Computer Support Forum

pup removal, trojan removal..

Question: pup removal, trojan removal..

.I am farely new to computers and need some help.I think that i might have a virus.My computer is a dell dimension 3100, and i have mcfaee security centre installed and windows Xp.
I keep getting warnings from mcfaee saying that i have files infected my Generic downloader ad/ae, and that i have a pup??
Can some body please help as i dont seem to be able to get rid of this problem...
Many thanks in advance!!!!

Relevance 100%
Preferred Solution: pup removal, trojan removal..

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: pup removal, trojan removal..

16 more replies
Relevance 73.8%

MS Removal Tool is a rogue software. It restricts you from accessing your desktop. You cannot start Task Manager, and you cannot open Internet Explorer or any other programs. This situation is the result of malware (a variant of Win32/Winwebsec) that is infecting your computer.
To remove the MS Removal Tool, follow the steps below: Boot your computer into Safe Mode.
Windows XP and Windows Vista:Start your computer and press and hold the F8 key.A Windows Advanced Options menu will appear. Use your arrow keys to scroll to Safe Mode and click the Enter key.Click the Start button, and then click Run.Type cmd then click OK. A black command prompt window will appear.Locate the affected directories:
Windows XP:Type cd c:\Documents and Settings\All Users\Application Data\ and press the Enter key.Type dir and press the Enter key.
Windows Vista:Type cd c:\ProgramData\ and press the Enter key.Type dir and press the Enter key.Type c:\Users\All Users\ and press the Enter key.Type dir and press the Enter key.Scroll through the list to find directories with random names that contains 18 characters. For example: cHl08200gMhHd08200 , pJg08200fBmPl08200.Type rd /s /q <random name>, and then press the Enter key. Replace <random name> with the 18 character name. Repeat this step for each random name you find.Type reg delete hkcu\software\microsoft\windows\currentversion\run once /v <random name> /f, and then press the Enter key. Replace <random name> with the 18 cha... Read more

More replies
Relevance 73.39%

my pc is infected from trojan zlob which seems like an adware iam constantly getting popups and i managed to see the process icthis .xe in task manager this process doesnt get terminated that very moment in knew its a virus.i have read the thread regarding its removal on ur site but i still want the supervision of experts like you pls help
 

More replies
Relevance 63.55%

http://www.bleepingcomputer.com/forums/t/176020/avg-error-after-trojan-removalhijack-file/

Answer:AVG error after trojan removal/hijack file, was infected with trojan horse psw.agent.vqa

Helped here, closed.

1 more replies
Relevance 63.55%

Hi as the topic says trojan.agent.gen and svchost.exe is constantly detected by malware bytes and my other malware scanners after every restart, it's affecting my computer performance badly, especially my graphics card (it runs at 96%+ gpu load making games unplayable) I can stop that issue from happening by reinstalling my video drivers, after i install them i get the message svchost.exe has stopped working from windows, so i click on the option to close it, and my gpu load goes back to normal. Some malware/spyware scanners can remove them, but like i said once i restart my pc they just re-install themselves and i'm back at square 1.. I've tried literally Everything to remove them but they just laugh at any attempt at permanent removal. If someone can help me out here I would be hugely gratefull. thanks.
By the way if you need me to post any new information about the problem please let me know.

 dds.txt   27.64KB
  3 downloads
 attach.txt   17.77KB
  0 downloads

Answer:trojan.agent.gen keeps coming back after removal/Quarantine. Svchost.exe Trojan.

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.If you're not sure, or if something unexpected happens, do NOT continue!Stop and ask!In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!If I instruct you to downloada specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because th... Read more

18 more replies
Relevance 63.55%

Staff Advisory: This post needs to remain here until one of the malware team advise that it can be moved. This member cannot access our malware forums due to their infection. ~ Animal----------------------------------------------------------------------------------------------------------------------Hello, I got some help from some nice people in the live chat. I have made a log with your hijackprogram and am posting it at the bottom. It created two .txt files so there are two reports. I am unable to open ANY link that has the words anti-spyware anywhere on the page or in the address bar so unfortunately I cannot post this in the malware removal forum because the internet window closes every time. I am in dire need of some help! I have a subscription to spy sweeper and it is keeping things out but I was infected with Antivirus xp 2008 and possibly some viruses because the computer was un-protected for about a month while I was in the hospital..I run with Windows XP and a wireless connection. If someone could take the time to look at this for me I would be so incredibly thankful! I offer my services as a photographer/graphic artist/professional gift shopper/myspace designer/beginner web designer. You can see what I do at www.perfectionpictures.com and contact me if you need anything at all!Current Symptoms (in the order of appearance)Random Total system crash then restart then blue screen then back to windows. msvcp71.exe is missing so a program is being prevented ... Read more

Answer:Antivirus Xp 2008 Removal Help/am I Infected? Can't Open Malware Removal Forum

Hi & welcome,I would like to try a couple things before we go much further so I have a bit better picture of what is happening and can take the needed cautions.1.) click start> run> type msconfig and hit enter.click "boot.ini" tabCheckmark /bootlogClick "apply" and "close"Reboot when askedLocate and delete this file:C:\windows\ntbtlog.txt (in case your extensions don't show it looks like a notepad)RebootLocate & post:C:\windows\ntbtlog.txt2.) Click start> run> type: cmd.exe and hit enter.type the following commands exactly as you see em & hit enter after each one:cd c:\windows\system32dir userinit.exeNote the file size please & report that back to me. Leave cmd open a sec.Back at the cmd window...Type:cd dllcachedir userinit.exedir spoolsv.exeNote file sizes & report that back to me.Type exit in the CMD window & hit enter. (this closes it)3.) Can you see also if you can get this program installed please:http://download.bleepingcomputer.com/hijac.../HJTInstall.exeSave file> run it> follow prompts to install excepting defaults.Allow it to "launch" hijackthis.Click the "Do a System Scan and Save a Log File" optionSave the log file and then it should open with NotepadGo to Edit, Select All and then Edit, Paste to paste the contents of the log hereLet me know if you had any problems with the above please.I advise keeping the system offline as much as possib... Read more

3 more replies
Relevance 63.14%

I've been getting messages from my virus software "symantec version 8.1.0.825" constantly stating that it is finding and quarantining Trojan.FakeAV and Trojan.Vundo viruses when running windows in normal mode. Sometimes the messages come in at more than 1 a second and eventually clean and quarantine fail with a message access denied. Along with this are constant messages stating my computer is infected and to purchase the fake antivirus software. I have disabled system restore and run virus scans in safemode which usually catches a file or two. I have also run trendmicro scans which catches 13 files or so. As soon as i boot up in normal windows they come back very quickly. It also appears that the viruses disable any ability to open a command line, task manager, regedit, msconfig, properties of my computer, launch the system icon from control pannel, or launch the firewall window from control pannel when running in normal mode. In safe mode i can get the task manager back with a registry edit, but thats about it. I've tried installing malwarebytes through safemode but it will only work for 2 seconds after initial installation and then the window disapears and can't be reopened. I'm here because i have nowhere else to turn short of hitting the computer with the big hammer and just reloading windows. (something i'd like to avoid of course!!!)

DDS log:

DDS (Ver_09-10-13.01) - NTFSx86 NETWORK
Run by Katie at 22:33:22.42 on Wed 10/14/2009
Internet ... Read more

Answer:Trojan.FakeAV, Trojan.Vundo, Antiviruspro 2010, windows police pro, advanced virus removal

Thanks for all that reviewed my logs. I was able to solve the problem by starting the computer in safemode and installing malwarebytes. The problem was the virus was deleting the malwarebytes program before i could run it. I was able to install and quickly copy the executable file to the desktop before it was deleted. The virus deleted the file out of the program files folder. I added it back in from the desktop and it worked!!! Great program, cleaned everything up!!!

2 more replies
Relevance 63.14%

Hello, my mother's laptop is infected with these startup viruses. I downloaded Malwarebytes, and The Cleaner to remove them, but upon startup, they keep coming back. I was hoping to remove them with The Cleaner, but they keep coming back.

Answer:Trojan.Small, Trojan.Sirefef, and Rootkit0.access Removal

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Please take note:If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available.If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply'... Read more

2 more replies
Relevance 63.14%

Hi there,

I hope someone out there can help me. My computer was infected by multiple viruses last saturday. I believe my computer was infected by the free football broadcasting sites including the ones with links to JustinTV. Please be aware.

I have tried to solve this issue myself and I have used a lot of the advice in this forum, however I need an expert to help. I still have problems with viruses on my system, my wallpaper being locked & I can not set the automatic MS update to automatic.

I have run Kaspersky scanner on critical areas and it has detected Trojan.Win32.Monder.ahbh & Trojan-Banker.win32.bandra.fym viruses.

My hijackthis report is shared below. I will be happy to donate to the site if anyone can help. Thank you. Andy

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:28:05, on 11/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\syste... Read more

More replies
Relevance 63.14%

The latest: Removal Tool from Symantec:

http:[email protected]html
EDIT:
PLEASE NOTE: Since Symantec did a major change on how to handle this worm from their first instructions, (and my first post) I have totally modified this post, as of 0326 EDT Sept 20, 2003, to reflect those changes. This should avoid the problem that Alison had and was most likely the reason for Symantec's change.

You have been bitten by the latest worm, [email protected], and want to know what to do and how to get rid of it.

We here at TSG want to make that process easier for you.

The following is a short(er) version of what can be found at Symantec?s site.
http:[email protected]

Please go to the above link and read and understand about the Swen worm first, then return and follow the short version.

Removal Instructions

The following instructions pertain to all current and recent Symantec antivirus products, including the Symantec and Norton AntiVirus product lines.

1. Disable System Restore (Windows Me/XP).

How to disable or enable System Restore in Windows ME

How to disable or enable System Restore in Windows XP

2. Modify the association for Registration Entries ( .reg files).
3. Create a repair.reg file on Desktop, double-click on repair.reg file to fix association settings for other file types.
4. Update the virus definitions.

5. Do one of the following:
a. Windows 95/98/Me: Restart the computer in Safe mode.
b. Windows NT/2000/XP: End the Trojan process.
6. ... Read more

Answer:[email protected] Worm Removal instructions + New Removal Tool

16 more replies
Relevance 63.14%

I recently started my daughters laptop to find a Windows Security window pop up prior to desktop starting up. It mentioned there is a Worm, WIN32.NETSKY that has infected my system, and that I should perform a full scan to remove the worm. I have McAfee on my computers so I contacted them for help. They concurred with the Windows suggestion. I did a complete scan of the system. 14 infections were found. McAfee quarantined them all and I deleted them. I re booted. After the Windows XP boot screen I got a standard blank screen with the shut down immediately going into process. It would restart and go through the same process again. Shutting down and restarting. I have found out through this site what the WIN32.NETSKY worm/virus is, i can imagine how it got into the computer, So how do I fix this? I might also add the computer will NOT let me enter safe mode. So at this point I can do nothing but go through an eternal reboot! Also I can't figure out weather I removed the worm or not!



Thanks in advance, Tom

Answer:[SOLVED] Computer won't start up after removal of WIN32.NETSKY removal

This is what can happen with viruses. They shred your Windows OS files.

What happens when you keep pressing F8 at start up? Can you get to the advanced options menu to do a "repair install"?

Otherwise I think you will probably have to recover your personal data off the drive, completely reinstall Windows, but cleanse that personal data with anti-virus cleaners before you migrate it back to the new installation so the machine doesn't get infected all over again.

4 more replies
Relevance 63.14%

Hi Guys,
Recently I have gone through a serious virus which is not catchable by updated anti-virus symantec 14 october 2009.
When i put my pendrive, the system shows autorun.inf deleted. But the underlying virus,
autorunme.exe exists in location Drive:/RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe.

Even I delete this virus, this gets automatically generated by itself or recreates itself.
autorunme.exe is not the actual virus, but it is just a duplicate.

Then actual underlying virus which triggers autorunme.exe is SERVCE.EXE
Note SERVCE.EXE is not service.exe or services.exe. It is new named SERVCE.EXE

Manual removal autorunme.exe process:
After connecting your pendrives, when it shows the file RECYCLER in hidden state,Open your task manager and end the process SERVCE.EXE

Now delete the entries Drive:/RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe , Drive:/RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\desktop.ini and Drive:/autorun.inf.
They will not recreate now.

Then open C:/WINDOWS and find SERVCE.EXE and to be on safe side just make a local copy of file to some other place and delete SERVCE.EXE

Now even if you restart your computer, since SERVCE.EXE is not running at start up of system, the system is safe and manual removal of virus is complete.

SERVCE.EXE is the actual culprit. http://static.techguy.org/smilies/biggrin.gif
 

More replies
Relevance 63.14%

Apologies, but i'm a bit of a novice. my computer did a scan when i started it and came up with some trojans. when i tried to delete them, a malware removal programme tried to install itself so i closed the download dialog box. unfortunately, i cannot remember the name of the software that was trying to install itself. please would you review my log below and help me clean my computer?

many thanks
---------------------------------------------------------------

DDS (Ver_09-12-01.01) - NTFSx86
Run by 0 at 19:57:35.67 on 02/01/2010
Internet Explorer: 7.0.6001.18000
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.44.1033.18.3000.1826 [GMT 0:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows&... Read more

Answer:attempted removal of trojans try to install "malware removal software

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 63.14%

I am running Windows XP Pro Version 2002 with SP3 on a Dell Inspiron E1505. I have Norton 360running for internet and firewall protection. I was experiencing the BSOD frequently and finally Windows would not boot. A Norton scann gave me the following "Tidserve Activity 2 Threat requiring manual removal detected". I downloaded the TDSSKiller from Kaspersky and removed seemed to remove the threat. I was able to get Windows up and running, but since then have had the following issues:
1. Occasional popup window with the message "C:\Windows\System\MSVIDEO.DLL is not a valid windows image. Please check this against your installation diskette"
2. Internet access is not possible. The DHCP won't function due to dependencies, specifically AFD, which has a yellow exclamation point in the Device Manager. AFD won't start. So I'm currently working via a flash drive to transfer files from the laptop to a functioning desktop.
Is my system still infected?
Thanks very much-
Richmo
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Dell at 22:46:39 on 2012-01-23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.371 [GMT -5:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Norton 360 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton AntiVirus *Enabled*
FW: Norton 360 *Enabled*
.
============== Running Processes =============... Read more

Answer:No internet and AFD issues after apparent removal of Tidserve Activity 2 Removal

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you. I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing... Read more

84 more replies
Relevance 62.73%

hi good evening,
System info:
model no.: HP-dv5 1104tu
os:Windows vista 32 bit home basic
I am attaching the dds and gmer reprt but when I open gmer first 8 check box was greyd thats why I could not cheked they were uncheked during scan.
My windows security center inform me the security check when I go to fix the problem i am not able to fix it,I am not able to change the setting of my windows update(shows error 0x8007005 and 0x80070424) when i click to install uodate then says you may need to restart your system,windows defender is outdated and and my antivirus (AVG 2012 total security) anti virus feature is turned off.I planned to uninstall the antivirus but could not then I install revo uninstaller then gone to safe mode with networking and uninstall yhe avg antivirus after switching to normal mode i found in program file folder of avg then I select to delete it but could not but I delete some part of it then I i go to services where I found avg firewall is started then I disable it, any how I have able to update windows defender and full scan of pc which says found threat trojan:winNt/Necurs.A I removed it but it comes again as I have did twice then I install malware byte and did quick scan this found some 15 threats but before seeing the result i removed it, again I full scan the malware byte it deyects 3 thrats trojan.fake then i remove them then I want want to install another antivirus but not able to install any other anti virus, after all I have not fixed the proble... Read more

Answer:removal of trojan:winNt/Necurs.A and trojan.fake

Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

One or more of the identified infections is a backdoor trojan/rootkit.

This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Please refer to Microsoft's Online Safety article for tips on creating a strong password.

Do not change passwords or do any transactions from the infected computer until it has been cleaned.

------------------------------------------------------

Please download aswMBR.exe to your desktop. Double-click aswMBR.exe to run it.
When prompted to download the latest Avast! virus definitions, please choose Yes
Click the Scan button to start scan.
Wait until it says, ... Read more

2 more replies
Relevance 62.73%

Hello there,
My PC is infected with a trojan identified by the subject name.

I've tried spyware doctore without any avail.

HJT log output attached.

Pls help.

Thanks a lot
 

Answer:MULDROP.Trojan (Trojan.Win32.Vundo.H) removal

I got it sorted out myself. Here's a brief.

Installed Malwarebytes and it found the trojan and did the cleaning and left the dll files to be cleaned upon reboot, but failed to do so.

Tried to delete these dll files manually by booting a linux OS CD (Trinity resource kit), which although deleted the files successfully, however did not remove the infection.

Installed and purchased spywaredoctor from pctools, which also found the trojan, but failed to remove it successfully. (although it claimed)

Uploaded the trojan file to Trendmicro website for their analysis and got a link from them to update my virus signature by a Control Pattern Release.
http://www.trendmicro.com/download/pattern-cpr-disclaimer.asp
The trojan was named as TROJ_NSIS.AE by Trend.

Ran Malwarebytes again, which found the trojan and like before prompted for reboot to remove the infection fully.
Rebooted, and this time it managed to clean the infection fully. I believe this was only made possible with the signature update from Trend.

Hope this adds some light to those of you looking for a solution for this trojan.
 

1 more replies
Relevance 62.73%

For the last 3 days my computer has been acting up severely. I have read numerous posts from people with this same issue. Since each set of instructions is geared for a specific computer I will post mine for help. I am not sure how much information is included in the HJT report I will give some specifics.
I am using a Dell Inspiron E1405 lap top with Windows XP Media Center Edition version 2002 Service Pack 3. I normally use Internet Explorer 7, but installed Firefox because I thought it was an IE problem in the begining. I use McAfee Security Suite and it has found the following:
Detection Type: Trojan
Detection Names: Generic.dx!w, Generic.dx!w
Status: Quarantined (Though I have attempted to remove it many times)
File Name: C:\DOCUMENTS AND SETTINGS\MANUEL
MEDEIROS\XPSHIELDSETUP.EXE
This was something that I believe the Vundo Trojan asked me to install, even though I hit no it still installed a phoney virus removal program. Also found was:
Detection Type: Trojan
Detection Name: Vundo!grb
Status: Quarantined (Again I've removed it several times with McAfee)
File Name: C:\WINDOWS\system32\ovurorep.ini

I have done research on both of these and tried several removal methods, none of which have worked. I am getting many pop ups from IE even when I am on Firefox, very slow speed (some sites are a little better than others), and at times I cannot access my email. It says that they are doing maintenance, however other friends with the same ISP have no trouble. I am also get... Read more

Answer:Generic.dx!w Trojan and Vundo!grb Trojan Removal Help Needed Please.

Bumping
 

2 more replies
Relevance 62.73%

Hello,

Yesterday a window popped up asking me to install antivirus xp 2008. Soon after I killed that process, Symantec popped up saying that I had been infected with trojan.blusod. Deleting the files with Symantec didn't work, but then I used Malwarebyte's Anti-Malware and deleted whatever came up in that scan. While Anti-Malware was running, Symantec keep saying it detected trojan.killav (maybe 6 times or so over the course of 10 hours) in my temp files.

After Anti-Malware finished scanning, there have been no more warnings about trojan.killav or trojan.blusod but I wanted to ask if my HiJackThis log seems to indicate my computer is clean and safe to use. My internet research on killav indicated there might be a keylogger so I have been really worried.

Much thanks! (sorry if my post is unclear, I wasn't sure how to describe what happened)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:57:36 PM, on 9/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Com... Read more

More replies
Relevance 62.32%

Hi,I have tried many ways to get rid of some Malware that has only recently infected my PV. I hope someone can help me as this is my work PC and I need to plug back into my office network in a few days, but think this would be a bad idea at the moment.The problem first showed itself by insisting I had many viruses etc, and I should install Internet Security 2010. I have installed Malware Bytes removal tool, and installed as instructed. It found the above, said it was removed, but still it appears to exist, although the name of the infection has changed a few times, and is currently redirecting my brower to a similar page to the above malware. A popup now shows that I should install Cyber Security to remove the infections. This is obviously another malicious antivirus/malware program.I have McAfee Enterprise installed (which I can't seem to disable)I have also run SuperAntiSpywarePlus, which did the trick removing a similar problem about a year ago on a different PC. However, although this program also finds problems, and supposedly removes t5hem, the problem is still there.Please help. I have shown Hijackthis log below.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:58:42 PM, on 29/12/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16945)Boot mode: NormalRunning processes:C:\windows\system32\csrss.exeC:\windows\system32\winlogon.exeC:\windows\system32\services.exeC:\windows\... Read more

Answer:Cyber Security removal; Malware removal not working

Hi,I have tried everything I know of to remove this pesky piece of malware. It seems to keep changing names, starting out as Internet Security 2010, and redirecting me on a google search to a webpage trying to convince I was riddled with viruii and malware, and then trying to sell me thier software, which is really just a scam. I ended up here after a few days of tearing my hair out, almost beaten. I went through the tutorials, but unfortunately that was before I fired off a post in desperation. Please delete my previous post, as I have now followed the suggested path, and run the utilities to help diagnose my problems. The resulting files are attached.Please help. I hope the files uploaded can provide an insight into whats happening.Apologies for jumping right in and posting a Hijackthis log before I had read the tutorials.ntents belowDDS.txt contents pasted belowDDS (Ver_09-12-01.01) - NTFSx86 Run by Greg.Middleton at 15:30:23.26 on Tue 29/12/2009Internet Explorer: 7.0.5730.13Microsoft Windows XP Professional 5.1.2600.2.1252.61.1033.18.3063.2330 [GMT 9.5:30]AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}============== Running Processes ===============C:\windows\system32\svchost -k DcomLaunchC:\windows\system32\svchost -k rpcssC:\windows\Syst... Read more

3 more replies
Relevance 62.32%

Hi all, my first post in here, so hello to everyone.

Could anybody be able to tell me how to completely remove Windows malicious software removal tool as it keeps coming up every time I turn on the laptop.
I have tried all usual channels like add/remove etc but can't see it anywhere. Could someone shed some light, many thanks

Answer:[SOLVED] Removal of 'Malicious software removal tool'

Have you let the MRT finish? The MRT is an On Demand anti virus scanneer with a very limited impact on the PC or
resources. there are NO reasons to remove it.

The utility is...
%windir%\system32\MRT.exe

Command line switches...

/? or /HELP = displays the command line switches
/Q = quiet
/N = detect only
/F = force extended scan
/F:Y = force extended scan and automatically clean infected files

If you really want to remove it browse to C:\Windows\System32 and delete MRT.exe

4 more replies
Relevance 62.32%

I had trouble trying to uninstall Trend Micro Security 2010. Upon reading a forum from this site, I tried AppRemover, which successfully took the software off, however, I am unable to connect to my wireless network because the driver connections seem to be messed up(?). I have tried uninstalling and reinstalling the drivers for my wireless LAN, but this does not seem to work. I have tried troubleshooting via Microsoft's website and have used the Microsoft FixIt program, however it has failed to fix the issues. This is what the program says:Fix it Center:Use hardware and access devices connected to your computer. 5 problems need attentionHide detailsProblems found StatusThere is a problem with the driver for Microsoft ISATAP Adapter #2. The driver needs to be reinstalled. Not fixedThere is a problem with the driver for Teredo Tunneling Pseudo-Interface. The driver needs to be reinstalled. Not fixedThere is a problem with the driver for Intel® WiFi Link 1000 BGN. The driver needs to be reinstalled. Not fixedThere is a problem with the driver ISATAP Adapter #3. The driver needs to be reinstalled. Not fixed DetectedI am running Windows 7 on my ASUS notebook. I have internet connection when I'm directly connected through the cable, but I cannot get wireless connection. My other computer connects to the wireless network fine. Please help. THanks a lot in advance.*moved topic to Am I Infected as requested by narenxp. - Queen-Evie*

Answer:Difficult Antivirus removal, even more trouble post removal

Hello,Before trying to fix windows you should try the Diagnostic Tool from Trend Micro it should remove all the leftovers and maybe at the same time fix the problem you have.Download the Trend Diagnostic Toolkit and save the file to the desktop, make sure you select the tool that matches your Operating System and the 32-bit or 64-bit version.Boot the PC and enter Safe Mode (press F8 durring Boot), run the tool, click on the Uninstall tab and follow the program instructions.

15 more replies
Relevance 62.32%

Hey there experts =)

My son clicked something a few days ago, giving us the Win 7 security virus. I followed the directions here, and removed it with malwarebytes.
Everything was running smoothly.

Today I get home and see that my browsers (all of them, firefox, chrome) are being redirected. When they are being redirected my McAfee detects a virus and removes it, yet it continues to happen. After much reading, here and on other computer boards ... there seems to be something leftover from that virus that isn't always detected? From what I've read, there's a possibility there's a virus in the MBR ?

I do not have a Windows 7 disc, as this came pre-installed, nor do I have a recovery disc. All advice points towards running combofix, although all that advice comes saying 'DO NOT RUN combofix unless instructed to do so by a professional'

Well? You guys are the professionals so here I am. You're my last resort to getting this fixed, sans taking it into a shop which I'm REALLY trying to avoid. ;)

I do work a full time job, so my responses may not be immediate, but I will check daily or multiple times daily when I can and follow your directions ... if you can and are willing to help!

Thanks in advance!

Beachy

Answer:Help with removal of hijacker after Win7 security virus removal

Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform quick scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here.Be sure to restart the computer.The ... Read more

14 more replies
Relevance 61.5%

When using Google in Firefox, links to pages i've searched for do not go to the correct page.malwarebytes found this:Files Infected:C:\Program Files\Falco GIF Animator\FalcowareAcPro.exe (Adware.PredictAd) -> Quarantined and deleted successfully.F:\torrents dls\Myspace.friend.blaster.pro8.4\friendblasterpro.-patch.exe (Trojan.Hacktool) -> Quarantined and deleted successfully.DDS (Ver_10-03-17.01) - NTFSx86 Run by Spike at 8:43:00.21 on 24/03/2010Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_18Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1526.339 [GMT 0:00]AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exesvchost.exesvchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\rundll32.exeC:\Program F... Read more

Answer:Trojan removal help - infected with Trojan.Hacktool

Problem solved using combofix so please close my topic and thank you.

2 more replies
Relevance 61.5%

Ive tried various types of programs to remove these trojans but no luck. Smitfraud,smitrem,adware 2007,spysweeper, roguefix, antipuper etc. Just wondering if anybody else has some removal advice. My hijackthis log is below. thankyou.

Logfile of HijackThis v1.99.1
Scan saved at 6:54:35 PM, on 11/11/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\essspk.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Paul\Desktop\HijackThis.exe

O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\SYSTEM32\KLLRYZHM.DLL
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\ati... Read more

Answer:Zlob.trojan & trojan.winfixer removal

Download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
--------------------------------------------------------------------
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
...
--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
 

1 more replies
Relevance 61.5%

Good evening,

Well I thought that I may be able to cure my issues by reading and trying what seems to have worked for others. I have come up short and need help removing the following items: Trojan.TDSS and Trojan horse BackDoor.Generic11.ZNE. I have ran malwarebytes and will post the log below. I also ran ATF Cleaner and then SUPERAntiSpyware (3 hrs and change) and afterwards imagine my disbelief when the same stuff showed up on malwarebytes that was there before as well as the 80 infections of the Trojan horse BackDoor.Generic.11.ZNE. I tried to run the RootRepeal to no avail; it kept telling me it was initializing and would never open and let me do anything?? Below is my log from malewarebytes. Thanks in advance for any help.

Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 5.1.2600 Service Pack 3

8/3/2009 10:55:11 PM
mbam-log-2009-08-03 (22-54-56).txt

Scan type: Quick Scan
Objects scanned: 103436
Time elapsed: 4 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
\\?\globalroot\systemroot\system32\SKYNEToqjitklt.dll (Trojan.TDSS) -> No action taken.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Item... Read more

Answer:Trojan removal help please

Anyone have any suggestions? I hope I am not being too pushy or said something wrong; I am just a tad paranoid and seem to be getting no where on my own..

thanks again

20 more replies
Relevance 61.5%

a week or so ago, my machine started doing unusual things like disabling my Windows security auto updates and giving me pop-ups like never before. My McAfee is telling me that it spotted a Trojan vendu and removed it but that cant be right since my system is still freaking out. Ive ran all the goodies to no avial. i.e. ; AdAware Spybot and my McAfee none help. Ive read a ton of posts with the same problems but most of the solutions are different. So i am begging for help from the people who know it best.
 

Answer:Trojan removal help

8 more replies
Relevance 61.5%
Question: Trojan Removal

I am not computer savy and I noted about 3 weeks ago that I have some trojans including but possibly not limited to PWS_LegMir, PWS_Mmorpg.gen, VAnyi.sys, and W32/magish.dam3.

Can you please guide me how to get rid of them?

Thank you and Best Regards

Fuad Fuleihan

Answer:Trojan Removal

Hmm...
Firstly make sure your firewall are denying these programs access.
Secondly run a Hijackthis and post the results.

16 more replies
Relevance 61.5%

hi all,
i havent had any real problems until seeing some chinese characters in the name of a file in my system32 folder. files that would not delete because they were being used by a program. But there was only windows, avira, and toshiba's "synaptics pointing device" running (from what i know). therefore I thought something was fishy and started my search for malware with no luck. Then I tried to update java and adobe and ran into problems. Flash was telling me it could not uninstall the previous version, but it was nowhere to be found manually. Then Acrobat installer and uninstaller were running super slow and firefox browser was freezing until i uninstalled Acrobat.
I have attached the files needed, and I have Vista 32bit on a Toshiba L305-S5955 laptop.

please help!!!:-o,
Thanks
 

Answer:need help trojan removal

Welcome to Major Geeks!

You are not having malware problems. Your logs are all clean.

You can discuss problems with Adobe Acrobat and Flash Player in the Software Forum.
 

3 more replies
Relevance 61.5%

I'm about at my wits end with this laptop. Been working on this virus removal for around 12 hours, need some help and advice. Logs attached.
 

Answer:trojan removal help

last log file
 

5 more replies
Relevance 61.5%

avg has thrown up the following but with no option to remove or whatever.(teenagers turned on pc for game playing and i could,nt get the entire report)"trojan horse downloader small 6 m in documents and settings".."backup copy infected."(xp).i went into c drive documents and settings but could,nt trace.don,t like it being around any advice to find/delete will be appreciated.

Answer:avg--trojan removal

download and use the following in turn : Stinger, ASquared, Spybot, and Adaware. Or type the name into Google and see what comes up as suggested removal tool.But the 4 I've mentioned should deal with it. Typing any of them into Google will find you a download site.

2 more replies
Relevance 61.5%

Hi,

I just want this to be the place to take care of the problem, every other place has inadequate information. The problem is that i have the "Trojan horse Generic 14.DYJ" found in "Windows\System32\ESQULnvrnxynnmtpdenpeswtcoeriipjdmgxt.dll". It is causing problems with firefox and the system is running rather slowly. When i click a link in google i am redirected somewhere else.

I have AVG 8.5 installed, which isn't helping to remove it, but it recognizes it. I also have Windows firewall running. I will have a log from combofix that i can post soon. Thanks for the help everyone.

Answer:Need help with the removal of trojan!!!

Moved from Vista to a more appropriate forum. Tw

2 more replies
Relevance 61.5%
Question: trojan removal

i always format my pc then i load qucik heal antivirus still then i m always affected by trojan W32/virus...also with networms.after formating my pc with in 5days i affected with that...and for tht i always spend more download mb..so pls help me

Answer:trojan removal

Hello and welcome to TSF

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please start a new thread in our Virus/Trojan/Spyware forum along with the required logs

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

1 more replies
Relevance 61.5%

I have McAfee Internet Security on my computer and when it does a full scan the results say I have:
Trojans: 1
Tracking Cookies: 412
Potentially Unwanted Projrams: 15
I know nothing about computers, but want to learn at least enough to get me by. I have not figured out how to see exactly what these negative results are in my McAfee Security Center, or how to remove them with out purchasing an expensive program. Any thoughts?

Answer:Help with Trojan Removal

If you are asking for details on how to interpret/use the McAfee product, you need to read the HELP menus for that program..If you are asking for general info re malware protection, then you should visit AV, Firewall, Privacy, Protection forum.If the AV found a Trojan, it should be able to remove it. If you are saying that your AV cannot remove it, you need to state that clearly.Louis

13 more replies
Relevance 61.5%
Question: Trojan Removal

Started with Winlogon problem - needs to shut down several times a day. Checked for problems and found SillDl DJM located in registry in software/microsoft/windows/current version/explorer/browser setting "value" iu, bf and bk. Unable to remove. Below is my Hijack File. Thanks for the help.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:13:25 PM, on 3/15/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\brsvc01a.exeC:\WINDOWS\system32\brss01a.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exeC:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exeC:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exeC:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exeC:\PROGRA~... Read more

Answer:Trojan Removal

Hi Eee11. Download combofix from any of these links and save it to Desktop:Link 1Link 2Link 3 **Note: It is important that it is saved directly to your desktop**2. Double click combofix.exe & follow the prompts.3. When finished, it shall produce a log for you (C:\ComboFix.txt). Post that log in your next replyNote:Do not mouseclick combofix's window whilst it's running. That may cause it to stallCombofix should never take more that 20 minutes including the reboot if malware is detected.If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.If that happened we want to know, and also what process you had to end.If you have problems with Combofix usage, see herePost:- a fresh HijackThis log- combofix report

2 more replies
Relevance 61.5%
Question: Trojan Removal

I apparently have a new virus/trojan. It is detected, quarantined and "deleted" by SystemSuite 9(Sunbelts Vipre)
Every reboot it comes back and is initially defined as xxx.exe where xxx is some number that changes each reboot.
I tried the Microsoft Live one care online scanner, which advertised that it was the party responsible for file name in the topic description above. after two hours of grinding away, Microsoft detected the trojan, but could not remove it. There product also cleaned my registry without asking.

I ultimately solved the problem by using a SystemSuite 9 CheckPoint to roll back the computer a week. I would like to know if there are other tools or technics that work if I run into future infections.

Cheers,

dleippe

Answer:Trojan Removal

Hello ,yes this is new. Run this tool and see if it finds this dialer /downoader. It may also contain a bot.EDIT: I am moving this from AntiVirus, Firewall....... to Am I Infected..Next run MBAM (MalwareBytes):NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click... Read more

1 more replies
Relevance 61.5%

Hello...I am being driven crazy by this Trojan spm?LX worm. It has turned my screen a couple of different colors and has an onscreen announcement (which will not go away ) saying my system has been shut down and I must install anti spyware software. Then a pop up at the bottom right hand side of my screen basically says the same thing along with a red icon with an "X" in it......PLEASE HELP!!!!! I am running Windows XP pro.
 

More replies
Relevance 61.5%

I have been infected with the Trojan.mOO and was alerted by Norton antivirus to this effect. Norton said it could not delete it, so I deleted the Temp internet files, ran adaware, spybot search and destroy and a2,but no0thing detected it. Since then I have scanned twice with norton but it says my system is clean. Is the troajan still on or not? Anybody got any ideas how to tell for sure. Thanks Dax

Answer:Trojan.moo and removal

If A-squared can't find it and the original warning no longer occurs, then it probably has gone. Don't forget to knock out System Restore to remove any trace of it.

1 more replies
Relevance 61.5%
Question: Trojan removal

hi I'm having a problem removing Trojan.Briv.Alinf virus. I don't know how to remove it. My com is Vista Ultimate 64bit and I'm running Norton 360 antivirus software.
Please help
Thanks

Answer:Trojan removal

Hi,

D/l , install, update and scan with this free app.

Malwarebytes.org

That will probably get it, make sure by also scanning with this free version

SUPERAntiSpyware.com - AntiAdware. AntiSpyware. AntiMalware.

Hope it helps

SIW2

4 more replies
Relevance 61.5%
Question: Trojan removal

Hey there got some nasty trojans and worms, hope you can help Thanks fusion

Logfile of HijackThis v1.99.1
Scan saved at 1:32:54 PM, on 10/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust Vet Antivirus\ISafe.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\CA\eTrust Vet Antivirus\VetMsg.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Documents and Settings\User\304.exe
C:\PROGRA~1\PRINTV~1\pvmodule.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\{D45FBF5A-0643-1033-1203-041218030001}\Update.exe
C:\WINDOWS\system32\crunner\cproc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fixup\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com.au/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.ozemail.com.au:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.1.1.1;10.1.1.2;<local>
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIE... Read more

Answer:Trojan removal

Ran a scan with AVG and got a trojan, worm, backdoor thingy and all sorts of fun stuff. Would be awesome for some help
Thanks
 

2 more replies
Relevance 61.5%
Question: trojan removal

I have the TrojanSPM/lx and I need help removing it. I just scanned with ewido and here's my log. Thanks!

Logfile of HijackThis v1.99.1
Scan saved at 4:08:20 PM, on 10/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\unzipped\hijackthis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/index.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
R3 - URLSearchHook: (no name) - {A3E43245-A9FA-DA0D-8ABC-F6DA14CE6991} - C:\WINDOWS\system32\jixsap.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O3 - Toolbar: (no name) - {3D0BDAB3-12F4-471C-8966-E35A2C6C7DE7} - (no file)
O3 - Toolbar: Body grey - {DE4C40F7-7DB5-4769-7C62-4F1F9B51E286} - C:\PROGRA~1\AMOKJU~1\Sign Deaf.dll (file missing)
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: ToolBar888 - {C004... Read more

Answer:trojan removal

16 more replies
Relevance 61.5%
Question: Trojan Removal

Running xp pro, boot up stops at the screen that shows f2 and f12 options, believe my pc may have a trojan horse infection as I moved a threat to the virus vault (AVG) instaed of healing. Any advice on how to boot up and recover the system most appreciated. Cheers Steve
 

Answer:Trojan Removal

16 more replies
Relevance 61.5%

I have a Trojan in my computer called 'FakeAlert-AB.dldr'. And now it's icon has settled on my taskbar and tells me every minute or so that I have a security problem. Once in a while it tries to get me to run a scan with it's fake scanner and wants be to download 'something'. Please help me get rid of this.

Answer:Help with Trojan removal

click herethis may help...

3 more replies
Relevance 61.5%

After spending all day fiddling with the computer, I give up and admit that I'll need help on this one. :cry Followed all the instructions to the letter, log files are attached. Thanks so much in advance!!
 

Answer:Trojan Removal, please help!

Sorry, forgot to mention... AVG and other virus programs detect Trojan, no idea where and when I might have picked it up.
 

3 more replies
Relevance 61.5%

Hello,

I've tried to follow the instructions listed in FAQ...so here goes.

I'm attempting to remove something from Grandmother's computer. Basically, Internet Explorer will not connect to any site, but Firefox will.

Here are my scan results:
HijackThis
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:12:06 PM, on 12/20/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18444)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaste... Read more

Answer:Help with trojan removal

My name is Duffy and I will be helping you with your malware issue.

Since I am still in training, all my fixes must be checked by an Expert first. Please be patient with me during this time while I propose a fix for you. Please follow my instructions step by step, if you have any questions feel free to ask. It is also a good idea to save my instructions to notepad or print them out so you have them.

I have proposed a fix to an expert I will get back to you asap.
 

3 more replies
Relevance 61.5%

Hi,

I run AVG as my only anti-virus, and run a full system scan each day. Today 2 Trojans have been discovered.

I run Avid editing software on my computer, and both viruses have put themselves in its Epiconf230 File (Avid->Utilities->ATTOFC->EXPRESSFC->Utilities->Epiconf230).

I am pretty stressed out cos I don't know what to do about this...

AVG gives the virus name as 'Trojan Horse Downloader.Generic7.RXC' and the status of the first Trojan is 'Infected, Embedded Object' and the second is 'Infected, Archive'
Please help!!!

Answer:Help With Trojan Removal

Is the embedded file an essential one for the software to run?

Just a suggestion you could delete all the files and re-install the program, but this depends on whether the trojan has linked itself on to windows processes such as Winlogon.exe, in which case it will just re-create itself when you perform a system restart.

If you cannot delete the files in normal mode, boot in safe mode and try again.

Hope this helps,
cornzey

4 more replies
Relevance 61.5%

Basically a Trojan made itself onto my computer..its classified as SUSP_IPR_MJ_CREATE(according to the p.o.s. McAfee, even though its not their fault)...and from what I've read its a nasty oneI've tried just about everything: malwarebytes, tdsskiller, safemode scanning, etc...but it hasn't done anything and the problem is still there..its detected and eliminated about 5 other malicious programs but not the one I need it to..whats worse is that I believe the problen is getting bigger since now everytime I'm done scanning with tdsskiller, a blue screen pops up, saying somthin about a system error and that its starting a physical memory dump, forcing me to quickly shut off my computerMy friend suggests formatting my pc but I really don't want to do thatCould anyone PLEASEEEE! help me with this issue, any words of advice or step by step directions would be greatly appreciated...thank you so much beforehand Edit: Moved topic from XP to the more appropriate forum. ~ Animal

Answer:Need help with trojan removal...please and thanks!!!

Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.Please download Dr.Web CureIt and save it to your desktop. DO NOT perform a scan yet.alternate download linkNote: The file will be randomly named (i.e. 5mkuvc4z.exe).Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".Scan with Dr.Web CureIt as follows:Double-click on the randomly named file to open the program and click Start. (There is no need to update if you just downloaded the most current versionRead the anti-virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.The Express scan will automatically begin.
(This is a short scan of files currently running in memory, boot sectors, and targeted folders).If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All. (This will move any detected f... Read more

2 more replies
Relevance 61.5%

Hi guys, this is my first time posting on this forum. I've run into a trojan on my laptop and is very similar to the case posted here. http://forums.majorgeeks.com/showthread.php?t=145549
The infected file is listed as C:/Program Files/Common Files/Microsoft Shared/Speech/Wab64.dll or so. Mcafee pops up and constantly tells me me that the virus is there but offers no solution. I've tried to delete it manually in safe mode but it just comes back afterwards. I will attach the logs and stuff later as the other guy did in the other thread since I think since we have different computers the solution may be slightly different. Need help asap as this is a laptop for schoolwork :cry

EDIT: I've put in the logs but they are scanned on the laptop during safe mode. Hope it helps
 

Answer:help with awq trojan removal

Let's start with this:

Click Start > Run and type in: services.msc
Click OK
In the Services window find: Network Connection Manager (NetCM)
Select/highlight and right click the entry, and choose: Properties
On the General tab, under Service Status click the Stop button
Beside: Startup Type, in the drop menu, select: Disabled
Click Apply, then OK

Now open notepad and copy and paste the following text in the quote box into the window:




sc stop NetCM
sc delete NetCMClick to expand...

Save this as fix.bat
Choose to save as all files.
Doubleclick fix.bat and let the program run.
A small black dos window will flash, this is normal.

Tell me how that ran.

Now go to C:/Program Files/Common Files/Microsoft Shared/Speech and tell me what is there.
 

13 more replies
Relevance 61.5%

I have the CA security system through Frontier Communcations. and I have been infected with the Vundo!generic trojan.
My security system keeps deleting this virus. My computor is constantly cleaning this off. I do I remove this for good?

Answer:Help With Trojan Removal

Do you have System Restore enabled?If so, try cleaning it with SR temporarily disabled, http://www.pchell.com/virus/systemrestore.shtmlYou could also post at BleepingComputer.com - Am I infected What do I do - http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/ where you can get better guidance re malware than you will probably receive in this section of the website.Louis

1 more replies
Relevance 61.5%
Question: Trojan Removal

So apparently my computer is infected. My brother told me a site told him it was a Trojan named Rustokn.

Here's the DDS file. Sorry if I'm posting all this incorrectly.

DDS (Ver_09-01-19.01) - NTFSx86
Run by Terios at 13:25:58.09 on Sat 01/24/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.895.175 [GMT -5:00]

AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated)
AV: Norton AntiVirus *On-access scanning enabled* (Updated)
AV: avast! antivirus 4.8.1296 [VPS 090123-0] *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\... Read more

Answer:Trojan Removal

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed. Use the 'Add Reply' and add the new log to this thread. Also please explain your problem as fully as possible. Each little detail will help in getting your system cleaned up and functional again.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scans:Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mba... Read more

2 more replies
Relevance 61.5%

I have Norton End Point protection and every few minutes its picking up Trojan.ADH and deleting it.

Windows Defence is poping up very few seconds asking for registration and it is also blocking most of the IE websites

I tried to get ride of it by doing a full system scan by End Point. it would delete a few Trojan.ADH but after a while End Point would pop up with another Trojan.ADH threat

any help would be appreciated

thank you

Answer:Removal of Trojan.ADH

Hello and welcome. I am moving this to the Am I Infected forum fro Win7 for now. Let;s get another scan log.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the dr... Read more

1 more replies
Relevance 61.5%
Question: TROJAN REMOVAL?

By using 'RemoveIt Pro V6' it detected c:\windows\bwunin-8.1.1.50.8876460sl.exe as an infection. I deleted this file (the sofeward advised that it would be removed upon boot up - but it didn't). After I premanently deleted this file i could not connect to internet an received 'BAD_POOL_HEADER' and the only way I could rectify thios was to resore the PC to a few days earlier thereby keeping this infected file. Do I have to keep this file to continue internet usage. I'm using Vista if you need to know. ThanksKeith

Answer:TROJAN REMOVAL?

Because BwUnin is part of F-Secure Anti-Virus. It may be a case of 'RemoveIt Pro V6' giving you a false alert

5 more replies
Relevance 61.5%

Hello -- yesterday I became infected with a trojan which seems to have done two things. #1) I get a persistent popup at the top of explorer warning me of viruses and containing a link to the protect.trustedantivirus.com site. #2) I can no longer access my task manager as it states it has been disabled by an administrator. I have run Adaware, Avast, Windows Defender and Stinger without success at removing this thing. I would really appreciate any help. Here is my HJThis log ...Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:54:34 AM, on 2/26/2008Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16609)Boot mode: NormalRunning processes:C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exeC:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exeC:\Program Files (x86)\HP\QuickPlay\QPService.exeC:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exeC:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exeC:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exeC:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exeC:\Program Files (x86)\Java\jre1.6.0\bin\jusched.exeC:\Program Files\Alwil Software\Avast4\ashDisp.exeC:\Program Files (x86)\iTunes\iTunesHelper.ex... Read more

Answer:Please Help Me With This Trojan Removal

Let me ask again, please, somebody help me. Thank you for your consideration.

3 more replies
Relevance 61.5%

Hi everyone,Spysweeper keeps finding and quarantining the above trojan but it is infecting my system still. Here is my HiJackThis logfile:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:58:38 PM, on 2/14/2008Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16609)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Apoint\Apoint.exeC:\Program Files\Sony\ISB Utility\ISBMgr.exeC:\Program Files\Java\jre1.6.0\bin\jusched.exeC:\Program Files\Sony\VAIO Center Access Bar\VCAB.exeC:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exeC:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exeC:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exeC:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exeC:\Windows\system32\igfxsrvc.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\Sony\Network Utility\LANUtil.exeC:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\... Read more

Answer:Trojan Removal Help

Hello VancouverMark and welcome to BleepingComputer!Apollogies for the delay. The forum has been very busy lately and. If you are still having problems, then please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic: Preparation Guide For Use Before Posting A Hijackthis Log. Please also post the problems you are having.If we do not hear back from you within a couple of days we will need to close your topic.Thanks,Johannes

12 more replies
Relevance 61.5%
Question: trojan removal

Dear

My computer is infected with generic dx! xbx trojan virus. I have run a scan and the attached log file is as follows Please suggest how to disinfect.
 

More replies
Relevance 61.5%
Question: trojan removal

After d/l and execution of a small program(s) [c below 4 further details], I heard a small click on the HDD, and the pc crashed/stalled. When I restarted it, it fails to load win XP, i got the following message on DOS screen:
"Reboot and select proper boot device or insert boot media in selected boot device and press a key."

I believe I have d/l a suspect program, but how do I now get out of it and get into windows to restore to a previous point...any ideas?
Can I do a windows repair install from CD without data loss? I have not made a bootable CD, can I on another PC?

Ulimately, can I repair without windows reinstallation?

WINZIX a new archiving program with adware, and
VCDGEAR to convert a BIN/CUE file into mpeg.
 

Answer:trojan removal

Hi Smurph!

See if something in the following article helps you get your system going again:

http://www.informationweek.com/windows/showArticle.jhtml?articleID=189400897

abri
 

5 more replies
Relevance 61.5%

I recently installed a new version of Norton Antivirus and now it keeps popping up and telling me it's found a TROJAN in file c:\windows\system32\rdriv.sys. Iv'e tried to delete the file in Safe Mode, but it keeps coming back. There's also a process running in my task bar called Project1 that keeps appearing everytime I boot up. Now I've got continuous pop ups and strange email accounts showing up in Outlook. I just ran Adaware and Trend Micro right before the Hijackthis log was generated. Trend Micro was unable to delete the following Trojans: WORM_SDBOT.BKW, JBOT_AGENT.ABS, WORM_RBOT.GEN and TROJ STERVIS.C.

Can you please help me!!! Below is my hijackthis log, which was analyzed with KRC Hijackthis Analyzer program to clean it up.

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 4/1/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Nort... Read more

Answer:Need help with Trojan Removal

Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem a.s.a.p

You may wish to Subscribe to this thread so that you are notified when a reply has been made.
Click Thread Tools then Subscribe to Thread.

Please be patient with me during this time

11 more replies
Relevance 61.5%
Question: Trojan removal

on windows xp sp2 was on tinternet : got a file sent saying reg cure and when got it it opened itself and a warning came from norton saying it was corrupt and had a trojan in it it is in two places on my c:docs and settings/single user/incomplete and in one of my other personell files it is called T-233472-reg_cure_v1.1.0.17.exe tried deleting from dos and normal way it ssays cannot delete another person or program is using this file try closing all other files but none are running totally puzzeled Can anyone help plz plz
 

Answer:Trojan removal

6 more replies
Relevance 61.5%
Question: Trojan removal

I have the Trojan Gord on two XPpro user computers on my network. I use Symantec Endpoint for network and computer protection. I have run the virus scan several times and every time the user restarts the computer it shows that Gord has been picked up. I have followed the directions from Symantec such as disabling system restore and run full scan, I tried using safe more and still Iím not ale to remove it. I use Malwarebytes- Antivirus and it doesnít see the file. Symantec logs indicated that it was located in a file called overlay.xul. I found that and deleted it. Yet when I restart the computer, Symantec still shows Iím infected. There must be an exe file somewhere I don't see. I found one Google link explaining how to manually remove it but the files the article said I had, I didn't. Maybe because Endpoint took them out already, not sure. Any ideas?
 

Answer:Trojan removal

Has anyone had this problem? Any help for me?
 

2 more replies
Relevance 61.5%
Question: Trojan Removal

Hey, I downloaded a trojan a couple of days ago and I need your help to remove it. There were three applications inside the file that I could not stop with Processes Manager, so I followed some advice elsewhere and was able to delete two of them with AVG Anti-Spyware. I cannot rid the computer of the third one, though. Its name is "pmmon" and I have the AVG report if that helps.

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 5:41:22 PM 11/25/2006

+ Scan result:

C:\Program Files\MalwareWiper -> Adware.MalwareWiper : Cleaned with backup (quarantined).
C:\Program Files\MalwareWiper\MalwareWiper.exe -> Adware.MalwareWiper : Cleaned with backup (quarantined).
C:\Program Files\MalwareWiper\ignorelist.dat -> Adware.MalwareWiper : Cleaned with backup (quarantined).
C:\Program Files\MalwareWiper\malwarewipe.ini -> Adware.MalwareWiper : Cleaned with backup (quarantined).
C:\Program Files\Virus-Bursters -> Adware.VirusBursters : Cleaned with backup (quarantined).
C:\Program Files\Virus-Bursters\Lang -> Adware.VirusBursters : Cleaned with backup (quarantined).
C:\Program Files\Virus-Bursters\Lang\English.ini -> Adware.VirusBursters : Cleaned with backup (quarantined).
C:\Program Files\Virus-Bursters\Logs -> Adware.VirusBursters : Cleaned with backup (quarantined).
C:\Program Files\Virus-Bursters\Quarantine -> Adware.VirusBursters : ... Read more

Answer:Trojan Removal

Please do this:

* Click here to download HJTsetup.exe

Save HJTsetup.exe to your desktop.
Doubleclick on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

* Also open Hijack This and click on the "Open the Misc Tools section" button. Click on the "Open Uninstall Manager" button. Click the "Save List" button. After you click the "Save List" button, you will be asked where to save the file. Pick a place to save it then the list should open in notepad. Copy and paste that list here.
 

3 more replies
Relevance 61.5%

Hello,

Since Yesterday, all on a sudden the symantec antivirus in my laptop started detecting & deleting several "Trojan"/ "Trojan Fox" etc at an interval of 5-10 minutes, even when no web-browser was opened.
Before that my laptop was perfectly infection-free.

I have completed the "Basic steps" and at this time I am getting less number of symantec alerts but am still getting some, once in a while.

I am attaching the 4 logs generated from the basic steps.

Could you please take a look at the logs and help clean any residual infection.

Thanks.

Monalisa
 

Answer:Need Help with Trojan Removal

Here is the 4th Log generated from the basic spyware removal steps.

Thanks.

Monalisa
 

5 more replies
Relevance 61.5%

I am running avg antispyware. avg anti virus, spybot search and destroy, adaware se and sygate firewall.

I recently stupidly clicked ignore when avg told me there was a posibly threat. and that meant trouble.

I keep getting sygate telling me that ishost.exe is trying to access the network and avg antispyware keeps picking up the following:

Dowloader.purityscan.dc
Downloader.agent.bca
Trojan.agent.vg

no matter how many times i clean it it still keeps coming back. I tried cleaning with system restore off but that did no good. I keep getting popups for a free antivirus scan. But i presume this is the virus/trojan so i cancel it every time.

im fairly amateur at this. but could follow instructions easily.

all help is greatfully recieved

Cheers

Will

Answer:Trojan Removal.....help!

ishost.exe is related to a smitfraud infection.I suggest you follow the generic instructions for using SmitfraudFix in BC's "How to remove the Smitfraud / Generic Zlob".When done scan with AVG Anti-Spyware 7.5 in "SAFE MODE".Be sure to print out and follow the AVG Anti-Spyware Install-Scan Instructions for configuring AVG AS and performing a scan.Then perform this online Virus scan: Trend Micro Housecall Use "Autoclean" and manually delete what it can't clean.[Watch the Address bar in IE. You may receive alerts that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then Click Install ActiveX component.]Post back if your still having problems afterwards.

3 more replies
Relevance 61.5%

i have ran virus scansw and have found a trojan virus on my computer ive searched for a trojan removaltool or program etc. but i havent found one that looks legit to download. i have mcaffe virus protection software but it cant removal the trojan. it trys to quartine it and says it has both times ive scaned but then i get a messagepop up warrning from mcaffe saying i should reboot and re scan to quartine the the trojan virus. ive done this hence forth the two times scanning the computer and a third time i tryed a couple days ago and it said it quarntined the virus but my comp is being slower. i think the virus scan helped and quartined it a little because my computer has ran faster sense then after i defraged the files a little bit and did a quick cache and internet temporary files deletion and seemed to helpa little but is still running slow.

any help would be apreciated or thoughts on the problem listed above would be greatfull.

josph orton,

Answer:trojan removal help

Hello and welcome to TSF

I would recommend that you go here; read and follow the instructions very carefully; then, post all the requested logs and information; as instructed, to here. (Just click on the coloured links.)

Once done, please be patient, as the Security Team Analysts are usually very busy; one of them will answer your request as soon as they can.
Good luck

Please also remember DO NOT post your logs in this thread, please start a new thread here. (Just click on the coloured link.) and post the logs.

1 more replies
Relevance 61.5%
Question: Trojan Removal

Hello all, first post to the board and amazed the help it offers. I went through the Read me first step for step, but keep getting the same thing over and over again. Upon looking at what adaware kept finding and the warning from windows defender upon startup, it is the trojan winsync. I downloaded the tools FindQool, RKFiles, and WinPFind, and have attached the appropriate logs. Also attached it the HJT text file and bdscan.txt. Panda Active Scan would not run because of an error on the web page. Any help on ridding my computer of this annoying pest would greatly be appreciated.
 

Answer:Trojan Removal

The attached WinPFind file is attached below.
 

14 more replies
Relevance 61.5%

Hello. I'm having a Trojan or some otehr virus that will randomly play music or ad commercials when I"m going to music sites (Youtube, pandora radio) taht are not part of those said sites. I"ve had to mute my computer almost constant as it goes back and forth with playing music and not.

the last thing I've downloaded when I started getting this was nothing. I did however do a search (waht I searched is not appropriate to say here, and that's all I"m going to say) and was on a site for a bit, and then the next day it started up.

edit:
Malwarebytes foudn the trojan to be in this file: svchost.exe, and there are two of thems

I've trying using Malwarebytes to make sure I remove it, and it quarantines it, but it keeps coming back. I'll post in a second post the DDS and the Attach for you about what has happened. I would really appreciate it very much! I know thigns about computers, but I"m not the best, so to disable antivirus programs or something, I would really like a detailed explanation of that. If I could, I'd greatly appreciate the help!

DDS:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Autumn at 23:24:55 on 2012-06-20
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6058.3973 [GMT -5:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *E... Read more

Answer:Trojan Removal Help please

Hello and Welcome.

Before beginning, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.


---------------------------------------------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.


---------------------------------------------------------------------------------------------

The Event logs suggest there are issues beyond malware on this machine. We may not be able to address all the issues in this section of the forum, but I'm relatively certain you have a Pihar Rootkit infection. I'd first like to confirm that with these next tools.

If issues persist after malware removal, we'll have... Read more

9 more replies
Relevance 61.5%
Question: trojan.gen removal

Webroot Spy Sweeper has quarantined a trojan horse trojan.gen. I recovered my computer but it is still there. Is it possible to manually remove the trojan. If so what do I need to do to get started. I am operating Vista Home Premium.
 

Answer:trojan.gen removal

11 more replies
Relevance 61.5%

A squared has discovered several trojansAntimca-ASDBot-AVXAGOBOT-OWRBotCoolwebsearchNetVisionHow can I remove them? A squared just gives me a link to other software.

Answer:Various Trojan removal

Run thisclick hereand thisclick here

10 more replies
Relevance 61.5%

I recently got a trojan, recognized something like IRC/BackDoor.SdBot.22.BT and it's attached on to a system volume info folder. It's really buggin me b/c it keeps on restarting my computer. Any solutions? I ran AVG antivirus and McAfee but they couldn't remove it.
 

Answer:Trojan Removal HELP?!!

9 more replies
Relevance 61.5%

I've been getting massive popups, from Internet Explorer, which I don't even use. When I tried deleting programs I didn't recognize from the add/remove programs list, it took me to a website to download an uninstaller to uninstall it?
Please help me with this, here is my log from Hijack This

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:47:14 PM, on 11/19/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Q2FybG9zIFNjaHdlcmR0\command.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\... Read more

Answer:Trojan Removal - Need help

I ran Ad-Aware and found that I have:

CmdServices
Adware.DollarRevenue
iSearch Toolbar
Win32.TrojanClicker
Win32.Trojan.Small
Hacktool.Netmon

I need help removing these, does anyone know what I need to do?

I can't go to any site's to help get rid of any of these, Mozilla has blocked the websites.
I don't use Internet Explorer but continuously get popups from it.

Please someone help?
=\
 

2 more replies
Relevance 61.5%
Question: Trojan removal

I followed the instructions for running RSIT and Kaspersky. My logs below.
I started this proceess since my weekly Avast scan told me I had Win32:dropper-BBR.

I have run the following in an effort to clean my system.
Smit fraud fix
Malwarebytes
Spyware Doctor
Spybot S+D
Avast 4.8 home
One care online
Trend micro.

I disabled the windows xp remote assistance feature as suggested by a site I visited. I uninstalled Avast and reinstalled it and it ran a clear scan.

My PC now seems almost alarming quicker. Am I paranoid? lol

I found Bleeping computer, ran the scans and am now posting my RSIT and Kaspersky scan logs.

Please advise.
With Thanks
Tony

Answer:Trojan removal

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable ... Read more

2 more replies
Relevance 61.5%
Question: trojan removal

Hi,

Before starting i wanted to say that your article on improving security was very helpful and since implementing your suggestions i have not had any problems for quite a while, however in the last few days a couple of trojans have been popping up in my daily avg scans. Spybot-SD doesnt show any problems so i wasnt sure if it was just co-incidence or i actually have a problem.

thanks in advance for your help,

Doolen
 

More replies
Relevance 61.5%

Ok, I've gone through and followed the steps for both the "Before You Post" and the "Read and Run Me First" threads. I'm still having problems, and based on the first online scan I think it's a trojan.
A week ago, I started to notice two problems: 1) my speakers would quit working, and I had to uninstall and reinstall the drivers several times; and 2) I started to receive dialog boxes warning me that either my virtual memory (which I did increase) or system memory was low. The latter has happened several times during scans today, causing me to need to reboot and start over.
Just to cover everything, I'll attach my Everest System report, Panda Active scan, Bit Defender scan, and HJT log, since they were all covered in the threads mentioned above.
Thanks a lot in advance for your help!
*Loryn
 

Answer:Need help with Trojan removal please

WWelcome to Majorgeeks!

You did not follow the directions in step 7of the READ ME and as a result have installed HijackThis exactly where we specify not to install it. Please follow the steps given and installed HJT in the suggested folder instead of on your Desktop.

You logs do not show any major issues. Just a few minor things to cleanup.

Make sure viewing of hidden files is enabled (per the tutorial).
Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: (no name) - {ED6B652B-2792-C60A-C3A6-7857A3D19E99} - (no file)
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KX-HCM10 Control) - http://84.107.19.46:8052/kxhcm10.ocx
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/17e0527a60efb61b3418/netzip/RdxIE601.cab

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\WINDOWS\NDNuninstall6_98.exe
C:\WINDOWS\smdat32m.sys
C:\WINDOWS\system32\grwinsthlp.exe
C:\WINDOWS\system32\P2P Networking v125.cpl
C:\WINDOWS\system32\rk.bin

Additional step to delete HDPlugin1101.dll:
- Click Start, Run, and ... Read more

6 more replies
Relevance 61.5%

Hello, I would be very grateful if someone could help me remove a trojan that my netbook recently got infected with.

I am running windows 7 starter and the trojan seemed to install some software called windows recovery which told me there was an issue with my hard drive. I restored the computer back to 4 days prior and ran a AVG virus scan which came up with no virus alerts. However, everything on my C drive appears to have been deleted.

I have read that this is because the virus is still on the computer and is hiding the files. If this is so, can someone please advise me on what to do next and how to get my files back!

Sorry if you have had alot of these requests, I tried looking in the previous posts but everyone seemed to be a few steps ahead of me!

Many thanks in advance,

Marie

Answer:Trojan Removal Help

Please go through our guide, located here:
Spyware Asylum

7 more replies
Relevance 61.5%
Question: Trojan Removal

i just ran a scan through HiJackThis. Can someone help me understand the results?

Answer:Trojan Removal

Please read the preparation guideIt will tell you how and where to post your loghttp://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

1 more replies
Relevance 61.5%

Ok so i tried the steps using Smitfraudfix.exe as instructed in other posts on this trojan but both times it only managed to clean me up for about 1 minute and then the desktop went back to the trojans one (mywallper) and the toolbar infected pop ups came back.
I did run Smitfraud in safemode but for some reason, even though my computer only has the one user profile (me as addminister), safe mode gave me the option to log in as admin or me. I had to go under me as this was the only place that let me have access to the Smitfraud exe I downloaded to the desktop. I just downloaded HJT and will post a log if you feel its needed.
Many thanks in advance as this ones got me beat.

EDIT UPDATE
I have since run Smitfraud again as admin in safe mode by putting it on a flash drive but only managed about 5 minutes of peace before it returned again and took over the desktop again. I am on a network but this is the main computer that connects dirrectly to the internet. Should I be running "Safe mode with networking" ?

HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:29:40 PM, on 21/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WI... Read more

More replies
Relevance 61.5%

When trying to play World of Warcraft game i get a message which says that i have trojan-downloader.win32.agent variant which may compromise my internet security. I have tried to use anti-virus software to remove any viruses but they are usually interupted before they can finish and the anti-virus program closes. i have also tried to use malware removal software including the microsoft Malicious Software Removal Tool, which i was unable to download for some unknown reason. plz help or at least tell me if im screwed.
thank you

Logfile of HijackThis v1.99.1
Scan saved at 4:06:27 PM, on 11/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\2fn7e1x1.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\... Read more

Answer:trojan removal help plz

Hi, Welcome to TSG!

That machine is a mess. You will be better off with a format and reload. This time around be sure to get yourself some anti-virus and firewall protection.
 

1 more replies
Relevance 61.5%

My computers anti virus programme ahd picked up 2 trojans. i have run hijack this and the log is below if anyone could help id be very grateful!!



Edit: Removed inline hijackthis log for guide below to be run
 

Answer:Help trojan removal

Welcome to Majorgeeks!


As you likely already know is that malware is a massive pest these days and does its level best to hide itself in any number of places, So just a Hijackthis log will not show all the malware that can be on your PC, the full guide of our steps below has a few other logs that show alot of the malware on your PC and where they are located,


Please if you can remember, tell us the names of the trojans yoru antivirus software picked up?


Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

READ & RUN ME FIRST. Malware Removal Guide

So logs that you will get to attach are:

MGlogs.zip (which has 5 logs inside it, including Hijackthis, just attach the whole Zip )
AVG
Combofix logs.




After these are attached our malware experts will review these to see if your OK, if not they will issue you some further removal instructions for the malware infesting your PC.
 

1 more replies
Relevance 61.5%

TR/Crypt.XPACK.Gen [trojan] HEUR/HTML.Malware [heuristic

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:35:01 PM, on 9/27/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Stev\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O1 - Hosts: 216.178.32.48 goatse.cz
O1 - Hosts: 216.178.32.48 goatse.cz
O1 - Hosts: ::1 localhost
O1 - Hosts: 216.178.32.48 goatse.cz
O1 - Hosts... Read more

More replies
Relevance 61.5%
Question: Trojan removal

I am currently aware that my computer is affected by some sort of Trojan that just keep coming back is not detected by any antimalware, virus, spyware, adware program.
It goes by the file folder called IWGSOFT wherein I have deleted this past few days manually and ended process of the following exe files:
tmpca4.exe
regservr32.exe
dzlbuqdqb.dll
 
Most of the files that I find are often located at
C:/user/"my computer name"/appdata/local/IWGsoft
C:/user/"my computer name"/appdata/local/IJSoft
C:/user/"my computer name"/appdata/local/IWGsoft
C:/programdata/ microsoft/security/client/temp
For Regedit;
HKCU/Software/Ijsoft
HKCU/Software/Microsoft/Windows/CurrentVersion/Run
HKCU/Software/Microsoft/Windows/CurrentVersion/RunOnce
HKCU/Software/Microsoft/Windows/CurrentVersion/RunServices
HKCU/Software/Microsoft/Windows/CurrentVersion/RunServicesOnce
I have ran Combofix, it detected it but didn't delete it either!
Here is the log;
ComboFix 15-03-01.01 - clarkbell27 03/05/2015  22:28:04.1.4 - x64
Microsoft Windows 7 Home Basic   6.1.7601.1.1252.63.1033.18.3894.1797 [GMT 8:00]
Running from: c:\users\clarkbell27\Downloads\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new re... Read more

Answer:Trojan removal

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-03-2015 01
Ran by clarkbell27 (administrator) on CLARKBELL27-HP on 05-03-2015 23:23:01
Running from C:\Users\clarkbell27\Downloads
Loaded Profiles: clarkbell27 (Available profiles: clarkbell27)
Platform: Windows 7 Home Basic Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
() C:\Program Files\LoL\Garena Plus\ggdllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxpers... Read more

16 more replies
Relevance 61.5%

Hi to everyone, my pc (vista operating system) has gone from bad to worse on start up of everything it shows a window stating, example

userinit.exe-bad image
c:\windows\system32\dfrgifps32.dll
containsan error

it shows this for every programme i open so it would say
explorer. exe
c:\windows\system32\dfrgifps32.dll
containsan error

and so on ive ran hjt as an admin and heres the log

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 13:45:58, on 25/01/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\O2\bin\sprtcmd.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
R1 - HKCU\Softw... Read more

More replies
Relevance 61.5%
Question: trojan removal

hi, im haveing some trouble, removing a virus, i have scaned with msse, it found the virus, but couldnt remove it, so i figgured i should try and up date, couldnt up date, then i ran with malewarebytes, and it somehow has uninstalled, is there anyway for me to get rid of this??

Answer:trojan removal

Boy oh boy. May I suggest you worry about your financial calucluator while I summon one of the experts in this area.

9 more replies
Relevance 61.5%

i have these trojan and i am having a hard time gettin rid of it plz help

trojan.downloader.win32.qoologic.i

i found it with a-squared personal and need help removing any help would be great thx.
 

Answer:trojan removal help

This is the third thread you have started for your problem. Please stay in your original thread and follow the directions given there. You were already given a bunch of things to do.

This thread is closed!

Go to your original thread: http://forums.majorgeeks.com/showthread.php?t=63007
 

1 more replies
Relevance 61.5%

Yesterday, I somehow got loads of viruses installed to my computer. I scanned for viruses with AVG 10 (Free Edition), Malwarebytes and Avira. AVG got rid of most of the viruses like Malware and some Trojan agents. However, AVG didn't get rid of most of the viruses. There are Trojan Agents on my computer called the Trojan horse Agent_r.XJ. AVG couldn't remove it so i tried downloading Bitdefender which failed since the viruses somehow took over the file which means every time i ran the file i got a blue screen of death and then it became useless. I removed bitdefender from my computer which did get rid of a few Trojan viruses. So i tried to kill the viruses off once in for all by downloading a trial version of ESET Smart security 4. But it didn't do the job since it was always stuck at scanning for viruses at 36%. So ESET failed aswell. Now, I tried to scan AVG 10 for the 5th time but it still doesn't get rid of the Trojan horse Agent_r.XJ. So I googled the problem, and one Kaspersky forum told me to download a file called TDDSkiller to kill the Trojans off. But, everytime I installed it, an error popped up before completion saying "TDDSKiller has encountered a problem and needs to close... etc". So I googled that problem, and then on some forum, the solution was to download something called ComboFix, which also failed since it wanted me to uninstall AVG (my only proper working Anti-Virus software). Then the Trojan viruses messed up my computer. Every... Read more

Answer:Trojan removal help

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

3 more replies
Relevance 61.5%

Hello, I recently downloaded a virus somewhere, and now I have no idea how to become rid of it. I scanned with craploads of stuff, and nothing helps. I saw other people putting up hijack this logs, so I will try as well...any help is greatly appreciated...THANKS

Logfile of HijackThis v1.99.1
Scan saved at 10:01:22 AM, on 10/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\issearch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\Program Files\Java\jre1.5.0_06\b... Read more

Answer:Trojan Removal - Don't know what to do!! PLEASE HELP!

Closing duplicate post please continue here:
http://forums.techguy.org/security/513469-please-help-me-get-rid.html
 

1 more replies
Relevance 61.5%

Hi, It appears that I've acquired some kind of Trojan Horse. I've tried the usual (MS Security Center and AVG) to remove it, but have been unsuccessful. Any help would be greatly appreciated.

Thanks,
Nathan

Here's my log from HijackThis:

C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {33845B1D-C4CB-4F7D-80FE-F039E351A75E} - C:\Program Files\MSN Gaming Zone\pesova89104.dll
O2 - BHO: (no name) - {537... Read more

More replies
Relevance 61.5%

I think I got this very nasty virus on my computer. I get a security alert telling me that my computer is infected with a PSW.x-Vir trojan. It also changed my homepage in IE and I get some dirty popups once in a while. I guess I won't try to download some little "helpful" software anymore if I don't know who it's from wink.gif.

Anyway, I really do need your help with this as my search on google showed me it was a very difficult virus to remove. Here is my HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 7:25:09 PM, on 12/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\mgabg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Video ActiveX Object\pmsngr.exe
C:\Program Files\Video ActiveX Object\isamonitor.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Video ActiveX Object\isamini.exe
C:\Program Files\Hewlett-Packa... Read more

Answer:Need help with removal of PSW.x-Vir Trojan

Hi and welcome

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
 

1 more replies
Relevance 61.5%
Question: Trojan Removal?!

The Trojan tutorial seemed like just what I needed...I understood it and followed ALL the directions.
Hmmm... so why was the infected filename not showing up in the autoruns list?! I tried for 2 hours to figure this out without any answers or success. I have a Trojan but can't remove it based on these instructions. I should've known it couldn't be so simple.

Answer:Trojan Removal?!

Hi, 9020hc :welcome to bc, there are a couple of questions about this issue, first, what program is detecting this Trojan Horse, and secondly, what is it called?

3 more replies
Relevance 61.5%
Question: trojan removal

Hi.This is a follow-up to my post about an occasionally slow computer.Thanks to the good advice I got in that thread, I discovered a BackWeb problem and deleted it, a Ptsnoop problem and deleted it, and I?ve downloaded a-squared?s HiJackFree and it?s found Trojan.Zapchas.ac in my explorer.exe. The instructions for removing the trojan are, to me anyway, a bit vague. How do I delete the trojan and keep the necessary exe?Bryon

Answer:trojan removal

A-squared should be able to get rid of it...what instructions did you recieve ? ?patio.  8-)

7 more replies
Relevance 61.5%
Question: Trojan removal

Hello! I've had trojan problems on and off the last few months but let's deal with the current one. It's called trojan-relayer-himpax. It starts up when I start the computer, but is not visible. I then run Webroot Spysweeper . About two-thirds of the way thru the registry scan the notice appears that I have this trojan. I quarantine the trojan then delete it. From then on I see no apparent effect on my system-nor does AdAware,Spybot or a re-scan with spysweeper show any visible evidence of the trojan.
If I were to do an extended spysweep Norton would usually detect this trojan and in a few minutes remove it. I would then be instructed to restart and thus open the virus again!-So I have been removing it quickly with spysweeper.
My theory is that the trojan has associated itself with program in startup and that it is in a registry entry someplace.
I have reviewed the items in startup using msconfig and startup inspector and cannot see any bogus items. I have not taken the step of trying to isolate the problem startup item by trial and error.
I have hijack-this and can send a report. If I do that should I send it before or after removing the trojan with spysweeper?
While I'm not the most technically proficient guy ,I'm willing to work with one of your fine experts on this.
One other thing I notice which may or may not be relevant-when my desktop loads and the few items I have in the taskbar appear-I see a small minimized window appear on the desktop and ... Read more

Answer:Trojan removal

16 more replies
Relevance 61.5%

It seems I've been infected with a persistant trojan. I've run scans with AVG, MBAM, and Super anti spyware but nothing seems to work.
Here is my DDS log.
DDS (Ver_09-07-30.01) - NTFSx86
Run by Kevin at 18:15:38.84 on Thu 09/17/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2279 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\Yahoo... Read more

Answer:Need help with trojan removal

Bump. Thanks in advance.Hello ladwagger,While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large, as are other comparable sites that help others with malware issues. Athough our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, you wouldn't want someone to assist you who is not familiar with your issue and attempt to fix it, would you?We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded t... Read more

3 more replies
Relevance 61.5%
Question: Trojan removal

O.s. Windows xp service pack3..attached please find hijackthis and antivir firewalker log files.

Avira continously quarantines two trojans..tr/downloader.gen and tr/drop.softomat.an...unable to eliminate them permanently.

Please explain hot to eliminate these and if they are related to waitservice file listed in log files..is waitservice malware related?

Thanks.
 

More replies
Relevance 61.5%

Hi,I have a few trojans that I cannot get rid of and are really slowing my computer down, automatically shutting it down (or not restarting properly), and a lot of pop ups. I have tried removing them with adaware and with my antivirus program, but that is not working. Here is my hijack this log. can someone please help? Thanks!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:09:44 PM, on 1/10/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\WINNT\System32\svchost.exeC:\WINNT\system32\svchost.exeC:\WINNT\system32\spoolsv.exeC:\WINNT\Explorer.EXEC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINNT\System32\igfxtray.exeC:\WINNT\System32\svchost.exeC:\WINNT\System32\hkcmd.exeC:\Program Files\Symantec AntiVirus\Rtvscan.exeC:\Pro... Read more

Answer:Trojan Removal Help

one of the trojans is called vundo.

3 more replies