Computer Support Forum

Solved: Bulk Image Downloader?

Question: Solved: Bulk Image Downloader?

I'm working on a project right now but I've run into a problem. I have a CSV list of URLs for around 700 images and I need to download, resize, and rename them all. Manually this will take way too long for the project to be practical in any way by downloading each URL one at a time.

Is there a program out there that can take a list of image URLs and auto download them all? Would be a huge help if anyone knows of one. I've tried searching for one but all the one's I've found only work one URL at a time.

I'm new to these forums so if this is in the wrong forum let me know.

Relevance 100%
Preferred Solution: Solved: Bulk Image Downloader?

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Solved: Bulk Image Downloader?

7 more replies
Relevance 86.1%

Hi!

I am looking for a FREE bulk image downloader program or chrome extension that will not crash my browser.

I want to use the program/extension to quickly download the pics I've shared on Facebook and Tumblr. Because it would take HOURS to go through and download each one by one.

I've tried a few extensions already, but each of them crashed chrome because they tried to save them by opening a "save as" window for each. So I need a program that allows you to save them into a folder or into compressed file/folder so that it doesn't crash my browser or my computer.

Any ideas??
 

Answer:Looking for a free Bulk Image Downloader

Most of these sites have protected the images from be downloaded in the manner you wish.

Have tried contacting "Support" of these sites and see what they have to say?
 

1 more replies
Relevance 61.09%

Hey, I'm in search for a program that can download all the images from a specified thread on a forum including all of the pages withing that thread. Possibly some program out there than can search within thread ID's? It would need to be able to download picture embeds. I've tried a few programs with little success(webripper-crashes or randomly goes off to different pages/threads and only detects maybe 1 or 2 pages. Imageripper-just doesnt work with threads, download them all addon doesnt work either).

Anyone know of a good program that can achieve this task for me? Thanks
 

Answer:Solved: Thread Image Downloader

11 more replies
Relevance 59.86%

I've got a little problem.....i have a folder with a LOT of images (.jpgs).

I need to resize them ALL. The only way I can figure out doing this is opening them one by one in my image editor, resizing, saving, going to the next one.

With several hundred images, I would love to be able to do this in bulk. They all will be the same size when I am done with them.

Can this be done?

Answer:Image Resize (in bulk)

http://www.faststone.org/

Check out the Image Resizer, it has a batch mode that is pretty awesome, yay for freeware.

3 more replies
Relevance 59.45%

I've found quite a few programs that will resize images in bulk, but none of them will quite do what I'm looking for.

I need to convert a number of images with various sizes (175x25, 140x100, 110x50, etc.) into 250x250. However, I don't want to stretch the original image, just add white trim around the outside of the image to make it 250x250. Any software I've found will only stretch the image. I can't do each image individually, because I have over 30,000 of them to go through. Does anyone know software that would do that in bulk?
 

Answer:Bulk Image Resizing Software

How about this Microsoft power toy?
http://download.microsoft.com/download/whistler/Install/2/WXP/EN-US/ImageResizerPowertoySetup.exe

Just select the images you want then right click resize.
 

6 more replies
Relevance 58.63%

Does anyone know of an app in which you can automatically reduce the file size of, say, 30 images all in one go rather than having to reduce each one separately?I've quite a few images which I want to put into a photo gallery. The first one I looked at was over 1 MB which I'm sure is too big for a web page!

Answer:Bulk reduction of jpg image file size

Ifanview click here

2 more replies
Relevance 58.63%

I'm looking for a program that can add a watermark to images in bulk. This isn't the standard watermark where it is overlayed onto the existing image. I want to be able to add, say, 50px to the bottom of the image canvas and write the watermark there on the new white space.Freeware would be nice but anything will do.

Answer:Good program to add a watermark to image in bulk?

I haven't used this or any watermark programs, but this one surely warrants a look: http://www.watermarkfactory.com/

5 more replies
Relevance 58.63%

I have a ton of BMP's I want to change to JPEG's.

I searched and found a few different programs but I thought I would check here for some suggestions. I don't really need anything with a lot of bells and whistles, just something that's good quality, easy to use, and free.
 

Answer:Mass/Bulk Image Converter Program

Blown Cap said:


I have a ton of BMP's I want to change to JPEG's.

I searched and found a few different programs but I thought I would check here for some suggestions. I don't really need anything with a lot of bells and whistles, just something that's good quality, easy to use, and free.Click to expand...

ImageMagick makes it very easy from command line, and being command line there are no bells and whistles.

When installed and the DLL is registered you have all the commands available from command line, no need to start any programs to do graphics manipulations, tons of options if you read up on it on ImageMagick.org.

What you want would be as simple as opening a command prompt, go to the Dir with your pics, and type...
Code:
mogrify -format jpg *.bmp
...and that's all.

But as said, it can do MANY other things, if you read up on it.
 

7 more replies
Relevance 58.22%

Apologies - the Urgent in this is only because I'm unsure whether any action may need to be done before I close down in about 6 hours or so.

Basically my problem began in Picasa 3 where I watched a short vid then decided to change the filename. That done I closed the preview & went back to the main program where I discovered that Picasa had somehow decided I wanted the entire folder of images renamed so it has worked through the 500+ images and renamed each one as Filename001, Filename002, Filename003 and so on which as you can appreciate is now causing somewhat of a major headache for me. It would take me a good few hours I would rarely have to go through and rename each one manually, so my question basically is - is there any method or program that can undo the action as I can't find any means of doing so from within Picasa. All other options I've found in my searches are mainly to achieve pretty much the same i.e. bulk rename as Name1, Name2 etc so are of little help.

Anyone any suggestions what else I could try?

Answer:Urgent help needed - how to revert a bulk image name process?

I assume you don't have a Backup to fall back on. I use these two bulk renaming tools. You can see if they help. This is drop dead simple to use - http://www.fauland.com/af5.htm
This one has a more complicated interface but a couple other options - http://www.joejoesoft.com/vcms/108/

3 more replies
Relevance 55.76%

There is a case, where i have bulk of user names and bulk of flat files(.txt files). I have to search each and every user name in all the flat files and if the user found it should picked up. I have to repeat this for all the user names. Is there any possibility of doing this in an easier way.. Please help..

More replies
Relevance 50.43%

First of all would like to say hi to everyone at TSG!

Have been referred to this while using McAfeeHelp, my system is infected with New Malware.j / Generic Downloader.f & Downloader-AYL.

Every time i start my browser, McAfee pops with messages of files infected by the above. It is able to delete files infected by Generic Downloader.f & Downloader-AYL but no the ones by New Malware.j. My system's 'TASK MANAGER' is not working. I get a message that 'Task Manager has been disabled by your administrator'.

Have tried scanning with Spyware Doctor 2.0.1.143 & Ad-Aware SE Personal but of no help. Reading the previous threads, have downloaded HijackThis. Kindly assist, find below the log file of HijackThis.

Logfile of HijackThis v1.99.1Scan saved at 2:35:07 PM, on 1/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\s... Read more

Answer:Solved: Help Removing Trojans : New Malware.j / Generic Downloader.f / Downloader-AYL

13 more replies
Relevance 50.43%

hi my friend is with bt​ broadband and he receives​ about 100 spam emails a day but bt​ put them into a bulk folder he does not open them just deletes​ them but what can he do to stop receiving​ them at all
 

Answer:Solved: bulk & spam

There are many tools and programs that will attempt to stop spam, there are also services you can sign up that filter your email before it hits your email server.

However they cost and there is no real need if it is already being filtered off in to a junk folder.

Why is it that he doesnt want them in the bulk/junk folder?
 

2 more replies
Relevance 50.02%
Question: Image downloader?

It's very tedious to download each image by itself if I find an interesting web gallery. But I have yet to find a good prog that does the job. Tried Image Downloader, Black Widow (?) and a couple of others. Any tips? Preferably freeware, but if it's a good prog I'm even willing to pay for it...
 

Answer:Image downloader?

I know of some offline browsing software that can d/l all types of files (not only image files). Hope you find them useful:

Teleport Pro (http://www.tenmax.com/teleport/pro/home.htm) -
This one's commercial.

wget (http://unxutils.sourceforge.net/) - This is actually a tool written for Linux/UNIX platform but it's ported to Win32. Freeware of course. But lacks a nice GUI for you to use.

Not sure if that's what you're looking for.
 

5 more replies
Relevance 50.02%
Question: Image Downloader

Is there an easy way to download all the images on a Photobucket-like page? I've tried "DownThemAll," but that only brings back the thumbnails, which are of little use to me.

Thanks.
 

Answer:Image Downloader

Are you using Firefox as your browser or something else?

Peace...
 

3 more replies
Relevance 50.02%
Question: Image Downloader

Does anyone know of software that will crawl through a webpage and/or web site and download all images on the pages? I am trying to save multiple pages worth of pictures for a scrapbook I am keeping, this would save me LOTS of time (hopefully). Any suggestions?

Thanks!
 

Answer:Image Downloader

caniac,

You know I don't know if there is or not.

If you want the images you can go to each site and right click to save them or go to the cache folder and get them from there.
 

3 more replies
Relevance 49.61%

Hiya

Im thinking of adding a field in my database which will have the customers email addresses. I was wondering if theres a shortcut/easy way to send a bulk email using this data i would have on the database. I dont want to spend ages going back through the 100 + orders ive already entered adding their email if im going to have to copy and paste each one into a new email message.

I know i can add them to outlook into a group quite easily which is what i will probably end up doing but is there a way to do it using access?

thanks in advance
Arron
 

Answer:Solved: Access Help - Bulk Email

14 more replies
Relevance 49.61%

My ISP has notified me twice that bulk emails are being sent via my modem. They said if it happens again my internet will be shut off until I have proof of my computer being cleaned by a professional. I'd rather avoid that and take care of it myself. I ran Spybot and found various malware/spyware. Then I ran PC Tools Antivirus. It found over 100 infections, most of which were worm.P2P.BThree.B.Gen. I ran PC Tools Antivirus again today and it found about 10 infections by the same name. I have included my HJT log file below. Thanks for any help you can offer!!
-L

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 9:00:42 AM, on 8/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\3ware\3DM\3dmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\Cursors\aolspy.exe
C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\Program Files\Prevx2\PXConsole.exe
C:\Program Files\PC Tools AntiVirus\PCTA... Read more

Answer:Solved: Bulk email being sent via my modem

14 more replies
Relevance 49.2%

My ISP (rogers) joined with Yahoo so instead of checking my email online through webmail I now have to use Yahoo.

I normally use Outlook Express though and I was wondering if there is any way to block the bulk folder from downloading onto my computer. I only want the contents of the inbox.

I looked on the yahoo site and couldn't find anything and there is no point calling my ISP, they're mostly idiots there anyway.

If anyone knows that would be great. Thanks.
 

Answer:Solved: Yahoo email bulk folder

9 more replies
Relevance 49.2%

Greetings all,

I have a bulk send email software that keeps stalling at about 100 or so. I have goten back with the vender but they are slow to reply.

Here is my question. When I turn on the computer I get alot of error messages that say This function has performed an illegal operation and will be shut down.

I exit each one of those to get to where I can flow online.

then when I am using the bulk email software, and I have two different kinds they stop mid way and read as follows.

Is it the software or the computer. I use windows 98

DS2000 caused an invalid page fault in
module WSOCK32.DLL at 0167:75fa9c2f.
Registers:
EAX=75fa9b55 CS=0167 EIP=75fa9c2f EFLGS=00010246
EBX=75fa9aba SS=016f ESP=006e0000 EBP=75ba802d
ECX=00000000 DS=016f ESI=75fa9b5f FS=0dff
EDX=0129c014 ES=016f EDI=0129c01e GS=0000
Bytes at CS:EIP:
e8 fb ff ff ff cc 20 01 00 43 3a 5c 57 49 4e 44
Stack dump:
75fa9c34 75fa9c34 75fa9c34 75fa9c34 75fa9c34 75fa9c34 75fa9c34 75fa9c34 75fa9c34 75fa9c34 75fa9c34 75fa9c34 75fa9c34 75fa9c34 75fa9c34 75fa9c34
What should I do ?

GlobalExportN
 

Answer:[SOLVED] Bulk Email Utility software

15 more replies
Relevance 48.79%

Can someone recommend a good free program that will batch download images? I'd like to be able to get wallpapers from sites w/o having to click on each thumbnail and then saving the images individually. I've tried a couple of programs but they didn't work very well. Thanks!

Answer:Free Batch Image Downloader?

A lot of websites prohibit the use of such tools because of bandwidth concerns. What website are you wanting to get the files from?

8 more replies
Relevance 48.79%

I am creating a new website for my photography business. It is only a hobby so I don't want to spend a fortune on it. The last step for me is to copyright my images. I need to create coyright watermarks on all images. I've only seen free wtermark software that does one picture at a time. I have thousands of images so need a batch or bulk watermark software. I prefer to download it as well. Not go through some watermark website each time I do watermarks.
 

Answer:Solved: Free Bulk Watermark Software? Does it exist?

12 more replies
Relevance 47.56%

I found an answer to this question at Yahoo Answers. But the answer was given in 2010 and the answer no longer works-options listed in response do not exist. I assume yahoo updated their software and now there is a different way to save the emails in bulk.

So do any of you techies know how to save yahoo emails in bulk to a PC hard drive with the current yahoo software?
 

Answer:Solved: Is there a simple way to save my yahoo emails IN BULK to my PC hard drive?

Got my answer from another website. For those of you asking the same question here is where I found my answer. http://www.brighthub.com/computing/windows-platform/articles/70977.aspx
 

1 more replies
Relevance 47.56%

Dear Friends,
I am getting atleast 50 delivery failed messages daily in my yahoo account.The recipient remains same but the attatchment name changes.I have attatched a file to describe the contents.
Request Help. Regards, Shrikant
 

Answer:Solved: Receiving Bulk Mail in Yahoo with subject Delivery Failed

hi there, ignore these messages, don't open them just kepp deleting them until they stop!
 

2 more replies
Relevance 47.56%

Norton picks these up as viruses. It appears to delete them. When i go to yahoo mail, it has problems opening up mail, and then tells me that my computer may be infected. It wants me to run some type of scan program. How do I remedy all of this. My virus defs are up to date. This particular time it wants to run "winxdefender". HELP!!
 

Answer:Solved: Downloader and Downloader.MisleadApp

16 more replies
Relevance 43.05%

I have Corel Photo House and Photoshop 4 photo editing software. I don't really use them a lot, and admit that I'm not very good at doing most things. One thing I've had occasion to do lately is to take a person from one image and copy it to a second image. The problem is that it takes a really steady hand, and patience, to trace around the outline of what I want to copy. I try to facilitate this by slowing my cursor to crawl speed, but I still have trouble accurately following the subject's outline.

Is there software -- preferably freeware -- that has an easy way of transposing/copying portions of an image?
 

Answer:Solved: How to copy portions of an image and paste in a second image?

9 more replies
Relevance 40.59%

I think i got some kind of virus. My AVG has this virus in the vault i cant remove or heal and i dont know what to do to get rid of it. JS Downloader.Agent When i click to heal it i get an error message sayin Action failed error while handling file C:\users\biganthony\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\57woldmk\search[4].htm So if anyone knows what to do please help me. I got windows vista home basic 32 bit version with AVG 7.5 free version i got Zonealarm and superanti-spyware and spybot and windows defender. I also ran ccleaner and on internet deleted everything temp files cookies addons history saved forms everything.
 

Answer:Solved: Solved: I think im infected,JS Downloader.Agent, Please Help!!!!!

14 more replies
Relevance 40.18%

I'm looking for a downloader that is faster and resumable.
My friend suggested Download Accelarator Plus to check out but
this **** brings lotta ADs with it and slows down the download.

Any download that overcomes these problems?
 

Answer:Solved: Looking for a best downloader

10 more replies
Relevance 40.18%

Please help with purging Downloader-YK, McAfee keeps finding virus files when opening internet pages. After deleting they keep coming back. Have Adaware and Spybot also.

Logfile of HijackThis v1.99.1
Scan saved at 3:38:12 PM, on 03/05/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINNT\system32\spool\DRIVERS\W32X86\hpoopm07.exe
C:\WINNT\system32\ezSP_Px.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\WINNT\system32\internat.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:... Read more

Answer:Solved: Help with Downloader-YK

11 more replies
Relevance 40.18%

I have been trying to get rid of the downloader_ASI for months now to now avail. I have Mcafee virus scan, but I keep getting the "virus found" pop up and it keeps deleting it (and then it reappears later). My windows explorer also keeps crashing. I have tried running my virus scan in safe mode but get nothing. All I know is it keeps finding it in the registry. When I turn off system restore it doesnt appear. I went to the Mcafee site and nothing worked. They recommended using hijackthis and posting it here. I have attacked some pics of the virus mssgs. I have tried searching the post but couldnt find anything with downloader ASI, but a million things with downloader. here is my hijackthis log
Thanks in advance

Logfile of HijackThis v1.99.1
Scan saved at 5:52:53 PM, on 8/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
... Read more

Answer:Solved: Downloader ASI - cannot get rid of

13 more replies
Relevance 40.18%

Hi,

I got some trojans and junk on my computer and I think that I have removed the bulk of them, but I still get some (broken) pop-ups and McAfee keeps detecting Downloader-RK associated with two files but it can only delete one of them. I have run many anti-virus programs in addition to McAfee, Ad-Aware, Spybot S&D, and I have had no luck removing these remaining annoyances. Version 1.99 of HijackThis gives me an "encountered a problem..." error before it finishes scanning that I understand so far is not fixed, so the following log is from the previous version and I would appreciate if anyone could interpret it.

Logfile of HijackThis v1.98.2
Scan saved at 9:56:12 PM, on 2/5/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\niSvcLoc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nipalsm.exe
C:\WINDOWS\system32\nipalsm.exe
C:... Read more

Answer:Solved: downloader-rk, pop-ups

12 more replies
Relevance 40.18%
Question: Solved: downloader

Hi Guys i wonder if anyone could help.My daughter who lives in Australia myself, i live in the UK has a problem, a couple of trojans. Generic zlob.AENH and zlob.AENF.Oh and fraudload.AS. Ive told her to do a scan with malwarebytes.Just wondered if anyone knew anything about them.And if ther's anything else i should tell her.Thanks Guys.
 

Answer:Solved: downloader

This is a known infection where fake security alerts appear in your taskbar stating that you are infected. These alerts tend to be accompanied by a rogue anti-spyware program installed on your computer without your consent. Clicking on one of these fake security alerts will either bring you to a home page where you can purchase other fraudulent software or will install automatically, without your permission, one of these software.

Are you still having problems with the infection?
 

3 more replies
Relevance 40.18%

I have these popups that will not go away I have sybot S&D and NoAdware on my pc they do nothing for this . I also have been reading on this forum about downloader.GK the post i seen said to run safe mode then run Hijackthis.exe show all hidden files and folders and empty all temp files and to look for these things in Hijackthis.

Run HJT again and put a check in the following:

O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - (no file)
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
-------------------------------------------------
But none of these are there so here is my log file. will someone please tell me what i need to take out
------------------------------------
Logfile of HijackThis v1.97.7
Scan saved at 1:24:30 AM, on 8/14/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program ... Read more

Answer:[Solved] downloader.GK help

7 more replies
Relevance 40.18%

Hi there. I came across these forums while doing a search for a fix!

I read a thread from awhile back that said to download "Hijackthis". I have done that and have the log saved.

Panda found this nice little trojan hiding in my puter this morning and of course can't get rid of it. I have no idea what to do so here is my log:

Logfile of HijackThis v1.98.2
Scan saved at 11:39:02 AM, on 10/12/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\zvnmqs.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jucheck.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http... Read more

More replies
Relevance 40.18%

Hello flrman1

I have run into the same problem with this Downloader GK Trojan. Picked it up last night surfing , of all things, "Canadian Navy sites"

Would you take a look at my logs and let me know if the above suggestions would be the solution for me also.

I have tried to do a system restore to 2 weeks ago and then purged system restore all to no avail. AVG does not find this virus, But Panda online scan does and will not clean it.
 

Answer:Solved: Downloader.GK

11 more replies
Relevance 40.18%

Hello,
I am aware many people have this trojan. I must've gotten it while surfing the web. Panda Active scan detected Trj/Downlaoder.gk on my computer but doesn't give the option to delete it. The trojan seems to have disabled me from viewing "My computer, My documents" or anything involving windows explorer, I recieve :"Window's explorer has encountered a problem and needs to close." I have read old posts and have d/led hijack this and copied the log below. Please provide advice on how to get rid of this trojan. Thanks alot in advance, it is very much appreciated

Logfile of HijackThis v1.98.2
Scan saved at 1:49:39 PM, on 10/7/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\System32\tjnlwi.exe
C:\Documents and Settings\Chris\Application Data\ttuh.exe
C:\Program Files\Mes... Read more

Answer:[solved]TRJ/Downloader.GK Please Help!

14 more replies
Relevance 40.18%

Hi,

My AVG anti-spyware kept detecting Downloader.aqm the last few days.. I deleted it thru avg but it keeps showing up.. how do I get rid of this spyware/virus?? Below is the hijack log:
Logfile of HijackThis v1.99.1
Scan saved at 12:28:29 p.m., on 6/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Prevx1\PXConsole.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\System32\svcho... Read more

Answer:Solved: Can't seem to get rid of downloader.aqm.. please help

16 more replies
Relevance 39.77%

I appreciate all the help anyone can provide me in cleaning up my computer!I'm running WinXP SP2 with AVG Anti-Virus. With-in AVG's Vault I currently have 22 various Trojan Horse viruses, of three types:Trojan Horse Clicker.SXT with Path = C:\WINDOWS\system32\23lbM227.dllTrojan Horse Downloader.Generic8.ENX with Path = D:\DOCUME~1\Elliot\LOCALS~1\Temp\<-8 random letters->.exeTrojan Horse Downloader.Zlob.AGWB with Path = D:\DOCUME~1\Elliot\LOCALS~1\Temp\<-8 random letters->.exeLogfile of random's system information tool 1.04 (written by random/random)Run by Elliot at 2008-11-28 10:37:56Microsoft Windows XP Professional Service Pack 2System drive C: has 5 GB (5%) free of 95 GBTotal RAM: 511 MB (14% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:38:06 AM, on 28/11/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Java\jre1.6.0_05\bin\jusched.exeC:\PROGRA~1\AVG�... Read more

Answer:Infected with Trojan Horse Clicker.SXT, Downloader.Generic8.ENX and Downloader.Zlob.AGWB

Hi,* Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPost the log from ComboFix when you've accomplished that, along with a new HijackThis log.

8 more replies
Relevance 39.77%

Orbit told me I should update their software so I did. Afterwards the "oneclick youtube downloader" was missing from firefox, which is fairly useful when downloading videos etc. I can't find it in the addons at firefox.com. Any ideas?

Thanks.

More replies
Relevance 39.77%

Hi, I have just rebooted my computer and avg is picking up the trojan mentioned in the title, when it is removed there is a second one that comes from the recyclers folder, it is called dropper.Generic.bygt.dropper. They bsre one has just returned from the system volume information folder so I'm kind of worried they are not being cleared properly by avg. Thanks for any help you can give with this.



DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 20:35:44.85 on Tue 06/08/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.83 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\WINDOWS\Mixer.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Innovative Solutions\DriverMax\devices.exe
C:\Progra... Read more

Answer:Recently rebooted computer finds Trojan horse downloader downloader.generic9.bsre

BUMP please

10 more replies
Relevance 39.77%

I'm infected with the Downloader -FM trojan. Attempts to remove with McAfee and Adaware have failed. Here is a copy of my
Hijack This log file.

Any help would be greatly appreciated.

Logfile of HijackThis v1.97.7
Scan saved at 4:44:06 PM, on 1/24/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\HP CD-DVD\UMBRELLA\HPCDTRAY.EXE
C:\WINDOWS\SYSTEM\DLA\TFSWCTRL.EXE
C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\AD-WATCH.EXE
C:\WINDOWS\SYSTEM\HPZTSB05.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\ptsnoop.exe
C:\PROGRAM FILES\IOMEGA\DRIVEICONS\IMGICON.EXE
C:\PROGRAM FILES\DIGSTREAM\DIGSTREAM.EXE
C:\WINDOWS\SYSTEM\HPHMON04.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFTRAY.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\HPHIPM11.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFAGENT.EXE
C:\PROGRAM FILES\DIGIPORTAL SOFTWARE\CHOICEMAIL\CHOICEMAIL.EXE
C:\PROGRAM FILES\DIGIPORTAL SOFTWARE\CHOICEMAIL\IZYMAIL.EXE
C:\PROGRAM FILES\ABOUTTIME\A... Read more

Answer:[Solved] Downloader -fm trojan!

16 more replies
Relevance 39.77%

can someone help me with this....i think i cleaned this dumb thing up, but then another trojan popped up on my d:\ storage drive.

Logfile of HijackThis v1.98.2
Scan saved at 7:02:20 PM, on 12/8/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG6\avgserv.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG6\avgcc32.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Documents and Settings\Brent\Application Data\nrns.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HijackThis.exe

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_1/home.html"); (C:\Documents and Settings\Brent\Application Data\Mozilla\Profiles\default\s0fpnk84.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchpl... Read more

Answer:Solved: Downloader.agent.5.e

9 more replies
Relevance 39.77%

I have tried several down loaders for videos and have not been able to save a video on the web from Yahoo. Is there a special one for these videos? http://autos.yahoo.com/blogs/motora...merica-most-beautiful-roadster-224020534.html. Thank you for your input.
 

Answer:Solved: video downloader

unfortunately that would violate the Terms Of Service (TOS) for Yahoo videos, so I will have to close this thread.

thanks for understanding,

v

**it is a pretty sweet ride though**
 

1 more replies
Relevance 39.77%

Hello people , I use Windows XP Service Pack 2. I have a problem that really bothers me. My AVG Anti-Virus is detecting an Trojan Horse each time I boot my computer, the trojan complete name is : Downloader.Generic2.AHR. My AVG could'nt not solve this problem even if I put the infected file into the Vault section. I have used Ewido Anti-Spyware with Windows Safe Mode , I did'nt found anything even with Ad-Aware and Norton neither. Here is my hjt logfile in Normal Mode:

Logfile of HijackThis v1.99.1
Scan saved at 2:23:14 AM, on 6/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\nahn\Application Data\?icrosoft\m?iexec.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Symantec\LiveUpdate\ALUSch... Read more

Answer:Solved: Please Help Me with Downloader.Generic2.AHR

11 more replies
Relevance 39.77%

I just tried to open a website that I use all the while.
The website is TalkAwhile.co.uk

I took a screen dump and have uploaded two files for you to look at.

I got a screen with a hijack message (see attachment)
The resident sheild cam eup with a virus alert so I put it in the vault (see attachment).

Is this a problem on my machine or a problem with the website that I am trying to access. Its a folk music forum website.

Thanks for any help you can provide.

Running Vista, with AVG8, Spyware Doctor, NoAdware plus have firewaal and a firewall on the modem/router.
 

Answer:Solved: JS/Downloader Virus - help please

From what I understand now, the website has been hacked. But how and why does it seem to be affecting me?
 

2 more replies
Relevance 39.77%

Hi, I'm going to get and copy in the hijackthis log later when i'm back from work but last night used the panda software scan which detected 'downloader.gk' virus- 8 files infected and 5 disinfected after the panda -scan. I'm getting the 680180.net pop ups regularly and IE crashes on many websites, would be interested to know if are these two bugs are one of the same thing or seperate entities?! Windows 2000.

Back later

Al
 

Answer:[solved]680180.net/downloader.gk

12 more replies
Relevance 39.77%

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:01, on 2008-08-29
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Expl... Read more

More replies
Relevance 39.77%

i have clean this computer from this before from help i got from the site but for some reason its back!! i dont visit porn sites or anything else that could have things attached to web sites. please help here is my HJT log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:42:55 PM, on 10/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\security\aim6.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program ... Read more

Answer:Solved: Cant get rid of trojan downloader!!!

16 more replies
Relevance 39.77%

I'm having some trouble getting rid of a trojan downloader. This all started when I discovered an infection with Webbuying, htepo.com and Vundo. Originally the problems involved constant pop ups and multiple security alerts.

I was able to get rid of Webbuying and htepo.com, but one Vundo still exists and is resistant to VundoFix. And then of course, the trojan downloaders started showing up when I scan with SuperAntiSpyware.

I also know that the Registry, Shell and about a half a dozen .dll files were all modified or added the same day at the same time (11-6-07 at 4:16 p.m.), which coincides with when my husband said he began to have problems with the computer. Any help would be greatly appreciated.

Here's the log from that:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/10/2007 at 10:08 AM

Application Version : 3.9.1008

Core Rules Database Version : 3340
Trace Rules Database Version: 1341

Scan type : Complete Scan
Total Scan Time : 00:49:45

Memory items scanned : 481
Memory threats detected : 1
Registry items scanned : 6167
Registry threats detected : 5
File items scanned : 42190
File threats detected : 3

Unclassified.Unknown Origin/System
C:\WINDOWS\SYSTEM32\GEBYV.DLL
C:\WINDOWS\SYSTEM32\GEBYV.DLL

Trojan.WinFixer
HKLM\Software\Classes\CLSID\{359FA335-F0A1-43CD-A4B7-A1AE54792EBD}
HKCR\CLSID\{359FA335-F0A1-43CD-A4B7-A1AE54792EBD}
HKCR\CLSID\{359FA335-F0A1-43CD-A4B7-A1AE54792EBD}\InprocServer32
HKCR\CLSID\{359FA335-F0A1-43CD-A4B7-A1... Read more

Answer:Solved: Trojan.Downloader

Logfile of HijackThis v1.99.1
Scan saved at 10:29:01 AM, on 11/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\Sony\Giga Pocket\shwserv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LxrJD31s.exe
D:\PROGRA~1\MOVIEL~1\MOVIEL~1\MOVIEL~1.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\VAIO Media Integrated Server\GPDBWatcher.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\program files\support.com\client\bin\tgcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\CA\eTrust EZ Armor\eTr... Read more

3 more replies
Relevance 39.77%

Hi,

My PC has been infected with the ucleaner popup problem. I tried to fix the problem by using the instruction in some of these posts and think i got it off BUT I havent been able to rid my PC of the downloader (?) (red screen with a re-direct to the softwarereferral site on IE). It seemed some of the instructions were specific to each case and i'm hoping somone can help diagnose where I've gone wrong or let me know what i need to do to fix my PC.

I'm running windows XP.

Any help is greatly appreciated!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:35:19 PM, on 13/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundl... Read more

Answer:Solved: Ucleaner and Downloader

14 more replies
Relevance 39.77%

I have norton antivirus 2004, and i recently scanned for viruses. It found a file called hxpqzotx.dll, so I checked it out on the norton website. They told me that it was the downloader.mscache virus, and gave me instructions to remove it. I did everything they said. I disabled system restore, updated the virus definitions, disconnected from the internet (i have a broadband) restarted the computer in safe mode, but here's where I had trouble. It told me to unregister the browser helper object, and when i tried to do that, i kept getting an error message saying that the file was not found ( I fixed that ) but then when i got the file name right, it told me that "the browser helper object could not be opened or modified" or something. So I kind of ignored it, and moved on. Next the symantec website told me to run a full system scan and delete any files called downloader.mscache. I did that, and since i found the virus in the temporary internet files folder, i cleared that. I then restarted the computer in normal mode, and noticed that my cpu usage is still about 25%, even when i'm not doing anything. I don't think i got rid of the virus becuase my cpu usage is still so high. Anyone else have a take on this? Also, i am running windows xp, and norton antivirus 2004.
-Luke
 

Answer:[Solved] Downloader.MScache

11 more replies
Relevance 39.77%

Don't mean to hijack this thread, but I am having the exact same problem. Should I try the same steps as Cdeuskar & post here, or open a new thread all together?

Again, apologies for disrupting the thread...
 

Answer:Solved: downloader generic2.ahr

16 more replies
Relevance 39.77%

Hi. I am running windows 98 version 2. I recently ran a full virus scan and was told by my norton antivirus that i had a downloader trojan. It gave me the following message after telling me it couldnt fix, quarantine or repair it 'The compressed file eied_s7_c_80.exe within C:\eied_s7.cab is infected with the Downloader.Trojan virus.'. I wonder if you could explain in laymans terms how i can remove this virus from my system as i cannot understand the norton instructions. Cheers
 

Answer:Solved: Downloader trojan

16 more replies
Relevance 39.77%

Good Morning, Ive been playing around with trying to get rid of downloader.mscache for about a week or so. Norton identified it, but can't get rid of it and their instructions don't work. Tried downloading just about every trojan remover on the planet but no luck here.

Listed below are the two pathways where the trojans reside and my log from HijackThis. (system restore is off).

I appreciate any help. Thanks. joe
regsvr32 /u " c:\documents and settings\Angela\local settings\temporary internet files\Contents.IE5\O3HVYUJH\lpggwedb(1).cab\lpggwedb.dll"
regsvr32 /u "c: \documents and settings\Angela\Local Settings\Temporary Internet files\Content.IE5\HVFVLLSA\kyqczoce(1).cab\kyqczoce.dll"
Logfile of HijackThis v1.97.5
Scan saved at 9:15:55 AM, on 3/7/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\wanmpsvc.exe
C:\Pro... Read more

Answer:[Solved] downloader.MSCache

9 more replies
Relevance 39.77%

My sons laptop has been taken over by this malware that displayes warnings about the machine being indanger and to run scans. Everything is running very slow. Even the background has been taken over by the warning. When I get IE to finally load up, I can get to sites like Google and a few others, but when I try to load up this site (and the site to load up HJT) it get to the "This page cannot be displayed" error message from IE very quickly.
I ran Spybot Search & Destroy several times and it always finds a lot of things - says it deletes them - but if I immediately run it again it finds more.
Any suggestions as to what I can do to get to the point where I can get to your site on that laptop and do the HJT stufff? I am sending this info via another Laptop we have at home.
 

Answer:Solved: trojan downloader

16 more replies
Relevance 39.77%

Almost every time I run Ad-Aware, it shows a Win32.Trojan.Downloader. I get rid of it and it comes back. I think I probably got it before I tightened up my security. (new computer...first-time wireless user) Please help. Here's my HiJack This log:
Logfile of HijackThis v1.99.1
Scan saved at 10:33:09 AM, on 10/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
c:\prog... Read more

Answer:Solved: Trojan Downloader please help

16 more replies
Relevance 39.77%

please help....

i have xp and i ran nortons and it showed up with 2 virus name esfzpzex.dll and hxpqzotx.dll... they both show a path to
c:documents and settings\owner\local settings\temporary internet
files\content,ie5\5ea3gg6b\esfzpzex[1].cab
and...

.c:documents and settings\owner\local settings\temporary internet
files\content,ie5\5ea3gg6b\hxpgzotx[1].cab..
but i cant get to the path using DOS ( im not that good at dos) I have ran hijack and deleted alot of crap.. this is from highjack :

Logfile of HijackThis v1.97.7
Scan saved at 4:13:29 PM, on 3/6/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
C:\PROGRA~1\NORTON~2\NORTON~1\navapw32.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Norton Personal Firewall\NISSERV.EXE
C:\Program Files\Norton... Read more

Answer:[Solved] help with downloader.mscache

12 more replies
Relevance 39.77%

hey!
i got a problem. AVG ran a complete test on my system today and found this little bugger:
Downloader.Generic4.IPL

the path for the trojan is C:\Downloads\Windows_Powertools_1_3.exe, so basically my setup program for Powertools i downloaded. i did a Google search for this trojan and found nothing, but once i removed the .IPL suffix and searched again, i found this forum as the first result -- i assume that means you guys are good!
the last few days i've been dealing with a Banker trojan which I seem to have gotten rid of. it is not being found by AVG currently, nor on the last Full System Scan. i'm no security expert, but i know my way around my computer enough to get rid of malware once i know just what needs to be done. i have AVG free edition as well as a subscribed version of Spyware Doctor on my computer. system is XP Pro SP2, custom built. maybe it's too much info, but last week, i went a bit Utility happy and downloaded several different freeware and trial version utility apps to my computer, i.e. Windows Powertools. but i feel like i did decent research on each one first, so i don't really know if any of them could be the source.
(for the record, i have not taken any action since discovering this Downloader. i'm on another computer for this thread. my computer is on chill-mode awaiting a solution.)
here is my HijackThis scan report, please help:

Logfile of HijackThis v1.99.1
Scan saved at 2:48:20 PM, on 5/6/2007
Platform: Windows XP S... Read more

Answer:Solved: need help with downloader.generic4.IPL

bump
 

1 more replies
Relevance 39.77%

My computer is infected with Downloader.MSCache. Flrmn1 told my dad (alanmd) what to do but we werent at my computer. Now i'm home and I could use some help. My operating system is windows Me.
 

Answer:[Solved] Downloader.MSCache

16 more replies
Relevance 39.77%

First of all thanks for this site!

I have the downloader.misleadapp on my computer. I run Windows XP, I have Norton Internet Security, AVG 7.5, AVG RootKit, Ad-aware 2007, Windows Defender and SypBot Search & Destroy and Hijack. (With all that I still have not been able to get rid of the trojan!)

I am getting popups out the wazooooo!

I see that you assist in the removal with Hijack. Could you please direct me to instructions if you have them.

Thank you so much ... in advance!

Answer:[SOLVED] Trojan downloader help

Please follow MicroBell's 5 Step process - http://www.techsupportforum.com/secu...sting-log.html.

You shall have a proper set of logs for us after that. Someone will be along shortly

12 more replies
Relevance 39.77%

I've downloaded and scaned my pc with Hijackthis to get rid of Infamous Downloader.
The log file follows. Could you please tell me what I should delete?
thanx
Ada
Logfile of HijackThis v1.97.7
Scan saved at 4:09:49 μμ, on 8/7/2004
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\WINDOWS\MIXER.EXE
C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\ASUS\PROBE\ASUSPROB.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\PASSWORD MANAGER\ACCTMGR.EXE
C:\WINDOWS\DESKTOP\INFAMOUS_DOWNLOADER.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINSM32.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\Monwow.exe
C:\WIND... Read more

Answer:[solved]Infamous Downloader

12 more replies
Relevance 39.77%

I have try alot to remove it but did not work.....

AVG,atf cleanup.exe///// and more.

1st virus sane it gave me this list

Not-A-Virus.Adware.Virtumonde
TrackingCookie.Bridgetrack
TrackingCookie.Doubleclick
TrackingCookie.Overture
TrackingCookie.Serving-sys
TrackingCookie.Webtrendslive
-----------------------------------------------
Deckard's System Scanner v20071014.68
Run by Dave on 2008-08-05 22:59:09
Computer is in Normal Mode.
--------------------------------------------------------------------------------
Total Physical Memory: 495 MiB (512 MiB recommended).

-- HijackThis (run as Dave.exe) ------------------------------------------------
Unable to run HijackThis;
Path: C:\DOCUME~1\Dave\LOCALS~1\Temp\~rjvnhct.tmp\Dave.exe

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-08-05 23:02:32
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgemc.exe
C:\Program Fil... Read more

Answer:Solved: downloader.Zlob help please.....

Hi Welcome to TSG!!
Please visit this webpage for instructions for downloading and running ComboFix.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
 

3 more replies
Relevance 39.77%

Hi I've been having a problem with Norton giving me a pop-up about downloader.misleadapp being on my system and that it has been deleted. It gives me an "Ok" button to push, I'll click it, and there'll be another pop-up with the same message but with a slightly different filename. This happens _over_ and _over_ until it finally stops for a little while. Any help would be greatly appreciated!

Here's my HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:51:29 AM, on 8/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDO... Read more

Answer:Solved: Please help with downloader.misleadapp!

8 more replies
Relevance 39.77%

When I recently upgraded to Windows XP Home, I purchased AVG's antivirus and firewall programs. Each time I boot, the virus scanner runs and finds two infected files that the AV program says are trojan horse downloaders:

drsmartload815a.exe
drsmartload815a[1].exe

The first is on the path C:\windows\system32\drsmartload815a.exe

The second is on the path: C:\documents and settings\my name\local settings\temporary internet files\content.IE5\p555r64v\drsmartload815a[1].exe

When the scanner completes, it always says that two files were healed. The problem is they reappear at the next boot . Not only do I not know what to do next, I'm also feeling a little ripped off by the AVG program that allowed and now can't get rid of this infection.

I'd appreciate your help.
 

Answer:Solved: Trojan Downloader

12 more replies
Relevance 39.77%

PLEASE HELP. I can't get rid of this Trojan Downloader.5.e. Here is my Hijack This log. Thank you. I am running Windows XP and VERY SLOW with lots of pop ups.

Logfile of HijackThis v1.98.2
Scan saved at 5:00:39 PM, on 12/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\Program Files\2Wire\Gateway\2PortalMon.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Intuit\QuickBooks\Components\QBAgent\QBDAgent.exe
C:\WINDOWS\System32\mrtMngr.EXE
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings... Read more

Answer:Solved: Trojan Downloader.5.e.

16 more replies
Relevance 39.77%

I've had this thing for 3 days now. I can't do anything without running into a problem. I get "webpage not availble, connect or stay offline" all day long when I'm not on the internet. If I am online, popups all day! Now, I'm hearing music. I'm going crazy...please help!
 

Answer:Solved: Darksma Downloader....Please Help!!

12 more replies
Relevance 39.77%

I was hit with this virus ..... at least I think it is a virus ....., and I would like to know how it affects the OS (running WinXPro), and files. Anyone have the 411 on this? I think AVG removed it .... but never quite sure.
 

Answer:Solved: Downloader.tibs???

http://vil.nai.com/vil/content/v_139634.htm
 

3 more replies
Relevance 39.77%

Hi

Seems I have picked up the following trojans which seem to reinstall after each reboot. Spyware doctor has been of little help and as a result I am being continually bombarded with other trojans etc attempting to download.

Trojan.Downloader.Small.CML (Troj/BckDr-DKG [Sophos]
Trojan.Win32.Agent.qt [Kaspersky]
Backdoor.Sualimpo.E [BitDefender]
Trojan.Click.1210 [Dr Web])

I am pretty much a newbie at this but thru browsing other threads I have at least managed to download and run HJT - the log is as follows:

Logfile of HijackThis v1.99.1
Scan saved at 11:40:43 AM, on 24/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedu... Read more

Answer:Solved: Help with Downloader Trojans

15 more replies
Relevance 39.77%

Norton found Downloader, Trojan but cannot remove it...
Here is my HIjack Log:

Logfile of HijackThis v1.99.1
Scan saved at 7:08:13 PM, on 8/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O... Read more

Answer:Solved: Downloader, Trojan

7 more replies
Relevance 39.77%

After a 5-month hiatus with no computer issues, I'm back and hoping you guys can help me out again.

The past couple of weeks I've been dealing with loads of pop-ups (even though I have a blocker enabled). And now the past couple of days I can't seem to get rid of CashBack, BargainBuddy, and NaviSearch. (That damn puppy dog icon is driving me insane.)

I did a virus scan with Panda ActiveScan and it turned up the Trj/Downloader.QK virus, but couldn't clean it up. (Norton didn't even detect it.) I'm assuming the virus has something to do with all the pop-ups and other garbage I'm continually getting hit with. So how do I get rid of it?

Logfile of HijackThis v1.98.2
Scan saved at 3:09:55 AM, on 12/11/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Common Files\Symantec... Read more

Answer:Solved: Virus: Trj/Downloader.QK

8 more replies
Relevance 39.77%

Alright, I have the downloader trojan and I am having a very difficult time getting rid of it. I tried to download the vundofix program but it didnt come up as a folder so I couldnt choose the killvundo.bat part. It was just an icon so I ran the program anyways. I have also tried running my nortons, ad-ware, spybot s&d(all in safe mode and what not) and still cant get rid of it. I got the log from Hijackthis so if anyone can look at it and give me some ideas then that would be great.

Logfile of HijackThis v1.99.1
Scan saved at 3:12:51 PM, on 6/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Anti... Read more

Answer:Solved: Downloader Trojan!

9 more replies
Relevance 39.77%

hi,

My virus scanner keeps popping up and telling me it has found W32/Downloader.gen10 virus and keeps deleting the files. I have done full virus and spyware scans but these arent helping.

below is a Hijack this log.

Logfile of HijackThis v1.99.1
Scan saved at 19:30:23, on 09/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virgin Broadband\PCguard\fws.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\Virgin Broadband\PCguard\Rps.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\FlashMute\FlashMute.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\RegistrySma... Read more

Answer:Solved: W32/Downloader.gen10??

16 more replies
Relevance 39.77%

Hi all,

My Symantec antivirus recently reported donwloader.trojan infection in the following jar file and also in index.htm

C:\documents and settings\prarthana\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-1b1e3831-2ad8e34b.zip

HijackThis log is below.

Any help will be highly appreciated.
Thanks.
-regards
arathore

Logfile of HijackThis v1.99.1
Scan saved at 10:42:54 PM, on 8/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google... Read more

Answer:Solved: downloader.trojan

Click Start | Settings | Control Panel
Click the Java Plugin Icon
Click the Cache tab
Click the Clear button and click OK to confirm
Note: Please repeat this procedure for each "Java Plugin" button in your Control Panel.

or

Control Panel > Java > General tab
Temporary Internet Files > Delete Files
Checkmark all 3 options and click OK.
 

3 more replies
Relevance 39.77%

When I start my PC I get a warning notice from my McAfee Virus Checker which says " The file C:\WINDOWS\SYSTEM32\taskdir.dll was infected by the Downloader-ZQ trojan and has been deleted " It would seem that McAfee has sucessfully deleted the problem but I am still stuck with the cause (Downloader-ZQ) can anyone help.

I have run Spybot, Ad-Aware, AOL Spyware Protection, MCAfee Virus Checker but this still appears every time I start up. All my security is up to date.

I am running Windows XP Home with SP2

Please can you help ???
 

Answer:Solved: Trojan Downloader-ZQ

6 more replies
Relevance 39.77%

I am working on the Brother in laws computer.... and he has several downloader trojans which have been caught and quarentined in AVG. They are aws listed: Downloader.Small.FU, Golid.B, Downloader.Galdcas.A, Downloader.Agent.D, Dolwnloader.Small.4.l, Downloader.Benuti.C, Clicker.4.AD, Proxy.5.AT, Downloader.Generic.JL.

I have run CWShredder, Adaware, Panda activescan, trendmicros housecalland mccaffee's stinger. none have removed it, AVG was the first to detect them and quarentine them. they cannot be repaired... so how do I get rid of them? They are keeping me from accesing some pages on the net (page loads, but no content is shown, and then it says done) and I cannot get into his Hotmail account (same problem)

here is the hijack this log
Logfile of HijackThis v1.99.1
Scan saved at 10:04:34 PM, on 6/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\iPod\Bin\iPodSrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Progr... Read more

Answer:Solved: help with downloader trojans?

7 more replies
Relevance 39.77%

Hello,

I am having an extremely frustrating problem with what I believe is a trojan downloader on my computer. I have gone through the HiJack This program and deleteed things that I know do not belong, after doing research of course. I have downloaded Ewido, Dr. Web's Cure IT, KillBox, Virtumundobegone, Smitfraudfix, Look2Me Destroyer, and obviously HJT. All of these programs get rid of something and just when everything is clear, including the HJT log, I open Internet explorer and my anti-virus program picks up something. I get rid of it and continue on the internet and something else happens. I can't seem to get rid of this no matter what I do as if it is hiding itself where nothing looks. Either that or I do not have the right program. Please help me, here is my most recent HJT log file. Thanks again.

Logfile of HijackThis v1.99.1
Scan saved at 1:25:44 PM, on 8/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\vcdplayx.exe
C:\Program Files\Roxio\Easy CD Creator ... Read more

Answer:Solved: Trojan Downloader or something, HELP!

9 more replies
Relevance 39.77%

After a recent anti-virus and spyware scan, the following files showed up as being infected. The bolded files were unable to be deleted, disinfected or renamed. I am a Shaw Internet subscriber, Shaw provides a free anti-virus and internet security program to its subscribers, Shaw Secure 6.15 - part of the F-Secure family.

Result: 4 malware found

Trojan-Downloader.Java.Agent.c (virus)

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\9\3c0ee589-29c216a1\FcPred.class
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\9\3c0ee589-29c216a1 Action: deleted
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\FcPred.jar-10bfbdb3-3a5a231d.zip\FcPred.class
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\FcPred.jar-10bfbdb3-3a5a231d.zip Action: deleted

I am running Windows XP Sp2
Shaw Secure 6.15 (Anti-Virus/Internet Security

Attatched you will find my Hijackthis Log File.

If there is any other info that is required, just ask and i would be happy to make it availible.

If someone could help me remove these two files it would be greatly appreciated.
 

Answer:Solved: Trojan Downloader

Hi, Welcome to TSG!!

Run HJT again and put a check in the following:

O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O15 - Trusted Zone: http://forum.canucks.com
O15 - Trusted Zone: http://www.cybertechhelp.com
O15 - Trusted Zone: http://support.dlink.com
O15 - Trusted Zone: http://www.google.ca
O15 - Trusted Zone: http://*.photobucket.com
O15 - Trusted Zone: http://www.shockwave.com
O15 - Trusted Zone: http://www.thinktorrent.com
O15 - Trusted Zone: http://www.torrenttyphoon.com
O15 - Trusted Zone: http://www.vpl.vancouver.bc.ca
O15 - Trusted Zone: http://www.vpl.ca
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
Close all applications and browser windows before you click "fix checked".
Clear your java cache as described here: http://www.java.com/en/download/help/5000020300.xml
 

3 more replies
Relevance 39.77%

Just got snagged with a series of Trojan downloaders and looking for a bit of advice.

I disabled my internet connection on the infected computer, ran AVG, and deleted the trojans acquired thus far. I now need help cleaning the infection permanently from my system. Following are my logs:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:43:49 AM, on 7/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Documents and Settings\Chris\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Inter... Read more

Answer:Solved: Trojan downloader

8 more replies
Relevance 39.77%

Hi

whenever adaware runs this virus alert pops up but my virusscan doesn't recongnize it:

infection: Trojan.Downloader.lstBar.Z5

the file is: c:\volume information\_restore{6b916a41-8485-4a6a-bc6



how do i get rid of this? and what does it do?

 














  • Sponsor






    Read more

    More replies
  • Relevance 39.77%

    can anyone help !!!
    norton antivirus is picking up a virus ( c:\windows\system32\vtsqqqo.ddl )
    but is unable to repair, quarantine or delete it.
    hijack this picks it up to, but won't allow it to be fixed.
    thanks,
    mike
     

    Answer:Solved: downloader virus

    12 more replies
    Relevance 39.77%

    Running Windows XP, NAV CE detects the following:

    Virus Found!Virus name: Downloader in File: C:\Documents and Settings\rsub\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-3ad601a5-340bf20d.zip by: Manual scan. Action: Clean failed : Leave Alone succeeded

    I cleared the Java cache through the Java console in Control Panel, deleted Temporary Internet files and files in the C:\WINDOWS\Temp folder. I also ran ATF cleaner. Norton is unable to clean/delete. I ran a Housecall scan, but it only identified cookies. Please advise. And thanks in advance for the help. Here is the HJT log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:16:24 PM, on 12/18/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\NavNT\defwatch.exe
    C:\Program Files\NavNT\rtvscan.exe
    C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\NavNT\vptray.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Mic... Read more

    Answer:Solved: Another Downloader virus

    6 more replies
    Relevance 39.77%

    Hi,
    I'm on dial-up and using Firefox 1.5.0.9.

    I need a Downloader that will restart a dropped download.
    I want to download Photoshop CS3 Beta (331mb).

    Freeware would be nice but I would pay for a good program.

    Thx
    AZ
    >PS> Speed is secondary.
     

    Answer:Solved: downloader software

    13 more replies
    Relevance 39.77%

    Hi folks,

    When surfing through the Internet, my antivirus informed me that my system was infected with a downloader trojan and it could not be repaired. Is this something I should be concerned about? At any rate, I have run a HijackThis scan, and here are the results. Any advice/guidance/help is greatly appreciated. It's amazing what a volatile environment the Internet can be!

    Logfile of HijackThis v1.99.1
    Scan saved at 9:35:39 AM, on 10/30/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Internet Security\ISSVC.exe
    C:\WINDOWS\system32\drivers\KodakCCS.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\ScsiAccess.EXE
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\C... Read more

    Answer:Solved: Help with Downloader Trojan!

    7 more replies
    Relevance 39.77%

    Hi,
    can someone check this highjack log and advise me....
    I am trying to assist a friend so I am posting his highjack log from another comp.
    Thanks in advance
    cmgnp

    Logfile of HijackThis v1.99.1
    Scan saved at 12:44:54 PM, on 11/26/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\WINDOWS\mrofinu72.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Insider\Insider.exe
    C:\Program Files\QdrModule\QdrModule9.exe
    C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [... Read more

    Answer:Solved: trojan downloader help

    Download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    --------------------------------------------------------------------
    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    --------------------------------------------------------------------

    Double click on combofix.exe & follow the prompts.

    When finished, it will produce a report for you.
    Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
     

    3 more replies
    Relevance 39.77%

    I was searching through other posts involving downloader trojans, and I wasn't sure if it was the same process if it is a different file infected.

    I keep getting a message from McAfee:

    Pathname: C:\WINDOWS\system32\jgawsnw.dll
    Detected As: Downloader-AWX
    State: Move failed (Clean failed)

    I ran a scan with Hijack This and here's what it told me:

    Logfile of HijackThis v1.99.1
    Scan saved at 10:21:16 AM, on 6/17/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\System32\hphmon05.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\wt\updater\wcmdmgr.exe
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\WINDOWS\kdx\KHost.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\Program Files\Wzbncuo\Lpyjf.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\HP\hpcoretech\hpcmp... Read more

    Answer:Solved: Downloader Trojan

    11 more replies
    Relevance 39.77%

    hello
    computer is getting lots of popups and running super slow. AVG keeps finding this and deleting this but it shows back up upon restart. My Mcafee found exploit-byteverify, downloader-BHS and generic spy.j and it has quarantined them. AVG also found a trojan.agent.agv but that has not shown up since the first scan. also, anytime I try to use msconfig it tells me that there was an access denied message. when I try to open the task manager it says task manager has been disabled by my administrator. Unfortunately I hadn't set up separate accounts on my computer so it's logged on as administrator right now. Im also getting tons of errors from windows error reporting. I see something on the log already that I'm kinda wondering about but I am not 100% positive. Maybe the "antiviirus", "loczdude" or the "vczolahi". None look familiar to me. A friend of my husbands spent several hours on our computer yesterday when we weren't home and this was how we found it after he left. PLEASE HELP

    Logfile of HijackThis v1.99.1
    Scan saved at 5:39:35 PM, on 4/3/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Documents and Settings... Read more

    Answer:Solved: downloader.small.ivo

    16 more replies
    Relevance 39.77%

    Can someone please help me? I ran some antispyware and virus software and found that I had downloader xa, lg, vg and generic downloader h. Also have multidropper ml. Mcaffe is unable to clean. I don't know how to get rid of it all and I tried to get rid of some other stuff and now when I boot up it says that there are some dlls missing. I deleted ceres.dll, farmmext.exe, buddy.exe and the program files E2G and Viewpoint. I also tried to empty out temp folders. Does anything below look messed up? What should I do? Thanks!
    Logfile of HijackThis v1.99.1
    Scan saved at 11:32:34 PM, on 3/22/2005
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\AVSYNMGR.EXE
    C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\VSSTAT.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\VSHWIN32.EXE
    C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\AVCONSOL.EXE
    C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\UWBRIJYD.EXE
    C:\PROGRAM FILES\MEDIA ACCESS\MEDIAACCK.EXE
    C:\PROGRAM FILES\MEDIA ACCESS\MEDIAACCESS.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\WINDOWS\SYSTEM\WINOA386.MOD
    C:\WINDOWS\SYSTEM\SSOQMNCINJ.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
    C:\PROGRAM FILES\... Read more

    Answer:Solved: downloader trojans and more

    8 more replies
    Relevance 39.77%

    Hi, need some help with a trojan. This one was not identified by Norton Antivirus 2006, but by AVG Free Edition. However only the resulting files in the sytem32 folder are detected but not the source code. Symptoms: installing a yellow flashing warning triangle in the task bar, attempting to change the web start page, starting IE frequently routing to http://antispylab.com/?aff=257. Not sure what else is happening. It all started with an adware server 32 infection which I was able to get rid off (I hope)

    Attached please find the HJT log. Thanks for your help
     

    Answer:Solved: Downloader Trojan

    12 more replies
    Relevance 39.77%

    Hello,

    I'm new in this forum and i had the time to check previous posts concerning the issue of this trojan. However i didnt have anyone to help me personaly to fix this problem.
    I have McAfee and every 5 minute the antivirus indicates me that there is Downloader-AUX trojan but can't delete it nor quarantine it.
    I have tried to delete the file manually but couldn't find it and also i used many programs such as Ad-aware free version, spyware doctor with always a full scan but couldn't succeed.
    If someone can help me pls on this issue. It is very important for me because i'm not willing to format my computer.
    Thank you in advance

    Regards,

    Sevag
     

    Answer:Solved: Downloader-AUX Trojan

    9 more replies
    Relevance 39.77%

    Thank god I found this site. Hopefully someone here will be able to help me get rid of these. I have already downloaded and run the HiJackThis latest version so I will post that log to start off. Please let me know what to do next.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:03:45 PM, on 7/24/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe
    C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Verizon\McciTrayApp.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\MUSICMATCH\MUSI... Read more

    Answer:Solved: Vundo and Downloader.....I have them too! Help!

    11 more replies
    Relevance 39.77%

    Hi I was on the web one day and my norton anti virus message popped up that the downloader.trojan was detected and it was trying to remove it but it couldn't. Norton tried a second time and failed again. I have ran TheCleaner which removed a trojan i have before but it did not detect downloader.trojan which was strange to me. I ran two virus checks with norton as well and for some reason it did not show any signs of the trojan. I am pretty sure that this trojan is still on my computer and i would appreciate it if anyone could help me out on where I can find it and how i can remove it. Thanks it advance
     

    Answer:Solved: Help with Downloader.trojan

    10 more replies
    Relevance 39.77%

    I have a virus named "Downloader.Trojan." I am unable to remove it.

    I did a system scan and saved a log file, which is posted below. Please help me with the process of removing this virus.

    Thank you.
    Logfile of HijackThis v1.99.1
    Scan saved at 11:06:42 PM, on 12/29/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Internet Security\ISSVC.exe
    c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\system32\hphmon06.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\iTunes\iTunesHelper.ex... Read more

    Answer:Solved: Downloader.Trojan

    9 more replies