Patched mf c program files intel intel matrix storage manager iaantmon exe Trojan Win Patched mf c program files hewlett-packard shared hpqwmiex exe Trojan Win Patched mf c program files common files acronis schedule schedul exe Trojan Win Patched mf c program files hewlett-packard hp quick launch buttons com qlbex exe fourth to show up mbam will not delete Registry Values Infected HKEY CURRENT USER SOFTWARE Microsoft Windows NT CurrentVersion Winlogon Shell Backdoor Agent Gen - gt Value Shell - gt

A:infected with Rootkit.Win32.ZAccess.e, HiddenFile.Multi.Generic, Trojan.Win32.Patched.mf,, Backdoor.Agent.Gen) -> Value: Sh...

ps i have mbam, zone alarm,tdss,
and hijack logs, but was not sure
how to post them since the number
of text characters on this page
was limited.

http://www.bleepingcomputer.com/forums/t/425967/infected-with-rootkitwin32zaccesse-hiddenfilemultigeneric-trojanwin32patchedmf-backdooragentgen-value-shell/
Relevancy 70.95%

Hi My real-time Anti-virus protection filter Eset Nod has registered som virus activity for the past couple of weeks that i cant seem to get rid of - - Real-time file system protection file I System Volume Information restore B -B - BE- C - DE AE DB RP A exe probably a variant of Win Agent trojan cleaned by deleting - quarantined NT INSTANS SYSTEM Event occurred on a file modified by Trojan & by Infected Win32/Agent Win32/kryptik.W the application C WINDOWS System svchost exe - - Real-time file system protection file E System Volume Information restore B -B - Infected by Win32/Agent & Win32/kryptik.W Trojan BE- C - DE AE DB RP A exe a variant of Win Kryptik W trojan cleaned by deleting - quarantined NT INSTANS SYSTEM Event occurred on a file modified by the application C WINDOWS System svchost exe - - Real-time file system protection file I System Volume Information restore B -B - BE- C - DE AE DB RP A exe probably a variant of Win Agent trojan cleaned by deleting - quarantined NT INSTANS SYSTEM Event occurred on a file modified by the application C WINDOWS System svchost exe The files same trojan s but different executable names after each deletion for ex it varies between A exe A inf and svchost exe and so on comes keep comming back after deletion of files in qurantine The DDS log DDS Ver - - - NTFSx Run by Martin at on - - Internet Explorer BrowserJavaVersion Microsoft Windows XP Professional GMT AV ESET NOD Antivirus On-access scanning enabled Updated E E D - - F - FB -D ACA F C Running Processes C WINDOWS system Ati evxx exeC WINDOWS system svchost -k DcomLaunchsvchost exeC WINDOWS System svchost exe -k netsvcsC WINDOWS system svchost exe -k WudfServiceGroupsvchost exesvchost exeC WINDOWS system spoolsv exeC WINDOWS system Ati evxx exeC WINDOWS Explorer EXEC Program Delade filer InstallShield UpdateService issch exeC Program Logitech Gaming Software LWEMon exeC WINDOWS RTHDCPL EXEC WINDOWS SOUNDMAN EXEC Program Netropa Multimedia Keyboard MMKeybd exeC Program Razer Copperhead razerhid exeC Program Java jre bin jusched exeC WINDOWS system RunDll exeC Program ATI Technologies ATI ACE Core-Static MOM exeC WINDOWS VM STI EXEC Program ESET ESET NOD Antivirus egui exeC Program Windows Live Messenger MsnMsgr ExeC Program XemiComputers Active Desktop Calendar ADC exeC program spel steam steam exeC Program Messenger msmsgs exeC WINDOWS system ctfmon exeC Documents and Settings Martin Application Data SanDisk Sansa Updater SansaDispatch exeC Program Skype Phone Skype exeC Program LG Soft India forteManager bin Monitor exeC Program No-IP DUC exeC Program ATI Technologies ATI ACE Core-Static ccc exeC Program Netropa Multimedia Keyboard TrayMon exeC Program Netropa Onscreen Display OSD exeC Program Razer Copperhead razertra exeC Program Razer Copperhead razerofa exesvchost exeC Program Netropa Multimedia Keyboard nhksrv exeC WINDOWS system ASTSRV EXEC Program Bonjour mDNSResponder exeC Program ESET ESET NOD Antivirus ekrn exeC Program Java jre bin jqs exeC Program Raxco PerfectDisk PD Agent exeC WINDOWS system svchost exe -k imgsvcC Program UPHClean uphclean exeC Program Samsung SAMSUNG PC Share Manager WiselinkPro exeC Program Samsung SAMSUNG PC Share Manager http ss win pro exeC Program Canon CAL CALMAIN exeC WINDOWS system wbem wmiapsrv exeC Program Windows Live Contacts wlcomm exeC Program Skype Plugin Manager skypePM exeC WINDOWS System svchost exe -k HTTPFilterC Program Mozilla Firefox Beta firefox exeC Program Adobe Reader Reader AcroRd Info exeC Documents and Settings Martin Skrivbord dds scr Pseudo HJT Report uInternet Connection Wizard ShellNext iexploreuInternet Settings ProxyOverride localBHO Adobe PDF Reader Link Helper e f-c d - d -b d- b d be b - c program delade filer adobe acrobat activex AcroIEHelper dllBHO Windows Live inloggningshj lpen d - c - abf- ecc- c - c program delade filer microsoft shared windows live WindowsLiveLogin dllBHO Java Plug-In SSV Helper dbc -a - b-bc - c c c a - c program java jre bin j... Read more

A:Infected by Win32/Agent & Win32/kryptik.W Trojan

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREPlease download GMER from one of the following locations and save it to your desktop:Main MirrorThis version will download a randomly named file (Recommended)Zipped MirrorThis version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply.Exit GMER and re-enable all active protection when done.-- If you encounter any problems, try running GMER in Safe Mode.

http://www.bleepingcomputer.com/forums/t/304246/infected-by-win32agent-win32kryptikw-trojan/
Relevancy 70.95%

ok man now lets get ready to kick these unwanted out of my Trojan.Win32.Agent.bck Virus.Win32.Virut + comp BEFORE u read on please pardon my emotional language including some strong language im trying my best not to be emotional i am providing as much information as possible so please help me thanks in advance DAMN after i downloaded a keygen i got a damn trojan man that sux shouldnt have done it now i really dunno WAT to do with the trojan in my comp now Virus.Win32.Virut + Trojan.Win32.Agent.bck SYMPTOMS i cannot open some programs like mIRC very safe no virus etc However i still can do the following surf the web to seek help here use virus scanners and such boot up normally here is my hijackTHIS log Logfile of Trend Micro HijackThis v BETA Scan saved at AM Virus.Win32.Virut + Trojan.Win32.Agent.bck on Platform Windows XP WinNT Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C WINDOWS Explorer EXE C WINDOWS soundman exe C Program Files Common Files Real Update OB realsched exe C Program Files Java jre bin jusched exe C Program Files MSN Messenger MsnMsgr Exe C WINDOWS System ctfmon exe C WINDOWS System nvsvc exe C Program Files Internet Explorer IEXPLORE EXE C WINDOWS System taskmgr exe C Program Files Internet Explorer IEXPLORE EXE C Program Files Internet Explorer IEXPLORE EXE C Documents and Settings Andrew Desktop New Folder HiJackThis v exe R - HKLM Software Microsoft Internet Explorer Main Default Page URL http global acer com R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyServer fol singnet com sg R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localhost O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Reader ActiveX AcroIEHelper ocx O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dll O - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Program Files Google GoogleToolbarNotifier swg dll O - Toolbar amp Radio - E - F- D - E- A C - C WINDOWS System msdxm ocx O - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dll O - HKLM Run NvCplDaemon RUNDLL EXE NvQTwk NvCplDaemon initialize O - HKLM Run SoundMan soundman exe O - HKLM Run TkBellExe quot C Program Files Common Files Real Update OB realsched exe quot -osboot O - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottime O - HKLM Run SunJavaUpdateSched C Program Files Java jre bin jusched exe O - HKLM Run KernelFaultCheck systemroot system dumprep -k O - HKCU Run MsnMsgr quot C Program Files MSN Messenger MsnMsgr Exe quot background O - HKCU Run Steam quot C Program Files Steam Steam exe quot -silent O - HKCU Run ctfmon exe C WINDOWS System ctfmon exe O - Extra context menu item amp Clean Traces - C Program Files DAP Privacy Package dapcleanerie htm O - Extra context menu item amp Download with amp DAP - C Program Files DAP dapextie htm O - Extra context menu item Download amp all with DAP - C Program Files DAP dapextie htm O - Extra context menu item E amp xport to Microsoft Excel - res C PROGRA MICROS OFFICE EXCEL EXE O - Extra button no name - B E C - FCB- CF-AAA - C - C Program Files Java jre bin npjpi dll O - Extra Tools menuitem Sun Java Console - B E C - FCB- CF-AAA - C - C Program Files Java jre bin npjpi dll O - Extra button Research - B - CC- C -B BE- C C A - C PROGRA MICROS OFFICE REFIEBAR DLL O - Plugin for spop C Program Files Internet Explorer Plugins NPDocBox dll O - IERESET INF START PAGE URL http global acer com O - DPF EB E A- A - AB -A FB- BD C F F CKAVWebScan Object - http www kaspersky com kos eng partner default kavwebscan unicode cab O - DPF -C A- E-A -C C BBF Windows Genuine Advantage Validation Tool - http go microsoft com fwlink linkid O - DP... Read more

A:Virus.Win32.Virut + Trojan.Win32.Agent.bck

Another solution i tried

i was recommended by some guy from another forum to try tthe free kaspersky online scanner. so here are the results
WARNING! below is a very very long scan log of a whooping 749 files infected. its so long, that i have to post it in 2 posts. the log was originally has 63374 characters. but only 30000 characters are allowed.

Sunday, September 02, 2007 9:04:59 AM
Operating System: Microsoft Windows XP Home Edition, (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 2/09/2007
Kaspersky Anti-Virus database records: 402384
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target Critical Areas
C:\WINDOWS
C:\DOCUME~1\Andrew\LOCALS~1\Temp\

Scan Statistics
Total number of scanned objects 13660
Number of viruses found 7
Number of infected objects 749
Number of suspicious objects 0
Duration of the scan process 00:16:43

Infected Object Name Virus Name Last Action
C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\pft74~tmp\Reader\AcroRd32.exe Infected: Virus.Win32.Virut.n skipped

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\pft74~tmp\Setup.exe Infected: Virus.Win32.Virut.n skipped

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\pft74~tmp\_ISDel.exe Infected: Virus.Win32.Virut.n skipped

C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\DEFAULT Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped

C:\WINDOWS\system32\config\SYSTEM Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\spool\drivers\w32x86\3\CNMSM5i.EXE Infected: Virus.Win32.Virut.n skipped

C:\WINDOWS\system32\spool\drivers\w32x86\3\CNMSD5i.EXE Infected: Virus.Win32.Virut.n skipped

C:\WINDOWS\system32\spool\drivers\w32x86\3\CNMSQ5i.EXE Infected: Virus.Win32.Virut.n skipped

C:\WINDOWS\system32\spool\drivers\w32x86\3\CNMPV5i.EXE Infected: Virus.Win32.Virut.n skipped

C:\WINDOWS\system32\spool\drivers\w32x86\canoni455f205\CNMSM5i.EXE Infected: Virus.Win32.Virut.n skipped

C:\WINDOWS\system32\spool\drivers\w32x86\canoni455f205\CNMSD5i.EXE Infected: Virus.Win32.Virut.n skipped

C:\WINDOWS\system32\spool\drivers\w32x86\canoni455f205\CNMSQ5i.EXE Infected: Virus.Win32.Virut.n skipped

C:\WINDOWS\system32\spool\drivers\w32x86\canoni455f205\CNMPV5i.EXE Infected: Virus.Win32.Virut.n skipped

C:\WINDOWS\system32\wbem\mofcomp.exe Infected: Virus.Win32.Virut.n skipped

C:\WINDOWS\system32\wbem\scrcons.exe Infected: Virus.Win32.Virut.n skipped

C:\WINDOWS\system32\wbem\unsecapp.exe Infected: Virus.Win32.Virut.n skipped

C:\WINDOWS\system32\wbem\wbemtest.exe Infected: Virus.Win32.Virut.n skipped

C:\WINDOWS\system32\wbem\winmgmt.exe Infected: Virus.Win32.Virut.n skipped

C:\WINDOWS\system32\wbem\wmiadap.exe Infected: Virus.Win32.Virut.n skipped

C:\WINDOWS\system32\wbem\wmiapsrv.exe Infected: Virus.Win32.Virut.n skipped

C:\WINDOWS\system32\wbem\wmiprvse.exe Infected: Virus.Win32.Virut.n skipped

C:\WINDOWS\... Read more

https://forums.techguy.org/threads/virus-win32-virut-trojan-win32-agent-bck.618892/
Relevancy 69.23%

Have run cleanmgr to clear out all temp files run Ad-Aware And Spybot S amp D Scanned with Norton Anti-Virus in both safe mode and normal mode run McAfee Avert Stinger am now posting HijackThis log in the hope of ridding my computer of these nasties Logfile of Trend Micro Win32.trojan.spy / Win32.backdoor.agent HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes I WINDOWS System smss exeI WINDOWS system csrss exeI WINDOWS system winlogon exeI WINDOWS system services exeI WINDOWS system lsass exeI WINDOWS system svchost exeI WINDOWS system svchost Win32.backdoor.agent / Win32.trojan.spy exeI WINDOWS System svchost exeI WINDOWS system svchost exeI WINDOWS system svchost exeI WINDOWS system spoolsv exeI Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeI Program Files Belkin Bluetooth Software bin btwdins exeI PROGRA COSIDS BIN TbMux exeI PROGRA SYMANT SYMANT DefWatch exeI ElsaWin bin LcSvrAdm exeI ElsaWin bin Win32.backdoor.agent / Win32.trojan.spy LcSvrDba exeI ElsaWin bin LcSvrHis exeI ElsaWin bin LcSvrKdS exeI ElsaWin bin LcSvrPas exeI Program Files Common Files Microsoft Shared VS DEBUG MDM EXEI PROGRA SYMANT SYMANT Rtvscan exeI WINDOWS system svchost exeI Program Files Canon CAL CALMAIN exeI ElsaWin bin LcSvrAuf exeI WINDOWS system wscntfy exeI WINDOWS System alg exeI WINDOWS explorer exeI WINDOWS System svchost exeI WINDOWS system ctfmon exeI Documents and Settings Dave Desktop HiJackThis exeI WINDOWS system wbem wmiprvse exeR - HKCU Software Microsoft Internet Explorer Main Window Title Internet Explorer Provided By Sky BroadbandF - REG win ini run quot I WINDOWS system winupdate exe quot F - REG system ini UserInit I WINDOWS system userinit exe I WINDOWS system ntos exe O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - I Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO no name - - F - D - - D F - I PROGRA SPYBOT SDHelper dllO - BHO WebCGMHlprObj Class - B F - E - d -A - AD BA F - I WINDOWS cgmopenbho dllO - BHO no name - D - E - E -A AC-A A BBC AA - I WINDOWS system geebc dll file missing O - BHO f e cf- cc - aa- -ecf f e - e f - fce- -aa - cc fc e f - I WINDOWS system emydknis dll file missing O - BHO no name - -DB D- FAA- BD- A A - I WINDOWS system mljgf dll file missing O - HKLM Run SoundMan SOUNDMAN EXEO - HKLM Run vptray I PROGRA SYMANT SYMANT vptray exeO - HKLM Run TkBellExe quot I Program Files Common Files Real Update OB realsched exe quot -osbootO - HKLM Run AdaptecDirectCD I Program Files Adaptec Easy CD Creator DirectCD DirectCD exeO - HKLM Run iTunesHelper quot I Program Files iTunes iTunesHelper exe quot O - HKLM Run MSConfig I WINDOWS PCHealth HelpCtr Binaries MSConfig exe autoO - HKCU Run CTFMON EXE I WINDOWS system ctfmon exeO - HKUS S- - - Run CTFMON EXE I WINDOWS system CTFMON EXE User 'LOCAL SERVICE' O - HKUS S- - - Run CTFMON EXE I WINDOWS system CTFMON EXE User 'NETWORK SERVICE' O - HKUS S- - - Run CTFMON EXE I WINDOWS system CTFMON EXE User 'SYSTEM' O - HKUS DEFAULT Run CTFMON EXE I WINDOWS system CTFMON EXE User 'Default user' O - Extra context menu item E amp xport to Microsoft Excel - res I PROGRA MICROS OFFICE EXCEL EXE O - Extra context menu item Send To amp Bluetooth - I Program Files Belkin Bluetooth Software btsendto ie ctx htmO - Extra button Sky - E A -FB - BD-A - E AD F - http www skybroadband com file missing O - Extra button Research - B - CC- C -B BE- C C A - I PROGRA MICROS OFFICE REFIEBAR DLLO - Extra button btrez dll - - CCA CA-C - ef- - C D F - I Program Files Belkin Bluetooth Software btsendto ie htmO - Extra 'Tools' menuitem btrez dll - - CCA CA-C - ef- - C D F - I Program Files Belkin Bluetooth Software btsendto ie htmO - Extra button no name - e e dd -d - - b -f ba - I WINDOWS Network Diagnostic xpnetdiag exeO - Extra 'Tools' menuitem xpsp res dll - - e e dd -d - - b -f ba - I WINDOWS Network Diagnostic xpnetdiag exeO - Extra button Me... Read more

A:Win32.backdoor.agent / Win32.trojan.spy

Hi Dave J Spencer and Welcome to the Bleeping Computer!Please download Malwarebytes' Anti-Malware from Here or HereDouble Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply along with a fresh HijackThis log.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

http://www.bleepingcomputer.com/forums/t/131778/win32backdooragent-win32trojanspy/
Relevancy 69.23%

Hello My PC has been recently infected by trojans scan with Adaware found WIN BACKDOOR AGENT and WIN TROJAN SPY It was able to remove them at least Win32.backdoor.agent Win32.trojan.spy this was the message Later on i scanned using AVG antivirus and it found TROJAN HORSE PAKEC C GT and TROJAN HORSE PWS Win32.backdoor.agent Win32.trojan.spy GENERIC ABUM Removal went also without problems In addition afterwards i used Spybot and it found Win Agent pz First time spybot had problems with removing but scanning again directly after reboot the trojan was removed at least this was the message from the program Following scans by all these programs found no threats So noww i've used the Hijackthis I'm not really experienced with this program The log file looks ok as far as i can judge using some info from internet So i would be grateful if some experts from your forum would have a look on it and tell me their opinion So that i know if i have to do something with my system or if it is safe to continue working with it Thank you very much in advance Here is the logfile Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system Ati evxx exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system ZoneLabs vsmon exe C WINDOWS system spoolsv exe C WINDOWS Explorer EXE C Programme ATI Technologies ATI Control Panel atiptaxx exe C Programme Apoint K Apoint exe C Programme TOSHIBA PadTouch PadExe exe C WINDOWS AGRSMMSG exe C Programme TOSHIBA Power Management CePMTray exe C Programme TOSHIBA E-KEY CeEKey exe C Programme EzButton EzButton EXE C Programme TOSHIBA TouchPad TPTray exe C Programme TOSHIBA TOSHIBA Zoom-Dienstprogramm SmoothView exe C WINDOWS System ZoomingHook exe C Programme TOSHIBA ConfigFree NDSTray exe C Programme iTunes iTunesHelper exe C Programme QuickTime qttask exe C PROGRA Grisoft AVG avgcc exe C Programme Zone Labs ZoneAlarm zlclient exe C WINDOWS system ctfmon exe C Programme TOSHIBA TOSCDSPD toscdspd exe C Programme Spybot - Search amp Destroy TeaTimer exe C PROGRA Grisoft AVG avgamsvr exe C PROGRA Grisoft AVG avgupsvc exe C Programme Apoint K Apntex exe C WINDOWS system drivers CDAC BA EXE C Programme TOSHIBA Power Management CeEPwrSvc exe C Programme TOSHIBA ConfigFree CFSvcs exe C WINDOWS system svchost exe C Programme VMware VMware Workstation vmware-authd exe C Programme Gemeinsame Dateien VMware VMware Virtual Image Editing vmount exe C WINDOWS system vmnat exe C Programme Canon CAL CALMAIN exe C WINDOWS system vmnetdhcp exe C Programme iPod bin iPodService exe C WINDOWS system cmd exe C Programme Internet Explorer iexplore exe C Programme Internet Explorer iexplore exe C Programme Trend Micro HijackThis HijackThis exe C WINDOWS system wuauclt exe F - REG system ini UserInit userinit exe O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Programme Adobe Acrobat Reader ActiveX AcroIEHelper dll O - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dll O - BHO ZoneAlarm Spy Blocker BHO - F D B -DA B- daf- E -DFEE A AA - C Programme ZoneAlarmSB bar bin SPYBLOCK DLL O - Toolbar ZoneAlarm Spy Blocker - F D B -DA B- daf- E -DFEE A AA - C Programme ZoneAlarmSB bar bin SPYBLOCK DLL O - HKLM Run ATIPTA C Programme ATI Technologies ATI Control Panel atiptaxx exe O - HKLM Run Apoint C Programme Apoint K Apoint exe O - HKLM Run PadTouch quot C Programme TOSHIBA PadTouch PadExe exe O - HKLM Run AGRSMMSG AGRSMMSG exe O - HKLM Run CeEPOWER C Programme TOSHIBA Power Management CePMTray exe O - HKLM Run CeEKEY C Programme TOSHIBA E-KEY CeEKey exe O - HKLM Run EzButton C Programme EzButton EzButton EXE O - HKLM Run TPNF C Programme TOSHIBA TouchPad TPTray exe O - HKLM Run SmoothView C Programme TOSHIBA TOSHIBA Zoom-Dienstprogramm SmoothView exe O - HKLM Run Zooming... Read more

A:Win32.backdoor.agent Win32.trojan.spy

Hi gumb, Our apologies for the delay. If you still require help, please post a new fresh log so I can see if anything has changed.If you have not done so already, please do the initial cleanup steps in the following instructions before posting your new log: Preparation Guide For Use Before Posting A Hijackthis Log

http://www.bleepingcomputer.com/forums/t/122553/win32backdooragent-win32trojanspy/
Relevancy 69.23%

Just yesterday I appear to have found contracted a virus No matter what method I use to remove it everytime I restart my computer it is back Hopefully someone will be able to help me Per Ad-Ware this is what was found Trojan Win Generic BT - c windows system d-link st dll Win Trojan Agent - c windows system HELP!!!!!!!!!! & Trojan.Win32.Generic!BT WIN32.Trojan.Agent d-link st dll I ran the MiniToolBox and have attached the results of that I tried running going into safe mode and running RKill then SAS then rebooting into normal mode and running MBAN but it always seems to come back I also attached the MBAN log as well I hope someone can help otherwise it looks like a long night of reformatting is ahead of me MiniToolBox MiniToolBox by Farbar Version - - Ran by Andrew Kuntze administrator on - - at Microsoft Windows Ultimate Service Pack X Boot Mode Normal Flush DNS Windows IP Configuration Successfully flushed the DNS Resolver Cache IE Proxy Settings Proxy is not enabled No Proxy Server is set quot Reset IE Proxy Settings Trojan.Win32.Generic!BT & WIN32.Trojan.Agent HELP!!!!!!!!!! quot IE Proxy Settings were reset Hosts content localhost localhost IP Configuration D-Link DWA- XtremeN Desktop Adapter Wireless Network Connection Connected NVIDIA nForce Networking Controller Local Area Connection Hardware not present NVIDIA nForce Networking Controller Local Area Connection Hardware not present The following helper DLL cannot be loaded WSHELPER DLL ---------------------------------- IPv Configuration ---------------------------------- pushd interface ipv reset set global icmpredirects enabled popd End of IPv configuration Windows IP Configuration Host Name Andy Primary Dns Suffix Node Type Hybrid IP Routing Enabled No WINS Proxy Enabled No DNS Suffix Search List oc cox net Wireless LAN adapter Wireless Network Connection Connection-specific DNS Suffix oc cox net Description D-Link DWA- XtremeN Desktop Adapter Physical Address - E- - -CA- E DHCP Enabled Yes Autoconfiguration Enabled Yes Link-local IPv Address fe a b f c e Preferred IPv Address Preferred Subnet Mask Lease Obtained Friday April PM Lease Expires Saturday April PM Default Gateway DHCP Server DHCPv IAID DHCPv Client DUID - - - - -EA- A-FF- - D- -EE- C-E DNS Servers NetBIOS over Tcpip Enabled Tunnel adapter isatap oc cox net Media State Media disconnected Connection-specific DNS Suffix Description Microsoft ISATAP Adapter Physical Address - - - - - - -E DHCP Enabled No Autoconfiguration Enabled Yes Tunnel adapter Teredo Tunneling Pseudo-Interface Media State Media disconnected Connection-specific DNS Suffix Description Teredo Tunneling Pseudo-Interface Physical Address - - - - - - -E DHCP Enabled No Autoconfiguration Enabled Yes Pinging google com with bytes of data Reply from bytes time ms TTL Reply from bytes time ms TTL Ping statistics for Packets Sent Received Lost loss Approximate round trip times in milli-seconds Minimum ms Maximum ms Average ms Pinging yahoo com with bytes of data Reply from bytes time ms TTL Reply from bytes time ms TTL Ping statistics for Packets Sent Received Lost loss Approximate round trip times in milli-seconds Minimum ms Maximum ms Average ms Pinging bleepingcomputer com with bytes of data Request timed out Request timed out Ping statistics for Packets Sent Received Lost loss Pinging with bytes of data Reply from bytes time lt ms TTL Reply from bytes time lt ms TTL Ping statistics for Packets Sent Received Lost loss Approximate round trip times in milli-seconds Minimum ms Maximum ms Average ms Interface List e ca e D-Link DWA- XtremeN Desktop Adapter Software Loopback Interface e Microsoft ISATAP Adapter e Teredo Tunneling Pseudo-Interface IPv Route Table Active Routes Network Destination Netmask Gateway Interface Metric On-link On-link On-link On-link On-link On-link On-link On-link On-link On-link Persistent Routes None IPv Route Table Active ... Read more

A:Trojan.Win32.Generic!BT & WIN32.Trojan.Agent HELP!!!!!!!!!!

Hello, appears you have contracted a deep seated ZeroAccess Rootkit,probably from a torrent download.To get this out we need a deeper look. Please go here....Preparation Guide ,do steps 6-9.Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.If GMER won't run skip it and move on.Let me know if that went well.

http://www.bleepingcomputer.com/forums/t/449194/trojanwin32genericbt-win32trojanagent-help/
Relevancy 68.8%

Hi I'm new to this forum and really appreciate any help I can get I'm trying to fix my parents computer as it is infected with trojan tdss and possibly other bugs I have tried the following AVGSpy botMalwarebytesad-awareadvanced system careTrojan GuarderHijackthis Kaspersky- running first time as I write thismalwarebytes does tell me the system is infected and I ask it to be removed then I restart my comp When i run malwarebytes again the same files are found I'm including the DDS and Hijackthis logs below Thanks so much for your help DDS Ver - - - NTFSx Run by Family at on Wed Internet Explorer Microsoft Windows XP Professional GMT - AV AVG Anti-Virus Free On-access scanning enabled Updated websites Trojan.tdss/ Trojan.Win32.Agent.crez / redirecting DDD - FF- F- E B- D D BF Running Processes C WINDOWS system Ati evxx exeC WINDOWS system svchost -k DcomLaunchsvchost exeC Program Files Windows Defender MsMpEng exeC WINDOWS System svchost exe -k netsvcssvchost exeC WINDOWS system Ati evxx exesvchost exeC WINDOWS Explorer EXEC WINDOWS system spoolsv exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC PROGRA AVG avgwdsvc exeC Program Files Bonjour mDNSResponder exeC Program Files HP HP Software Update HPWuSchd exeC Program Files HP hpcoretech hpcmpmgr exeC WINDOWS system svchost exe -k imgsvcC WINDOWS System visualtasktips exeC WINDOWS System topdesk exeC WINDOWS system ctfmon exeC PROGRA AVG avgemc exeC PROGRA AVG avgrsx exeC PROGRA AVG avgnsx exeC Program Files AVG avgcsrvx exeC Program Files iPod bin iPodService exeC WINDOWS system wuauclt exeC Program Files Ad-Aware AAWService exeC Program Files Malwarebytes' Anti-Malware mbam Trojan.tdss/ Trojan.Win32.Agent.crez / redirecting websites exeC Program Files Ad-Aware AAWTray exeC Program Files Mozilla Firefox firefox exeC Users Kheni Family Desktop dds scr Pseudo HJT Report uSearch Page hxxp www google comuStart Page hxxp www google comuSearch Bar hxxp www google com iemDefault Page URL hxxp www yahoo commDefault Search URL hxxp www google com iemSearch Page hxxp www google commStart Page hxxp www google comuInternet Settings ProxyOverride localuURLSearchHooks AVG Security Toolbar BHO a bc a - f - -aa - d c - c program files avg toolbar IEToolbar dlluURLSearchHooks H - No FileBHO Adobe PDF Reader Link Helper e f-c d - d -b d- b d be b - c program files common files adobe acrobat activex AcroIEHelper dllBHO AVG Safe Search ca f - f e- b -a e- e e c c - c program files avg avgssie dllBHO AVG Security Toolbar BHO a bc a - f - -aa - d c - c program files avg toolbar IEToolbar dllTB QT TabBar d bf e-ed c- f-a - bd eb ce - mscoree dllTB QT Tab Standard Buttons d bf e-ed c- f-a - bd eb ce - mscoree dllTB QT Breadcrumbs Address Bar af e c-dd b- - b- b dee ed - mscoree dllTB AVG Security Toolbar ccc a -b ca- -b a - f dd - c program files avg toolbar IEToolbar dlluRun VisualTaskTips c windows system visualtasktips exeuRun TopDesk c windows system topdesk exeuRun ctfmon exe c windows system ctfmon exeuRun H PC Connection Agent c progra mi aa wcescomm exeuRun Advanced SystemCare quot c program files iobit advanced systemcare AWC exe quot startupmRun High Definition Audio Property Page Shortcut HDAShCut exemRun Windows Defender quot c program files windows defender MSASCui exe quot -hidemRun UltimateServices c windows system ultsvcs exemRun RTHDCPL RTHDCPL EXEmRun Alcmtr ALCMTR EXEmRun AtiPTA atiptaxx exemRun System Files Updater c windows flyakiteosx tools System Files Updater exe SmRun Adobe Photo Downloader quot c program files adobe photoshop album starter edition apps apdproxy exe quot mRun KernelFaultCheck systemroot system dumprep -kmRun AppleSyncNotifier c program files common files apple mobile device support bin AppleSyncNotifier exemRun iTunesHelper quot c program files itunes iTunesHelper exe quot mRun Adobe Reader Speed Launcher quot c program files adobe reader reader Reader sl exe quot mRun HP Software Update quot c program files hp hp s... Read more

A:Trojan.tdss/ Trojan.Win32.Agent.crez / redirecting websites

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I'll ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.Please download ComboFix from one of these locations:Link 1Link 2Link 3Important!You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Make sure that you save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

http://www.bleepingcomputer.com/forums/t/247099/trojantdss-trojanwin32agentcrez-redirecting-websites/
Relevancy 68.8%

Hi i have a bit of a problem my avg has found trojan horse Generic AOP amp Generic ANV on my system Also i had a previous problem with MBS Account Manager that was previously sorted out by MFDnSC here at BC for some reason this problem is back and i don't know why Kaspersky Online Scanner Report shows me this C KillBox mbssm exe Infected Trojan Win Agent afiAnd now my hijackthis logLogfile of Mbs Trojan.win32.agent.afi Horse Trojan Generic3.aop, & Account Manager HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v Running processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost Trojan Horse Generic3.aop, Trojan.win32.agent.afi & Mbs Account Manager exeC WINDOWS system ZoneLabs vsmon exeC WINDOWS system spoolsv exeC Trojan Horse Generic3.aop, Trojan.win32.agent.afi & Mbs Account Manager Program Files Common Files Autodata Limited Shared Service ADCDLicSvc exeC Program Files Grisoft AVG Anti-Spyware guard exeC PROGRA Grisoft AVGFRE avgamsvr exeC PROGRA Grisoft AVGFRE avgupsvc exeC PROGRA Grisoft AVGFRE avgemc exeC Program Files Diskeeper Corporation Diskeeper DkService exeC Program Files Common Files EPSON EBAPI SAgent exeC WINDOWS System svchost exeC WINDOWS system nvsvc exeC WINDOWS system svchost exeC WINDOWS Explorer EXEC Program Files Zone Labs ZoneAlarm zlclient exeC PROGRA Grisoft AVGFRE avgcc exeC Program Files Analog Devices Core smax pnp exeC Program Files Common Files AOL ee AOLSoftware exeC Program Files Microsoft IntelliPoint point exeC Program Files abelhadigital com HostsMan hm exeC WINDOWS system gsicon exeC WINDOWS system dslagent exeC Program Files VoyagerTest fts exeC WINDOWS system ctfmon exeC Program Files SUPERAntiSpyware SUPERAntiSpyware exeC Program Files Windows Media Player WMPNSCFG exeC Program Files AOL b aoltray exec program files common files aol ee services antiSpywareApp ver AOLSP Scheduler exec program files common files aol ee aolsoftware exeC Documents and Settings scotty My Documents Security bleep c HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Search Bar http us rd yahoo com customize ie defaul rch search htmlR - HKCU Software Microsoft Internet Explorer Main Search Page http us rd yahoo com customize ie defaul www yahoo comR - HKLM Software Microsoft Internet Explorer Main Default Page URL http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Search URL http us rd yahoo com customize ie defaul www yahoo comR - HKLM Software Microsoft Internet Explorer Main Search Bar http us rd yahoo com customize ie defaul rch search htmlR - HKLM Software Microsoft Internet Explorer Main Search Page http us rd yahoo com customize ie defaul www yahoo comR - HKLM Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKCU Software Microsoft Internet Explorer SearchURL Default http us rd yahoo com customize ie defaul www yahoo comR - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - no file O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO no name - - F - D - - D F - C PROGRA SPYBOT SDHelper dllO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - HKLM Run Zone Labs Client quot C Program Files Zone Labs ZoneAlarm zlclient exe quot O - HKLM Run AVG CC C PROGRA Grisoft AVGFRE avgcc exe STARTUPO - HKLM Run SoundMAXPnP C Program Files Analog Devices Core smax pnp exeO - HKLM Run HostManager C Program Files Common Files AOL ee AOLSoftware exeO - HKLM Run IntelliPoint quot C Program Files Microsoft IntelliPoint point exe quot O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartupO - HKLM Run HostsMan C Program Files abelhadigital com HostsMan hm exe -sO - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottimeO - HK... Read more

A:Trojan Horse Generic3.aop, Trojan.win32.agent.afi & Mbs Account Manager

Hello,Kaspersky Online Scanner Report shows me thisC:\!KillBox\mbssm32.exe Infected: Trojan.Win32.Agent.afiDon't worry, you killboxed that file previously, that's why Kaspersky is flagging this file present in the Killbox folder.So you may delete the C:\!KillBox - folder.I don't see anything suspicious in your log.

http://www.bleepingcomputer.com/forums/t/81826/trojan-horse-generic3aop-trojanwin32agentafi-mbs-account-manager/
Relevancy 68.37%

I'm at a complete loss as to how to rid my computer from these trojans I've run Spyware Doctor several times but they keep showing up in subsequent scans I also get varied quot Cannot Find Trojan-Downloader.Agent.OGP, Trojan.Virtumonde, WIN32.Brontok File quot WIN xxx dll quot messages at startup and a recurring popup from the Windows Firewall saying quot To help protect your computer Windows Firewall has blocked some features of this program Do you want to block this suspicious software Name Win Brontok quot But the boxes for quot Keep Blocking quot and quot Unblock quot are grayed-out quot Enable Protection quot seems to result in my system freezing up Anyway your help is greatly appreciated I'm fairly competent with technology so I'll try to follow instructions to the letter and hopefully we can get rid of this stuff Thanks -Greg Trojan.Virtumonde, Trojan-Downloader.Agent.OGP, WIN32.Brontok DDS Ver - - - NTFSx Run by CA H LAVE CLIQUE at on Mon Internet Explorer Microsoft Windows XP Home Edition GMT - AV Spyware Doctor with AntiVirus On-access scanning enabled Updated D C B -C DC- F- EF - AF A EFF Running Processes C WINDOWS system svchost -k DcomLaunch C WINDOWS system svchost -k rpcss C WINDOWS System svchost exe -k netsvcs C WINDOWS System svchost exe -k NetworkService C WINDOWS System svchost exe -k LocalService C WINDOWS system spoolsv exe C WINDOWS System alg exe C PROGRA COMMON AOL ACS AOLacsd exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C Program Files Common Files Creative Labs Shared Service CreativeLicensing exe C WINDOWS system CTsvcCDA exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE C Program Files Microsoft LifeCam MSCamS exe C WINDOWS system nvsvc exe C WINDOWS System svchost exe -k imgsvc C WINDOWS System WgaTray exe C WINDOWS Explorer EXE C Program Files Dell Media Experience DMXLauncher exe C Program Files ATI Technologies ATI ACE cli exe C WINDOWS System ICO EXE C Program Files Creative SBAudigy Surround Mixer CTSysVol exe C WINDOWS System Rundll exe C WINDOWS System ctfmon exe C DOCUME CA H L LOCALS Temp clclean C Program Files Creative VoiceCenter AndreaVC exe C WINDOWS System spool DRIVERS W X E FATIAIA EXE C WINDOWS vVX exe C Program Files Common Files Real Update OB realsched exe C Program Files iTunes iTunesHelper exe C Program Files iPod bin iPodService exe C Documents and Settings CA H LAVE CLIQUE Application Data Google jaeio exe C WINDOWS System RUNDLL EXE C WINDOWS stsystra exe C WINDOWS System rundll exe C Program Files Dell Support DSAgnt exe C PROGRA Yahoo MESSEN ymsgr tray exe C Program Files Messenger msmsgs exe C Program Files ATI Technologies ATI ACE cli exe C Documents and Settings CA H LAVE CLIQUE Application Data digifast digifast exe C Documents and Settings CA H LAVE CLIQUE Application Data Microsoft Windows qsvtre exe C Documents and Settings CA H LAVE CLIQUE Application Data pidle pidle exe C Program Files Digital Line Detect DLG exe C Program Files FinePixViewer QuickDCF exe C Program Files Nikon PictureProject NkbMonitor exe C Program Files Spyware Doctor pctsAuxs exe C Program Files Spyware Doctor pctsSvc exe C Program Files Spyware Doctor pctsTray exe C Program Files Spyware Doctor TFEngine TFService exe C Program Files Mozilla Firefox firefox exe C Documents and Settings CA H LAVE CLIQUE Desktop dds scr C WINDOWS System wbem wmiprvse exe Pseudo HJT Report uStart Page hxxp www yahoo com uSearch Page hxxp www google com uDefault Page URL www google com ig dell hl en amp client dell-usuk amp channel us amp ibd uSearchMigratedDefaultURL hxxp search yahoo com search p searchTerms amp ei utf- amp fr b ie uSearch Bar hxxp www google com ie uSearchAssistant hxxp www google com uSearchURL Default hxxp us rd yahoo com customize ie defaults su msgr http www yahoo com uURLSearchHooks Yahoo Toolbar ef bd -c fb- d - f- d f - BHO c fd - d - e- d- de b d e - c windows system wgiokqv d... Read more

A:Trojan.Virtumonde, Trojan-Downloader.Agent.OGP, WIN32.Brontok

Just to update, I downloaded Malwarebytes and Avast! 4.8 and did some additional scanning, tried a few other tools with some success. My latest problems were with just getting to this site without redirects.

I also had to repair windows in order to get rid of my blue screen, which means I'm now back to XP SP1. I'd like to run Windows Update, but it would appear that I've been locked out of using that service. Can't run the normal Update through IE because "One or all of the following services are disabled: Automatic Updates, BITS." And trying to enable those services through msconfig yields an "Access Is Denied" window.

Ugh.

Here are my latest logs, if anyone reads this and is interested in helping:
DDS (Ver_09-05-14.01) - NTFSx86
Run by CA$H $LAVE CLIQUE at 18:29:19.21 on Wed 05/20/2009
Internet Explorer: 6.0.2800.1106
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.3518.2932 [GMT -4:00]

AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WgaTray.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\ICO.EXE
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE
C:\DOCUME~1\CA$H$L~1\LOCALS~1\Temp\clclean.0001
C:\WINDOWS\vVX1000.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Sett... Read more

http://www.bleepingcomputer.com/forums/t/227892/trojanvirtumonde-trojan-downloaderagentogp-win32brontok/
Relevancy 68.37%

HelloMy son has managed to get Trojan s on his laptop Windows XP Pro SP I deleted temporary files cleared cookies turned - Trojan-dropper.win32.agent.rvv Infected With Trojan.zlob off system restore and ran Norton A-Squared free SpyBot and Ad-aware SE Personal Norton claims to have dealt with trojan zlob and A-Squared found and cleared the trojan-dropperIs there anything else I need to worry about please If so please can you help me to remove it I have reached my level of understanding and am not technical enough to understand the Hijackthis log Many thanksLin The Hijackthis log follows Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC Program Files Intel Wireless Bin EvtEng exeC Program Files Intel Wireless Bin S EvMon exeC Program Files Common Files Symantec Shared ccSetMgr Infected With Trojan.zlob - Trojan-dropper.win32.agent.rvv exeC Program Files Common Files Symantec Shared ccEvtMgr exeC Program Files Common Files Symantec Shared ccProxy exeC Program Files Common Files Symantec Shared PIF B E DD - - c -B F- F FCA A PIFSvc exeC Program Files Common Files Symantec Shared SNDSrvc exeC Program Files Common Files Symantec Shared SPBBC SPBBCSvc exeC Program Files Common Files Symantec Shared CCPD-LC symlcsvc exeC Program Files Lavasoft Ad-Aware aawservice exeC WINDOWS system spoolsv exec program files a-squared free a service exeC Program Files Symantec LiveUpdate ALUSchedulerSvc exeC Program Files TOSHIBA ConfigFree CFSvcs exeC Program Files Common Files Microsoft Shared VS DEBUG MDM EXEC Program Files Norton Internet Security Norton AntiVirus navapsvc exeC Program Files Intel Wireless Bin RegSrvc exeC WINDOWS system ThpSrv exeC WINDOWS system TODDSrv exeC WINDOWS Explorer EXEC WINDOWS system igfxtray exeC WINDOWS system hkcmd exeC WINDOWS system igfxpers exeC Program Files Analog Devices Core smax pnp exeC WINDOWS system THotkey exeC Program Files Apoint K Apoint exeC WINDOWS AGRSMMSG exeC WINDOWS system TPSMain exeC WINDOWS system TPSODDCtl exeC WINDOWS system TFNF exeC Program Files TOSHIBA TOSHIBA Zooming Utility SmoothView exeC Program Files TOSHIBA TouchED TouchED ExeC Program Files TOSHIBA Touch and Launch PadExe exeC Program Files TOSHIBA Tvs TvsTray exeC Program Files TOSHIBA ConfigFree NDSTray exeC WINDOWS system TPSBattM exeC Program Files Apoint K Apntex exeC Program Files TOSHIBA TOSHIBA Controls TFncKy exeC Program Files TOSHIBA Wireless Hotkey TosHKCW exeC Program Files TOSHIBA TOSHIBA Direct Disc Writer ddwmon exeC WINDOWS system thpsrv exeC Program Files Common Files Symantec Shared ccApp exeC Program Files Intel Wireless bin ZCfgSvc exeC Program Files Intel Wireless Bin ifrmewrk exeC Program Files iTunes iTunesHelper exeC Program Files Protector Suite QL psqltray exeC Program Files Common Files Real Update OB realsched exeC Program Files Java jre bin jusched exeC Program Files TOSHIBA TOSCDSPD toscdspd exeC WINDOWS system ctfmon exeC Program Files iPod bin iPodService exeC PROGRA Intel Wireless Bin Dot XCfg exeC Program Files Spybot - Search amp Destroy TeaTimer exeC Program Files Internet Explorer iexplore exeC Program Files Common Files Symantec Shared Security Console NSCSRVCE EXEC Program Files Messenger msmsgs exeC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Start Page http www google co uk R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId O ... Read more

A:Infected With Trojan.zlob - Trojan-dropper.win32.agent.rvv

Hi elsiegee40Please make sure you have system restore turned on again ... actually you should NOT have turned it off, you now have NO restore points to fall back upon. despite what Norton & others may say, you should not turn restore off (purge system restore) until your computer is clean ... even an infected restore point is better than none at all.Your hijackthis log is clean, but that doesn't mean your computer is, from experience I doubt Norton has removed all the malware ...Download Deckard's System Scanner (formerly Comboscan) to your Desktop.Note: You must be logged onto an account with administrator privileges.1. Close all applications and windows. 2. Double-click on dss.exe to run it, and follow the prompts. 3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized 4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt in your next reply.5. Then do the same with extra.txtNote: you'll find extra.txt here :- C:\Deckard\System Scanner\extra.txtPlease remember to post both txt files ...Note: some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.THEN ..Please Download Malwarebytes' Anti-Malware from Here :-http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.htmlor here :-http://www.besttechie.net/tools/mbam-setup.exeDouble Click mbam-setup.exe to install the application.* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.* If an update is found, it will download and install the latest version.* Once the program has loaded, select "Perform Quick Scan", then click Scan.* The scan may take some time to finish,so please be patient.* When the scan is complete, click OK, then Show Results to view the results.* Make sure that everything is checked, and click Remove Selected.* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.* Copy and Paste the entire report in your next reply.steam

http://www.bleepingcomputer.com/forums/t/163418/infected-with-trojanzlob-trojan-dropperwin32agentrvv/
Relevancy 67.51%

Hi win32/agent Solved: trojan, trojan.vundo My NOD virus scan showed a quot probable quot variation of win Solved: win32/agent trojan, trojan.vundo agent trojan within an exe spyhunter shows trojan vundo The only real symptoms that my pc is showing is frequent shutdown of windows explorer and occasionally throwing me back to my desktop when I try to delete certain files Pop ups have not been a bigger problem than they have always been My pc is a Gateway GM h XP-sp Below is my Hijackthis log Any help would be greatly appreciated Thank You Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system csrss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS system spoolsv exe C WINDOWS Explorer EXE C Program Files HP HP Software Update HPWuSchd exe C Program Files Eset nod kui exe C Program Files Enigma Software Group SpyHunter SpyHunter exe C WINDOWS system ctfmon exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Program Files BitTorrent bittorrent exe C Program Files Adobe Acrobat Reader reader sl exe C Program Files Logitech Desktop Messenger Program LogitechDesktopMessenger exe C WINDOWS arservice exe C Program Files Bonjour mDNSResponder exe C WINDOWS eHome ehRecvr exe C WINDOWS eHome ehSched exe C WINDOWS system svchost exe C Program Files Intel Intel Matrix Storage Manager iaantmon exe C WINDOWS System svchost exe C Program Files Eset nod krn exe C Program Files Raxco PerfectDisk PDAgent exe C WINDOWS System svchost exe C Program Files Common Files New Boundary PrismXL PRISMXL SYS C WINDOWS system svchost exe C Program Files SigmaTel C-Major Audio WDM Stacsv exe C WINDOWS system svchost exe C WINDOWS ehome mcrdsvc exe C Program Files Intel IntelDH Intel R Quick Resume Technology ELService exe C Program Files Raxco PerfectDisk PDEngine exe C WINDOWS system dllhost exe C WINDOWS System alg exe C WINDOWS System svchost exe C WINDOWS system wuauclt exe C Documents and Settings Owner Phil-Basement Desktop HiJackThis exe C WINDOWS system wbem wmiprvse exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www gateway com g startpage html Ch Retail amp Br GTW amp Loc ENG CA amp Sys DTP amp M GM H R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Connection Wizard ShellNext http www gateway com g startpage html Ch Retail amp Br GTW amp Loc ENG CA amp Sys DTP amp M GM H R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dll O - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Program Files Google GoogleToolbarNotifier swg dll O - BHO Browser Address Error Redirector - CA C - B - E-A -A C DB F - c windows system BAE dll O - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dll O - Toolbar no name - BF - F - - - FE E AA - no file O - HKLM Run IAAnotif C Program Files Intel Intel Matrix Storage Manager iaanotif exe O - HKLM Run nod upd rundll quot C Program Files Eset fc upd dll quot NOD Ioctl O - HKLM Run HP Software Update C Program Files HP HP Software Update HP... Read more

Relevancy 67.08%

Hi everyone I find this forum very informative and quite interesting I m glad I found it I do need help in getting rid of these that my scans have found I use Spybot Win32.trojandownloader.agent detected Please help & Solved: Win32.backdoor.agent Scans Ad-Aware and AVG on a Windows XP home edition The Spybot and Ad-Aware found Win backdoor agent and Win trojandownloader agent Unfortunately the AVG did not see these Any help would be appreciated The HJT log is below Logfile of Solved: Scans detected Win32.backdoor.agent & Win32.trojandownloader.agent Please help Trend Micro HijackThis Solved: Scans detected Win32.backdoor.agent & Win32.trojandownloader.agent Please help v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system csrss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS system spoolsv exe C PROGRA Grisoft AVG avgamsvr exe C PROGRA Grisoft AVG avgupsvc exe C PROGRA Grisoft AVG avgemc exe C Program Files FRISK Software F-PROT Antivirus for Windows FPAVServer exe C WINDOWS system nvsvc exe C WINDOWS system svchost exe C WINDOWS System alg exe C WINDOWS Explorer EXE C WINDOWS SOUNDMAN EXE C WINDOWS sm hlpr exe C Program Files CyberLink PowerDVD PDVDServ exe C Program Files Java jre bin jusched exe C WINDOWS system RunDLL exe C Program Files Adobe Photoshop Album Starter Edition Apps apdproxy exe C Program Files Common Files Microsoft Shared Works Shared WkUFind exe C WINDOWS system spool drivers w x hpztsb exe C Program Files QuickTime qttask exe C Program Files iTunes iTunesHelper exe C PROGRA Grisoft AVG avgcc exe C Program Files FRISK Software F-PROT Antivirus for Windows FProtTray exe C Program Files iPod bin iPodService exe C Program Files Spybot - Search amp Destroy TeaTimer exe C Program Files QUICKENW QWDLLS EXE C Program Files LimeWire LimeWire exe C WINDOWS ALCFDRTM EXE C Program Files Internet Explorer iexplore exe C Program Files Trend Micro HijackThis HijackThis exe C WINDOWS system wbem wmiprvse exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www rushlimbaugh com home Rush guest html R - HKLM Software Microsoft Internet Explorer Main Start Page http www rushlimbaugh com home Rush guest html R - URLSearchHook Club FM Toolbar - a ef- b - fc-b - c - C Program Files Club FM tb Clu dll F - REG system ini UserInit userinit exe C WINDOWS system ntos exe O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO Club FM Toolbar - a ef- b - fc-b - c - C Program Files Club FM tb Clu dll O - BHO Spybot-S amp D IE Protection - - F - D - - D F - C Program Files Spybot - Search amp Destroy SDHelper dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - Toolbar Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dll O - Toolbar Club FM Toolbar - a ef- b - fc-b - c - C Program Files Club FM tb Clu dll O - HKLM Run SoundMan SOUNDMAN EXE O - HKLM Run SMSERIAL sm hlpr exe O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartup O - HKLM Run nwiz nwiz exe install O - HKLM Run NeroFilterCheck C WINDOWS system NeroCheck exe O - HKLM Run RemoteControl quot C Program Files CyberLink PowerDVD PDVDServ exe quot O - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run NvMediaCenter RunDLL exe NvMCTray dll NvTaskbarInit O - HKLM Run Adobe Photo Downloader quot C Program Files Adobe Photoshop Album Starter Edition Apps apdproxy exe quot O - HKLM Run Microsoft Works Update Detection C Program Files Common Files Microsoft Shared Works Shared WkUFind exe O - HKLM Run HPDJ Taskbar Utility C WINDOWS system spoo... Read more

A:Solved: Scans detected Win32.backdoor.agent & Win32.trojandownloader.agent Please help

https://forums.techguy.org/threads/solved-scans-detected-win32-backdoor-agent-win32-trojandownloader-agent-please-help.650711/
Relevancy 67.08%

Avast keeps warning me that I have a sample of win agent-bsu trj in the file quot C users James appdata local temp different number each time exe I've tried moving it to chest and deleting it but Win32:Agent-Bsu / {other} [trj] Win32:Trojan-gen Avast picks it up again with the resident scan I have included the logs that are requested DDS Ver - - - NTFSx Run by James at on Sun Internet Explorer Microsoft Windows Vista Home Premium GMT - SP Windows Defender disabled Updated D DDC A- F- FAE- E -DA C ACF Running Processes Win32:Agent-Bsu [trj] / Win32:Trojan-gen {other} C Windows system wininit exe C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system svchost exe -k rpcss C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows system SLsvc exe C Windows system svchost exe -k LocalService C Windows system svchost exe -k NetworkService C Program Files Alwil Software Avast aswUpdSv Win32:Agent-Bsu [trj] / Win32:Trojan-gen {other} exe C Program Files Alwil Software Avast ashServ exe C Windows System spoolsv exe C Windows system svchost exe -k LocalServiceNoNetwork C Windows system taskeng exe C Windows system Dwm exe C Windows system taskeng exe C Windows Explorer EXE C Program Files Google Update GoogleUpdate exe C Windows system AERTSrv exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Windows system atashost exe C Program Files Bonjour mDNSResponder exe C Windows system svchost exe -k bthsvcs C Windows WindowsMobile wmdc exe C Program Files Common Files InstallShield UpdateService issch exe C Windows system svchost exe -k NetworkServiceNetworkRestricted C Program Files Common Files Roxio Shared SharedCOM RoxWatch exe C Windows OEM Mon exe C Program Files Dell Support Center bin sprtsvc exe C Program Files Alcohol Soft Alcohol StarWind StarWindService exe C Windows system svchost exe -k imgsvc C Windows System svchost exe -k WerSvcGroup C Windows system SearchIndexer exe C Windows System rundll exe C Program Files Common Files Real Update OB realsched exe C Program Files iTunes iTunesHelper exe C Windows RtHDVCpl exe C Program Files Common Files Pure Networks Shared Platform nmctxth exe C Program Files Pure Networks Network Magic nmapp exe C Windows system DRIVERS xaudio exe C Program Files Alwil Software Avast ashDisp exe C Windows System rundll exe C Windows ehome ehtray exe C Program Files DNA btdna exe C Windows system wbem wmiprvse exe C Program Files Windows Media Player wmpnscfg exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Windows ehome ehmsas exe C Program Files Common Files Pure Networks Shared Platform nmsrvc exe C Program Files Alwil Software Avast ashMaiSv exe C Program Files Alwil Software Avast ashWebSv exe C Windows system svchost exe -k WindowsMobile C Program Files Windows Media Player wmpnetwk exe C Program Files iPod bin iPodService exe C Program Files Mozilla Firefox firefox exe C Windows servicing TrustedInstaller exe C Windows system wbem wmiprvse exe C Users James Desktop dds scr Pseudo HJT Report uSearch Page hxxp www google com uStart Page hxxp www rr com uWindow Title Internet Explorer provided by Dell uSearch Bar hxxp www google com ie uInternet Settings ProxyOverride local mWinlogon Userinit c windows system userinit exe userinit exe BHO c windows system sdjee inf dll c c b a - f - bd-f - aaba c - c windows system sdjee inf dll TB amp Google c b - - d - b - a cd f - c program files google googletoolbar dll TB DAEMON Tools Toolbar aac-c - - e a- e a e - c program files daemon tools toolbar DTToolbar dll uRun DellSupportCenter quot c program files dell support center bin sprtcmd exe quot P DellSupportCenter uRun ehTray exe c windows ehome ehTray exe uRun BitTorrent DNA quot c program files dna btdna exe quot uRun WMPNSCFG c program files windows media player WMPNSCFG exe uRun swg c pro... Read more

A:Win32:Agent-Bsu [trj] / Win32:Trojan-gen {other}

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

The reason your Vista system got infected is likely due to the fact that the UAC has been disabled. Please read this

Before you go any further, protect this system and re-enable that feature. Click Start>Control Panel>User Accounts and turn it back on.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Please post the C:\ComboFix.txt in your next reply for further review.

------------------------------------------------------

http://www.techsupportforum.com/forums/f100/win32-agent-bsu-trj-win32-trojan-gen-other-381211.html
Relevancy 66.65%

Hi Help Win32.Trojan.Agent I ran Adaware and it found a Win Trojan Agent Win32.Trojan.Agent Help I need help eliminating this trojan I ran the DDS and GMER scans They are posted attached I believe that something went wrong with the DDS scan because I only received a DDS txt There was no Win32.Trojan.Agent Help Attach txt and the DDS txt returned symbols see below Please let me know if there is anything I can do to get the correct output Thanks in advance for your help Madeleine DDS output MZP L This program must be run under Win PE L p H PC P p d P UPX UPX rsrc P UPX w W G amp ' pP z U SVW w u u h PA j H t Kt W jfVB Gf f t h h iFe j z E j v J gf dup NP PZ o r br l If h t V h p P P Hu u Q G N a amp lt vA S quot p rK lji jg E P j U RS j M M AQ m P hD Ph h gt P D- p a gc vb h quot h g IY R Y m R FtV TT H lt n lt N quot u bn X G Y A R Dz A H p gK Lt F quot k FE gt t G N QE t hu Q FS cs S u t f H e - a u j t a f P r LI K a d LG Y NRj l v lt j I HCW c E u N u P U m f p X c g ta q Q d C r quot w l Eh x yt amp M p I A h aQc lt T P lt gt I rQA l gt PA R h ' z h -E k G H U ihxn R P N Y d K I o GN lt u wc br v aKX q u amp br t EBE F D v d S H br A f qY ' j P C P yPHP lt L amp B RS br D N MG br br g pC t d k br aS h gt G f e q 'f quot Dg w Nv kK I r gZ n r pj -t - G amp W Y W aC o r y V T x s V gt H f l r j tr b S Ig h RU gt R C - P quot p ' H j vg f L K C u G D u J x U gt V v b q F St F j N P quot u C M u K - S u e Y X C b' e Q E h C amp - E U gt R Q RXi t f s quot O I x u e D W L p x f h- I ED mR E a H z Y r t u Wv F o t C I C JQ J jP AFV R F F K XP D lP C gt u Tu A l c j D Q t etDPH g gt C c YR r P p GkY M C d Pt q T Ht lt R m C j Hl t t P fX aDM r G o k D u i tD I g Wo f G G N nc quot o G K r n d t tGF b lt n R U H lt C d - N s C wDT Z sQ d w P R L Y lt p Yju b U Q jP vG amp L j H Yh Q quot K M e Nu f v Q C f u H U amp v u P u B s oa Fr xYb C F Oq I p D j Rf H z U m F E lt X l CYP i wM lt u quot T aO yD E quot o bl w R u d amp E k Xh d quot u y C c d M Q F e U R ' I D Y L L Q c D Ct st u hX l X R KI XuE gt G S J j S u k DPy E ZhH H gt G r l a n h B n gt b t g ts dkw wk KZ J pD F QU A I E n X Z amp H t c O i m d l g f r Q a j ivIKR lt N X K h D sp f m CP z lt amp S x amp z P D i Sa amp i NCI U R n L jd Ysa c r o Vh M w j Sh Y xXz B v v H a br k d c br p a br -t L d o m Q K SW u O G quot F S G B F gt u - O z s t Kk F m p YY- c - 'z'b n PX v b R K V F w KcQ D LC H U v RB m lC L h lt b Qk l i X m Uwd V c amp S F M - P m lt h G s h V lt t jP MY h Q tW S vG j B g gt J f quot n - B y f C H H h -j p jg h o j L QR lvSe -dw l R h E r n quot lt uMN a mhD Wzs u P gt W PB NK S B g I v t amp i X lt KI S f et s SQ quot X quot a d x h P o r nt n X k OaTe N mXz r A Y Vf L im RTW Yv quot p L lt C N A p S P B amp Xmi X P N W H m m p BP JG l z L d - b j amp YC l amp amp P f h P YP gc j VA u h FD C E P P hT O gf E h U R Q Ot Q s amp p RQ ar k h 'WwnKE W p i amp n t t jt Ht ot H F q Y V u N V UMl w O f Fd h V Vp K b U k j b V k l Z q B b T u n G i Wh w Z quot Up ktx p Xv hx E Zs f FSo x c Qh k SB a d p C Kl y k cQt E S L kA S B Q d gL lG Ti br br uc F x d Y f dY S ' M Bn F H S a h S Y gt KxC O h pv ' lt R lt A aV O o ppBC e HG r T t d y p amp pj - W SWu' S p Q-H Q cpR h h m J n f d X e Jh Yv y G S Z C K W f d quot r gG W A C kk e i x d H K xd x r lt t M A s Zd G A C V P t N b W B Z quot S n u Ow u Z H j a O h - C n R D w - d r t X XP J J eKX i L H Y Y K ' A l l C V c e K quot lt S C TU T T T ys hS S T l S K y L amp ' lv gt GD E C E K V J H lt T V h Fz H p r - amp d j J q q W H FF M lv S s s a lt U iqGK Q j Ca wy Ec M KI J F W VGN F Y br R d C br B S V r r S amp w D D S Rh j qw bO h k G br h K br cr u d vXf Q t amp f a j h Q p U C - g g K Q AhI amp Xo zS gL l R P quot a x a a KS G gt Q G z x W u G w C 'A r r K quot R P lt W U op E M QE h DJ n B gt Rj i H J X uxf cf D r i p V gt lt L L SUF K k f a G H GW t O G e HF m s uN y S xv T m L W Vwb P 'j TY t F o C r y j amp K y P p S ld Nh K x R amp X m ND LwJdJ amp G F H c U W R I L kRtr W t W E I M j F G s lt S o-... Read more

Relevancy 66.65%

I recently installed Windows Ultimate Before I got all patched up my pc started to freeze Win32/spy.agent.nos trojan and gennerally act suspicious I would have to reboot the machine It would halt after post telling me something about overclocking failed hit f to continue I straightned that out by restoring default setting in cmos NO OVER CLOCKING WAS ATTEMPTED by me on this box I use Avast malwarebytes spybotsearch and destroy Avast boottime scan turned up nothing Neither did any ofthe Win32/spy.agent.nos trojan others I scaned with eset online scan which detected WIN SPY AGENT NOS TROJAN Google did not turn up anything for this specific variation of Win I believe it was quarentined Also tried running Superantispyware I had loaded Comodo firewall during installation Reloaded since This would give me popups saying I was about to join ntwork such and such I would add theips to Comodo s blockednetwork zone list Here are some of the addresses I was getting I have a linksys router so none of these are given out by it so far as I can tell I keep pidgin running A few times my connection would Win32/spy.agent.nos trojan drop before or after closing out the above mentioned popups rebooting equipment sometimes helped If not the connection wd suddenly come back Win32/spy.agent.nos trojan hours later I think it whatever it is managed to infect my netbook also I m thinking I need to reload both machines If I do that I want to be sure I m starting with a clean disk I m a bit rusty and am not entirely sure about what needs to be done to ensure the reload is on a CLEAN disk etc Any ideas nbsp

Relevancy 66.65%

Hey there Going by the title you see i have a problem Have been trying to clean this for the last two and a half weeks Didn't really know what it was to begin with it kinda re-configed my web admin and my msn freezing slow comp not being able to log into certain sites etc No Agent Trojan Win32 cleaners were picking it up because it kept changing settings on cleaners I finally managed to update Ad-Aware and thats when it was picked up BUT wasn't able to clean or quarantine I have posted at a couple of diff sites Its been a week on one and getting to the same on the other with no replys as yet I need my comp to be able to get into my website At the moment its logging me in as two people and wont let me into admin control panel I have tried using someone elses comp and everything works fine For the first time ever i actually got an email from myself found it in the junk never thought that could happen Would appreciate some assistance Please Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C Win32 Trojan Agent WINDOWS system svchost exe C WINDOWS Win32 Trojan Agent System svchost exe C WINDOWS Explorer EXE C Program Files Lavasoft Ad-Aware aawservice exe C WINDOWS system spoolsv exe C windows system hpsysdrv exe C Program Files USB Storage RW shwicon exe C Windows system HpSrvUI exe C Program Files Hewlett-Packard HP Share-to-Web hpgs wnd exe C Program Files Hewlett-Packard Digital Imaging Unload hpqcmon exe C HP KBD KBD EXE C WINDOWS ALCXMNTR EXE C Program Files Win32 Trojan Agent Java jre bin jusched exe C WINDOWS vsnpstd exe C Program Files DAP DAP EXE C Program Files Trend Micro Internet Security UfSeAgnt exe C Program Files Microsoft Office Office GrooveMonitor exe c Program Files Hewlett-Packard HP Share-to-Web hpgs wnf exe C WINDOWS system ctfmon exe C WINDOWS system RUNDLL EXE C WINDOWS System spool DRIVERS W X E S I V EXE C Program Files Trend Micro Internet Security TMAS OE TMAS OEMon exe C Program Files Spybot - Search amp Destroy TeaTimer exe C WINDOWS system nvsvc exe C Program Files Trend Micro Internet Security SfCtlCom exe C WINDOWS System svchost exe C Program Files Trend Micro BM TMBMSRV exe C PROGRA TRENDM INTERN TmPfw exe C Program Files Trend Micro Internet Security TmProxy exe C Program Files Trend Micro TrendSecure TSCFCommander exe C Program Files Trend Micro TrendSecure TSCFPlatformCOMSvr exe C Program Files MSN Messenger msnmsgr exe C Program Files MSN Messenger usnsvc exe C Program Files internet explorer iexplore exe C Program Files Trend Micro HijackThis HijackThis exe C WINDOWS system wscntfy exe R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Local Page R - HKLM Software Microsoft Internet Explorer Main Local Page O - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dll O - BHO Groove GFS Browser Helper - - C - D -B F - BBC D A E - C Program Files Microsoft Office Office GrooveShellExtensions dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO TransactionProtector BHO - C CCA-D EA- A - AE-AE B E - C Program Files Trend Micro TrendSecure TransactionProtector TSToolbar dll O - BHO EpsonToolBandKicker Class - E FB- DD- F -B AC-B CAE F A - C Program Files EPSON EPSON Web-To-Page EPSON Web-To-Page dll O - Toolbar EPSON Web-To-Page - EE D F- B- - D-C B AAEBA D - C Program Files EPSON EPSON Web-To-Page EPSON Web-To-Page dll O - Toolbar Transaction Protector - E C -FCCC- E - EC-C D E E - C Program Files Trend Micro TrendSecure TransactionProtector TSToolbar dll O - HKLM Run hpsysdrv c windows system hpsysdrv exe O -... Read more

http://www.techsupportforum.com/forums/f284/win32-trojan-agent-219280.html
Relevancy 66.65%

Hello I am running Windows XP Service Pack My computer had what was being identified as quot Trojan win agent eeu quot It disabled task manager amp took over the screen display with a solid blue screen and Trojan.win32.agent.eeu this message quot Warning Spyware threat has been detected Trojan.win32.agent.eeu on your PC Your computer has several fatal errors due to spyware activity It is strongly recommended to install an antispyware software to close all security vulnerabilities Antispyware software helps protect your PC against spyware and other security threats Click here to scan your PC for spyware quot If I changed the display the blue screen came right back Here is a screenshot There was also a red box that popped up periodically stating that the computer was infected with Cool Web different Trojans and other peculiar file names In addition an exclamation point in a yellow triangle appeared randomly in my tray It displayed a message about the computer being infected with spyware malware etc Lastly what appears to be a bogus windows security box pops up and claims that the computer is infected with trojandownloader xs and when you click on it it took you to a bogus site I had updated both Norton amp Microsoft though the problem was not picked up on full system scans done with either At your advice I ran Kaspersky amp Deckard's System Scanner and it appears to be gone Yippee The weird blue screen was still displayed but after changing the desktop background it has not reappeared as it did before Attached are the logs I'm not very technical is the problem truly resolved Hopefully this will help others Thank you for your awesome website Susan

A:Trojan.win32.agent.eeu

HelloApologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so I can have a look at the current condition of your machine.Thanks and again sorry for the delay.Please download Deckard's System Scanner (DSS) and save to your Desktop.alternate download siteDSS will do the following:Create a new System Restore point in Windows XP and Vista.Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.Check some important areas of your system and produce a report for an analyst to review.Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.You must be logged onto an account with administrator privileges when using.Close all applications and windows.Double-click on dss.exe to run it and follow the prompts.If your anti-virus or firewall complains, please allow this script to run as it is not
malicious.When the scan is complete, two text files will open in Notepad:main.txt <- this one will be maximizedextra.txt <- this one will be minimizedIf not, they both can be found in the C:\Deckard\System Scanner folder.Please copy (Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your next reply.-- When running DSS, some firewalls may warn that it is trying to access the Internet especially if your asked to download the most current version of HijackThis. Please ensure that you allow it permission to do so.-- If you get a warning from your anti-virus while DSS is scanning, please allow DSS to continue as the scan is not harmful.NextPlease do a scan with Kaspersky Online ScannerNote: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.Click on the Accept button and install any components it needs.The program will install and then begin downloading the latest definition files.After the files have been downloaded on the left side of the page in the Scan section select My ComputerThis will start the program and scan your system.The scan will take a while, so be patient and let it run.Once the scan is complete, click on View scan reportNow, click on the Save Report as button.Save the file to your desktop.Copy and paste that information in your next post.

http://www.bleepingcomputer.com/forums/t/153683/trojanwin32agenteeu/
Relevancy 66.65%

I followed the steps in quot do this first quot I'm running McAfee antivirus and as of recently Sygate firewall Adaware says WIN Trojan Agent -file is WINDOWS system wpv cpxAtempt to remove gives Cleaning Unable to removeSuggested Action The file will be removed after you restart your computer Only it is still there after restart Don't know if it's relevant but system ntoskrnl exe is trying to access the internet relatively often And since your description of that file states it could be malware I thought i'd include it I have blocked it's activity Also system svchost exe is allowed connection And uses it Don't know if it should Personal note Thank you so much for existing The world is a better place with people like you around Logfile of Trend Micro HijackThis v Scan saved at on - - Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS SYSTEM winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system Ati evxx exeC WINDOWS system svchost exeC WINDOWS System svchost WIN32.Trojan.Agent exeC Programmer Intel Wireless Bin EvtEng exeC Programmer Intel Wireless Bin S EvMon exeC Programmer Sygate SPF smc exeC WINDOWS SYSTEM Ati evxx exeC WINDOWS Explorer EXEC Programmer Lavasoft Ad-Aware aawservice exeC WINDOWS system spoolsv exec programmer f lles filer logitech lvmvfm LVPrcSrv exeC Acer Empowering Technology ePerformance MemCheck exeC Programmer F lles filer Apple Mobile Device Support bin AppleMobileDeviceService exeC Programmer Bonjour mDNSResponder exeC Programmer F lles filer LightScribe LSSrvc exeC WINDOWS system svchost exeC Programmer McAfee Common Framework FrameworkService exeC Programmer McAfee VirusScan Enterprise Mcshield exeC Programmer McAfee VirusScan Enterprise VsTskMgr exeC Programmer Intel Wireless Bin RegSrvc exeC WINDOWS system svchost exeC WINDOWS system wbem wmiapsrv exeC Acer Empowering Technology eRecovery eRAgent exeC WINDOWS RTHDCPL EXEC Programmer Realtek InstallShield AzMixerSel exeC Programmer Synaptics SynTP SynTPEnh exeC Acer Empowering Technology eDataSecurity eDSloader exeC Programmer WIN32.Trojan.Agent ATI Technologies ATI ACE cli exeC Acer Empowering Technology ePower ePower DMC exeC PROGRA LAUNCH QtZgAcer EXEC WINDOWS system ElkCtrl exeC Programmer Java jre bin jusched exeC WINDOWS AGRSMMSG exeC WINDOWS system lvcomsx exeC Programmer McAfee Common Framework UdaterUI exeC Programmer ScanSoft PaperPort pptd nt exeC Programmer Brother Brmfcmon BrMfcWnd exeC Programmer F lles filer Real Update OB realsched exeC Programmer McAfee Common Framework McTray exeC Programmer Brother Brmfcmon BrMfimon exeC Programmer iTunes iTunesHelper exeC WINDOWS system ctfmon exeC Programmer Spybot - Search amp Destroy TeaTimer exeC Acer Empowering Technology Acer Empowering Framework Launcher exeC WINDOWS system wbem unsecapp exeC Programmer iPod bin iPodService exeC Programmer ATI Technologies ATI ACE cli exeC Programmer ATI Technologies ATI ACE cli exeC PROGRA MOZILL FIREFOX EXEC Programmer Trend Micro HijackThis HijackThis exeR - HKLM Software Microsoft Internet Explorer Main Default Page URL http www defaulthomepage infoR - HKCU Software Microsoft Internet Explorer Main Local Page R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localR - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName HyperlinksO - BHO scriptproxy - DB D A - - E -B D- F C - C Programmer McAfee VirusScan Enterprise scriptcl dllO - Toolbar Acer eDataSecurity Management - CBE B C- E - e-A DD- DB E - C WINDOWS system eDStoolbar dllO - HKLM Run LaunchApp AlaunchO - HKLM Run RTHDCPL RTHDCPL EXEO - HKLM Run AzMixerSel C Programmer Realtek InstallShield AzMixerSel exeO - HKLM Run SynTPLpr C Programmer Synaptics SynTP SynTPLpr exeO - HKLM Run SynTPEnh C Programmer Synaptics SynTP SynTPEnh exeO - HKLM Run eDataSecurity Loader C Acer Empowering Technology eDataSecurity eDSloader exe O - HKLM Run igfxtray C WINDOWS sy... Read more

A:WIN32.Trojan.Agent

Hello m3dusa and welcome to BC. Let's see what we can find.Before running a new scan let's clean out the temporoary folders. Download ATF Cleaner to your Desktop.Double-click ATF-Cleaner.exe to run the program.Click Select All found at the bottom of the list.Click the Empty Selected button.If you use Firefox browser, do this also:Click Firefox at the top and choose Select All from the list.Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser, do this also:Click Opera at the top and choose Select All from the list.Close ALL Internet browsers (very important).Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Now download OTScanIt2.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt2 on your desktop.Note: You must be logged on to the system with an account that has Administrator privileges to run this program.Close ALL OTHER PROGRAMS.Open the OTScanIt2 folder and double-click on OTScanIt2.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).Do not change any settings.Now click the Run Scan button on the toolbar.Let it run unhindered until it finishes.When the scan is complete Notepad will open with the report file loaded in it.Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.Close Notepad (saving the change if necessry).Use the Add Reply button and Attach the scan back here (do not copy/paste it as it will be too big to fit into the post). It will be located in the OTScanIt2 folder and named OTScanIt.txt. I will review it when it comes in. Cheers.OT

http://www.bleepingcomputer.com/forums/t/181610/win32trojanagent/
Relevancy 66.65%

Hi i m running norton previously for AV but for some reason got an error and it seems to me that am vulnerable because after days that norton is down speed went own and IE notworking normally another page with same content will open up x so i installed kaspersky internet Trojan.Win32.Agent.asu help this on and found out got Trojan Win Agent asu and other bad stuff so i tried some fixes and come across this site already tried to run SDFix and Combofix and with much appreciation it looks like running better now so just help on this Trojan.Win32.Agent.asu to make sure everything is perfect kindly check this out SDFix and Combofix logs SDFix Version Run by Raymond Barraca on Tue at PM help on this Trojan.Win32.Agent.asu Microsoft Windows XP Version Running From C SDFix Checking Services Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting Service Fbxy - Deleted after Reboot Checking Files Trojan Files Found C - Deleted C Documents and Settings Administrator Local Settings Application Data cftmon exe - Deleted C Documents and Settings Raymond Barraca Local Settings Application Data cftmon exe - Deleted C WINDOWS system drivers spools exe - Deleted C WINDOWS system drivers Fbxy sys - Deleted Removing Temp Files ADS Check Final Check catchme W K XP Vista - rootkit stealth malware detector by Gmer http www gmer net Rootkit scan - - Windows Service Pack NTFS scanning hidden processes scanning hidden services amp system hive scanning hidden registry entries scanning hidden files scan completed successfully hidden processes hidden services hidden files Remaining Services Authorized Application Key Export HKEY LOCAL MACHINE system currentcontrolset services sharedaccess parameters firewallpolicy standardprofile authorizedapplications list quot windir system sessmgr exe quot quot windir system sessmgr exe enabledxpsp res dll - quot quot C Program Files MSN Messenger msnmsgr exe quot quot C Program Files MSN Messenger msnmsgr exe Enabled MSN Messenger quot quot C Program Files Firaxis Games Sid Meier s Civilization Civilization exe quot quot C Program Files Firaxis Games Sid Meier s Civilization Civilization exe Enabled Sid Meier s Civilization quot quot C Program Files Microsoft Office Office GROOVE EXE quot quot C Program Files Microsoft Office Office GROOVE EXE Enabled Microsoft Office Groove quot quot C Program Files Yahoo Messenger YahooMessenger exe quot quot C Program Files Yahoo Messenger YahooMessenger exe Enabled Yahoo Messenger quot quot C Program Files Yahoo Messenger YServer exe quot quot C Program Files Yahoo Messenger YServer exe Enabled Yahoo FT Server quot quot C Program Files uTorrent uTorrent exe quot quot C Program Files uTorrent uTorrent exe Enabled Torrent quot quot C Program Files mIRC mirc exe quot quot C Program Files mIRC mirc exe isabled mIRC quot quot C Documents and Settings All Users Application Data Kaspersky Lab Setup Files Kaspersky Internet Security English setup exe quot quot C Documents and Settings All Users Application Data Kaspersky Lab Setup Files Kaspersky Internet Security English setup exe Enabled Kaspersky Internet Security Setup quot HKEY LOCAL MACHINE system currentcontrolset services sharedaccess parameters firewallpolicy domainprofile authorizedapplications list quot windir system sessmgr exe quot quot windir system sessmgr exe enabledxpsp res dll - quot quot C Program Files MSN Messenger msnmsgr exe quot quot C Program Files MSN Messenger msnmsgr exe Enabled MSN Messenger quot Remaining Files File Backups - C SDFix backups backups zip Files with Hidden Attributes Tue Mar H --- quot C Documents and Settings All Users Documents WRL tmp quot Fri Feb H --- quot C Documents and Settings Bevs My Documents WRL tmp quot Thu Dec SHR --- quot C Program Files Autodesk Autodesk DWF Viewer Setup exe quot Fri Jan A SHR --- quot C Program Files Autodesk Autodesk DWF Viewer Setupx dll quot Sat Mar A H --- quot C WINDOWS SoftwareDistribution Download a b c b d e f c e f d a f e BIT... Read more

A:help on this Trojan.Win32.Agent.asu

oops sorry for double posting, i forgot to paste hijackthis logs
latest hijack this after combofix and sdfix

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:36:23 PM, on 3/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {8126DAF7-8AE6-4533-A308-2A5620626766} - C:\WINDOWS\system32\sstqp.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDM... Read more

https://forums.techguy.org/threads/help-on-this-trojan-win32-agent-asu.692160/
Relevancy 66.65%

Hello,

I have been having some trouble with extremely high PF usage and pop ups... sound ads for "free laptop computers" running somewhere in the background.

I have run LS Adaware, and just before I have an unhandled exception, it show 1 infected file, if I stop the scan at that point, it will show me Win32.trojan.agent.

If I "remove" or quarantine this it will still come back.

Any suggestions?

WIN XP Pro .. sp3

Thanks,
Bruce

A:Win32.trojan.agent ... help please

Hello I am moving this from the XP forum to the Am I Infected forum...Please run this MBAM scan.Please download Malwarebytes Anti-Malware and save it to your desktop.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.Make sure that everything is checked, and click Remove Selected.When removal is completed, a log report will open in Notepad.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply and exit MBAM.Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.

http://www.bleepingcomputer.com/forums/t/180567/win32trojanagent-help-please/
Relevancy 66.65%

Help please Have started to find Trojan-spy Win Agent virus on my laptop since yesterday - not sure how long present or how they got there Have tried various programs - Alvira Iobit security and Trojan-spy.Win32/Agent reg mechanic Iobit finds Trojan-spy Win Agents each time I run it - it allows deletion - scan again and they are back Registry mechanic finds Trojan-spy.Win32/Agent changes which I fix - then they are back Trojan-spy.Win32/Agent again I assume there is malicious software recreating these each time Tried safe mode - no different System restore point seems to have been wiped as well as I think I had earlier restore points available Op system is windows Here is sample log from Iobit - Thanks IObit Security OS Windows Version Define Version Time Elapsed Objects Scanned Threats Found Name Type Description ID Trojan-spy Win Agent - Removed Registry Value HKEY CURRENT USER SOFTWARE Microsoft Windows CurrentVersion Policies Explorer Run Value Policies - Trojan Win Agent - Removed Registry Value HKEY CURRENT USER SOFTWARE Microsoft Windows CurrentVersion Run Value HKCU - Trojan-spy Win Agent - Removed Registry Value HKEY LOCAL MACHINE SOFTWARE Microsoft Windows CurrentVersion Policies Explorer Run Value Policies - Trojan Win Agent - Removed Registry Value HKEY LOCAL MACHINE SOFTWARE Microsoft Windows CurrentVersion Run Value HKLM - nbsp

https://forums.techguy.org/threads/trojan-spy-win32-agent.917344/
Relevancy 66.65%

Can anybody help please? Have just installed a new security program. Now when I switch my computer on, the following message appears.
"malicious code found in file C:\WINDOWS\SDKXZ.EXE
Infection:Trojan.Win32.Agent.bi
Action: none"

I have tried to 'disinfect' and 'delete' it with my new security scanner but it doesn't seem able to do it.

Thanks for your help.
 

https://forums.techguy.org/threads/trojan-win32-agent-bi.641907/
Relevancy 66.65%

Hello Guys I think i m in trouble I m not able to clean quot win trojan agent quot i use ad-adware it detects the malware i put into quarantene or delet win32.trojan.agent it but as soon as i make another scan it keeps on coming Can u please give some help Thanks and best regards Logfile of HijackThis v Scan saved at on - - Platform Windows XP SP WinNT MSIE Internet Explorer v Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe win32.trojan.agent C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Programas Intel Wireless Bin EvtEng win32.trojan.agent exe C Programas Intel Wireless Bin S EvMon exe C Programas Ficheiros comuns Symantec Shared ccSvcHst exe C Programas Ficheiros comuns Symantec Shared AppCore AppSvc exe C Programas Lavasoft Ad-Aware aawservice exe C WINDOWS system spoolsv exe C Acer eManager anbmServ exe C Programas Symantec LiveUpdate ALUSchedulerSvc win32.trojan.agent exe C Programas Acer Acer Arcade Kernel TV CLCapSvc exe C Programas Acer Acer Arcade Kernel CLML NTService CLMLServer exe C Programas Acer Acer Arcade Kernel CLML NTService CLMLService exe C Programas Intel Wireless Bin RegSrvc exe C Programas CyberLink Shared Files RichVideo exe C WINDOWS System PAStiSvc exe C WINDOWS system svchost exe C Programas Acer Acer Arcade Kernel TV CLSched exe C WINDOWS Explorer EXE C WINDOWS system igfxtray exe C WINDOWS system hkcmd exe C WINDOWS system igfxpers exe C Programas Synaptics SynTP SynTPLpr exe C Programas Acer eRecovery Monitor exe C Programas Synaptics SynTP SynTPEnh exe C WINDOWS RTHDCPL EXE C Programas Acer Acer Arcade PCMService exe C acer epm epm-dm exe C PROGRA LAUNCH QtZgAcer EXE C Programas Ficheiros comuns Symantec Shared ccApp exe C Programas Support com bin tgcmd exe C Programas Java jre bin jusched exe C WINDOWS system ctfmon exe C WINDOWS inetinfx exe C WINDOWS imidirx exe C Programas Messenger msmsgs exe C Programas Ficheiros comuns Symantec Shared VAScanner comHost exe C Programas Internet Explorer iexplore exe C Programas Ficheiros comuns Microsoft Shared Windows Live WLLoginProxy exe C Programas Lavasoft Ad-Aware Ad-Aware exe D Acer PROGRAMAS HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www ft com home europe R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Connection Wizard ShellNext http global acer com R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName Hiperliga es O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Programas Ficheiros comuns Adobe Acrobat ActiveX AcroIEHelper dll O - BHO no name - E A - - D F-BEAE-D A C - C Programas Ficheiros comuns Symantec Shared coShared Browser NppBho dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Programas Java jre bin ssv dll O - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO Auxiliar de Conex o do Windows Live - D - C - ABF- ECC- C - C Programas Ficheiros comuns Microsoft Shared Windows Live WindowsLiveLogin dll O - Toolbar Show Norton Toolbar - -F - -B -FBEE C B DF - C Programas Ficheiros comuns Symantec Shared coShared Browser UIBHO dll O - HKLM Run LaunchApp Alaunch O - HKLM Run IgfxTray C WINDOWS system igfxtray exe O - HKLM Run HotKeysCmds C WINDOWS system hkcmd exe O - HKLM Run Persistence C WINDOWS system igfxpers exe O - HKLM Run High Definition Audio Property Page Shortcut HDAShCut exe O - HKLM Run AzMixerSel C Programas Realtek InstallShield AzMixerSel exe O - HKLM Run SynTPLpr C Programas Synaptics SynTP SynTPLpr exe O - HKLM Run SynTPEnh C Programas Synaptics SynTP... Read more

https://forums.techguy.org/threads/win32-trojan-agent.731478/
Relevancy 66.65%

I ve stumbled upon this during a torrent in which my friend did not use the exact link and he is apparently unclean and decided to not mention that he just sent me a random link he googled up and I ve suffered a tad bit from it I tend to avoid torrents Trojan.Win32.Agent (?) but a friend was tempting me and he said he had the game I was downloading as wll only to inform me that he had a different link once I found out about this If you need to know it was a game my brother owns that I wanted to get good at for the Trojan.Win32.Agent (?) next time we got together to play it It was Guilty Gear XX Reload First off I found a thread about the virus in which another user told the OP to use Combofix and I followed his instructions It gave me an error half-way yikes and told me I did not have proper files for PC restore and without them it would only run in a safer small-scale I did so and then when I scanned my PC afterwards with Ad-aware which originally noticed it and then I closed it off for when Combofix came along it came up with no threats I assumed I was done after scanning my things with Ad-Aware to notice it Trojan.Win32.Agent (?) was gone but I ve noticed strange things First off Windows stopped a program called RUN DDL AS APP Another is constant crashing from quot DrWatson Postmortem Debugger quot I researched and found with information not of DrWatson that I might have conficker I remember getting the security update on my old PC but not quite this one Other than that I researched that if I delete my cache all internet information and the like and can still visit AVG it s not conficker so I didn t pull the plug and rush microsoft s intentions and I d rather look into this Is there a quick efficient fix on Trojan Win Agent I ve uninstalled the program I ve torrented as an added FYI Don t intend to do THAT again I m rather illiterate when it comes to using technology efficiently so please guide me through this one I ll be trying to check up on this thread from email on other computers and such Not sure if this helps but I ve tried scanning with hijackthis to get the logs ----- ----- ----- Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system Ati evxx exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS System WLTRYSVC EXE C WINDOWS System bcmwltry exe C Program Files Lavasoft Ad-Aware AAWService exe C WINDOWS system spoolsv exe C WINDOWS system Ati evxx exe C WINDOWS Explorer EXE C WINDOWS system ctfmon exe C Program Files Common Files AOL ACS AOLAcsd exe C WINDOWS eHome ehRecvr exe C WINDOWS eHome ehSched exe C Program Files Java jre bin jqs exe C Program Files Common Files Microsoft Shared VS Debug mdm exe C Program Files Common Files New Boundary PrismXL PRISMXL SYS C Program Files Microsoft Search Enhancement Pack SeaPort SeaPort exe c Program Files Microsoft SQL Server Shared sqlwriter exe C WINDOWS system svchost exe C Program Files Common Files Ulead Systems DVD ULCDRSvr exe C Program Files Common Files Microsoft Shared Windows Live WLIDSVC EXE C WINDOWS system svchost exe C Program Files Common Files Microsoft Shared Windows Live WLIDSvcM exe C WINDOWS system dllhost exe C WINDOWS System svchost exe C WINDOWS system notepad exe C Program Files Mozilla Firefox firefox exe C Program Files Microsoft Search Enhancement Pack SCServer SCServer exe C WINDOWS system wscntfy exe C WINDOWS system wuauclt exe C Program Files Lavasoft Ad-Aware AAWTray exe C WINDOWS system taskmgr exe C WINDOWS system notepad exe C Documents and Settings Owner YOUR-FE D AA Desktop scannerjunk mm mobmeter exe C Documents and Settings Owner YOUR-FE D AA Desktop scannerjunk iexplore exe exe C Program Files MSN Toolbar Platform mswinext exe R - HKCU Software Microsoft Internet Explorer Main Start Page http macgyve... Read more

A:Trojan.Win32.Agent (?)

Update?
Um, sorry if I'm not supposed to be bumping like this. I've just got another question, and I don't know if I should be editing or what. Is there a way for me to restore to my laptop to just the core operating system and the like?

I remember having a disk with a code to match my old computer with it, but I have no disc (at least not to my knowledge) for my laptop. Is there a way to do a full restore like this for my laptop without the disk? Thanks, and sorry for doubleposting/bumping.
 

https://forums.techguy.org/threads/trojan-win32-agent.927863/
Relevancy 66.65%

The previous days i picked some trojans Using AVG antivirus VundoFix and RegRun i was able to get a clean report Then i used Karpersky Online scanner and i found that Trojan Win Agent qt is still around in system restore I dont know Trojan.Win32.Agent.qt how to remove from that place and how dangerous it is Any help would be greatly appreciated Part of Karpersky output C System Volume Information restore D F-A - -B -D B A D AD RP A exe Object is locked skipped C System Volume Information restore D F-A Trojan.Win32.Agent.qt - -B -D B A D AD RP A dll Object is locked skipped C System Volume Information restore D F-A - -B -D B A D AD RP A dll Object is locked skipped C System Volume Information restore D F-A - -B -D B A D AD RP A dll Infected not-a-virus AdWare Win Virtumonde ar skipped C System Volume Information restore D F-A - -B -D B A D AD RP A dll Object is locked skipped C System Volume Information restore D F-A - -B -D B A D AD RP A dll Object is locked skipped C System Volume Information restore D F-A - -B -D B A D AD RP A dll Infected not-a-virus AdWare Win Virtumonde bq skipped C System Volume Information restore D F-A - -B -D B A D AD RP A dll Infected not-a-virus AdWare Win Virtumonde bq skipped C System Volume Information restore D F-A - -B -D B A D AD RP A dll Infected not-a-virus AdWare Win Virtumonde bq skipped C System Volume Information restore D F-A - -B -D B A D AD RP A dll Infected not-a-virus AdWare Win Virtumonde bq skipped C System Volume Information restore D F-A - -B -D B A D AD RP A dll Infected Trojan Win Agent qt skipped C System Volume Information restore D F-A - -B -D B A D AD RP change log Object is locked skipped nbsp

A:Trojan.Win32.Agent.qt

Hi, Welcome to TSG!!

You need to flush the system restore to remove that.

Look here: http://www.microsoft.com/technet/community/en-us/management/sysrestore_faq.mspx
 

https://forums.techguy.org/threads/trojan-win32-agent-qt.560806/
Relevancy 66.65%

i had nod 2.5 and it was telling me i had a virus, i thought it had been a long time since i formatted my computer so it didnt bother me a great deal that i had a virus. (i thought it was a minor one)

well ive jus reinstalled xp, drivers, software and have now got 30 day trial version of nod 32 version 5

and its still telling me i have a virus? i dont know much about computers but i didnt think that was even possible? unless its hiding in hardware somehwere? ?

Object: MBR sector of the 1. physical disk

Threat: Win32/Agent.SDG.Gen trojan

im actually really worried now, and i dont know what to do, any help?


also when i select to clean the virus, its jus says error

A:Win32/Agent.SDG.Gen trojan

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

We want all our members to perform the steps outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, you shall have a proper set of logs. Please post/attach the logs in your next reply.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

------------------------------------------------------

http://www.techsupportforum.com/forums/f284/win32-agent-sdg-gen-trojan-604232.html
Relevancy 66.65%

I've picked up the trojan Win32.

When I scan my computer with any of the security systems I have (Ad-Aware, AVG Anti Spyware and Spyware) they all remove it (or quarantine it) but it always comes back. It has put an icon on my desktop that opens a site called Micro Billing Systems whenever I link to the internet (I am on dial-up). The only way to avoid this is to scan every time before I connect.

When scanned it shows on Ad-Aware as two items

Regkey clsid\{d2fac024-92c0-42e5-a75b-764e3915cc50} and
software\microsoft\windows\current version\system "disable registry tools"

I know what it is doing and I just want to get rid of it HELP!!

p.s. I really am computer dunce so words of one syllable please
 

https://forums.techguy.org/threads/win32-trojan-agent.623531/
Relevancy 66.65%

Hello I appreciate your time and all of the work you do here This is my first time posting to a Tech Help forum so hopefully I'll be clear The first sign of any problem was when my computer rebooted while I was in the middle of working No warning whatsoever When Windows had started back up there was an icon in the system tray a red button with a white quot X quot in it and a balloon popped up warning of malicious spyware or something along those lines Knowing better than to click on such a thing I immediately opened my antivirus to do a scan AVG it had been running in the background To ensure i had the latest protection I tried running the updater and was told the server couldn't connect When i tried to go to AVG's website no luck Things went from bad to worse and eventually I found my AVG not Win32: Agent-QNI Trojan-gen and working Win32: Agent-QNI and Trojan-gen at all so I downloaded Avast disconnected from my network and swapped anti-viruses Using the Avast Boot-time scan I discovered the following beep sys in C WINDOWS system dllcache Win Agent-QNI Trj beep sys in C WINDOWS system divers Win Agent-QNI Trj karna dat in C WINDOWS Win Trojan-gen Other karna dat in C WINDOWS system Win Trojan-gen Other I was recommended this site by a friend who had suffered the virtumonde sp fiasco Unfortunately the virus isn't letting me on there either so I'm currently on my backup computer I followed the quot NEW INSTRUCTIONS quot and couldn't get the gmer exe to run on my infected laptop so as per a response i read somewhere i went to the next step and have pasted the results and attached the file as requested Once again I thank you for your time DDS Version - NTFSx Run by G theLow at on Wed Microsoft Windows XP Professional GMT - Running Processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs svchost exe C WINDOWS System WLTRYSVC EXE C WINDOWS System bcmwltry exe C Program Files Alwil Software Avast aswUpdSv exe C Program Files Alwil Software Avast ashServ exe C WINDOWS Explorer EXE C Program Files Apoint Apoint exe C WINDOWS system rundll exe C WINDOWS system KADxMain exe C WINDOWS system WLTRAY exe C PROGRA ALWILS Avast ashDisp exe C WINDOWS system ctfmon exe C Program Files Apoint ApMsgFwd exe C Program Files Toshiba Bluetooth Toshiba Stack TosBtMng exe C Program Files Apoint HidFind exe C Program Files Logitech SetPoint SetPoint exe C Program Files Apoint Apntex exe C Program Files Toshiba Bluetooth Toshiba Stack TosA dp exe C Program Files Common Files Logitech KhalShared KHALMNPR EXE C Program Files Toshiba Bluetooth Toshiba Stack TosBtHid exe C Program Files Toshiba Bluetooth Toshiba Stack TosBtHsp exe C WINDOWS system spoolsv exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Broadcom ASFIPMon AsfIpMon exe C Program Files Bonjour mDNSResponder exe C Program Files Google Common Google Updater GoogleUpdaterService exe C Program Files Dell QuickSet NICCONFIGSVC exe C Program Files NVIDIA Corporation nTune nTuneService exe C WINDOWS system nvsvc exe C WINDOWS system StacSV exe C Program Files Toshiba Bluetooth Toshiba Stack tosOBEX exe C WINDOWS system svchost exe -k imgsvc C Program Files Wave Systems Corp Trusted Drive Manager TdmService exe C WINDOWS system dllhost exe C Program Files Alwil Software Avast ashMaiSv exe C Program Files Toshiba Bluetooth Toshiba Stack tosBtProc exe C Program Files Alwil Software Avast ashWebSv exe C WINDOWS system dllhost exe C WINDOWS system wuauclt exe C WINDOWS system WBEM WMIADAP EXE C Documents and Settings G theLow Desktop dds scr C DOCUME G theLow LOCALS Temp RarSFX WREGS EXE Psuedo HJT Report uSearch Page hxxp www google com uSearch Bar hxxp www google com ie uSearchMigratedDefaultURL hxxp www google com search q searchTerms amp sourceid ie amp rls com microsoft en-US amp ie utf... Read more

A:Win32: Agent-QNI and Trojan-gen

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

Please copy this page to Notepad and Save it to your Desktop in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Download the tools needed to a flash drive or other removable media, and transfer them to the infected computer.

------------------------------------------------------

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3





* IMPORTANT !!! Save Combo-Fix.exe to your Desktop

--------------------------------------------------------------------

With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Download the file from this Microsoft page:

http://www.microsoft.com/downloads/d...displaylang=en

Download the file & save it as it's originally named.

---------------------------------------------------------------------

Transfer all files you just downloaded, to the desktop of the infected computer.

--------------------------------------------------------------------

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools


Drag the setup package onto Combo-Fix.exe and drop it.
Follow the prompts to start Combo-Fix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.




At the next prompt, click 'Yes' to run the full ComboFix scan.
When the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt in your next reply.

------------------------------------------------------

Please download HijackThis and Save it to your Desktop.

Alternate link

Double-click on the file you just downloaded. Click 'Run' or 'Install' and follow the prompts to install.

It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis

Upon install, HijackThis should open for you.

Should it not open, navigate to C:\Program Files\Trend Micro\HijackThis and double-click on HijackThis.exe

1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'.
2. If you don't get the intro screen, just hit 'Scan' and then click on 'Save log'.
3. Please post the HijackThis log in your next reply. Do not fix anything in HijackThis since they may be harmless.
4. Close HijackThis now please.

----... Read more

http://www.techsupportforum.com/forums/f100/win32-agent-qni-and-trojan-gen-312242.html
Relevancy 66.65%

New the the forum. Would appreciate any advice on this. I'll upload my HiJackthis report next.

Kaspersky Online scanner detected the Trojan-PSW.Win32.Agent.ktv on my hard drive.

KASPERSKY ONLINE SCANNER 7 REPORT Thursday, March 5, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, March 05, 2009 15:21:52
Records in database: 1870838

Scan settings Scan using the following database extended Scan archives yes Scan mail databases yes
Scan area My Computer C:\
D:\
E:\
G:\
Scan statistics Files scanned 94190 Threat name 1 Infected objects 1 Suspicious objects 0 Duration of the scan 01:05:22
File name Threat name Threats count C:\System Volume Information\_restore{DF4F46B0-CCD5-415E-A553-9F196BD008A8}\RP383\A0049098.ocxInfected: Trojan-PSW.Win32.Agent.ktv1

The selected area was scanned.
 

A:Trojan-PSW.Win32.Agent.ktv

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:15:54 PM, on 3/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\ups.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\sol.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://broadband.zoomtown.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://broadband.zoomtown.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [R... Read more

https://forums.techguy.org/threads/trojan-psw-win32-agent-ktv.806648/
Relevancy 66.65%

OK someone has gotten my credit card number and made fraudulent charges this all started when i tried to make a purchase from buydig com my purchase was declined for not having enough credit limit on my card after the fraudulent charges were made i tried to contact buydig com by email i was first told Trojan-PSW.Win32.Agent.klk to Trojan-PSW.Win32.Agent.klk call customer service i was unable to reach them so i sent another email and was told to just send my CC info in an email that seems suspicious to me so Trojan-PSW.Win32.Agent.klk i did a kaspersky scan and it found Trojan-PSW Win Agent klk i have been unable to find any info on this and need to know if my PC has been compromised by this malware or some other one the trojan was in a file called davidblainmegamagic exe i have deleted that file i am using a dell laptopwin xpwireless dsl avg anti virusad-awarezone alarmkaspersky scan--------------------------------------------------------------------------------KASPERSKY ONLINE SCANNER REPORT Sunday December Operating System Microsoft Windows XP Home Edition Service Pack build Kaspersky Online Scanner version Program database last update Saturday December Records in database --------------------------------------------------------------------------------Scan settings Scan using the following database extended Scan archives yes Scan mail databases yesScan area - My Computer C D Scan statistics Files scanned Threat name Infected objects Suspicious objects Duration of the scan File name Threat name Threats countC Documents and Settings DeWayne LAPTOP Application Data Sun Java Deployment cache javapi v jar Trojan-PSW.Win32.Agent.klk crtdcghcn jar- db - c ab c zip Infected Exploit Java Gimsh a C Documents and Settings DeWayne LAPTOP Application Data Sun Java Deployment cache javapi v jar jvmimpro jar- efd - f aeddb zip Infected Exploit Java Gimsh b C Documents and Settings DeWayne LAPTOP Application Data Sun Java Deployment cache javapi v jar jvmimpro jar- b a e - edc zip Infected Exploit Java Gimsh b C Documents and Settings DeWayne LAPTOP My Documents My Music David Blaines Magic Tricks Explained davidblainmegamagic exe Infected Trojan-PSW Win Agent klk The selected area was scanned Logfile of random's system information tool written by random random Run by DeWayne at - - Microsoft Windows XP Home Edition Service Pack System drive C has GB free of GBTotal RAM MB free Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system svchost exeC Program Files Lavasoft Ad-Aware aawservice exeC WINDOWS system spoolsv exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC PROGRA AVG AVG avgwdsvc exeC Program Files Bonjour mDNSResponder exeC Program Files Dell NICCONFIGSVC NICCONFIGSVC exeC WINDOWS system svchost exeC PROGRA AVG AVG avgrsx exeC WINDOWS Explorer EXEC PROGRA AVG AVG avgemc exeC WINDOWS system hkcmd exeC WINDOWS system dla tfswctrl exeC PROGRA BILLPS WINPAT winpatrol exeC WINDOWS Logi MwX ExeC PROGRA COMMON INSTAL UPDATE issch exeC PROGRA AVG AVG avgtray exeC Program Files Zone Labs ZoneAlarm zlclient exeC Program Files iTunes iTunesHelper exeC Program Files iolo System Mechanic SMSystemAnalyzer exeC Documents and Settings DeWayne LAPTOP Local Settings Application Data Google Update GoogleUpdate exeC Program Files Siber Systems AI RoboForm RoboTaskBarIcon exeC PROGRA Webshots webshots scrC Program Files iPod bin iPodService exeC WINDOWS system ZoneLabs vsmon exeC Program Files Internet Explorer iexplore exeC WINDOWS system ctfmon exeC WINDOWS System svchost exeC Program Files Trend Micro HijackThis HijackThis exeC WINDOWS system NOTEPAD EXEC WINDOWS system wuauclt exeC Documents and Settings DeWayne LAPTOP Desktop RSIT exeC Pro... Read more

A:Trojan-PSW.Win32.Agent.klk

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERER,K

http://www.bleepingcomputer.com/forums/t/184781/trojan-pswwin32agentklk/
Relevancy 66.65%

I was hoping that someone could help with Help Trojan.Win32.Agent.akk! me remove Trojan Win Agent Help with Trojan.Win32.Agent.akk! akk from my computer I keep getting a critical error message that says Help with Trojan.Win32.Agent.akk! quot Your browser was hijacked by Trojan Win Agent akk You need to clean your system immediately in other case it can be crashed soon Click OK to download the high-tec antispyware protection software Recommended quot I am running XP with AVG Free Edition with everything up to date I have also tried running Spybot S amp D as well as AdAware but with no luck Here is my Hijackthis log Can anyone please help Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system savedump exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C Acer eManager anbmServ exe C WINDOWS Explorer EXE C PROGRA Grisoft AVGFRE avgamsvr exe C Program Files Synaptics SynTP SynTPLpr exe C Program Files Synaptics SynTP SynTPEnh exe C WINDOWS SOUNDMAN EXE C WINDOWS system Rundll exe C WINDOWS system keyhook exe C PROGRA Grisoft AVGFRE avgupsvc exe C Program Files Java jre bin jusched exe C PROGRA Grisoft AVGFRE avgemc exe C WINDOWS system ctfmon exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C WINDOWS system sistray exe C Program Files Logitech SetPoint SetPoint exe C WINDOWS System PAStiSvc exe C WINDOWS system svchost exe C Program Files Common Files Logitech khalshared KHALMNPR EXE C Program Files acer eRecovery Monitor exe C Program Files HijackThis HijackThis exe C WINDOWS system wuauclt exe R - HKCU Software Microsoft Internet Explorer Main Start Page http espn com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer SearchURL Default http g msn ca SEENCA SAOS FORM TOOLBR R - URLSearchHook no name - - no file O - BHO Yahoo Companion BHO - D -C F - efb- B - ECA - C Program Files Yahoo Companion Installs cpn ycomp dll O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Reader ActiveX AcroIEHelper dll O - BHO ShoppingReport - EB FD-D E- FD- F -EE F - C Program Files ShoppingReport Bin ShoppingReport dll O - BHO Video - FEB -AACC- E-BC -D CFD A F - C WINDOWS stream a dll O - BHO no name - - F - D - - D F - C Program Files Spybot - Search amp Destroy SDHelper dll O - BHO UberButton Class - BAB B B- BC- B - D - FC DE A - C Program Files Yahoo common yiesrvc dll O - BHO YahooTaggedBM Class - D A - CA - B-BB - D EFB A - C Program Files Yahoo common YIeTagBm dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO no name - e - bfe- b -a b - bd a - no file O - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dll O - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Program Files Google GoogleToolbarNotifier swg dll O - BHO Windows Live Toolbar Helper - BDBD DAD-C - A -ADC - B B FF D - C Program Files Windows Live Toolbar msntb dll O - BHO SidebarAutoLaunch Class - F AA - - -B C -A CCDF CBF D - C Program Files Yahoo browser YSidebarIEBHO dll O - Toolbar Yahoo Companion - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn ycomp dll O - Toolbar amp E... Read more

A:Help with Trojan.Win32.Agent.akk!

Download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
--------------------------------------------------------------------
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
...
--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
 

https://forums.techguy.org/threads/help-with-trojan-win32-agent-akk.660620/
Relevancy 66.65%

It seems I am quite unhappy Win32.Trojan.Agent to say that I have become a victim to this Trojan Fortunately the brunt of it's effects haven't reached me as I use FireFox with NoScript and AdBlock I would really appreciate some help getting rid of this pest as before this my computer had never had any issues and I'm also no fan of reformats Amusingly enough Ad-Aware was the one to catch this Malware nothing else my AVG scan is running now Symantec missed it completely Also when I expanded the file for more information it lists the infection of this malware as being in my D drive as opposed to the C This is what it lists Family Id Name Win Trojan Agent Category Malware TAI Item Id Value File D System Volume Information restore D AFCA -C E- DBB- D E- F A B RP A exe I would love to get this resolved quot peacefully quot and hopefully you guys can help

A:Win32.Trojan.Agent

Ive solved these issues before and usually you will have to turn off system restore. Then reboot the computer and afterwards, turn on system restore again.

http://www.techsupportforum.com/forums/f10/win32-trojan-agent-234207.html
Relevancy 66.65%

Hi all I ve been having problems with trojans lately I m pretty sure I already got rid of Crypt OnlineGames Vundo Win32.agent Trojan Antivirus XP Lineage Virtumonde and some other stuff but now I am stuck with a very stubborn trojan win Agent I get process aNb D b exe and while several programs have found it and quot cleaned quot it it comes back A Kasperspy scan found these also C Documents and Settings Owner Local Settings temp SPjR n exe Infected Trojan-Downloader Win Agent afua C Documents and Settings Owner Local Settings Trojan Win32.agent temp k Xg Trojan Win32.agent yr exe Infected Trojan-Downloader Win Agent afua other symptoms are popups by accuquote com lan screensaver com gunggo com hcpc org bbbs org go webrewardsstream com and others plus a sound ad contratulating me on winning a free Nintendo Wii or something my HJT log looks clean to me and I ve ran adaware spybot malwarebytes anti-malware super antispyware combofix so now I turn to you for some advice I hope someone can help me out

A:Trojan Win32.agent

http://www.bleepingcomputer.com/forums/ind...st&p=939877Would you run atf cleaner and SAS from safe mode then after rebooting into normal mode run a quick scan with your updated MBAMPost both logs and we can proceed from there

http://www.bleepingcomputer.com/forums/t/168484/trojan-win32agent/
Relevancy 66.65%

Hello everyone I'am new here and looking for some help and gald I found your site. I been getting these popups winantivirus 2007. So I downloaded AVG and used it in safe mode becasue it would not let me run it in normal it would make my computer keep restarting. I removed the AVG and at least I can use my computer. I thought I would try adaware it found win32 trogan.agent and it can not remove it. Can anyone give me the steps on remove this?I never had a virus before so I'am new to this. I am running windows xp home with service pack 2

Thanks
MQ1

A:Win32 Trojan Agent

Probably Vundo. Run the Vundofix tool in the link below.http://www.atribune.org/content/view/24/2/Install Super Antispyware. Run it in safe mode. Allow it to quarantine whatever it finds. http://www.superantispyware.com/Run the online scan for Bit Defender in normal mode. Allow it to quarantine whatever it finds.http://www.bitdefender.com/scan8/ie.html--------------------------------------------------------------------------------Post a Hijack This Log in the Hijack This Forum by following the directions in the link below. DO NOT post a log in this forum. http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/How to Start Windows in Safe Mode:http://www.bleepingcomputer.com/tutorials/how-to-start-windows-in-safe-mode/

http://www.bleepingcomputer.com/forums/t/108773/win32-trojan-agent/
Relevancy 66.65%

Hi,
This morning my Zone Alarm security suite said my Dell is infected with the "Trojan.Win32.Agent.wer" virus, but there is no repair available yet. Is this true? If so, what do I do? Any advice would be much appreciated. You guys really helped us in a similar situation a few months ago. Thanks.
Sincerely,
the hales

I just wanted to add that the file name is "D:\Install.exe"

A:Trojan.Win32.Agent.wer

Scan with MalwareBytes' Anti-Malware:Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.Make sure that everything is checked, and click Remove Selected.When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply and exit MBAM.Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.Then, submit log file ESET SysInspector, to see what the situation.Download ESET SysInspectorhttp://www.eset.com/download/sysinspector.php- Start program through the SysInspector.exeThe program will collect information about the situation on your machine.- When "inspector" is ready and log file - generated, select File> Save Log- Confirm their wishChoose to save the file somewhere and then upload on http://4storing.com/ (when you open the page, click on the Great Britain flag to open the page in English), then give me the link.

http://www.bleepingcomputer.com/forums/t/177215/trojanwin32agentwer/
Relevancy 66.65%

Hello I am infected with this trojan but it does not come up on the virus scans I m not sure if this is a new trojan but I ve tried numerous anti-virus softwares and only one of them picks it up Kaspersky I first discovered something was wrong when I was trying to log into my credit report monitoring website I plugged in my social security Please Help Trojan-PSW.Win32.Agent.jzd with number into the input field clicked enter and the page would close instantaneously I then tried to run an online scan via Trend Micro Again it would crash the page and IE or Mozilla would close The funny thing is I ran Kaspersky - scan full computer and it Help Please with Trojan-PSW.Win32.Agent.jzd does NOT detect the virus Help Please with Trojan-PSW.Win32.Agent.jzd I planned on reformatting my laptop and there are a few files I need to retain I emailed myself those files and upon opening the files excel word jpg - all were ok with the exception of my quickbooks file Kaspersky would stop the download and opening of the file and say the file is infected with the above subject trojan I stupidly transferred the quickbook files onto my external hard drive so now I think that s infected also I followed all the steps on majorgeeks forum to clean the computer - didn t work Kaspersky people looked at my logs and said they were fine also When you search this trojan the only info you find is an added trojan list from kaspersky and f-secure No detailed description on it I also downloaded and scanned my computer with F-secure and it did not find anything Please help Alvin nbsp

https://forums.techguy.org/threads/help-please-with-trojan-psw-win32-agent-jzd.862801/
Relevancy 66.65%

Techguy I need help with removal About Win32 and Agent-PSI Trojan.BHO.H with Help [rtk] a week ago my AVG picked up a virus I tried deleting it with that program but it kept coming back after a restart I disabled AVG and ran Malwarebytes It found and deleted most of the infected files with the exception of Now every time I run it it locates the Help with Trojan.BHO.H and Win32 Agent-PSI [rtk] same files says it deleted them but on a restart amp re-scan it shows up again I have also ran Hijack this but tried to delete the file but it comes back into the registry Since then I ve installed combofix exe and Avast Help with Trojan.BHO.H and Win32 Agent-PSI [rtk] anti virus Neither solved the problem Here are some of the symptoms I ve recognized My date time has changed Now everything is in military time and dates on my business software reports show the order of the mth day year in different an arrangement I haven t noticed much of a performance issue but it is a slower machine anyways Let me know which logs files to post This is a business machine with a couple of proprietary software installed so a format is a last resort Much thanks for any help Ray HijackThis Report Logfile of Trend Micro HijackThis v Scan saved at on - - Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system svchost exe C Program Files Alwil Software Avast aswUpdSv exe C Program Files Alwil Software Avast ashServ exe C WINDOWS system spoolsv exe C WINDOWS System svchost exe C Program Files Microsoft SQL Server MSSQL VSDOTNET Binn sqlservr exe C WINDOWS system svchost exe C WINDOWS Explorer EXE C WINDOWS system SearchIndexer exe C Program Files Analog Devices Core smax pnp exe C PROGRA ALWILS Avast ashDisp exe C WINDOWS system ctfmon exe C Program Files Digital Line Detect DLG exe C Documents and Settings Manager Start Menu Programs Startup DigiWin exe C Program Files Active-Charge Active-Charge exe C Program Files Alwil Software Avast ashMaiSv exe C Program Files Alwil Software Avast ashWebSv exe C Program Files SiteLink Web Edition Bin SiteLinkClient exe C Program Files Mozilla Firefox firefox exe C Program Files Trend Micro HijackThis HijackThis exe R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Bar http us rd yahoo com customize ie defaults sb msgr http www yahoo com ext search search html R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKCU Software Microsoft Internet Explorer SearchURL Default http us rd yahoo com customize ie defaults su msgr http www yahoo com R - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - no file O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO no name - B B - A - C -BAA - E F B C - c windows system bvogpbq dll O - BHO StumbleUpon Launcher - B F -A B- b -BBAC- EBEBBB - C Program Files StumbleUpon StumbleUponIEBar dll O - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Program Files AVG AVG avgssie dll file missing O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - Toolbar StumbleUpon Toolbar - EB C- E - AB- -B BA BDC - C Program Files StumbleUpon StumbleUponIEBar dll O - HKLM Run SoundMAXPnP C Program Files Analog Devices Core smax pnp exe O - HKLM Run avast C PROGRA ALWILS Avast ashDisp exe O - HKCU Run ctfmon exe C WINDOWS system ctfmon exe O - Startup DigiWin exe O - Startup PCCharge Payment Server ln... Read more

https://forums.techguy.org/threads/help-with-trojan-bho-h-and-win32-agent-psi-rtk.814786/
Relevancy 66.65%

Everytime i'm on the internet this popup comes up Critical System ErrorYour Browser was hijacked by Trojan Win Agent akkYou need to clean your system immediately in other case it can be crashed soon Click Ok to download the high-tech antispyware protectection software recommended if i click on it it wants me to download ie defender which i never did the message comes up on every page i go on sometime Trojan.win32.agent.akk multiple times if the page has pictures and advertisements like my email Logfile of Trend Micro HijackThis v Scan Trojan.win32.agent.akk saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC Program Files Windows Defender MsMpEng exeC WINDOWS System svchost exeC WINDOWS system svchost exeC WINDOWS system ZoneLabs vsmon exeC Trojan.win32.agent.akk Program Files Common Files Symantec Shared ccSetMgr exeC Program Files Common Files Symantec Shared ccEvtMgr exeC Program Files Lavasoft Ad-Aware aawservice exeC WINDOWS system spoolsv exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Symantec AntiVirus DefWatch exeC Program Files Dell QuickSet NICCONFIGSVC exeC Program Files Symantec AntiVirus SavRoam exeC WINDOWS system svchost exeC Program Files Symantec AntiVirus Rtvscan exeC WINDOWS System WLTRYSVC EXEC WINDOWS System bcmwltry exeC WINDOWS Explorer EXEC Program Files Synaptics SynTP SynTPEnh exeC WINDOWS system WLTRAY exeC Program Files Dell Media Experience PCMService exeC Program Files Dell Media Experience DMXLauncher exeC Program Files Dell QuickSet quickset exeC Program Files Creative Mixer CTSVolFE exeC WINDOWS System DLA DLACTRLW EXEC Program Files Common Files InstallShield UpdateService issch exeC Program Files Google Google Desktop Search GoogleDesktop exeC WINDOWS system hkcmd exeC WINDOWS system igfxpers exeC Program Files Google Google Desktop Search GoogleDesktopIndex exeC WINDOWS stsystra exeC Program Files HP HP Software Update HPWuSchd exeC Program Files Microsoft IntelliType Pro itype exeC WINDOWS system igfxsrvc exeC Program Files Microsoft IntelliPoint ipoint exeC Program Files Adobe Photoshop Album Starter Edition Apps apdproxy exeC Program Files Common Files Symantec Shared ccApp exeC PROGRA SYMANT VPTray exeC Program Files Java jre bin jusched exeC Program Files Windows Defender MSASCui exeC Program Files iTunes iTunesHelper exeC Program Files Zone Labs ZoneAlarm zlclient exeC Program Files NetWaiting netWaiting exeC PROGRA Sony SONICS SsAAD exeC WINDOWS system ctfmon exeC Program Files DellSupport DSAgnt exeC Program Files Spybot - Search amp Destroy TeaTimer exeC Program Files Digital Line Detect DLG exeC Program Files HP Digital Imaging bin hpqtra exeC Program Files CASIO Photo Loader Plauto exeC Program Files HP Digital Imaging bin hpqSTE exeC Program Files iPod bin iPodService exeC Program Files Internet Explorer iexplore exeC Program Files Common Files Microsoft Shared Windows Live WLLoginProxy exeC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Start Page http login live com login srf wa wsignin px amp id R - HKLM Software Microsoft Internet Explorer Search Default Page URL www google com ig dell hl en amp client dell-usuk amp channel usR - HKCU Software Microsoft Internet Connection Wizard ShellNext http us mcafee com root learnmore learnm amp lcode en-usR - URLSearchHook FCToolbarURLSearchHook Class - C F - A- - D - D E A B - C Program Files Pink Ribbon Toolbar Helper dllR - URLSearchHook no name - - no file O - BHO Video - C - A E- D- - DF - C WINDOWS stream a dllO - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dllO - BHO DriveLett... Read more

A:Trojan.win32.agent.akk

Hello and Welcome to Bleeping Computer. I am MoNsTeReNeRgY22 and I will be assisting you with your malware problem today. Please give me some time to analyze your log, and I will post back with instructions ASAP.

http://www.bleepingcomputer.com/forums/t/120397/trojanwin32agentakk/
Relevancy 66.65%

Hey guys I got an infection I can't access my C drive or my Win32.Trojan.Agent External Drive on quot My Computer quot but I can get around that if I use quot Search quot and look up a program like Winamp and click the Back button to go through my folders But the infection Win32.Trojan.Agent is stopping me Win32.Trojan.Agent from clicking on the drive itself and there's just alot of strange things happening I keep scanning over and over with Spybot and Adaware and get a recurring Win Trojan Agent in Ad-Aware and Spybot keeps bringing up this WWWCoolSearch OleHelp Here's my log Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C Program Files Bonjour mDNSResponder exe C WINDOWS system svchost exe C Program Files Common Files LightScribe LSSrvc exe C Program Files Nero Nero Nero BackItUp NBService exe C WINDOWS System svchost exe C WINDOWS system nvsvc exe C WINDOWS System svchost exe C WINDOWS system PSIService exe C WINDOWS system svchost exe C Program Files Viewpoint Common ViewpointService exe C Program Files Linksys Wireless-G PCI Wireless Network Monitor WLService exe C Program Files Linksys Wireless-G PCI Wireless Network Monitor WMP Gv exe C WINDOWS Explorer exe C WINDOWS Config lsass exe C Program Files Common Files Logitech LCD Manager lcdmon exe C Program Files Common Files Logitech G-series Software LGDCore exe C Program Files Saitek Software ProfilerU exe C Program Files Saitek Software SaiMfd exe C Program Files Java jre bin jusched exe C WINDOWS SOUNDMAN EXE C Program Files QuickTime qttask exe C Program Files iTunes iTunesHelper exe C Program Files HP HP Software Update HPWuSchd exe C WINDOWS system WDBtnMgr exe C Program Files Microsoft Xbox Accessories XboxStat exe C FRAPS FRAPS EXE C Program Files DAEMON Tools daemon exe C Program Files Common Files Logitech LCD Manager Applets LCDPOP exe C Program Files Common Files Logitech LCD Manager Applets LCDMedia exe C WINDOWS system ctfmon exe C Program Files Common Files Logitech LCD Manager Applets LCDClock exe C Program Files Winamp Remote bin OrbTray exe C Program Files Common Files Nero Lib NMBgMonitor exe C Program Files iPod bin iPodService exe C Program Files Logitech MouseWare system em exec exe C Program Files Common Files Nero Lib NMIndexingService exe C WINDOWS SVCHOST EXE C Program Files Common Files Nero Lib NMIndexStoreSvr exe C Program Files Winamp Remote bin Orb exe C WINDOWS System svchost exe C Program Files Viewpoint Viewpoint Manager ViewMgr exe C Program Files Mozilla Firefox firefox exe C WINDOWS system ctfmon exe G Program Files Spybot - Search amp Destroy SpybotSD exe G Program Files Lavasoft Ad-Aware SE Personal Ad-Aware exe C Program Files Microsoft Office Office POWERPNT EXE C Program Files Microsoft Office Office WINWORD EXE C Program Files Internet Explorer iexplore exe C Documents and Settings Owner Desktop HiJackThis exe R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO no name - - F - D - - D F - C Program Files Spybot - Search amp Destroy SDHelper dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO no name - E D - A-... Read more

A:Win32.Trojan.Agent

Hi Mana Dragon,

If you still require assistance, then please carry out the following instructions:

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
Please attach extra.txt to your post.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:C:\Deckard\System Scanner\extra.txt

Click Upload.
What DSS will do: create a new System Restore point in Windows XP and Vista.
clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

--------------------------------------------------------------

Please include the following in your next reply:

C:\Deckard\System Scanner\main.txt
C:\Deckard\System Scanner\extra.txt - Attached please

http://www.techsupportforum.com/forums/f284/win32-trojan-agent-200474.html
Relevancy 66.65%

Hello I am infected with this trojan but it does not come up on Help Trojan-PSW.Win32.Agent.jzd Please with the virus scans I m not sure if this is a new trojan but I ve tried numerous anti-virus softwares and only one of them picks it up Kaspersky I first discovered something was wrong when I was trying to log into my credit report Help Please with Trojan-PSW.Win32.Agent.jzd monitoring website I plugged in my social security number into the Help Please with Trojan-PSW.Win32.Agent.jzd input field clicked enter and the page would close instantaneously I then tried to run an online scan via Trend Micro Again it would crash the page and IE or Mozilla would close The funny thing is I ran Kaspersky - scan full computer and it does NOT detect the virus I planned on reformatting my laptop and there are a few files I need to retain I emailed myself those files and upon opening the files excel word jpg - all were ok with the exception of my quickbooks file Kaspersky would Help Please with Trojan-PSW.Win32.Agent.jzd stop the download and opening of the file and say the file is infected with the above subject trojan I stupidly transferred the quickbook files onto my external hard drive so now I think that s infected also I followed all the steps on majorgeeks forum to clean the computer - didn t work Kaspersky people looked at my logs and said they were fine also When you search this trojan the only info you find is an added trojan list from kaspersky and f-secure No detailed description on it I also downloaded and scanned my computer with F-secure and it did not find anything Please help Alvin

A:Help Please with Trojan-PSW.Win32.Agent.jzd

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

http://www.bleepingcomputer.com/forums/t/259322/help-please-with-trojan-pswwin32agentjzd/
Relevancy 66.65%

I have a Trojan problem that wont remove here is the name of it DB Version Type Name Trojan Win Agent Path HKCR CLSID C C - B - c - DCD- A D C Type Name Trojan Win Agent Path HKCR CLSID C C - B - c Trojan.Win32/Agent Please help. - DCD- A D C I try to remove the keys did nothing I try to find the file where it was located which was in the webroot WRdata folder at least i think it was I try delete this and the rebooting I try using Anvei smart Trojan.Win32/Agent Please help. defender to remove it I try Eset scanner Malware bytes Combofix With out any luck this Virus keeps on coming back After each reboot So here are the logs and scans And i am pretty sure it is this O - BHO Webroot Filtering Extension - C C - B - c - DCD- A D C - C Program Files Webroot WRData PKG Vistax wrflt dll which i try to delete also but it comes back I really need help please and thank you What it is doing it is is re sending my google search page to this web site http us yhs search yahoo com yhs I was able to remove it from chrome but after reboot and then a new search it comes back I got this virus last night if at all if anyone could help me i would like to get it removed as fast as possible all attachments are up Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C Program Files Webroot WRSA exe C Program Files x NVIDIA Corporation Update Core NvBackend exe C Program Files x Anvisoft Anvi Smart Defender ASDTray exe C Program Files x Google Chrome Application chrome exe C Program Files x Google Chrome Application chrome exe C Program Files x Google Chrome Application chrome exe C Program Files x Google Chrome Application chrome exe C Program Files x Google Chrome Application chrome exe C Program Files x Google Chrome Application chrome exe C Users Jay AppData Local Google Google Talk Plugin googletalkplugin exe C Program Files x Google Chrome Application chrome exe C Users Jay Downloads om sr cc exe C Users Jay Downloads HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink p LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink p LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKLM Software Microsoft Internet Explorer Main Local Page C Windows SysWOW blank htm R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName O - BHO Webroot Filtering Extension - C C - B - c - DCD- A D C - C Program Files Webroot WRData PKG Vistax wrflt dll O - HKLM Run WRSVC quot C Program Files Webroot WRSA exe quot -ul O - HKLM Run Anvi Smart Defender C Program Files x Anvisoft Anvi Smart Defender ASDTray exe O - Global Startup Install Webroot FF RunOnce lnk C Program Files x Common Files wruninstall exe O - Global Startup Install Webroot IE RunOnce lnk C Program Files x Common Files wruninstall exe O - Extra button Applon - B D E- BDE- C D- B -C D F A - no file O - Extra Tools menuitem Applon - B D E- BDE- C D- B -C D F A - no file O - Extra button Webroot - cd -e f- de- a - c a - no file O - Extra Tools menuitem Webroot - cd -e f- de- a - c a - no file O - Unknown file in Winsock LSP c program files x common files microsoft shared windows live wlidnsp dll O - Unknown file in Winsock LSP c program files x common files microsoft shared windows live wlidnsp dll O - Options group ACCELERATED GRAPHICS Accelerated graphics O - DPF A - F - D -A CD- B F ExentInf Class - O - HKLM System CCS Services Tcpip C E-F CF- - A - CDF B NameServer O - HKLM System CS Services Tcpip C E-F CF- ... Read more

https://forums.techguy.org/threads/trojan-win32-agent-please-help.1117554/
Relevancy 66.65%

Apperently I have this on my computer I found out after running an up to date version of Ad-aware It helped out alot with the cleaning but I m still left with a slow computer and I still have troubles loging in and out Heres my hijack this Logfile of Trend Micro HijackThis v win32.trojan.agent BETA win32.trojan.agent Scan saved at PM on Platform Windows XP SP WinNT Boot mode Normal Running processes C WINDOWS System smss exe C win32.trojan.agent WINDOWS system csrss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS system spoolsv exe C Program Files Lavasoft Ad-Aware aawservice exe C WINDOWS arservice exe C Program Files Common Files Autodesk Shared Service AdskS cSrv exe C WINDOWS eHome ehR ecvr exe C WINDOWS eHome ehS ched exe C Program Files Common Files LightScribe LS Srvc exe C Program Files Autodesk ds Max mentalray satellit e raysat dsmax s erver exe C WINDOWS system nvsvc exe C WINDOWS system HPZipm exe C WINDOWS system svchost exe C WINDOWS system svchost exe C Program Files Common Files TiVo Shared Beacon TiVoBe acon exe C Program Files Viewpoint Comm on ViewpointService exe C WINDOWS ehome mcr dsvc exe C WINDOWS system dllhost exe C WINDOWS System alg exe C WINDOWS Explorer EXE C WINDOWS system wscntfy exe C Program Files HP HP Software Update HPwuSchd exe C Program Files Common Files AOL ee AOLSoftware exe C WINDOWS system RunDLL exe C Program Files Common Files Real Update OB realsched exe C Program Files Winamp winampa exe C Program Files iTunes iTunesH elper exe C WINDOWS ARPWRMSG EXE C WINDOWS ehome eht ray exe C WINDOWS RTHDCPL E XE C Program Files iPod bin iPodS ervice exe C program files steam steam ex e C Program Files MSN Messenger MsnMsgr Ex e C Program Files Google GoogleT oolbarNotifier GoogleToolb arNotifier exe C Program Files MySpace IM MyS paceIM exe C WINDOWS eHome ehm sas exe C Program Files Updates from HP Program U pdates from HP exe C Program Files Lavasoft Ad-Aware Ad-Watch exe C Program Files Viewpoint View point Manager ViewMgr exe C WINDOWS system svchost exe C HP KBD KBD EXE c windows system hp sysdrv exe C Program Files Java jre bin jusched exe C PROGRA MOZILL FIREFOX EXE c program files common files aol ee aim exe C Documents and Settings HP Administ rator Desktop Deskto p HiJackThis v exe C WINDOWS system wbem wmiprvse exe F - REG system ini UserInit userinit ex e C WINDOWS system ntos exe O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHe lper dll O - BHO no name - -C - - CFA- B F CE D - C WINDOWS security actmig dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogi n dll O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googlet oolbar dll O - BHO hpWebHelper Class - AAAE A- FFF- - C F- D DCB - C WINDOWS pchealth helpctr Vendors CN H ewlett-Packard L Cupertino S Ca C US plugin Web Helper dll O - Toolbar no name - EF BD -C FB- D - F- D F - no file O - Toolbar amp Google - C B - - d - B - A CD F - c program files google googlet oolbar dll O - HKLM Run HPBootOp quot C Program Files Hewlett-Packard HP Boot Optimizer HPBootOp e xe quot run O - HKLM Run HP Software Update C Program Files HP HP Software Update HPwuSchd exe O - HKLM Run HostManager C Program Files Common Files AOL ee AOLSoftware exe O - HKLM Run NvMediaCenter RunDLL exe NvMCTray dll NvTaskb arInit O - HKLM Run TkBellExe quot C Program Files Common Files Real Update OB realsched exe quot -osboot O - HKLM Run WinampAgent C Program Files Winamp winampa exe O - HKLM Run iTunesHelper quot C Program Files iTunes iTunesH elper exe quot O - HKLM Run Reminder quot C Windows Creator Remind... Read more

A:win32.trojan.agent

Closing duplicate. Continue posting here: http://forums.techguy.org/security/600210-computer-problems.html
 

https://forums.techguy.org/threads/win32-trojan-agent.600582/
Relevancy 66.22%

This is my log filesThank you so mucnLogfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS "trojan Trojan.win32.agent.abe" Program Need Got Help! I system Ati evxx exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system spoolsv exeC WINDOWS system Ati evxx exeC Program Files Common Files I Got "trojan Program Trojan.win32.agent.abe" Need Help! Autodesk Shared Service AdskScSrv exeC Program Files Kaspersky Lab Kaspersky Anti-Virus avp exeC WINDOWS Explorer EXEc Program Files WIDCOMM Bluetooth Software bin btwdins exeC Program Files Common Files LightScribe LSSrvc exeC Program Files Autodesk dsMax mentalray satellite raysat dsmax server exeC Program Files Alcohol Soft Alcohol StarWind StarWindService exeC WINDOWS system svchost exeC WINDOWS system Tablet exeC Program Files Java jre bin jusched exeC Program Files hpq HP Wireless Assistant HP Wireless Assistant exeC Program Files ATI Technologies ATI Control Panel atiptaxx exeC Program Files Synaptics SynTP SynTPLpr exeC Program Files Synaptics SynTP SynTPEnh exeC Program Files iTunes iTunesHelper exeC Program Files CyberLink PowerDVD PDVDServ exeC WINDOWS system Rundll exeC Program Files Kaspersky Lab Kaspersky Anti-Virus avp exeC WINDOWS system ctfmon exeC Program Files Common Files Ahead lib NMBgMonitor exeC Program Files WIDCOMM Bluetooth Software BTTray exeC WINDOWS system WTablet TabUserW exec PROGRA WIDCOMM BLUETO BTSTAC EXEC Program Files iPod bin iPodService exeC WINDOWS system wscntfy exeC Program Files HPQ SHARED HPQWMI exeC Documents and Settings Isara Desktop HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Search Bar http ie redirect hp com svs rdr TYPE a n amp pf laptopR - HKLM Software Microsoft Internet Explorer Main Default Page URL http ie redirect hp com svs rdr TYPE a n amp pf laptopR - HKCU Software Microsoft Internet Connection Wizard ShellNext http www hp com go notebookaccessoriesO - BHO sosHlpr Class - C F - F C- C-ABCF-A B E F - C WINDOWS system kbdics dllO - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dllO - HKLM Run SunJavaUpdateSched C Program Files Java jre bin jusched exeO - HKLM Run hpWirelessAssistant C Program Files hpq HP Wireless Assistant HP Wireless Assistant exeO - HKLM Run ATIPTA C Program Files ATI Technologies ATI Control Panel atiptaxx exeO - HKLM Run SynTPLpr C Program Files Synaptics SynTP SynTPLpr exeO - HKLM Run SynTPEnh C Program Files Synaptics SynTP SynTPEnh exeO - HKLM Run Cpqset C Program Files HPQ Default Settings cpqset exeO - HKLM Run LSBWatcher c hp drivers hplsbwatcher lsburnwatcher exeO - HKLM Run IMJPMIG quot C WINDOWS IME imjp IMJPMIG EXE quot Spoil RemAdvDef Migration O - HKLM Run MSPY C WINDOWS system IME PINTLGNT ImScInst exe SYNCO - HKLM Run PHIME ASync C WINDOWS system IME TINTLGNT TINTSETP EXE SYNCO - HKLM Run PHIME A C WINDOWS system IME TINTLGNT TINTSETP EXE IMENameO - HKLM Run iTunesHelper quot C Program Files iTunes iTunesHelper exe quot O - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottimeO - HKLM Run RemoteControl quot C Program Files CyberLink PowerDVD PDVDServ exe quot O - HKLM Run NeroFilterCheck C WINDOWS system NeroCheck exeO - HKLM Run ATHC quot C Program Files Warcraft III ATH UPDATE exe quot --checkO - HKLM Run OFFICEKB C Program Files Labtec Desktop V kbdap a exeO - HKLM Run FLMOFFICE DMOUSE C Program Files Labtec Desktop V moffice exeO - HKLM Run Sysmppcv quot C WINDOWS system Rundll exe quot quot C WINDOWS system SysTdSvr dll quot StartO - HKLM Run SmCtrlDrv D XJOEPXT tztufn Svoemm fyf D XJOEPXT tztufn deoqsi emm TubsuO - HKLM Run AVP quot C Program Files Kaspersky Lab Kaspersky Anti-Virus avp exe quot O - HKCU Run ctfmon exe C WINDOWS system ctfmon exeO - HKCU Run ... Read more

A:I Got "trojan Program Trojan.win32.agent.abe" Need Help!

Welcome to the BleepingComputer HijackThis Logs and Analysis forum Vdox My name is Richie and i'll be helping you to fix your problems.Please download DrWeb-CureIt & save it to your desktop. DO NOT perform a scan yet.You should copy/print the following because you need to be in Safe Mode from here on.Reboot your computer into SAFE MODE" using the F8 method. To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".Scan with DrWeb-CureIt as follows:* Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.* Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.* Once the short scan has finished, Click Options > Change settings* Choose the "Scan tab" and UNcheck "Heuristic analysis"* Back at the main window, click "Select drives" (a red dot will show which drives have been chosen)* Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.* When done, a message will be displayed at the bottom advising if any viruses were found.* Click "Yes to all" if it asks if you want to cure/move the file.* When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable". (This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)* Next, in the Dr.Web CureIt menu on top, click file and choose save report list.* Save the DrWeb.csv report to your desktop.* Exit Dr.Web Cureit when done.* Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.* After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)--------------------------------------------------Please download Combofix and save to your desktop:Note: It is important that it is saved directly to your desktop Close any open browsers. Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the entire contents of C:\ComboFix.txt into your next reply. Note: Do not mouseclick combofix's window while it's running. That may cause the program to freeze/hang. Also post a new Hijackthis log please.

http://www.bleepingcomputer.com/forums/t/102515/i-got-trojan-program-trojanwin32agentabe-need-help/
Relevancy 66.22%

Split from and referred from http www bleepingcomputer com forums t infected-with-win rootkitagentodg-trojan Pasting in some contextual information from initial post OBI have recently been infected with the Rootkit mentionned in the title and I tried different programs to remove it without success spybot malwarebytes eset I am using Windows Vista and navigating with IE The trojan first appeared in a scan with Eset a couple weeks ago and it said it couldn't be removed I tried trojan Win32/Rootkit.Agent.ODG removing it with Malwarebytes and Spybot but it keeps reappearing sometimes eset or the other programs don't detect it I have to admit that it tried to use Combofix once but after it stalled on the first try I decided I evidently wasn't qualified enough to use it The only effect that I can see now is that it sometimes redirects me to other web pages But at the beginning I couldn't even use Google My computer never slowed down and internet is still otherwise working perfectly End of added material OBHere are the logs for DDS and the stealth object Rootrepeal log DDS Ver - - - NTFSx Run by Remi Goupil at on Internet Explorer Microsoft Windows Vista Ultimate GMT - SP Windows Defender enabled Updated D DDC A- Win32/Rootkit.Agent.ODG trojan F- FAE- E -DA C ACF Running Processes C Windows system wininit exeC Windows system lsm exeC Windows system svchost exe -k DcomLaunchC Windows system svchost exe -k rpcssC Windows System svchost exe -k LocalServiceNetworkRestrictedC Windows System svchost exe -k LocalSystemNetworkRestrictedC Windows system svchost exe -k netsvcsC Windows system svchost exe -k GPSvcGroupC Windows system SLsvc exeC Windows system svchost exe -k LocalServiceC Windows system svchost exe -k NetworkServiceC Windows System spoolsv exeC Windows system svchost exe -k LocalServiceNoNetworkC Windows system Dwm exeC Windows Explorer EXEC Windows system taskeng exeC Windows system taskeng exeC Windows system svchost exe -k bthsvcsC Windows System nvraidservice exeC Windows System rundll exeC Program Files ESET ESET Smart Security egui exeC Program Files Windows Sidebar sidebar exeC Windows System rundll exeC Windows ehome ehtray exeC Windows ehome ehmsas exeC Program Files ESET ESET Smart Security ekrn exeC Program Files NVIDIA Corporation nTune nTuneService exeC Windows system svchost exe -k NetworkServiceNetworkRestrictedC Program Files CyberLink Shared files RichVideo exeC Windows system svchost exe -k imgsvcC Windows System svchost exe -k WerSvcGroupC Program Files Common Files Microsoft Shared Windows Live WLIDSVC EXEC Windows system SearchIndexer exeC Program Files Common Files Microsoft Shared Windows Live WLIDSvcM exeC Windows System mobsync exeC Windows system svchost exe -k WindowsMobileC Windows system conime exeC Program Files Windows Media Player wmplayer exeC Program Files Internet Explorer iexplore exeC Program Files Internet Explorer iexplore exeC Users Remi Goupil Desktop RootRepeal exeC Windows system SearchProtocolHost exeC Windows system SearchFilterHost exeC Program Files Internet Explorer iexplore exeC Windows system SearchProtocolHost exeC Users Remi Goupil Desktop dds scrC Windows system wbem wmiprvse exe Pseudo HJT Report uStart Page hxxp www google ca BHO Adobe PDF Reader Link Helper e f-c d - d -b d- b d be b - c program files adobe acrobat activex AcroIEHelper dllBHO Spybot-S amp D IE Protection - f - d - - d f - c progra spybot SDHelper dllBHO C C A-E - b - D - CECB - No FileBHO SSVHelper Class bb-d f - c-b eb-d daf d d - c program files java jre bin ssv dllBHO Windows Live ID Sign-in Helper d - c - abf- ecc- c - c program files common files microsoft shared windows live WindowsLiveLogin dlluRun Sidebar c program files windows sidebar sidebar exe autoRunuRun NVIDIA nTune c program files nvidia corporation ntune nTuneCmd exe clearuRun ehTray exe c windows ehome ehTray exemRun CTXFIREG CTxfiReg exemRun NVRaidService c windows system nvraidservice exemRun Kernel and Hardware Abstraction Layer KHALMN... Read more

A:Win32/Rootkit.Agent.ODG trojan

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.??If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine.??Please perform the following scan:Download DDS by sUBs from one of the following links.??Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool.??No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note:??You may have to disable any script protection running if the scan fails to run.??After downloading the tool, disconnect from the internet and disable all antivirus protection.??Run the scan, enable your A/V and reconnect to the internet.??Information on A/V control HERE

http://www.bleepingcomputer.com/forums/t/254401/win32rootkitagentodg-trojan/
Relevancy 66.22%

hello,
i am new to trying to remove security problems myself, but i am desperate for help. i came across this site while searching for a way to remove this trojan virus from my computer. i would be eternally grateful for any assistance. i ran my antivirus software (zone alarm) and was told that i must manually remove trojan.win32.agent.abf. unfortunately, i have NO idea where to start.

again, i would be so very grateful for any help you all can give me.

thanks in advance.

Allison