Computer Support Forum

Re: Win32/BHO.NMK or NMG or NMD Trojan/ Moved

Question: Re: Win32/BHO.NMK or NMG or NMD Trojan/ Moved

Sorry for the delay and thanks for the very useful information. I deliberately avoided connecting to the internet after I read your first massage. You see I?m less than a beginner in this technology and I just hoped for an easy advice, like to be instructed how to delete some registry-keys or running processes, as I saw in similar situations. What you suggested sounded too complicated to me and frightened me off. Sorry again for wasting your time. I will certainly follow your final recommendation and re-format my computer. By the way, since you?re so kind, I have a couple of last questions. Do you think it is safe to transfer everything to my external hard disc, or should I use a DVD? And how safe is a free or cracked antivirus software (I use NOD32) in comparison to a paid one?

Relevance 100%
Preferred Solution: Re: Win32/BHO.NMK or NMG or NMD Trojan/ Moved

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Re: Win32/BHO.NMK or NMG or NMD Trojan/ Moved

As no logs are posted and your previous topic here: http://www.bleepingcomputer.com/forums/t/202079/win32bhonmk-or-nmg-or-nmd-trojan/ is closed, I am moving this out of the HiJack This forum to the Am I Infected forum.Do you think it is safe to transfer everything to my external hard disc?Unlikely. Someone else can provide more specifics but assume any program file has been compromised and should not be transferred.And how safe is a free or cracked antivirus software (I use NOD32) in comparison to a paid one?To answer the second part first, ANY and ALL cracked software is dangerous to acquire if not use....the University of Washington study on spyware...warez/piracy sites ranked the highest in downloading spyware...just opening the web page usually sets off an exploit, never mind actually downloading anything. And by the time the malware is finished downloading, often the machine is trashed and rendered useless.University of Washington spyware studyIf you use those kind of programs, be forewarned that some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, these sites are infested with a sm?rg?sbord of malware. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.----------Free programs is another story. You do need to be certain that you have a good program and not a rogue. Fortunately, we have a topic here at BC that lists several free programs recommended and used by our members here. You can find them here: http://www.bleepingcomputer.com/forums/topic3616.html You may also wish to peruse this forum http://www.bleepingcomputer.com/forums/f/25/antivirus-firewall-and-privacy-products-and-protection-methods/ in which people discuss various security programs. Just remember that what works well on one computer may not work well on another.Orange Blossom

2 more replies
Relevance 68.06%

Can someone help me?
Whenever i open my computer, there are always two viruses that avast detects. They keep coming back. I have ran a full scan using SAS and it detected 10 threats. I've removed them. And after that, i ran a full scan again using SAS and MBAM but they have detected no threats. Still, the avast keeps saying that there are two viruses (always the same viruses).
What should I do?

Answer:Win32: trojan-gen (other) [Moved]

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

2 more replies
Relevance 68.06%

I downloaded a number of virus's and cannot remove them. I use Kaspersky anti virus.

For some reason they have been postponed in my system. Assuming the virus has control of the computer.

As of 8/27 the following were indicated in my computer:

Trojan.Win32. Fraudpack.rcj
Trojan.Win32. BHO.whc
Trojan-Spy.Win32.Zbot.aaof

I have tried to run the Malwarebytes antimalware software but it will not start.

A colleague at work suggested run a scan with Hijack this, i have also run a DDS log.

Hopefully someone can help me.

Thanks in advance!

John

Answer:Trojan.Win32 [Moved]

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

1 more replies
Relevance 67.24%

Hi,

About a week ago, just as I was about to go on vacation, my computer suddenly started acting up (I first noticed it on July 3rd). About half the time, Google would take me to a website completely different from the one I clicked on, I could not get to certain websites at all, I could not attempt to update from IE7 to IE8 as the Windows Update page kept coming up not found no matter how I tried to get to it, and I could not do a System Restore. I ran my anti-virus (provided by my ISP, Telus). It runs once a week automatically and finds nothing. This time, it found multiple viruses and told me I needed to restart.

When I restarted, the anti-virus and anti-spyware modules could no longer run. I ended up re-installing the whole Telus Security package and running the anti-virus module again. This time it said it had found a virus, Trojan.Win32.FraudPack.pgt, in the file C:\WINDOWS\Temp\tempo-274469046.tmp and deleted it. Apparently all it did was delete that one file which started all the trouble because my computer was still exhibiting all the same symptoms. Google clicks were still redirected, etc.

I called Telus and they had me reset everything in Explorer (clear history and cookies, go to Advanced, click on Restore Advanced Settings and Reset...

This has (as far as I can tell) helped with the redirected searches and other web issues, but I still cannot do a System Restore which makes me believe that the underlying problem is still there.

I canno... Read more

Answer:Trojan.Win32.FraudPack.pgt [Moved]

Hello, using system restore may stop that one, but not kill it and may restore an older one. We will fix that last..Let's see if we can find something.Next run MBAM (MalwareBytes):NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to ... Read more

13 more replies
Relevance 66.42%

Hello everyone!On Friday night my NOD32 popped up saying I had an incoming threat.The file: [url=http://lafixhex.cn/soft.exe]http://lafixhex.cn/soft.exe[/url]The threat: Win32/Kryptik.WC trojanI started up Rootkit to see if I could discover anything that should be there.Several appeared under the HKEY_LOCAL_MACHINE...Software...Microsoft...etc.However Rootkit froze and when I reopened it all these had disappeared.However my NOD32 pops up with the same threat ever half an hour several times.I terminate it and it still comes back.Any help would be much appreciative.Thanks.

Answer:Trojan/Rootkit/Win32/Nod32 [Moved]

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

1 more replies
Relevance 66.42%

I need help removing Win32.Banker.FS Trojan.SpyAgent.DA from my computer. I've tried every automatic spyware/adware removal tool I can think of and nothing touches it. Please help.

Answer:Win32.Banker.FS Trojan.SpyAgent.DA/ Moved

As no logs have been posted, I am moving this from the specialized HiJack This forum to the Am I Infected forum. ~ OB

2 more replies
Relevance 66.42%

Hi,

Need help with this one!
have not been able to run HJT, malwarebytes or tendmicro housecall or anything other than avira that doesnt get rid of it.

Having read the posts on this topic and the replies from fenzodahl512 have tried to get through step 1. Turned off windows firewall, stopped avira antivirus and windows defender but comedian.exe didn't start up.

What can I do If I can't open up any programs to get the ball rolling??

Cheers
Dave

Answer:trojan dowloader win32/renos.io [Moved]

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

4 more replies
Relevance 66.42%

hey i would really like someone to explain to me how to remove PWS:Win32/VB.HE trojan from my computerevery time i start up windows xp this is displayed by windows live onecarehttp://img194.imageshack.us/img194/488/passwordstealer2.pngi searched google for how to remove this and downloaded and installed spyware doctor to try and remove this but this had no effect (although it did discover several other malware and spyware on my computer that windows live onecare missed) i tried opening the file that onecare said was the problem (msnmsgr.exe) and deleting it and the whole folder it was in but the next time i startup its there againhere is some information microsoft has to say about this trojanhttp://www.microsoft.com/security/portal/E...3aWin32%2fVB.HEany help is very welcome thanks

Answer:PWS:Win32/VB.HE trojan removal HELP NEEDED [Moved]

Hello,

I am moving this topic from the Windows XP forum to the Am I Infected forum where your questions can be addressed.

Orange Blossom

9 more replies
Relevance 66.42%

It looks like the Norton logo. Won't let me access the web. The "virus" tells me I have Trojan.win32.agent.azsy. I have to do this in safe mode with networking. This is a work computer and many people have access to it so I can't pin down where it came from.. We were using SpyHunter and it didn't pick this up. Will someone help me get rid of this virus? Thanks in advance!!

Skryber

Answer:Trojan.win32.agent.azsy [Moved]

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

5 more replies
Relevance 66.01%

I am new here and very clueless with computers, so I apologize if this is a mess...

It seems that on Thursday I somehow got the the Virus Removal 2009 virus on my laptop. I have Windows XP, with IE7. I downloaded Avast and it isolated a bunch of issues, which I moved to its "virus chest"

I thought the virus(es) were removed as the pop-up that comes with the VIrus Remover 2009 had stopped appearing. Then yesterday, my husband was unable to connect to our google homepage. The computer kept redirecting him to crazy websites. Today I can't even connect to the internet (I am on my mother's laptop right now). Upon start-up, I receive this message

"RUNDLL error The loading dl32 specified module could not be found"

I attempted to run Avast again this morning and the only infection it found was "Win32 Trojan-gen (other)" which I moved to the avast Virus Chest.

I am at a loss what to do from this point on. I did try to follow some directions for the manual removal of Virus Removal 2009, but any of the files or registry keys it tells you to look for aren't present, so I am guessing this is a different virus?

As you can probably tell, I am clueless with this stuff, so I apologize for leaving out basic info you may need to assist. Please let me know what I should try or other tips to provide you with the info you need.

Thank you.

Answer:Virus Remover 2009 / Win32 Trojan ?/ Moved

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.PLEASE DO NOT NOW POST LOGS unless a log is specifically requested.

8 more replies
Relevance 65.19%

Good day!

Yesterday while doing some browsing I downloaded a some files from a location I deemed safe but alas I was paid for my na?vet?. Without warning the computer shut down and I realized the greeks where inside the walls so to speak. It became impossible to boot Windows and upon completing the "loading" screen the computer would simply reboot. Safe mode didn't work so I downloaded and used Kaspersky's Rescue Disk to try and fix the problem. Kaspersky found ~5 files infected with Trojan.Win32.Agent2.Hoc and deleted them (if you want their names I should have a log lying around somewhere) but the problem remained and I still haven't found a remedy. From what I've read I gather the problem also remains in the registry and still affects the start up but how to fix it I do not know.

After browsing the web for several hours, having tried messing around with the Hirens Boot Disk and admitting defeat I submit myself to you and your knowledge, ladies and gentlemen.

If you choose to assist me in this matter I would truly be very greatfull.

Many thanks,

Carl Edward

Answer:Infected with Trojan.Win32.Agent2.Hoc - Cannot boot Windows! [Moved]

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

7 more replies
Relevance 65.19%

I' m using Kaspersky antivirus in a win XP system, and this program has found two virus with this description: HEUR: trojan.win32.invader I've tryed to quarentine them, like the program indicates me to do, after I tryed to clear the infested arquives and also tryed to delete than manualy, but always kaspersky says to restart the PC ans when I do it, kaspersky continue to alert the same problem.

this is the local adress where the archive is: c:\program files\GBplugin\gbiehcef.dll

what can I do to solve it?!

thanks for the patience, I'm not so good with this language

Answer:HEUR: trojan.win32.invader - I cannot clear or quarentine this!/ Moved

I am shifting this topic from the XP forum to the Am I Infected forum where folks can assist you with this issue. ~ OB

2 more replies
Relevance 63.14%

Hi,It seems that I have trojan activity on my home pc.I am running Vista and when I log in to my user profile I get a blue desktop with a box saying 'Warning! Spyware detected on your computer! Install an antivirus or spyware remover to clean your computer'I have tried a few malware removal programs, Malwarebytes, CCleaner, Adaware and ran virus scans in an attemp to try and remove it myself without bothering you guys but I just can't shift it, so I'm hoping you may have the time to help?What I have noticed is that I only get these warnings when I am logged into my user profile, not as administrator or as another user on the pc. I also get no warnings when running in safe mode.I run Avast and that brings up a warning soon after the blue desktop comes up that points to infection with C:\Users\Guy\AppsData\Local\Temp\tt991.tmp.vbs. The numbers/letters after the tt (in this case 991) change each time I log in. It also states Malware Name: VBS:Malware-gen, Malware Type: Virus/Worm, VBS verison 080805-0,08/05/08 which I try and delete from the warning box.I then am greeted with a windows script host message box that will say the above file (tt991.tmp.vbs) failed (Access Denied).I also regularly get Windows security alert message boxes come up on the screen saying that Windows Firewall has detected activity of harmfull software with mention of one of many trojans. These have been:Trojan-Clicker.Win32.Tiny.hTrojan-Downloader.Win32.Agent.bqTrojan... Read more

Answer:Vbs:malware-gen - Trojan-clicker.win32.tiny.h, Trojan-downloader.win32.agent.bq, Trojan-spy.win32.keylogger.aa

Hi,I am hoping you can help me.My computer keeps telling me it is infected with spyware/malware. I get a blue desktop on startup with regular warnings saying the computer is infected with:Trojan-Clicker.Win32.Tiny.hTrojan-Downloader.Win32.Agent.bqTrojan-Spy.Win32.KeyLogger.aaTrojan-Spy.Win32.GreenScreenTrojan-Spy.HTML.Bankfraud.dqStrange thing is that these only show up when I log in to my user account. If I log in as administrator, another user or as any user in safe mode I get no warnings and nothing shows up on scans.The pop up warings direct me to this site: www.antispyware-review.info/?wmid=46638&pwebmid=uWfLn0pimL&a= which is Smartsoft reviews to buy PC Antispy or PC Clean pro.Malwarebytes scan picks up Fake.Dropped.Malware, Malware.Trace, Trojan.FakeAlert and Hijack.Wallpaper and even if I remove these and restart the PC they come back.A spybot scan pointed to 2 entries of VirtumondeI'll attach the latest HJT log, Malwarebytes log and Spybot logs in case you need them. Please help me with this, I cant seem to shift it Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:54:34 AM, on 8/7/2008Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\Windows\RtHDVCpl.exeC:\Program Files\Ado... Read more

5 more replies
Relevance 61.09%

Hi, here is my problem. Everytime I download some movies or other things by opening my computer overnight, it must pop out a error window said:-C:\Documents and setting\KkianN\Desktop is not accessible.Not enough quota is available to process this command.The icons only left on my screen were My computer,my network places and Internet explorer. When I refresh my computer, it came out the same message again.(this problem was occured when I opened my computer overnight by using Thunder5 this software to download things)When I tried to shut down, a message said You do not have permission to shut down this computer.When I tried to use windows task manager to shut down,once i click Ctrl+Alt+Del, an application error message came out said:-This application failed to initialize properly(0xc000012d). Click on OK to terminate the application.Then I just can reset my computer.Actually I have posted in BleepingComputer.com > Security > Am I infected? What do I do? there.Then I followed the instruction in "Preparation Guide For Use Before Posting A Hijackthis Log". Unfortunately,i can't finish all the steps there. For step 4, I can't remove win32.generic.pws,win32.trojan.psw.delf and Win32.trojan.pws.onlinegames by using Ad-aware 2007. While scanning by using spybot,it stuck while scanning.After that suddenly pop out a window said:-Spybot-Search and destroy has detected an important registry entry that has been changed. Category: System Startup global entr... Read more

Answer:Infected With Dropper.agent,logger.pcap.a,win32.generic.pws,win32.trojan.psw.delf And Win32.trojan.pws.onlinegames

Hello, I had reformatted my computer since it could not open and stuck in the welcome window few days ago. So, now my computer is alright..thanks for viewing and trying to help me to fix the problem.

1 more replies
Relevance 60.68%

After start the laptop, (hidden) host.exe is consuming a lot of resources until crash. I can see and kill it with procesexplorer from Sysinternals.
I can't activate Windows Firewall, Malwarebytes show an error at coomputer start up and more...

When I start GMER it shows an error, it is attached.

Here the logs of DDS and GMER:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_23
Run by sebastian at 16:41:18 on 2012-03-19
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.54.1033.18.2925.1107 [GMT -3:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Program Files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.ex... Read more

Answer:trojan-Dropper.win32.injector.ciwr | trojan.win32.agent2.faav | Virus.Win32.ZAccess.q

Hello sebamobile, Welcome to Bleeping Computer.
My name is fireman4it and I will be helping you with your Malware problem.

Please take note of some guidelines for this fix:
Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
I will be analyzing your log. I will get back to you with instructions.

14 more replies
Relevance 60.68%

hi , kaspersky scan(included at the end ) came up with a few infections, please help me with removal logs:Logfile of random's system information tool 1.04 (written by random/random)Run by Yanai Michael at 2008-12-14 13:16:05Microsoft Windows XP Home Edition Service Pack 3System drive C: has 4 GB (9%) free of 53 GBTotal RAM: 1526 MB (53% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 13:16:16, on 14/12/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\ibmpmsvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\Program Files\Microsoft LifeCam\... Read more

Answer:got Trojan.Win32.Agent.asvc Trojan-GameThief.Win32.Magania.amrr Worm.Win32.AutoRun.trh

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. After it has finished, two logs will open. Please post the contents of both. log.txt will be maximized and info.txt will be minimized. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. Thank you for your patience.If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instructed to do so! Let me know if any of the links do not work or if any of the tools do not work. Tell me about problems or symptoms that occur during the fix. Do... Read more

7 more replies
Relevance 58.63%

Hi,Please help me in getting rid of the pop ups which keep coming up.trojan downloader win32 agent bqtrojan clicker win32 tiny htrojan spy win32 key logger.aatrojan spy win32 green screentrojan spy html bankfraud.dqHijakThis log file.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 15:00:40, on 9/8/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Hewlett-Pac... Read more

Answer:Infected With Trojan Clicker Win32 Tiny.h / Downloader Win32 Agent Bq / Spy Win32 Key Logger.aa/spy Win32 Green Screen / Html B...

Sorry for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:Preparation Guide For Use Before Posting A Hijackthis LogPlease also post the problems you are having.

1 more replies
Relevance 58.63%

hello. sorry about this mess. im afraid i dont really know what im doing. my nephew asked me to help get rid of a red circle with a white cross telling him he had spyware but its turned into something much worse. he only used windows firewall and nothing else saying he only uses world of warcraft and msn and music and doesnt surf the web!! i tried to scan with avg but it was aborted and the windows firewall was continually turned off no matter how many times i put it on. tried other antivirus progs but all were turned off. eventually i managed to do online scan on microsoft safety centre and deleted quite a few v high threat trojans but many unable to clean. i also ran sophos rootkit and nearly gave myself a heart attack - 938 hidden things that recommend not to clean. i resorted to you now. i followed the tutorial for posting hijack this and here are the resultskaspersky report for critical areas--------------------------------------------------------------------------------KASPERSKY ONLINE SCANNER 7 REPORT Saturday, November 29, 2008 Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Saturday, November 29, 2008 12:40:36 Records in database: 1426420--------------------------------------------------------------------------------Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yesScan area - Critical Areas: C:\Do... Read more

Answer:win32/alureon.gen, win32/Eldycow.en!A, win32/Small, win32/Olmafik, winNT/Xantvi.gen!A, Trojan-Game Thief and more

i think i have sorted this. i ran SDFix which cleaned up enough for me to install antivirus. avast caught lots of trojans and i have now been able to onlinescan and spybot s/d etc. all logs now coming back clean so can u delete this post please

3 more replies
Relevance 58.63%

Hello,My computer became infected last night, and It's pretty bad. I became infected with Infected: Trojan:Win32/Alureon.BT, Win32:Jifas-CY, and the others listed (maybe more). Long story short, I'd just watched Harry Potter on dvd, and logged onto the computer to see who he married in the end. I ended up at a Harry Potter encyclipdiea website, and looked it up. Avast went nuts after a few minutes, and showed 4 different virus alerts, and Windows Defender showed 1 as well after I shut down.The virus listed by Defender was Trojan:Win32/Alureon.BT. Avast listed Win32:Jifas-CY, I didn't get the others in time.The last 2 I listed in the title, a "security center alert" claimed it detected these programs trying to acess the internet. It listed one more, but I didn't get it's name in time.I know Alureon is a downloader and backdoor for other viruses, and it basically shuts down security systems, which it's trying to do since windows now thinks I have no anti-virus installed.All of these trojans are listed as "server" and "high risk." I'm not sure a root kit didn't try to make it's way in too.EDIT: I wanted to add a few things in. First, I have XP SP3 set up with multiple accouts, one admin "owner" account and then 1 limited access "user" account. The Viruses came in while the user account was logged on (I am not dumb enough to connect to the internet with an admin account). It seems the Viruses we... Read more

Answer:Infected: Trojan:Win32/Alureon.BT, Win32:Jifas-CY, Backdoor.Win32.Kbot.al, Net-Worm.Win32.Mytob.t

Hello again.I booted into Safe Mode and ran an Avast scan (which took forever) and it was a waste of time. The stupid thing found nothing wrong, and said the system was clean (which is the opposite it says when you log into the limited user account). The computer (and specially that account at least) is definitely infected. Could the viruses be hiding themselves when in safe mode?Should I scan from a Pre-install environment like BartPE? Or from the Regular "Owner" Admin account? I waited 2 days for the stupid program to scan 700gb (painfully slow for a qaud core, though to be excepted in safe mode), and it was useless.Other than running windows defender (which I'm doing now), and maybe trying MBAM, I'm not sure what to do. I'm not expect enough to dive into programs like OTViewIT and Combofix, so I'll need help here. Please, ANY HELP is appreciated. I would rather NOT wipe the drive and reinstall the whole system, but I need to get this figured out.Does no one have any ideas???

5 more replies
Relevance 58.22%

KASPERSKY ONLINE SCANNER 7 REPORTSaturday, November 29, 2008Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)Kaspersky Online Scanner 7 version: 7.0.25.0Program database last update: Friday, November 28, 2008 18:35:48Records in database: 1424124Scan settingsScan using the following database extendedScan archives yesScan mail databases yesScan area My ComputerC:\D:\E:\F:\Scan statisticsFiles scanned 94300Threat name 4Infected objects 4Suspicious objects 0Duration of the scan 02:45:29File name Threat name Threats countC:\Documents and Settings\All Users\Application Data\FreeApp.exe Infected: Trojan.Win32.Agent.arng 1 C:\Qoobox\Quarantine\C\Program Files\tinyproxy\tinyproxy.exe.vir Infected: Trojan-Proxy.Win32.Agent.bcw 1 C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\winse32.exe Infected: IRC-Worm.Win32.Small.x 1 C:\WINDOWS\bolivar24.exe Infected: Backdoor.Win32.Agent.ubx 1 The selected area was scanned.----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Logfile of random's system information tool 1.04 (written by random/random... Read more

Answer:Infected: Trojan.Win32.Agent.arng, Trojan-Proxy.Win32.Agent.bcw, IRC-Worm.Win32.Small.x, Backdoor.Win32.Agent.ubx

Hello and to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any scr... Read more

4 more replies
Relevance 58.22%

Few days ago I had the following viruses:

win32/trojan downloader.ISTbar.EN trojan
win32/trojan dropper.bridge.A trojan

My NOD 32 detected and deleted everything infected, but since then everytime I surf the net a lot of pages display the following:

"Your current security settings prohibit running ActiveX controls. As a result the page might appear uncorrectly."

I tried altering the security settings in the explorer but it doesn't help.

Any ideas would be appreciated.
 

Answer:win32/trojan downloader.ISTbar.EN trojan; win32/trojan dropper.bridge.A trojan

"Your current security settings prohibit running ActiveX controls. As a result the page might appear uncorrectly."
Do they run incorrectly? I mean does the page that flashes that notice appear normally?
 

1 more replies
Relevance 57.81%

I have done all the requirments you have asked for scanning and removing viruses and spyway before writing this topic. Unfortunatley without success.They are the following: BrowserModifier:Win32/Fotomoto, Trojan:Win32/Virtumonde.O and Trojan:Win/Conhook.DI have used the following to try and fix the problems, but yet again without succes: System Mechanic 7, Windows defender, ad-aware se personal, Symantec, Spybot, Windows Live OneCare, Spyware Doctor, Stinger, and AVG.In the end i still have the same problem. Windows Defender and Windows Live OneCare repetedly detect and remove these infections and it comfirms removal. Yet they keep on appearing. In System Mechanic there is i file i found that is running but it says it is dangerous for my system and it forms part of virtumonde, it is the following: geeba.dll but i cannot remove or delete it.Here is the log that i just ran with Trend Micro HijackThis- v2.0.2Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:07:01 PM, on 9/9/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS�... Read more

Answer:Trojan:win32/virtumonde.o, Browsermodifier:win32/fotomoto, Trojan:win32/conhook.d

Download the latest version of ComboFix from Here to your Desktop.Double click combofix.exe and follow the prompts.When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next replyNote: Do not mouseclick combofix's window while its running. That may cause it to stall

4 more replies
Relevance 57.81%

please help me....idk what to do....i've removed a lot of other things that were on here but my nod32 didnt detect the following infections.....what can i do next to get rid of all this stuff? and i also have a file called fdccffbffbd.dll that keeps showing up...and i cant delete it....thank you..........and happy thanksgiving*KASPERSKY ONLINE SCANNER 7 REPORT*Wednesday, November 26, 2008Operating System: Microsoft Windows XP Home Edition Service Pack 3(build 2600)Kaspersky Online Scanner 7 version: 7.0.25.0Program database last update: Wednesday, November 26, 2008 09:59:47Records in database: 1418243*Scan settings*Scan using the following database extendedScan archives yesScan mail databases yes*Scan area* My ComputerA:\C:\D:\*Scan statistics*Files scanned 101537Threat name 5Infected objects 14Suspicious objects 0Duration of the scan 03:13:31*File name* *Threat name* *Threats count*C:\RECYCLER\S-1-5-21-1951078608-3892172462-226310285-2436\service.exeInfected: Trojan.Win32.Inject.klc 1 C:\WINDOWS\E9799D51180EBCF428C0E71E5EC4E.exe Infected:Trojan.Win32.Qhost.kng 1 C:\WINDOWS\system32\217a4f513bda8c39391806b701df2f85.TMP Infected:Worm.Win32.AutoRun.sqi 1 C:\WINDOWS\system32\2efb3b0a17c581a7bec8fd94826f0358.TMP Infected:Worm.Win32.AutoRun.sqi 1 C:\WINDOWS\system32\76690fc87fd1453bc483de47389e1230.TMP Infected:Worm.Win32.AutoRun.sqi 1 C:\WINDOWS\system32\979e69aafdc832e6... Read more

Answer:Worm.Win32.AutoRun.sqi, Trojan.Win32.Inject.klc, Trojan.Win32.Monder.zfd

bump

19 more replies
Relevance 57.81%

It started with a backdoor virus which I removed. Next, Windows Defence popped up so I removed it. Then Security Suite popped up so I removed it. Now I have the following:Trojan.Win32/Hiloti.gen!DTrojan.Win32/Tibs.JLTrojanSpy.Win32/UrsnifWhen in normal mode sometimes I can get on the internet and other times I cannot. Last night I got online and it wouldn't let me close the browser. I could navigate to different websites but at the bottom it just kept showing new websites were loading and usernames, none of which actually loaded. I am now in safe mode with networking capabilities. I tried to download Microsoft Securities virus scan prior to coming here and it said I did not have administrative rights to do so; however, I downloaded all the things in your preparation guidelines without a problem.I am a novice computer user at best so please keep that in mind with your instructions. Thanks!DDS.txtDDS (Ver_10-03-17.01) - NTFSx86 NETWORK Run by Alicia at 7:59:22.59 on Mon 09/06/2010Internet Explorer: 8.0.6001.18943Microsoft? Windows Vista? Home Basic 6.0.6002.2.1252.1.1033.18.2037.954 [GMT -7:00]AV: Symantec AntiVirus *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}SP: Symantec AntiVirus *enabled* (Updated) {6C85A515-B91D-4D2B-AF18-40984A4A8493}SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\... Read more

Answer:Trojan.win32/Hiloti.gen!D, Trojan.win32/Tibs.JL, TrojanSpy.win32/Ursnif

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

3 more replies
Relevance 57.81%

Hi, I?m a newbie and this is my first post. Thanks ahead of time for existing and for helping me!My computer is an HP,AMD Athlon 64x2, 1.0GB RAM, WIN XPsp2 desktop with lots of virus/Trojan/adware/malwareNot sure where they all came from but the surfing the web for fantasy football stuff yesterday morning and landing on www.athlonsports.[com] or www.grogansports.[com] was the final virus that started me crashing and generating the wonderful ?Error Message: Stop c000021a {Fatal System Error} The Session Manager Initialization System Process??After failing to reboot multiple times and not being able to use my XP recovery disks, the computer loaded up somehow in Normal Mode. I disconnected from the Internet and I ran Avast! Antivirus before it crashed again and it found the following virus/etc.Found by Avast! AntivirusJS:Redirector-B[Trj] in a temporary internet fileWMA:Wimad[Drp] in a temporary internet fileWin32:Monder-GB[Trj]? in ?c:windows\system32\opnmlccs.dll? file?Win32:Trojan-gen{Other}? in ?c:\Windows\system32\prunnet.exe? file ?Win32:adware-gen[Adw]? in a program that came with computer that I?ve never used: C:\program files\online services\peoplepc\isp5900\branding\ppal3ppc.exe\$instdir\ppcttoolbar.dllI deleted/quarantined those viruses and tried to do a system restore to a couple days before and it wouldn't let me do it although I had just saved a system restore on 12/31. And t... Read more

Answer:Win32:Monder-GB[Trj], Win32:Trojan-gen{Other}, Adware.PopCap, Trojan.Vundo, Trojan.Agent and more

Seneka Rootkit Please read this post by Quietman7http://www.bleepingcomputer.com/forums/ind...t&p=1074915and tell us how you want to procedeYou might want to procede with a partial cleanup so you can finish backing up those pictures

6 more replies
Relevance 56.17%

I have an F-Secure internet security software suite on this computer, and it is up-to-date and functioning. I also have MalwareBytes (free) installed and have been running it regularly, and I use the ESET Online Scanner as well. The OS is Windows XP, and it is up-to-date.About three weeks ago I cleaned around three trojans from this computer using MBAM and the online scanner. A few days ago, Adware.Win32.WebHancer.x was found by F-Secure, and is currently quarantined. Today, several instances of the two Trojan-Spy programs were found and quarantined by F-Secure; they infect system files and system restore files. I already looked up information on cleaning the system restore files by stopping and restarting system restore (and scanning inbetween). I deleted the quarantined files.All of the Spy-Trojan's found are infecting in C:\hp\recovery\wizard\fscommand\. The file names are:AppRecoveryLink_ret.exeCDLogic_ret.exeCreatorLink_ret.exeRestoreLink_ret.exeRTCDLink_ret.exeRunLink_ret.exeSysRecoveryLink_ret.exeWizardLink_ret.exeThe Adware infected a .dll file, and I was advised not to delete it.CDLogic_ret.exe is Agent.bdzz; the rest are Agent.beafI have run my antivirus, MBAM, and the online scanner again and they picked up nothing. Also, the Adware and Trojan-Spy's were all found during MBAM scans, but F-Secure picked them up.I have attached a HiJackThis log and a DDS log; GMER froze my computer partway through the scan when I used it. I have ran a... Read more

Answer:Infected with Trojan-Spy.Win32.Agent.bdzz, Trojan-Spy.Win32.Agent.beaf, and Adware.Win32.WebHancer.x

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 54.94%

The pandascanner has been scanning for more than 3 days straight, and has only reached 29%? And i doesn't have an especially large computer.
Is it normal?????
I have found the Trojans "Trojan.win32.monder.gen" and "Trojan.win32.Dialer.hh"
If it is normal or there is nothing you can do just dont answer this thread, and i will wait until the scan is done.

More replies
Relevance 54.94%

I'm apparently infected with these trojans and they're in quarantine I believe, I can't delete them or remove the folders they're in from my system because I don't have permission to do so. My computer also seems to freeze and slow down a lot after browsing on the net or just working on the computer in general after an hour or two.

I won't be able to post a Panda scan since their scanner isn't compatible with Vista.


Quote:




Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-08-29 00:58:32
Platform: Windows Vista (6.00.6000)
MSIE: Internet Explorer (7.00.6000.16386)

Running processes:
C:\Windows\System32\taskeng.exe
C:\Windows\explorer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Windows\sttray.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Users\Kosta\Desktop\dss.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\dllhost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ca.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ca.rd.yahoo.com/customize/ie... Read more

Answer:Computer slows down:NOD32 detects Win32/Trojan and Win32/SpyAgent Trojan

*bump

2 more replies
Relevance 54.94%

It attacked IE first. I used Ad-Aware and CCleaner. It seemed to go away. Then it came back and attacked Firefox. I used Malwarebytes' Anti-Malware in conjunction with Ccleaner and it wouldn't go away. After every use, there would still be another DLL file to find and destroy, even if Malwarebytes' Anti-Malware said it was successful. Often the files that returned were different DLLs then before.I have no Window's Explorer due to this infection. Managed to run tasks anyway and found you guys on google when I entered in a DLL file name that I had originally found while scanning. I can't recall the name of the offending DLL... Ran the Kaspersky Scanner, and the Highjack This Scanner. All results are posted below. KASPERSKY ONLINE SCANNER 7 REPORTSaturday, December 6, 2008Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)Kaspersky Online Scanner 7 version: 7.0.25.0Program database last update: Saturday, December 06, 2008 03:47:06Records in database: 1439820Scan settingsScan using the following database extendedScan archives yesScan mail databases yesScan area Critical AreasC:\Documents and Settings\All Users\Start Menu\Programs\StartupC:\Documents and Settings\Kienzle\Start Menu\Programs\StartupC:\Program FilesC:\WINDOWSScan statisticsFiles scanned 112172Threat name 2Infected objects 2Suspicious objects 0Duration of the scan 01:05:54File name Threat name Threats countC:\WINDO... Read more

Answer:Infected; Trojan.Win32.Agent.asjk, Trojan.Win32.Monder.aane

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I may ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.Please download ComboFix from one of these locations:Link 1Link 2Link 3Important!You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Make sure that you save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow... Read more

19 more replies
Relevance 54.53%

Hi,I'm running Windows XP - Internet Explorer v. 6.00, SP3. Yesterday Avast alerted me to a virus on my computer (I neglected to write down the exact message). At the time, only Gmail was open and an email was being written. I've had some issues with Avast occasionally reporting a false positive, and since nothing was being downloaded at that time, I took no action with Avast. Instead, I immediately did a Quick Scan with MalwareBytes to see if it would find anything. MalwareBytes found and deleted the following: C:\Documents and Settings\HP_Owner\application data\Sun\Java\deployment\cache\\6.0\44\61b86cac-3c0c0928Trojan.FakeAlert.VGenC:\Documents and Settings\HP_Owner\local settings\temp\0.506697477033.exeTrojan.FakeAlert.VGenA second MalwareBytes scan was clean.I looked "Trojan.FakeAlert.VGen" up on Google and then it clicked: for the past few days, Adobe Flash Player has been crashing an awful lot. When it crashes (on Youtube, for example), it tells me the program is out of date and needs to be updated. The weird thing was that sometimes it worked for a while before it crashed, but I dismissed that as being some strange computer quirk. I went to the Adobe web site and tried to install the newest version of Flash Player, but was unable to. I feel foolish, but it never even occurred to me that a virus could be to blame. It concerns me that (assuming the Adobe Flash Pla... Read more

Answer:Trojan.FakeAlert.VGen, SpyInstall_HPPre.exe, Win32: Mirc-z [PUP], Win32: Kill App-W [PUP] & Win32: Agent-AMXO (Trj)

Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList last 10 Event Viewer logList Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform quick scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here.Be sure to restart the computer.The log can also be found here:C:\Document... Read more

13 more replies
Relevance 54.12%

So, this is a newer netbook, almost 8 months old, i dont know how i got these because i have had anti-virus runing from day one

Anyway it all started when i was on facebook it just went to a diffrent page and i never clicked on anything, then MS security center popped up saying everything was infected, and kept tellin me that i didnt have an antivirus program and i coudlnt do anthing thing but keep going to this ADD to buy one... Which was odd because Avast was running. I opend avast and did a quick check and found the first one Dracur_c, But when i tied to do the the action to mvoe to chest it was telling me that there was not enough room on disc... and my disc is NOT FULL ODD, so i deleted it and it worked i can not coppy and paste the results if i can i dont know how But i will tell you it was in: C:/system volume information/_restore{ number letters}.dll and .EXE and it was also in C:/windows/system32/fwcfg32.dll listed TWICE

I then restarted the computer in safemode and did a full scan and it then found it again in system volume information/restore{letter numbers}.DLL twice And then in Windows/system32/75.tmp..

this morning it was still acting wierd when i started EI redirecting me when i would use google and When i would send an error log to MS the page never loded and then i would get a poppup add So i ran another Avast scan and GOT the win32:trojan-gen,win32:alureon-hd, win32crypt-gwl that came up... This time it was found in my TEMP folder as an EXE and one in my ... Read more

Answer:avast found win32:dracur_c, win32:trojan-gen,win32:alureon-hd, win32crypt-gwl

14 more replies
Relevance 53.71%

Logfile of HijackThis v1.99.1
Scan saved at 2:21:04 PM, on 5/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
F:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
F:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Microsoft\Search Enhancement

Pack\SeaPort\SeaPort.exe
F:\WINDOWS\system32\tcpsvcs.exe
F:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
F:\WINDOWS\system32\SearchIndexer.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\D-Tools\daemon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
F:\WINDOWS\system32\tbctray.exe
F:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
F:\WINDOWS\system32\NOTEPAD.EXE
F:\Documents and Settings\nuttin special\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Default_Pag... Read more

More replies
Relevance 53.71%

The last two days my computer has frozen up while trying to surf around online. This seemed weird so I ran a full system scan with symantec endpoint both days. Both times the logs came back with no risks detected. Today I started getting internet explorer pops directing me to sites. I knew at this point I had an infection that endpoint was not picking up. I disabled my network card and used another computer to download some of the suggest programs I've seen on this site. I has hoping to at least get the problem quarantined so that I would feel safe enough to enable the network card again. After running the utilities, I am not freezing when surfing web pages and have resumed using the computer. I would like help making sure that my computer is clean since endpoint obviously isn't catching this problem. Below are the logs for Kaspersky Online Scan & DSS.Deckard's System Scanner v20071014.68Run by bgedeon on 2008-07-29 14:40:22Computer is in Normal Mode.---------------------------------------------------------------------------------- HijackThis (run as bgedeon.exe) ---------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 14:40, on 2008-07-29Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\s... Read more

Answer:Infected With Trojan.win32.monder.bcb & Trojan-downloader.win32.agent.xxa

I continued to investigate on my own. Combofix quaratined some files, but did not delete them. A scheduled full system scan with endpoint finally picked up some infections with the newest updates loaded. Symantec scan labels the infections as Trojan.Vundo and Trojan.Metajuan. Metajuan was removed automatically, but Vundo proved to be a little more pesky. Symantec offers a removal tool for Vundo on there website. I opted to try out Malwarebytes' Anti-Malware (mbam). It was able to located the files that were in quaratine and some infected files that were in system restore. I disable system restore to avoid any problems and mbam was able to delete all the files. After a system restart, I scanned with Symantec Vundo tool and found no further signs of infection. Mbam did a good job Re-enabled system restore and recreated a fresh restore point. I'm hoping that this will be in the end of this problem, but would still be interested in someone combing through some of my logs to see if anything was missed. I'm still a little miffed that endpoint had not picked these infections up when they are not exactly new threats and I had the most current definitions when I ran my previous scans.

10 more replies
Relevance 53.71%

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable a... Read more

Answer:Infected: Trojan.Win32.Inject.kom and Trojan.Win32.Monder.aamw

Thanks for the reply, but I went ahead and upgraded that machine with a new hard drive.

3 more replies
Relevance 53.71%

There are several trojan horse detected such as Trojan-Backdoor.Win32.Agent.sp,Trojan-Downloader.Win32.QQhelper.kb, Trojan-PSW.Win32.OnlineGame.qy,Trojan-PSW.Win32.OnlineGame.yn, Trojan-BAT.KillAV.es, Trojan-proxy.Win32.small.du, Trojan-Downloader.Win32.Zlob.gj and many more...I do not know how to remove those trojan, pls HELP!!!Logfile of HijackThis v1.99.1Scan saved at 10:49:43 PM, on 7/6/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\WINDOWS\FixCamera.exeC:\WINDOWS\tsnp2std.exeC:\WINDOWS\vsnp2std.exeC:\WINDOWS\system32... Read more

Answer:Several Trojan Such As Trojan-backdoor.win32.agent.sp, Downloader.win32 .qqhelper.kb

Sorry for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:Preparation Guide For Use Before Posting A Hijackthis LogPlease also post the problems you are having.

1 more replies
Relevance 53.71%

My computer has been infected with Win32/Rootkit.Agent.ODG trojan and Win32/Olmarik.JU trojan. AVG, ESET NOD32, and Avira couldn't delete it, and I want to delete it. It redirected all Google searches and slows down my computer. Can you please help me. Thanks ahead to anyone who can help.Here is the HJT logfile:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:28:51 PM, on 18/08/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\Program Files\CheckPoint\ZAForceField\IswSvc.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\Explorer.EXEC:\Program Files\Avira\AntiVir Desktop\sched.exeC:\Program Files\Avira\AntiVir Desktop\avguard.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC... Read more

Answer:Infected with Win32/Rootkit.Agent.ODG trojan and Win32/Olmarik.JU trojan

Hello and to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.-----------------------------------------------------------We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, ... Read more

20 more replies
Relevance 53.71%

i am sorry to post a log over here, as i have read through the forum and try to resolve the problem on my own but i failed.since i had ran the comboFix, so i feel that it may be of help to post it.sorry for the trouble..here's the log file...ComboFix 09-07-28.06 - Bentley 07/30/2009 0:35.1.8 - NTFSx86Microsoft? Windows Vista? Ultimate 6.0.6001.1.1252.1.1033.18.3069.1872 [GMT 8:00]Running from: c:\users\Bentley\Desktop\ComboFix.exeSP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} * Created a new restore point.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\windows\Install.txtc:\windows\system32\tmp0_144047822718.bkc:\windows\system32\tmp0_16962678345.bkc:\windows\system32\tmp0_205418834021.bkc:\windows\system32\tmp0_355351885288.bkc:\windows\system32\tmp0_424346226483.bkc:\windows\system32\tmp0_516880812123.bkc:\windows\system32\tmp0_517948877969.bkc:\windows\system32\tmp0_525286544717.bkc:\windows\system32\tmp0_687442396617.bkc:\windows\system32\tmp0_77071886817.bkc:\windows\system32\tmp0_779592338841.bkc:\windows\system32\tmp0_790261416358.bkc:\windows\system32\tmp2_1075327197... Read more

Answer:Infected with win32/rootkit.agent.ODG trojan and win32/Olmarik.JU trojan

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 52.48%

I recently ran a kapersky online scan and found these two viruses present on my computer: Trojan.Win32.Favadd.an and Trojan.Win32.Small.gq. I would love it if someone could help me remove them. I will post my kapersky scan log and my hijackthis log. Thanks so much...

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Friday, December 16, 2005 11:43:09
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 16/12/2005
Kaspersky Anti-Virus database records: 155570
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - Critical Areas:
C:\WINDOWS
C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\

Scan Statistics:
Total number of scanned objects: 17854
Number of viruses found: 2
Number of infected objects: 2
Number of suspicious objects: 0
Duration of the scan process: 1116 sec

Infected Object Name - Virus Name
C:\WINDOWS\SYSTEM32\favset.exe Infected: Trojan.Win32.Favadd.an
C:\WINDOWS\SYSTEM32\howiper.exe Infected: Trojan.Win32.Small.gq

Scan process completed.

Logfile of HijackThis v1.99.1
Scan saved at 12:14:46 PM, on 12/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
... Read more

Answer:Solved: Trojan.Win32.Favadd.an, Trojan.Win32.Small.gq

10 more replies
Relevance 52.48%

It started two days ago. My Kaspersky detected a trojan intrusion win32.agent. I tried to delete it, but it just won't go away. It crashed a few times. today, I used the autoruns to remove the nonessential items comparing to the startup list. After, I used the spybo and adware to scan and clean it. all this time, my virus scan is going crazy trying to delete these two intrusions. but nothing has worked. I'm just about to give up and reinstall windows. Please Help....
Logfile of HijackThis v1.99.1
Scan saved at 0:31:11, on 2006-11-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\a... Read more

Answer:Trojan.win32.startpage.amg&trojan-downloader.win32.agent.bbc

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download ComboFix and save it to your desktop.Double click combofix.exe and follow the prompts.When it's done running it will produce a log for you. Please post that log in your next reply.Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

2 more replies
Relevance 52.48%

I have followed all the preparation steps before posting, but am still getting a variety of Windows Security Alerts popups about Trojans . First was Trojan-Downloader.Win32.Agent.bq, and then Trojan-Spy.Win32.GreenScreen, and the latest is a Windows Security Alerts popup with sort of a section of a screen shot of a verizon yahoo search results page for antispyware-review.Running Windows XP on a Pentium PC DesktopHJT log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:44:57 PM, on 9/13/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\dllhost.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\WINDOWS\sm56hlpr.exeC:\WINDOWS\system32\tcpsvcs.exeC:\WINDOWS\system32\SearchIndexer.exeC:\Program Files\BroadJump\Client Foundation\CFD.exeC:\Program Fi... Read more

Answer:Trojan-downloader.win32.agent.bq, Trojan-spy.win32.greenscreen, Etc.

Hello and welcome to BCApologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so we can have a look at the current condition of your machine.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.
Note: If you are using Windows Vista, right click at RSIT.exe and select 'Run as administrator'.

Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)NextPlease do a scan with Kaspersky Online ScannerNote: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.Click on the Accept button and install any components it needs.The program will install and then begin downloading the latest definition files.After the files have been downloaded on the left side of the page in the Scan section select My ComputerThis will start the program and scan your system.The scan will take a while, so be patient and le... Read more

3 more replies
Relevance 52.48%

eSets found and removed several Trojans. Just wanted to make sure the system is actually clean. The eSet log is below as well as the DDS scan. Thanks for your help. Carl

eSet Log:

C:\Users\Carl\AppData\Local\cjcwyim.exe probably a variant of Win32/TrojanDownloader.Agent.RIJ trojan cleaned by deleting - quarantined
C:\Users\Carl\AppData\Local\qjsngankgyvd.exe probably a variant of Win32/TrojanDownloader.Agent.RIJ trojan cleaned by deleting - quarantined
F:\Users\Carl\Downloads\03_Audio_W7NP7220.exe Win32/Bifrose.NTA trojan cleaned by deleting - quarantined
F:\Users\Carl\Downloads\Setup.exe a variant of Win32/Adware.iBryte.C application cleaned by deleting - quarantined
H:\Users\Carl\AppData\Local\cjcwyim.exe probably a variant of Win32/TrojanDownloader.Agent.RIJ trojan cleaned by deleting - quarantined
H:\Users\Carl\AppData\Local\qjsngankgyvd.exe probably a variant of Win32/TrojanDownloader.Agent.RIJ trojan cleaned by deleting - quarantined

DDS Scan:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.9.2
Run by Carl at 13:22:57 on 2012-12-08
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8183.4093 [GMT -8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E683... Read more

Answer:Win32/Bifrose.NTA trojan and Win32/TrojanDownloader.Agent.RIJ trojan

Please do the following:Download the appropriate version for your system of the Farbar Recovery Scan Tool and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.e... Read more

8 more replies
Relevance 52.48%

Please can somebody help my ailing machine?

I have been having several problems with my PC over the last few days and hope that someone on here might be able to help me solve them.

I have been getting pop-up web pages appearing eery few mins, also the wole system is running slowly.

When I go start IE it takes a long time to initiate and has somepeculiarities with it:

My home page is www.google.co.uk - when this starts the icon in the address bar is not the usual Google 'G' but a red square with a whie figure 2 in it!

Also when a new web page opens it freezes and I am unable to scroll down the page this clears after a few seconds.

I have also noticed that my keyboard is responding slowly often missing out keystrokes, this despite the slowness of my two finger typing!

I have run the following programs with these results:

SpyBot Ver 1.4 updated as at 11 Nov 2007, it found the following:

Doublelick
HitBox
HitsLink
MediaPlex
Zedo
Zlob.DNSChanger

Kaspersky online Spyware scan, it found:

Trojan.Win32.Pakes.sv
Trojan-Downloader.Win32.PurityScan.eu

Norton 360 which found:

Adware.MaxSearch
pus two other spyware programs

AVG Anti-Spyware Free Edition which found, 15 spyware programs in 18 instances, but it failed to log a report! They did incude Trojan.Win32.Pakes.sv and Zlob.DNSChanger.

Al these programs indicated that they had delt with the problems but to no avail!

Any help please?

have re-run AVG and got te following report:

------------------------------... Read more

More replies
Relevance 52.48%

not-virus:Hoax.Win32.Renos.hx
Trojan-Downloader.JS.Remora.w
Trojan-Downloader.Win32.PurityScan.eg
Trojan.Win32.Dialer.qn
Trojan-Downloader.Win32.Alphabet.gen
not-a-virus:AdWare.Win32.Coupons.h
I believe that's the full list, it wouldn't fit in the title.

I allowed a guest's child to use my hybrid pc today to keep him occupied. His parents were supposed to be supervising him. They did not. After the guests left I sat down to do some studying and when the computer booted up the only thing that loaded was the wallpaper. no icons, nothing. Waited a bit, nothing showed up. Rebooted, six or more dos styled windows open and close in rapid succession, some looked like they were flickering they were so fast, they were all blank at first, then flashed something so quickly I couldn't read it and vanished, but everything loaded, slowly. Went online to check my classes and I was having a horrible problem with pop ups and new tabs appearing faster than i can close them, my browser is being redirected when I use google or igoogle (but not ask or yahoo), the back button doesn't work reliably, the system is slow as heck, there's new icons on the desk top (qq games, vundofix, and fish tycoon), and I'm getting a security breech notice that says:
" spyware threats detected!
Internet trojans, spyware, and adware are malicious
applications endangering your computer and producing
erratic systems behavior such as advertising popups, freezes and crashes.
Click here to fix this pr... Read more

Answer:Trojan.Win32.Dialer.qn Trojan-Downloader.Win32.PurityScan.eg and more

for some reason the attachment didn't want to go. I'm going to try reposting it.

14 more replies
Relevance 52.48%

Hello,

I am on a laptop running Windows 7 and a couple of days ago, Ad-aware found two viruses: Trojan.Win32.Generic!BT & Win32.Trojan.Agent - see details on quarantined items pasted at the bottom of this note. I've tried numerous times to remove the viruses by rebooting, as recommended, and rescanning, but it's only gotten worse. I can now no longer access most of my programs, including any virus scan programs (Adaware, Malwarebytes). I was able to download RKill but when I try to run any of the different versions nothing happens - have tried renaming with no sucess. When using Internet Explorer, Google search is redirected to other sites. I've tried using safe mode with the same results.

Please let me know if you can help? Here's the virus scan log from a few days ago, when I was actually able to run Adaware.

Thanks in advance!!

Scan Log:

Quarantined items:
Description: c:\programdata\f4d55f3b0001577a000a86a2b4eb2367\f4d55f3b0001577a000a86a2b4eb2367.exe Family Name: Trojan.Win32.Generic!BT Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 7f544794965c873108012225055eafd6
Description: c:\windows\assembly\gac_32\desktop.ini Family Name: Trojan.Win32.Generic!BT Engine: 3 Clean status: Reboot required Item ID: 1 Family ID: 0 MD5: 878F9B6DA85CB98FCBDF6ABD1730A32F
Description: c:\windows\assembly\temp\u\[email protected] Family Name: Trojan.Win32.Generic!BT Engine... Read more

Answer:Infected with Trojan.Win32.Generic!BT & Win32.Trojan.Agent

Hello, let see if we can do these.If RKill still fails ,move on.Please click Start > Run, type inetcpl.cpl in the runbox and press enter.Click the Connections tab and click the LAN settings option.Verify if "Use a proxy..." is checked, if so, UNcheck it and click OK/OK to exit.Please download MiniToolBox, save it to your desktop and run it. Checkmark the following checkboxes: Flush DNS Report IE Proxy Settings Reset IE Proxy Settings Report FF Proxy Settings Reset FF Proxy Settings List content of Hosts List IP configuration List Winsock Entries List last 10 Event Viewer log List Installed Programs List Devices List Users, Partitions and Memory size. List Minidump FilesClick Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Reboot into Safe Mode with Networking How to enter safe mode(XP/Vista)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode with Networking using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. >>>> Download this file and doubleclick on it to run it. Allow the informat... Read more

15 more replies
Relevance 52.48%

Just yesterday I appear to have found contracted a virus. No matter what method I use to remove it, everytime I restart my computer, it is back. Hopefully someone will be able to help me. Per Ad-Ware, this is what was found:
Trojan.Win32.Generic!BT - c:\windows\system32\d-link_st3402.dll
Win32.Trojan.Agent - c:\windows\system32\d-link_st3402.dll

I ran the MiniToolBox and have attached the results of that. I tried running going into safe mode and running RKill, then SAS, then rebooting into normal mode and running MBAN but it always seems to come back. I also attached the MBAN log as well.

I hope someone can help, otherwise it looks like a long night of reformatting is ahead of me......

Answer:Infected with Trojan.Win32.Generic!BT & Win32.Trojan.Agent

Since we're dealing here with ZeroAccess rootkit....Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

1 more replies
Relevance 52.48%

I have tryed everything to get rid of this trojan. Mcaffee doesn't id it. Pest patrol id's it but won't remove it. I have done a dos scan, adawarese scan, used spybot, mcafee stinger all to no avail. Please help Thanks in advance. Attached is my high jack this scan log. Thank you so much in advance.Logfile of HijackThis v1.99.1Scan saved at 6:30:54 PM, on 6/17/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\DigitalPersona\Bin\DPWinLct.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exeC:\WINDOWS\System32\CTsvcCDA.exeC:\Program Files\DigitalPersona\Bin\DpHost.exec:\program files\mcafee.com\agent\mcdetect.exec:\PROGRA~1\mcafee.com\vso\mcshield.exec:\PROGRA~1\mcafee.com\agent\mctskshd.exeC:\Program Files\Common File... Read more

Answer:Trojan Downloader.win32.zlob.ci & Trojan Win32.startpage.adh

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.Please download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop.Next, please reboot your computer in Safe Mode by doing the following :Restart your computerAfter hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;Instead of Windows loading as normal, a menu with options should appear;Select the first option, to run Windows in Safe Mode, then press "Enter".Choose your usual account.Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmdSelect option #2 - Clean by typing 2 and press "Enter" to delete infected files.You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.A text file will appear onscreen, with results from the cleaning process; please copy/pa... Read more

5 more replies
Relevance 52.48%

I recently ran Advanced System Care to clean up my PC and make it more stable for the Skyrim release, however it's malware tool detected Win.32 Trojan Agent(and scanned another file called Win.32 Trojan Vundo... and something Frauder... didn't catch the name.

I clicked fix problem and assumed it was alright, but Ad-Aware recently said it detected it. But ad-aware bugged out and crashed, I ran ad-aware again and nothing was detected.

Summary:
-Multiple Virus scans detected Win32.Trojan Agent
-Later Deep scans failed to find it again.
-Some scans were shown to be scanning files called Win32.Trojan Vundo and Frauder.
-Currently scans are not locating them.

I am a little paranoid at this point, and would like to see if I can get these suckers removed. You guys have helped me in the past and have done great work, so I know I am in good hands here. Thank you very much in advance.

Answer:Win32.Trojan Agent and Win32.Trojan Vundo found.

I recently ran Advanced System CareRegistry cleaners/optimizers are not recommended for several reasons: Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to wor... Read more

7 more replies
Relevance 52.48%

I have a nasty infection that has taken over my machine and which I cannot remove. The infection seems to hijack the google page and any links that I click from this page take me to what appears to be rogue websites, which want me to download their stuff.

I am currently running ESET Nod 32 and Ad-aware Anniversary Edition. Both these programs are picking up the trojan infections but are unable to clean.

I have tried to install malwarebytes but have been unable to do so. I did try changing the exe name of malwarebytes (as advised on this site) but the program does not fully complete the installation.

I have downloded the DDS tool, ran the scan and have now attached the lod to this post.

Also here is a copy of the Ad-aware scan log (I did not complete the scan due to the computer constantly crashing):

Logfile created: 10/06/2009 18:19:4
Lavasoft Ad-Aware version: 8.0.5
Extended engine version: 8.1
User performing scan: SYSTEM

*********************** Definitions database information ***********************
Lavasoft definition file: 148.49
Extended engine definition file: 8.1

******************************** Scan results: *********************************
Scan profile name: Smart Scan (ID: smart)
Objects scanned: 70104
Objects detected: 7
Type Detected
==========================
Processes.......: 1
Registry entries: 0
Hostfile entries: 0
Files...........: 6
Folders.........: 0
LSPs............: 0
Cookies............ Read more

Answer:Infected with WIN32 Trojan Agent and WIN32 trojan TDSS

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you.Disable Realtime ProtectionAntimalware programs can interfere with ComboFix and other tools we need to run. Please temporarily disable all realtime protections you have enabled. Refer to this page, if you are unsure how.Download and Run ComboFixDownload Combofix by sUBs from any of the links below, and save it to your desktop.Link 1, Link 2, Link 3 Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.Double click on ComboFix.exe and follow the prompts. If you are using Windows Vista, right click the icon and select "Run as Administrator". You will not recieve the prompts below if you are not using Windows XP. ComboFix will check to see if you have the Windows Recovery Console installed.If you did not have it installed, you will see the prompt below. Choose YES.
When the Recovery Console has been installed, you will see the prompt below. Choose YES.
When finished, ComboFix will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.Download and Run Scan with GMERWe will use GMER to scan for rootkits.Please download GMER to your desktop. Note that the file will be randomly named to prevent active malware from stopping the download.Close all other ope... Read more

7 more replies
Relevance 52.48%

Hey I could use some help getting rid of this virus, I think Ramnit-A might be around too on it. I've done some researching trying to see if I could try and fix this on my own, but I think this might go quicker.I have spybot and adaware (freeware) on my computer, spybot hasn't bothered to pick anything up in this mess. Adaware has picked up Ramnit-A virus on the system and it always ends up with a list of items to repair (mostly files and a few processes at the end of the list), a cookie, and then ~4 misc. items that it recommends the "just once option". Anyways it hasn't been working, so from my reading, from a topic I managed to google from this forum board I downloaded Avast, which has grabbed virus file types that I listed in the topic with quick scan (and with it's "shields" too) . The other disturbing thing is that I think I have about 3000+ files now sitting in my virus chest on Avast from running the thing...safe to probably say it's not fixing anything.I'm a little worried too about the fact that the files Avast is taking are, or were just regular exe's some that were actually on my desktop. Has left me wondering if I should delete everything in the virus chest or not, I'm not going to end up deleting something important if I do? (main worry)From what I've read I hope I posted the required stuff, I'm currently running Gmer right now, I'll probably leave it running and try posting it tomorrow morning as ... Read more

Answer:VBS:ExeDropper-gen;Win32:Ramnit-B;Win32:Rootkit-gen;Win32:Trojan-gen

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

2 more replies
Relevance 51.66%

(DDS log below)I re-installed my AV after running without it for a while and found that I had quite a few bad things going on picked up by Nod32 including (see attachment for more detail):Win32/Olmarik.ZCJava/TrojanDownloader.Agent.NBEa variant of Win32/Olmarik.UL trojanWin32/Cimag.CL trojanI also get multiple outbound connection attempts which are at least partially being blocked by Nod32 to weird .cc .cn and a few .com domain urls, this happens after performing a google search. Also getting some browser redirects going on and homepage changes.I tried setting nod32 to pre-release updates and performing a full scan, this picked up the above and removed them, but after a reboot there are still things going on. Before reading the steps on this site, I ran the latest ComboFix twice which picked up a rootkit in intelide.sys both times, but appears to come back each time. While I disabled nod32 when I ran ComboFix, it re-enabled upon reboot automatically, not sure if that matters.I've also been getting a startup delay of around 1 minute after logon, in this time, nothing appears to be going on (no apparent CPU or disk activity), but wireless, AV and other startup items do not run. Then a minute later, everthing fires up.I've tried running GMER several times but this keeps giving me a BSOD with IRQL_NOT_LESS_OR_EQUALLast scan with nod32 came up clean but still getting outbound connections and browser redirects.Looking to sort this out once and for all!DDS (Ver_10-03-17.... Read more

Answer:WinXP rootkit? problem + Win32/Olmarik.ZC Java/TrojanDownloader.Agent.NBE a variant of Win32/Olmarik.UL trojan Win32/Cimag.CL t...

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.----------------------------------------------Please download GMER from one of the following locations and save it to your desktop:Main MirrorThis version will download a randomly named file (Recommended)Zipped MirrorThis version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.GMER will open to the Rootkit/Malware tab and perfor... Read more

14 more replies
Relevance 51.66%

hi all i am infected by Trojan.Win32.ZbotPatched.d @Trojan/[email protected] Heuristic.BehavesLike.Win32.Virus.I i tried to remove but no luck . its a pain i hope u can help before i reformat drive. kaspersky found the file said had to restart to remove. on restart scan it found same trojans now in a different exe. i am running vista 32 home premium any help is greatly appreciated ty. Antivirus Version Last Update Result
a-squared 5.0.0.31 2010.07.08 -
AhnLab-V3 2010.07.08.00 2010.07.07 -
AntiVir 8.2.4.10 2010.07.07 -
Antiy-AVL 2.0.3.7 2010.07.07 -
Authentium 5.2.0.5 2010.07.08 -
Avast 4.8.1351.0 2010.07.07 -
Avast5 5.0.332.0 2010.07.07 -
AVG 9.0.0.836 2010.07.08 -
BitDefender 7.2 2010.07.08 -
CAT-QuickHeal 11.00 2010.07.07 -
ClamAV 0.96.0.3-git 2010.07.08 -
Comodo 5354 2010.07.08 -
DrWeb 5.0.2.03300 2010.07.08 -
eSafe 7.0.17.0 2010.07.07 -
eTrust-Vet 36.1.7691 2010.07.07 -
F-Prot 4.6.1.107 2010.07.07 -
F-Secure 9.0.15370.0 2010.07.08 -
Fortinet 4.1.133.0 2010.07.07 -
GData 21 2010.07.08 -
Ikarus T3.1.1.84.0 2010.07.08 -
Jiangmin 13.0.900 2010.07.07 -
Kaspersky 7.0.0.125 2010.07.08 Trojan.Win32.ZbotPatched.d
McAfee 5.400.0.1158 2010.07.08 -
McAfee-GW-Edition 2010.1 2010.07.05 Heuristic.BehavesLike.Win32.Virus.I
Microsoft... Read more

Answer:infected by Trojan.Win32.ZbotPatched.d, Trojan/W32.ZbotPatched.380928 , Heuristic.BehavesLike.Win32.Virus

Refrain from posting logs without being asked to post a log...

Run a scan with Malwarebytes Anti Malware ( A full scan, make sure you download install and update malwarebytes anti malware, before attempting to scan with it ;) )

You dont have allll those anti viruses on your computer at once, do you?

7 more replies
Relevance 50.84%

Unfortunatly, while on vacation in the beginning of the month, I clicked a link on facebook and Avast! (4.8) was quick to tell me that my laptop had been infected by Win32:Unruy-E, Win32:Alureon-EN and Win32:Trojan-gen. I tried to delete these with avast! but I kept getting pop-ups telling me that my laptop was still infected.

I shut the laptop off and kept it off until today; when I turn it on now I get a ton of messages saying different network controllers, drivers, etc are not responding and will shut down. The computer still works but it is incredibly slow, and system restore and back up crashes when I try to run them.

I appreciate any help you can give me. =)
Happy New Year!
DDS (Ver_09-12-01.01) - NTFSx86
Run by Connie at 17:35:08,54 on 31.12.2009
Internet Explorer: 8.0.6001.18828
Microsoft? Windows Vista? Home Basic 6.0.6001.1.1252.47.1044.18.3030.1864 [GMT 1:00]

SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\Sys... Read more

Answer:Win32:Unruy-E, Win32:Alureon-EN and Win32:Trojan-gen

Problem is solved. After alot of tweeks I was able to format the hdd.

3 more replies
Relevance 50.84%

Hi, im having a problem with popups. When I run Avast it finds files and gets rid of them but it seems that every time i do a scan it picks up something new. here is a list of the files its deleted so far.

A0007433.dll win32:trojan-gen
A0007484.dll win32:rootkit-gen
A0007485.dll win32:adware-gen
geBqQJYp.dll win32:trojan-gen
pmnOHXoL.dll win32:rootkit-gen
trz1.tmp win32:rootkit-gen
tuvvpjgd.dll win32:adware-gen

here is the DDS log

DDS (Ver_09-01-19.01) - NTFSx86
Run by Administrator at 7:09:47.25 on Mon 01/26/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.250 [GMT -5:00]

AV: avast! antivirus 4.8.1296 [VPS 090125-0] *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C: ... Read more

Answer:Pop ups, win32:trojan-gen, win32:adware-gen, win32:rootkit-gen

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.Link 1Link 2Link 3Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

8 more replies
Relevance 50.43%

Hi. In the last two weeks, my computer has been bombarded by trojans. I've got McAfee firewall, etc., but some of these buggers managed to get through. I had to pay the McAfee techs to clean out the first one. And now, I keep getting a warning box from McAfee saying that a generic.dx trojan has been quarantined. I ran the Kaspersky scan and it found the two viruses mentioned above in the topic title. I also ran the hijackthis program. Oh, and I also ran the McAfee scan today and it came up clean. I don't know what to do. I'm a novice at this stuff. Would it be better to pay McAfee again to clean it out, pay Kaspersky or what? And is there a better security software than McAfee? I never got a Trojan warnings before 2 weeks ago. My McAfee subscription renewed itself 2 weeks ago -- to add insult to injury, while I was on the phone with the McAfee techs. I'd happily jettison it if I could find a better program. So, again, I don't know what to do. I'm a complete novice at this stuff. Any help y'all could give would be much appreciated. Deckard's System Scanner v20071014.68Run by Alison on 2008-05-30 18:53:13Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --69: 2008-05-31 01:53:17 UTC - RP75 - Deckard's System Scanner Restore Point68: 2008-05-30 23:37:26 UT... Read more

Answer:Infected With Trojan-downloader.win32.vb.eqj And Trojan-psw.win32.wow.bam

moving it up.

can anybody help?

thanking you in advance.

3 more replies
Relevance 50.43%

Just yesterday I appear to have found contracted a virus. No matter what method I use to remove it, everytime I restart my computer, it is back. Hopefully someone will be able to help me. Per Ad-Ware, this is what was found:
Trojan.Win32.Generic!BT - c:\windows\system32\d-link_st3402.dll
Win32.Trojan.Agent - c:\windows\system32\d-link_st3402.dll

I ran the MiniToolBox and have attached the results of that. I tried running going into safe mode and running RKill, then SAS, then rebooting into normal mode and running MBAN but it always seems to come back. I also attached the MBAN log as well.

I hope someone can help, otherwise it looks like a long night of reformatting is ahead of me......

MiniToolBox:
MiniToolBox by Farbar Version: 18-01-2012
Ran by Andrew Kuntze (administrator) on 06-04-2012 at 15:20:34
Microsoft Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP C... Read more

Answer:Trojan.Win32.Generic!BT & WIN32.Trojan.Agent HELP!!!!!!!!!!

Hello, appears you have contracted a deep seated ZeroAccess Rootkit,probably from a torrent download.To get this out we need a deeper look. Please go here....Preparation Guide ,do steps 6-9.Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.If GMER won't run skip it and move on.Let me know if that went well.

3 more replies
Relevance 50.43%

Hey folks,

I got spyware on Sunday and I have been trying to fix it since. Seems as if I didn't just get any spyware but one of the worst kinds..

win32.delf.rtk reinstalls itself on every log on .First it disabled my internet then my windows System Restore (I really wish that could work) I used Spybot and then combofix but nothing worked and I think I may have made my problems worst. I got my internet to work again by using Spybot to block the virus actions but every time I scan my computer the virus is still there and more spyware reinstalls itself.
Please help.

Answer:win32.delf.rtk [Moved]

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

22 more replies
Relevance 50.43%

Hi
I really hope that I am in the correct forum and apologies if I am not!

First I must explain, I am a complete novice at this and do need things explained to me in nice easy baby steps. However, I do appreciate any help and support given.

I was sent here from the forum on PCAdvisor because after lots of helpful suggestions to cure my Malware problem, they were all unsuccessful.

I have a "Generic Host Process for Win32 Services" error message when I load up my laptop. I can load both Firefox and IE but neither does anything. However I do have an Internet connection, as I have Avast AV and Carbonite backup running in the backgound.

Initially to cure this error, I have run Avast AV, Spybot, Adaware and Registry mechanic. I have also run Avast AV in safemode. I have also run right click on Avast's console and from the dropdown menu that appears selected a scheduled boot-time scan. Then I selected 'scan all local disks' and clicked on the 'schedule' tab. Avast asked for a reboot but before windows loaded it scaned for viruses and malware. I had no errors.

I have downloaded Malwarebytes to a memory stick and subsequently to my laptop. But when I tried to run it, I got Error code 732 (0,0). However, it did still scan, once I pressed OK to this and it came across 2 pieces of Malware, which I deleted.

I then disabled Avast AV and ran Malwarebytes again but still had the same Error Code.

Then I went to Microsoft support and tried this "Ho... Read more

Answer:Win32 Error. [Moved]

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

2 more replies
Relevance 50.43%
Question: Win32/Virut MOVED

Hi guys,
I'm new here, this is my first post but I know more than your average Tom, Dick or Harry about PC's but right now I am stumped so have taken to asking the professionals (AKA you guys). I am (was) runnning Windows Vista and know that I have a virus. First i couldn't update my Kaspersky Internet Security then I realised I couldn't access any security related sites. I came accross this forum and tried to run ComboFix but it said this file has been corrupted you have the Virut virus, please download a clean version and try again. Through research I have ascertained this virus infects any and all .exe files you try to run or that are running. I am writing this on the same PC but on my other hardrive which has Windows XP on. Right now Dr. Wev Cureit is busy running. I tried rmvirut.eve and it cleaned quite alot but there were more files that it couldn't clean than it did clean. Now when I try to boot from my Vista hard drive it says an unauthorized change has been made... and I can't do anything, I can however go into Safe Mode.
sorry for the long explanation but hopefully someone here can help me?
Thanx,
David

Answer:Win32/Virut MOVED

If you have Virut, generally you will need to reinstall Windows to get over the problem.

14 more replies
Relevance 50.43%

Apparently got Win32 TrojanTDSS. Can't seem to remove it. Can somebody help with this one?

Thanks,
RRobaldo

Answer:Win32 TrojanTDSS [Moved]

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

14 more replies
Relevance 50.43%

Hello,

I'm running Windows XP Professional, SP2 in my office. recently i've installed avg 8.5 to my computer. Upon installation its immediately deteced WIN32/PEPATCH.AO on my system (explorer.exe spools.exe winlogon.exe) But as u all know i cannot delete the files as it is whitelisted.
Hope to solve these problems immediately as this is my office computer.
Thanks

Answer:WIN32/PEPATCH.AO [Moved]

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

8 more replies
Relevance 50.43%

Hi

I have the Win32:syspatch worm on my Windows XP PC (SP2) and I am unable to remove it. I have used Malwarebytes' Anti-Malware and Avast! but although both programs detect the worm neither seems able to remove it. I have read a few threads on various forums and it seems the only way to remove it is to alter the registry, something I have no experience of and am wary of attempting.

Please help!

Answer:Win32:syspatch [Moved]

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

2 more replies
Relevance 50.43%

Running WIN XP Pro with IE7. Noticed IE7 not going to where I browse, then computer began rebooting. Ran Spybot-S&D and found this trojan WIN32.TDSS.rtk was there but could not delkete it.
Now what do I do?
When I logoff then login again my computer runs CHKDSK every time. It reboots periodically too.
I am afraid to use it to shop or do anything like banking or personal things.
Help anyone?

Answer:WIN32.TDSS.rtk [Moved]

Sorry about double posting! New here!
Thanks for helping-in advance. Looking forward to resolving the trojan removal issue.

2 more replies
Relevance 50.43%

I am not sure where I should be asking this question or where to start but here is where I'm at with my problem;

I have had a couple problems with various viruses the past couple weeks including WindowProtector 2009 and another similar malware problem, both of which, I think, I got rid of using Malwarebytes Anti-Maleware. Although, when I had WindowProtector 2009 it had turned off my firewall and I had loads of other worms and viruses that I got rid of with Malwarebytes also including Koob.Face.

Today I started having problems with search engines redirecting me to other Web sites than the one I requested so I ran Malwarebytes and found nothing then downloaded Avast! and ran a boot scan, deleted everything it found that thought was bad. I'm not sure how to tell if it's really gone. Since the last three times I thought I fixed my computer it kept finding more things and getting tons of bad stuff. I do keep my Window's firewall on and use AVG. I was originally going to post a Hijackthis log in the other forum but was unable to make one when the black screen, the first screen in the directions on the posted forum of this subject, said at the bottom of the directions about "scan will take three minutes and remove after use once" it added "FindSTR: cannot read strings from whitedir"

Like I said I'm not sure if I'm asking this in the correct area or where to start with this but any help would be appreciated. Thank you for taking... Read more

Answer:Win32: Alureon BH (rtk)Moved

Hello, I am going to ask for a couple logs.Rerun MBAM like this:Open MBAM in normal mode and click Update tab, select Check for Updates,when doneclick Scanner tab,select Quick scan and scan.After scan click Remove Selected, Post new scan log and Reboot into normal mode.Next run ATF and SAS:Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".From your regular user account..Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..DO NOT run yet.Open SUPER from icon and install and Update itUnder Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.Now reboot into Safe Mode: How to enter safe mode(XP)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Del... Read more

32 more replies
Relevance 50.02%

Hi,

I've run SpyBot and AVG Anti-Virus programs and Trojan Horse BackDoor.Generic11.HCO (corresponding to C:\Windows\system32\ativvax.dll) and several tracking cookies are picked up. Yet, I'm still not able to remove the listed items. Can anyone assist me?

Answer:Trojan Trojan Horse BackDoor.Generic11.HCO and Tracking Cookies/ Moved

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.PLEASE DO NOT NOW POST LOGS unless a log is specifically requested.

2 more replies
Relevance 50.02%

I have been clearing a computer from numerous infections. I uninstalled the outdated (since 2006) McAfee AV. I have installed Microsoft Security Essentials, MBAM, and SuperAntiSpyware. I used this combination as well as several online scanners to remove over 150 infections. Every time I run a scan with SAS, the log comes back with the following infections:Trojan.Dropper/SVCHost-FakeC:\SYSTEM VOLUME INFORMATION\_RESTORE{D5FFFA500B1B}\SVCHOST.EXEC:\SYSTEM VOLUME INFORMATION\_RESTORE{D5FFFA500B1B}\SVCHOST.EXETrojan.Agent/Gen-FakeAlertC:\SYSTEM VOLUME INFORMATION\_RESTORE{D5FFFA500B1B}\SMSS.EXEC:\SYSTEM VOLUME INFORMATION\_RESTORE{D5FFFA500B1B}\SMSS.EXEMicrosoft Security Essentials pops up during the scan with the following infection:Trojan Downloader: Win32/Unruy.D C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5FFFA500B1B}\SMSS.EXE I created a new restore point and deleted all previous points, yet these infections still remain. I was receiving help from another moderator who had me try several things before directing me here. Topic referenced is here: http://www.bleepingcomputer.com/forums/t/318510/cannot-remove-trojan/ ~ OB I am posting the DDS log, GMER log, and attaching the attach.txt file. Thank you in advance for any and all help you can provide. DDS (Ver_10-03-17.01) - NTFSx86 Run by Phillips at 14:21:21.10 on Tue 05/25/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.796 [GMT -4:00]AV: Microsoft Security Essentials *... Read more

Answer:Infected with: Trojan.Dropper/SVCHost-Fake,Trojan.Agent/Gen-FakeAlert, & Trojan Downloader: Win32/Unruy.D.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

19 more replies
Relevance 50.02%

At first it started as pop-up internet explorer windows while browsing in Firefox and re-directs in Google when I clicked on a link (however I can copy the link from a google search and paste it in a new window). Then whatever I have seemed to disable my internet connection after a couple of minutes (almost like it new I was trying to figure out how to get rid of it!). I have done some work at trying to remove the problem and it seems like everything is better EXCEPT that Google keeps redirecting - so I know not everything has been cleaned! I have a spotty and slow wireless connection for this computer so I would rather not use an online scanner if I don't have to but I will do what it takes if that is the case.

Looking forward to some help. Attached is my HiJackThis Log from earlier today. Thanks!

Answer:Trojan.Agent, VBS/Disabler.NAB Trojan, Win32/Kryptik.AKJ Trojan and maybe others! Google Redirect in Firefox

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I'll ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.Please download ComboFix from one of these locations:Link 1Link 2Link 3Important!You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Make sure that you save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow ... Read more

41 more replies
Relevance 49.61%

Hi,
I'm totally new to this forum, and had just followed the instructions to run the DDS. But all i get from it is a Command Prompt window with message "The system cannot find the file specified." and the window stays there.

I've discovered there were trojan/virus/malware on my computer after my avast alert me. I'm using Windows XP SP3 build 2600. I quickly did a scan with SpyBot in normal Windows mode and removed trojans like SmitFraud. But there were some lingering ones which reside after reboot. After reboot i found that my avast, regedit, and windows security service got disabled. Scanning with MalwareBytes in normal Windows mode recovered my windows security service. avast and regedit works only once after reboot, and subsequent reboots they were disabled again. I also found that my system shuts down suddenly with no message or warning while performing MalwareBytes scan under Safe mode. This did not happen when i'm running in Windows normal mode and i've scanned several times successfully in normal mode since this problem arose.
I did again a Complete Scan with MalwareBytes under Windows normal mode, posting this log instead as I'm unable to run DDS and get its log. Likewise I did not get a Attach.txt as the DDS just stops at "The system cannot find the file specified.", hence there is no attachment of Attach.txt in this post.

As a side note when i discovered that there is SmitFraud, I also downloaded SmitFraudFix... Read more

Answer:Hupigon13, Win32.Delf.uv, and possible others [Moved]

Hello,

Since the logs you posted were from regular security programs, I'm shifting this topic to the Am I Infected forum.

Please await further instructions from one of our 1st responders.

Orange Blossom

7 more replies
Relevance 49.61%

hi everyone. i 'll be glad if someone can help me with this problem.i tried to open me hard rive but it gave the following message ; the c:\ application can not be run in win32 mode.

Answer:the c:\ application can not be run in win32 mode [moved from HW]

You are missing critical info so we can help.

What OS, WinXP (Pro or Home) SP-what?

"Open my hard drive?" Which hard drive (C:, D:, etc.)? Did you mean when you boot (which means C:).

IF your are talking about a WinXP system and a boot problem, try this:Boot to your WinXP Setup CD (may have to change boot order in BIOS)
When you get the first Window with a Repair option in the bottom Status Bar, do that to open the Recovery Console
At the Recovery Console Command Prompt, enter CHKDSK C: /R
Let CHKDSK run and reboot to hard drive

1 more replies
Relevance 49.61%

So, I let my teenage daughter use my home PC and the next day I start getting some AVG virus notices. Not sure how it happened, but it happened.

So, I ran an AVG virus scan and came up with like 82 infected objects. Did some research on google about the virus, learned about HJT and Mbam. I struggled intially, but found a post that said you have to rename mbam.exe. Did that and ran it finally, it removed like 20 objects, but when I do a AVG virus scan it still finds Win32/Cryptor virus on my PC. I'm not a novice computer user, but this has me stumped and is the first time I've had a "real" virus on my PC so I have no experience dealing with this stuff.

Help Please?

Answer:Win32/Cryptor virus [Moved]

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

2 more replies
Relevance 49.61%

Dear Bleeping,
i have infected this Net-Worm.Win32.Kido.ir on my external USB hdd, it detected by kaspersky 7, but cant disinfect, only skip option could be klik, so please help. (I Use KK & KK 347, KKiller, klwk but not work)
Thanks

Hanson

Answer:Net-Worm.Win32.Kido.ir [Moved]

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

2 more replies
Relevance 49.61%

Need help ridding my unit of Win32 bettlnet & Imisrve

Down loaded HJT & awaiting futhe help

Logfile of HijackThis v1.99.1
Scan saved at 8:24:19 AM, on 6/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\STOPzilla!\SZServer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\Program Files\Sony\Giga Pocket\shwserv.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe
C:\Program Files\Sony\Giga Pocket\GPVSvr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program F... Read more

Answer:Solved: Win32 terror (moved from XP)

9 more replies
Relevance 49.61%

Hi Bleepingcomputer. I recently got infected by a virus named New Win32. Mcafee picked it up in the windows file svchost.exe It cannot however, fix the problem. My computer also is compromised by a bunch of other viruses, and can't access the internet without downloading malware. Malwarebytes is running fin but can only temporarly remove the trojans. (they come back when I turn the internet on =( )Any ideas on removing it?I tried to Run dds on my (infected) computer, but got this error:C:\Windows\system32\CSCRIPT.exe is not recognized as an internal or external command, operable program or batch file.It worked fine on my other computer, which has the same software. Is this due to a script blocker, or something deeper?Also, quick question. Would using a flash drive to move files back and forth between the computers (like hijackthis logs, and new applications) be ok? I was worried about spreading the virus on to the working computer and have used CD's for going back and forth.Thanks for the help! Kyle273

Answer:New Win32 Virus in svchost.exe [Moved]

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

16 more replies
Relevance 49.61%

I think i may be infected with a Rootkit virus and maybe even more. Here's the story. On Monday, Avast notified me that I was infected. Occasionally, when I opened Firefox, a fake Internet Explorer with Firefox's icon appeared along with it. The page never loaded, but it was regarded as a security risk. Also, I had a USB drive connected and an error came up saying that there was a problem with the file K: and it corrupted various files in it.

I went ahead and deleted some of the malicious DLLs that were placed in my system32 folder. Now when I start up the computer, three error messages pop up reminding me that those DLLs are not found.

For a while, the browser stuff stopped. Then I encountered a file in system32 that constantly regenerated itself. They were named "trzXXX.tmp" where XXX is a value that numbers the file. I took it out of the folder and disposed of it. Again, nothing happened for a while. But then today, another one showed up in there. A DLL appeared and I tried to delete it, but it didn't let me, then it disappeared and it left more trz.tmp files.

So far, everything seems okay, but I heard about these Hijackthis logs and so I got one to see if I could get help.

I've attached the log file. I hope someone can solve this problem before things get worse.

Answer:Infected with Win32 Rootkit Gen/ Moved

Hello Koetsu and welcome to BC

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.

PLEASE DO NOT NOW POST LOGS unless a log is specifically requested.

In order to assist you, we need some more information.

What is your operating system: Windows XP, Vista, etc.?

Are you running 32 bit or 64 bit?

What security programs besides Avast do you have installed?

Orange Blossom

3 more replies
Relevance 49.61%

Hello,
My computer hangs every 5 to 7 seconds then runs for 5 to 10 seconds
Running Windows XP Pro Service pack 3 on a compacq i586 Desktop computer

I did a virus scan using avast and it indicates that I have a win32 virus ( C:\Windows\system32\dllcashe\kernel32.dll is infected by win32: Patched-kx [ trj ] and C:\WINDOWS\system32\kernel32.dll is infected by win32: patched-kx [ trj ] )

Any help would be appreciated ! !

Answer:Avast says win32 virus [Moved]

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

9 more replies
Relevance 49.61%

Hello.

I think I've got the Win32:Sality virus and it is causing my desktop PC issues:
x Can't re/install antivirus programs eg avast home edition
x Can't boot in any sort of 'Safemode' or revert back to last known config settings
x Hidden files immediately become 'hidden' again after applying the 'show hidden files and folders' option
x Virus has attached itself onto USBs and my PC will not allow them to be formatted

However:
+ i can still access task manager , regedit [thought I would include it in here since other users have said that they couldn't access it]
+ most programs still run fine [though I'm not sure whether it's because I formatted my desktop a little while ago]

Sality is spreading over my home internet cable network so two other computers are infected as well as mine , thought at varying degrees .. [if that's possible] .

I've tried the various sality virus removal tools available on the net, however none of them were effective in cleaning up my pc, online scanners detected no infected files.... however they might not have been programed to detect sality.

I've also tried reformatting my entire desktop ; but soon after reinstalling MS XP Home Ed. I realised i couldn't redownload avast antivirus (!!) .. so at the moment , my PC is void of any sort of protection .

on a side note , i also have a laptop running on windows vista and on the wireless network .. so I was wondering which part of... Read more

Answer:Win32:Sality Virus !/ Moved

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.PLEASE DO NOT NOW POST LOGS unless a log is specifically requested.

8 more replies
Relevance 49.61%

A few days ago the Win32 Heur was showing up on my AVG8 Free software. It is also coming up with a trojan horse rootkit-pakes. Today I done a scan on spybot and it failed to remove Win32.fraudload.net, Win32.TDSS.rtk & Win32.TDSS.reg. In addition to that I read on a forum to download Registry Easy and I done a scan and fix thru that. It stated all the relivant issues had been resolved. But as I mentioned Spybot comes up with those 3 Trojans still. So I have these 5 issues, there is probably more. But I would appreciate if you can help.

Here is a copy of my log HiJackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:49:42, on 31/08/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Spare Messaging\MessagingApp.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome... Read more

More replies
Relevance 49.2%

Hello.

First I would like to say hello.

I have read these guidelines

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

For now I need to say, that I didn't do the DDS and GMER logs.

From what I had deep in my memory I assumed, that you will need a ComboFix log and HiJackThis log. I have those ready to post. (Now I know ComboFix is used if everything else fails)

If you would need me to do those DDS and GMER logs. I will gladly do it tomorrow.

So back to my problem.

I'm fixing a computer of my friend. Firstly I scanned his hard drive in my own PC and deleted or disinfected the infected files (I also have a log from Kaspersky). There were couple of Trojans, trojan downloaders and also one Virus.

The next thing I have done is put the HDD back into his PC and boot the OS. Oh, it is Win XP Home SP3 32-bit.

I've browsed the running services via Administrative Tools in Control Panel. I've browsed startup objects with MSConfig, also I've deleted some registry entries (that were suspicious to me).

Internet Explorer seemed to be infected, but it could pretty well be the effect of multiple Toolbars installed for IE. (WinOptimizer toolbar, AVG antivirus toolbar). I managed to uninstall AVG free antivirus 2011 with a uninstall tool from AVG website (Add & Remove Programs entry was corrupt).

Also I uninstalled Kaspersky Internet Security 2011. (I couldn't download instructions from the website, even if the connection was... Read more

Answer:Virus and Trojan Infections Virus.Win32.Nimnul.a Trojan.Win32.Lebag.agi

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

2 more replies
Relevance 49.2%

Hi, My laptop running XP has acquired the win32 virut virus.. i cannot log onto safe mode or normal mode. Everytime it says to enter in password at the xp log on page it says its loading personal settings and then logs me off. I cannot do system restore as the virus deleted it. All my .exe files have been affected!! What can I do from here? I do not have the XP disk so I can't even reload it!
Please help me fix this terrible mess!

Answer:Win32 virut! (Moved back to Windows XP)

I hate to be the bearer of bad news, but....

If Your system is infected with a polymorphic file infector called Virut.

Virut is capable of infecting all the machine's executable files (.exe) and screensaver files (.scr). However, the problem is that the virus has a number of bugs in its code, and as a result, it may misinfect a proportion of executable files and therefore, the files are corrupted beyond repair. As of now, security experts suggest that a clean reformat is the only way to clean the infection and it is the only way to return the machine to its normal working state.

Backup all your documents and important items (personal data, work documents, etc) only. DO NOT backup any executable files (softwares) and screensavers (*.scr). It attempts to infect any accessed .exe or .scr files by appending itself to the executable.

Also, try to avoid backing up compressed files (zip/cab/rar) files that have .exe or .scr files inside them. Virut can penetrate and infect .exe files inside compressed files too.

Aside from that, the only other thing I can think of is using a bootdisk such as Bart's PE, UBCD4Win or a Linux distro, and trying to access the drive and run some cleaning tools, or backup any valued documents before formatting the drive. If you don't have a Windows XP CD, nor a recovery partition as many manufacturers have (is this an HP, Compaq, Dell, Gateway, etc...?), then it seems your best course of action would be to purchase a Windows XP CD so you ca... Read more

4 more replies
Relevance 49.2%

the c:\ application cannot be run in win32 mode always appears when i click on my Drive C:\ and D:\ and sometimes it restart automatic when im using some application like ms word. i have scanned it with AVG, mcafee, quick heal but nothings happened. hope you could help me. thanks and more power.


HijackThis Log

Deckard's System Scanner v20071014.68
Run by Ms D on 2007-12-07 15:12:40
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2007-12-07 23:12:41 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 86% (more than 75%).
Total Physical Memory: 447 MiB (512 MiB recommended).


-- HijackThis (run as Ms D.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:17:34 PM, on 12/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.E... Read more

More replies
Relevance 49.2%

Hi, Im new to this site and i have a big problem! Its my problem...Backdoor.Win32.Bifrose.mq!
How to remove this from my computer now? Solution?
Thank you for your help!
Steve

Answer:Backdoor.Win32.Bifrose.mq [MOVED FROM WINDOWS]

G'Day Steve, Welcome to TSF!

I recommend that you go here; read and follow the instructions very carefully; then, post all the requested logs and information; as instructed, to here. (Just click on the coloured links.)

Once done, please be patient, as the Security Team Analysts are usually very busy; one of them will answer your request as soon as they can.

Good Luck with it.

Kind Regards,

15 more replies
Relevance 49.2%

I have this piece of adware on one of a device that I can not get rid of. Defender sees it and tells me that it has been cleaned but within a few moments Defender alerts me to it again. I need some help getting rid of it.

I have enclosed Trend Micro's Hijack This log. This machine was in really bad shape. I cleaned up over 90 viruses and contless other adware off of this machine. Just can not seem to get this last one. Any help is appreciated.

=============================================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:33:57 AM, on 10/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
C:\DOCUME~1\Owner\L... Read more

Answer:BrowserModifier:Win32/Fotomoto (moved from Windows XP)

Hi and welcome to TSF.

Please subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Add Subscription.

--------------------------------------------------------------

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
Please attach extra.txt to your post.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:C:\Deckard\System Scanner\extra.txt

Click Upload.
What DSS will do: create a new System Restore point in Windows XP and Vista.
clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut t... Read more

1 more replies
Relevance 49.2%

I have found viruses with AVG and AVG wont clean them because they are white-listed. The virus is win32/heur it has attached itself to all my svhost files. There is another trojan and I believe the file it effects is c:\windows\system32\drivers\etc\host. There is alot more going on.

I feel like I am being tricked into believing my system is safe. I have AVG antivirus only. my firewall is VISTA and I am convinced it is compromised. Can any one please offer me some insight.

I cannot connect to any of the usual scanner sites. I always get a page with "diagnose with windows" or something like that and when I press yes it always gives me an error message saying that windows cannot solve this problem and I should contact my internet service provider. I have tried Kaspersky, Housecall (trendMicro), PandaSoft, Norton (Symantec), and Mcafffe. I cannot connect to any of them online. But I get my google home page. I can type in anything else and browse any other websites. I have dds and hjt reports waiting and avg reports. I will post them toanyone who would like to help.

I also have my web search trying to creep up in my start up. Also, recently a do_not_delete_file is in my start up, registry entrys, and in windows system 32 folder. AVG did not find these other problems and weird files, I have simply whatched them pop up out of nowhere and see traces of them system event logs.

Answer:win32/heur hijacked my svhost [Moved]

What you describe sounds like malware issues, so I am moving this topic to the Am I Infected forum.

Orange Blossom

23 more replies
Relevance 48.79%

HiWanted to start off by saying you guys in this forum are awesome. Thanks for all your help and expertise, you guys are honestly a godsend. I say this because following someone else's case in the forums has helped me. I was on the verge of formatting and re-installing and now my computer is usable. Beginning with viruses that have been causing blue screens for the last three days, they have pretty much all stopped now. The only issue I have now is sometimes my computer would slow right down. Watching videos or listening to audio it would drag, stagger, pause. I have not used any other programs yet, so I haven't seen the effects in anything other than my internet browser. Perhaps the GMER scan took longer as well. Task manager shows cpu and mem usage as quite normal and not peaking.The steps I have used up to this point:1. Scanned with Microsoft Security Essentials. Detected Trojan:Win32.RimecudA2. Scanned with Kaspersky Rescue Disk. Removed quite a few things. I think I have logs.3. Scanned with Malwarebyte's Anti-Malware.It couldn't remove Trojan.Bubnix which appeared as a chmnoti.sys file in my Windows/System32/drivers folder. It would say it needed to restart the computer and upon restarting the file would still be in there.I moved it onto my Ubuntu desktop and it's still there atm. Probably not the best way to do it, but I'm going to assume it's not going to do anything sitting there for now.After this, the blue screens would still appear when... Read more

Answer:Disinfected Trojan.Bubnix and Rootkit.Win32.TDSS.tdl4. Still have Win32.Palevo

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

18 more replies
Relevance 48.79%

Hello Bleeping!
A few days ago I removed Norton AV and installed MSSE. MSSE detected Trojan Dropper: Win32/Sirefef.B and Rogue:Win32/FakeRean. For the past two full system scans MSSE has detected and removed the dropper, and the last scan (last night) detected the Fake Rean. The MSSE removals don't appear to be effective against the dropper. Another peculiar thing, when I installed MSSE a few days ago, it told me my firewall was not up, but when I go into MS Security Center it says that the firewall is "ON". Not sure if perhaps the Norton AV removal maybe wasn't complete and that I am getting "false positives", or if something is really there. My logs are as follows:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_30
Run by Eric at 16:37:09 on 2012-02-09
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3069.2216 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\syste... Read more

Answer:Infected with Trojan Dropper: Win32/Sirefef.B AND Rogue: Win32 Fake Rean

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

18 more replies
Relevance 48.79%

Hi, I need help in removing these viruses; please see dds.txt and attach.txt attached. I recently deleted a file: c:\program files\gateway\hpa\uninstal.exe - is this crucial to my computer? It said it was infected so I had Comodo remove it but I don't think that was ideal.
DDS (Ver_09-06-26.01) - NTFSx86
Run by Authorized User at 22:38:17.13 on Mon 07/13/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.298 [GMT -4:00]

AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\App... Read more

Answer:[email protected] & [email protected] among others

Hi, not trying to bump - can anyone help? ;x

3 more replies
Relevance 48.79%

I am requesting help on ridding my computer of the following that Kapersky online scanner picked up:

Trojan.Win32.Monder.cust
&
Packed.Win32.Katusha.g virus threats

I have been working with Webroot all day in getting rid of vundo and a couple of other problems but I still have these to contend with. Please advise on what I need to do to correct this problem so they may never show up again.

Thanks in advance. T8r

DDS (Ver_09-10-26.01) - NTFSx86
Run by Owner at 5:07:22.59 on Thu 11/12/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1237 [GMT -7:00]

AV: Webroot AntiVirus with Spy Sweeper *On-access scanning disabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}

============== Running Processes ===============

C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\WINDOWS\system32\Search... Read more

Answer:Trojan.Win32.Monder.cust & Packed.Win32.Katusha.g virus threats

Hello and welcome to TSF.

What's the location of the threat which Kaspersky is reporting?

You seem to have run or attempted to run Combofix. Please post the log it produced. It should be located at C:\Combofix.txt.

Reminder: Combofix should not be run without the supervision of a trained analyst as cited in our pre-posting page.


Quote:




Why we don't ask you to run ComboFix from the onset

As stated by the author of ComboFix:

ComboFix is a very powerful tool which when improperly used may render your machine to a doorstop.

We first need to verify if there's any rootkits present and how they could affect our tools. DDS & GMER are preliminary scans. We use their logs to map our strategy for attack.

With these logs we can determine the infections present & decide whether to deploy ComboFix.

9 more replies
Relevance 48.79%

"Deckard's System Scanner v20071014.68
Run by user on 2007-12-20 18:25:30
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2007-12-20 10:25:39 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 76% (more than 75%).
Total Physical Memory: 447 MiB (512 MiB recommended).


-- HijackThis (run as user.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:27:15 PM, on 12/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3S2.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\devices.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\WINDOWS\system32\ctfmon.exe
C:\... Read more

Answer:Constant pop ups - Win32/Oneraw!generic and trojan.Caiijing and Backdoor:Win32/Sivuxa

Bump pls

19 more replies
Relevance 48.79%

It appears that I may have the Internet Security 2010/trojan.win32/worm.win32.netsky/TrojanSPM/LZ (or whatever it's called) virus on my laptop and would greatly appreciate your assistance. When I turned it on the other day, it started giving me the below "Spyware Alert!" message followed by the below "WARNING" message after I logged in. My desktop background had NOT changed, as I've seen other people report. I (stupidly) tried to start removal of the virus without your assistance by deleting some of the suspected files and got caught in the Login/LogOff loop. I am now able to get logged in after following the advice here: http://windowsxp.mvps.org/peboot.htm (Thanks to BartPE, What a great tool!). Now, when I try to launch most any (I hesitate to say ALL) applications, even the Task Manager, I get the "WARNING - Application cannot be executed. The file is infected. Please activate your antivirus software." message.When I ran DDS it did not automatically open the logs in Notepad, even though I still have the "WARNING - Application cannot be executed. The file is infected. Please activate your antivirus software." message open so that I could get DDS to launch. (I saw this suggestion somewhere as a work around.) Instead I found them in "C:\WINDOWS\Temp" and have provided them here. Also worth mentioning, I noticed that there were two additional files with the same date/time stamp in the &quo... Read more

Answer:Possible Internet Security 2010/trojan.win32/worm.win32.netsky/TrojanSPM/LZ

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

35 more replies
Relevance 48.79%

I ran a suspicious file (I know, stupid of me). 
 
At any rate, when I uploaded to virustotal and a couple other sites, it came back with around 18% of the scanners finding a potential threat.
 
Some of the possible names are in the post title.   I'm not seeing any unusual activity, just the scanner reports.
 
Thanks for any help.
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by User1 (administrator) on User1S_PC on 04-04-2015 16:01:38
Running from C:\Users\User1\Downloads
Loaded Profiles: User1 (Available profiles: User1)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(ELAN Microelectro... Read more

Answer:PUA.Packed.Armadillo, Trojan.Win32.Generic!BT, Win32.Troj.DeepScan.a.(kcloud)

Hello gatsby0121 and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.
Before we move on, please read the following points carefully.
Please complete all steps in the specified order.
Even if tools don't find malware, I want you to post the logfiles anyway.
Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
Don't install or uninstall software during the cleanup unless you are told to do so.
If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
Please reply to this thread. Do not start a new topic
As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
Please open as administrator  the computer. How is open as administrator  the computer?
Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and th... Read more

20 more replies
Relevance 48.79%

The following are in the Zone Alarm Pro quarintine:Trojan-Downloader.JS.ListensEvent.b**Trojan-Downloader.Win32.Inject.akvwPacked.Win32.Krap.aeExploit.Win32.pidief.bxlHijackThis Log: (firewall temporarily disabled)DDS (Ver_09-10-26.01) - NTFSx86 Run by name at 13:33:39.39 on Mon 10/26/2009Internet Explorer: 7.0.5730.13Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1230 [GMT -4:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}AV: ZoneAlarm Extreme Security Antivirus *On-access scanning disabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}FW: ZoneAlarm Extreme Security Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Intel\Wireless\Bin\S24EvMon.exesvchost.exesvchost.exeC:\Program Files\CheckPoint\ZAForceField\IswSvc.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Bonjour\mD... Read more

Answer:Multiple Infections, 2 Trojan-Downloaders, Packed.Win32, Exploit.Win32, Unknown others

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results.Follo... Read more

10 more replies
Relevance 48.79%

It appears that I may have the Internet Security 2010/trojan.win32/worm.win32.netsky/TrojanSPM/LZ (or whatever it's called) virus on my laptop and would greatly appreciate your assistance. When I turned it on, it started giving me the below "Spyware Alert!" message followed by the below "WARNING" message after I logged in. My desktop background had NOT changed, as I've seen other people report. I (stupidly) tried to start removal of the virus without your assistance by deleting some of the suspected files. Now, when I login, it immediately logs off. (This happens regardless if I "Start Windows Normally" or go into "Safe Mode") Obviously, before I can post/attach a DDS or HJT log and begin the process of removing the malware, I will need assistance getting logged in. Thanks in advance for your assistance.

============================================

Spyware Alert!

Security Warning!

Worm.Win32.NetSky detected on your machine.
This virus is distributed via the Internet through e-mail and Active-x
objects.
The worm has its own SMTP engine which means it gathers e-mails
from your local computer and re-distributes itself.
In worst cases this worm can allow attachers to access your
computer, stealing passwords and personal data.
Viruses can damage your confidential data and work on your
computer.
Continue working in unprotected mode is very dangerous.
Type: Virus
System Affected: Windows 2000, NT, ME, XP, Vi... Read more

Answer:Possible Internet Security 2010/trojan.win32/worm.win32.netsky/TrojanSPM/LZ

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum so we can get you started. ~ OB

3 more replies