Computer Support Forum

Reviews of various downloaders

Question: Reviews of various downloaders

http://www.freewareaid.com/wedownloaders.htm gives a review of various downloaders. I agree that Download Accelerator Plus is full of ads, and that Leechget is one of the better ones. I have tried both, scrubbed DAP very quickly, and settled on Leechget. Both are available from MG.

Link for Leechget, http://www.majorgeeks.com/download.php?det=1821

Bazza

More replies
Relevance 100%
Preferred Solution: Reviews of various downloaders

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Relevance 53.71%

The fine folks over at Hardware Secrets are pretty well known for their excellent reviews of different hardware, including power supplies. They are one of the few sites that really knows how to test a power supply. There is MUCH more to it than hooking up a digital multimeter to a spare molex connector and then running an assortment of load/idle tests and recording the output from the multimeter. Most sites will not test the noise and ripple in a PSU (and "noise" here does not mean the sound from the fan, it means "line noise"; a decent metaphor would be "static"). I recently read a review where the testing uses only a voltmeter, and the reviewer states the power supply had a bit more ripple than he would like to see. :confused Without an oscilloscope, it is impossible to measure ripple, so it would appear that the reviewer is talking out his a** and has no idea what "ripple" really means or what it is. This review can be found here, the "ripple" comment is on page 5, on page 6 you'll see the PSU received a "Top Rank Award". However, Hardware Secrets reviewed this same power supply (review is here), and you'll see that it miserably failed the ripple/noise testing, and in fact the unit burned up when trying to draw the advertised 750w the unit is rated for. Yet the other reviewer gave it a "Top Rank Award". So- all ranting aside, do not trust any power supply review that doesn't include '... Read more

Answer:Power Supply Reviews - Why 99% of online reviews are WRONG!!!

Hi,

Good report except that setting a voltmeter to AC and measuring a DC voltage will give you a reading of the AC component (Ripple) riding on the DC.

Jim
 

2 more replies
Relevance 47.15%

Any Vista Reviews? (Jan. 07 Reviews)

i read some last month on gaming pc mag. they said its very unstable, they also said it wasnt a finished product to the public, it was only a corp. business verison finished product..

so i need a clear view on vista, if its worth and good idea to switch to vista without major problems as the review mentioned.. probs they mentioned was driver issues, OS being unstable in general areas, ect..
 

Answer:Any Vista Reviews? (Jan. 07 Reviews)

Vista Ultimate RTM 64bit

I've found no instability issues but drivers support is lacking. The OS has not reached official release as of yet so I'm waiting patiently.
 

4 more replies
Relevance 41.82%
Question: Downloaders

Hi all.
Hope you can help. Am writing on behalf of my girlfriend as last week she ran AVG and it discovered Dyfica.V and AVG put into a folder called Vault. She tried a System Restore and it appeared to have gone. She's running XP.
This morning however, AVG has shown up 'Downloader Dyfica.AL' and 'Downloader Small.4.D'
I've had her run Hijack This, and these are the results. Many thanks for all your help.
Terry

Logfile of HijackThis v1.97.7
Scan saved at 13:55:45, on 18/03/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\soundman.exe
C:\WINDOWS\tppaldr.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
C:\Program Files\Trust\Internet Keyboard\MMKeybd.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\AOL 8.0b\aoltray.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\TechSmith\SnagIt 6\SnagIt32.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Trust\Internet Keyboard\TrayMon.exe
C:\Program Files\Trust\Onscreen Display\OSD.exe
C:\Program Files\Trust\Internet Keyboard\nhksrv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAge... Read more

Answer:Downloaders

Download and unzip or install these programs/applications if you haven't already got them. If you have them, then make sure they are updated and configured as described

Spybot - Search & Destroy from http://security.kolla.de
AdAware 6 from http://www.lavasoft.de/support/download

Run Sybot S&D

After installing, first press Online, press search for updates, then tick the updates it finds, then press download updates. Beside the download button is a little down pointed arrow, select one of the servers listed. If it doesn't work or you get an error message then try a different server

Next, close all Internet Explorer and OE windows, press 'Check for Problems', and have SpyBot remove all it finds that is marked in RED.

then reboot &

Run ADAWARE

Before you scan with AdAware, check for updates of the reference file by using the "webupdate".
the current ref file should read at least 01R269 16.03.2004 or a higher number/later date

Then ........

Make sure the following settings are made and on -------"ON=GREEN"
From main window :Click "Start" then " Activate in-depth scan"

then......

click "Use custom scanning options>Customize" and have these options on: "Scan within archives" ,"Scan active processes","Scan registry", "Deep scan registry" ,"Scan my IE Favorites for banned URL" and "Scan my host-files"

then.........

go to set... Read more

2 more replies
Relevance 41.41%

Please help i have been trying unsuccessfully for the past two weeks to remove the various malware that has infected my other computer. It all started when the computer involved which is running Windows 98SE accidentally downloaded the drsmartload.exe virus. Since then i have had constant pop-ups to various sites ie a-d-a-w-a-r-e, www.popunder.paypopup.com, www.blow-outsales.com and heaps of others. I have scanned my system with the most recent and updated versions of adawareSE, Spybot S&D, AVG Free, Online Scanners and various other programs. I have managed to rid quite a few files already including ibm00001.exe, TEMPIadhide3.dll (which keeps coming back), paytime.exe, toolbar.exe, mswindtc.exe, erase_me40503.exe, country.exe etc. I have run a few programs which show system processes running and i have been able to identify one of them as C:\\Windows\System\EHCAPI.DLL which i have tried deleting only to be told by the computer that the file is in use and cannot be deleted. I have tried ending the process with killbox.exe to no avail. I have found the Registry key in Regedit and it wont allow me to delete the file from there. I even tried changing the name of the file in Registry editor and rebooting but it reverts itself back to the original name. I am pulling my hair out and if i don't get help soon i will be bald lol. Can somebody please help me?

Here is my Hijack This Log

Logfile of HijackThis v1.99.1
Scan saved at 10:40:20 PM, on 21/03/06
Platform... Read more

Answer:Various Malware - Downloaders

Welcome to TSF.

Did you install these two programs?

O4 - HKLM\..\Run: [AdwareAlert] C:\PROGRAM FILES\ADWAREALERT\ADWAREALERT.Exe -boot
O4 - HKLM\..\Run: [SNM] C:\PROGRAM FILES\SPYNOMORE\SNM.EXE /startup

If not, uninstall them...

Print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Download Brute Force Uninstaller http://www.merijn.org/files/bfu.zip and unzip it to it’s own folder (c:\BFU).

Run the program and click the Web button located on the top right corner.

Copy and paste the below web address into the address bar of the Download script window:

http://metallica.geekstogo.com/alcanshorty.bfu

Checkmark the following boxes:
Use settings specified in script for the above option.
Show log after script ends.
Execute the script by clicking the Execute button.

When it finishes running, click the Save button for a copy of the log. Post the log created by the script when you have completed the fix.

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you check the last one:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\S... Read more

14 more replies
Relevance 41.41%

here's my hijack this log....i went to a forum and a pop up came up...this happened a few weeks ago...but this time my norton antivirus won't stop popping up with a Downloader and Backdoor something or other. I've done Adaware and I just ran a Ewido but when i hit apply all actions to delete it's frozen now and i can't see if it's done or not.

Logfile of HijackThis v1.99.1
Scan saved at 11:33:23 PM, on 9/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Trend Micro\Of... Read more

Answer:Solved: PLEASE HELP! Pop ups and downloaders or something

15 more replies
Relevance 41.41%

Is it OK I am using the Trend Micro that Merijin sold. Or should I use the 1.99v version to run the log?
Pretty sure got two at least trojan loaders. Something is allways running and the box restarts on it own.
Please help
Paul
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 1:09:41 PM, on 4/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISM... Read more

Answer:Please review my HJT log. Got downloaders...

8 more replies
Relevance 41.41%

Hi, I have been having issues recently with my Dell laptop. I believe that I opened a malicious file and that I downloaded several Trojans, as that is all my Avast! seems to find every time I start my computer. I don't know how to get rid of them myself and I really need my laptop back! Thanks in advance!KASPERSKY ONLINE SCANNER REPORT Saturday, April 19, 2008 8:34:57 AMOperating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)Kaspersky Online Scanner version: 5.0.98.0Kaspersky Anti-Virus database last update: 19/04/2008Kaspersky Anti-Virus database records: 715149 Scan Settings Scan using the following antivirus database extended Scan Archives true Scan Mail Bases true Scan Target Critical Areas C:\WINDOWSC:\DOCUME~1\Kristine\LOCALS~1\Temp\ Scan Statistics Total number of scanned objects 19811 Number of viruses found 6 Number of infected objects 15 Number of suspicious objects 0 Duration of the scan process 00:24:24 Infected Object Name Virus Name Last Action C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb Object is locked skipped C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skipped C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skipped ... Read more

Answer:Trojan Downloaders And More

Hello vidakriss,Welcome to Bleeping Computer Download SDFix and save it to your Desktop.Double click SDFix.exe and it will extract the files to %systemdrive%(Drive that contains the Windows Directory, typically C:\SDFix)Please then reboot your computer in Safe Mode by doing the following :Restart your computerAfter hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;Instead of Windows loading as normal, the Advanced Options Menu should appear;Select the first option, to run Windows in Safe Mode, then press Enter.Choose your usual account. Open the extracted SDFix folder and double click RunThis.bat to start the script. Type Y to begin the cleanup process. It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot. Press any Key and it will restart the PC. When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum). Finally paste the contents of the Report.txt back on the forum with a new HijackThis logThanks,tea

7 more replies
Relevance 41.41%
Question: Video downloaders

Running Win7 Pro.

Are there any good free video down-loaders that you recommend? I've tried CamStudio and it works but it's not the best. I've googled video down-loaders and there are a lot, but they have to be installed and that's OK except I'd like to know a good one(s) before I start installing and trying any.

Thanks, Henry
 

More replies
Relevance 41.41%

I've been having allot of problems with my windows system lately. I haven't really downloaded anything, but I read something about an exploit in outdated java. I have mcafee installed and I keep getting alerts that it detected vunoo.dll or generic.dx and a bunch of other things. I was removing things through the add/remove programs manager. I found outerinfo. I know I didn't install it, and it wasn't bundled with anything unless it was with sonic hero's. I'll post logs in a second, text limit.
 

Answer:Trojans and Downloaders

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:07:58 AM, on 5/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\nathaniel\My Documents\HiJackThis_v2.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local... Read more

3 more replies
Relevance 41.41%

So I've started cleaning some trojan downloaders out and cleaned out some. Would much appreciate help in eliminating what seems to be remaining in part or full form. Things are much improved now, much less pop-ups, but the concern remains that there are still infections. Running for instance system doctor suggests I have a few items still going, not sure if I may clean these myself or it is worth buying that version to help. Much appreciation for your time.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:29:25 PM, on 11/8/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16544)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\wltrysvc.exeC:\WINDOWS\System32\bcmwltry.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\WI... Read more

Answer:Trojan Downloaders And More!

Hello iwon,Please download VundoFix.exe to your desktopDouble-click VundoFix.exe to run it.Click the Scan for Vundo button.Once it's done scanning, click the Remove Vundo button.You will receive a prompt asking if you want to remove the files, click YESOnce you click yes, your desktop will go blank as it starts removing Vundo.When completed, it will prompt that it will reboot your computer, click OK.Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.Please download Deckard's System Scanner (DSS) and save it to your Desktop.Close all other windows before proceeding. Double-click on dss.exe and follow the prompts.When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

33 more replies
Relevance 41.41%

Lol, for a little while i've been getting this Trojan Downloader alert coming from the AVG Anti-Virus folder. I've let it sit for a while, i've scanned and such, and i've tried to handle it myself by healing, sending it to the virus vault, etc, and trying to get it to go away just with having AVG handle it. It hasn't really worked, and I don't want to make the problem worse, so I've come to Tech Guy. :3

Here's the HiJackThis log.

MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThi... Read more

Answer:Trojan Downloaders. :3

Don't mean to be a bother, but the topic nearly dissapeared. Just trying to get it back up, but I don't want to spam.
 

2 more replies
Relevance 41.41%

Started having problems with my computer yesterday, where if I chose a link to a site from google it would not take me to that site but to something totally unrelated and random. Then later in the day noticed that if I chose a link from within a site that popup would show and then lockup and could not navigate through it and had to close with task manager(ctrlaltdel). Continued on today and while going thru MG.com I especially noticed symptoms when I would try and download a spyware tool.

I have gone through all the steps in the read me first thread, saved logs etc. but when I got to the HJT link and could not get to download it because the popup would either close immediately or would lock up and have to close it thru task manager.

Logs I have so far are attached.

Thanks for any help you could provide
 

Answer:Help with Trojans, and Downloaders

More logs
 

9 more replies
Relevance 41.41%

Need help to remove Trojans,we deleted Limewire to stop this.daughter says she as not downloaded anything,not true,can you help me clean up system and also tell me what program downloaded the trojans.Thanks

DDS (Ver_09-12-01.01)

Microsoft? Windows Vista? Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 08/04/2009 02:03:44
System Uptime: 28/01/2010 20:02:42 (1 hours ago)

Motherboard: Dell Inc. | | 0G848F
Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz | Microprocessor | 1200/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 134 GiB total, 85.23 GiB free.
E: is FIXED (NTFS) - 15 GiB total, 8.29 GiB free.
F: is CDROM (UDF)

==== Disabled Device Manager Items =============

==== System Restore Points ===================


==== Installed Programs ======================

Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9
Advanced Audio FX Engine
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avira AntiVir Personal - Free Antivirus
Bonjour
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Dell-eBay
Dell Dock
Dell Edoc Viewer
Dell Getting Started Guide
Dell Support Center (Support Software)
Dell Touchpad
Dell Webcam Central
Dell Wireless WLAN Card Utility
GoToAssist 8.0.0.514
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft ... Read more

Answer:Trojans and downloaders help please

- bump

18 more replies
Relevance 41.41%

hi
all i use alt.binz (0.025.0)but i have problems with it on 64x is there any free utility like alt.binz which works fine with vista 64x.

Answer:newsgroup downloaders

Try grabit - Shemes.com :: Home

2 more replies
Relevance 41.41%
Question: trojan downloaders

I don't know who to believe. I am running reg cure, webroot spysweeper,defender,McAfee,and windows malicious software removal tool. To start out I noticed my processor was running pretty high from it's norm. I usually use foxfire to log into the net but also use IE for some apps. My IE was redirecting me to a site called mywebsearch.com. I could get on my home page. the is started to do it to foxfire too. Before I lost internet connectivity I downloaded all the programs stated above to run a virus scan. Defender picked up a trojandownloader called win32/small.gen.c, regcure piced up infected registry keys, McAfee would scan then go to blue screen, same with webroot, but it also pics up infected reg keys,shortcuts,ect. and microsoft pics up a trojan called winNT/Alureon.C.
It seems everyday someting else is missing on my computer. I can't run anything from my dvdplayer,process won't start,internet connection is lost, ect. what do I need to do. I can't even dump it and start over. my player won't run now.
I am using my backup computer right now, but it is limited to what it can do.

Almost forgot I am running vista untimate and I do have Hijack This also.

Answer:trojan downloaders

I was really hoping for some answers to my questions!!!!!!!

2 more replies
Relevance 41.41%

I have run ad-aware, trendmicro virus scan and have removed troj_regger.A. however I know I still have something pesky. Please look over my log for me.
I used the HiJack this analyzer to get the log below:

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 4/1/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (... Read more

Answer:spyware downloaders

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that 'Display the contents of system folders' is checked. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Reboot into Safe Mode (hit F8 key until menu shows up). Make sure to close any open browsers. Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:

Hotbar - uninstall it

Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sur... Read more

5 more replies
Relevance 41.41%

Download.Trojan infection, all directions followed w/no luck, please help

Hello all,

I have this annoying "download.trojan" infection that keeps coming up everytime I do a Norton virus check, I've tried fixing it in safe mode, didnt work. Came on this forum, followed all the steps as directed to remove it and just cant get rid of it. Here's my Hijackthis Log, please help!


Edit by bjgarrick: Unrequested, Inline HJT log removed!
Thanks in advance!!
 

Answer:Many trojans and downloaders, please help!

Re: Download.Trojan infection, all directions followed w/no luck, please help

Sorry about posting the Hijackthis log on the previous post (didnt read THOSE directions, sorry).

This Download.Trojan thing is really annoying!

After reading the Hijackthis page I fixed what it recommended, so I'm ATTACHING my log.
Thanks so much!
 

24 more replies
Relevance 41.41%

due to the limitiations of windows me only allowing 2 downloads at once, has any one got any suggestions for a download manager that will allow more at the same time??/, must be compatable with broadband, pref not full of adware/spyware.thanks

Answer:downloaders for broadband

click here click here

10 more replies
Relevance 41.41%

I've had various downloaders and trojans infecting my computer. Followed the steps and wanted to make sure I got everything:Logfile of HijackThis v1.99.1Scan saved at 11:43:28, on 23/09/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Norton Internet Security\ISSVC.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exeC:\Program ... Read more

Answer:Various Downloaders/trojans

Hi Gizmo54 and welcome to Bleeping Computer You got something that needs cleaning there.Please rename HijackThis.exe to Scanner.exeThen post a fresh HijackThis (scanner.exe) log to here.

6 more replies
Relevance 41.41%

Hey everyone, lately there has been a slowdown in my computer and alot of bad possesses.

Answer:Trojan downloaders?

In order to assist you effectively and identify the offending malware, we need more specific information. Please read Before you post about a problem, Some simple guidelines, then reply back here.What OS (Win 2K, XPsp1, XPsp2, Vista) are you using? What issues/symptoms of infection do you have?What actions have you taken so far?

1 more replies
Relevance 41.41%

Any YouTube downloaders that aren't buggy? I had one,but it wanted to upgrade and wouldn't work unless I paid. The other only couple that I tried kept getting caught by my security as having malware...

Answer:YouTube Downloaders

I use a Firefox extension. Search for convert2mp3.

3 more replies
Relevance 41.41%
Question: Trojan downloaders

I'm having trouble with a whole bunch of trojan downloaders and I'm not sure on how to get rid of them.
Trojan-dropper.win32.agent.hl
Trojan-downloader.win32.qoologic.v
Trojan-downloader.win32.apropu.ae
Trojan-downloader.win32.agent.qg
Trojan-downloader.win32.qdown.z

Here is my hijack this log. I hope someone will be able to help me. I'm not familiar with trojans, so any help would be nice.

Logfile of HijackThis v1.99.0
Scan saved at 9:10:36 PM, on 8/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\T3duZXIA\command.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\etb\pokapoka63.exe
C:\WINDOWS\system32\w?nlogon.exe
C:\Program Files\Comm... Read more

Answer:Trojan downloaders

7 more replies
Relevance 41.41%

When I scanned with Ewido, I found that it wasn't able to remove the traces off my computer.
A little help, please?

Logfile of HijackThis v1.99.1
Scan saved at 8:06:12 PM, on 8/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Common Files\AOL\TopSpeed\2... Read more

Answer:Several downloaders on my computer...

* Click here to download Webroot SpySweeper.

(It's a 2 week trial.)

* Click the Free Trial link under "SpySweeper" to download the program.
* Install it. Once the program is installed, it will open.
* It will prompt you to update to the latest definitions, click Yes.
* Once the definitions are installed, click Options on the left side.
* Click the Sweep Options tab.
* Under What to Sweep please put a check next to the following:
o Sweep Memory
o Sweep Registry
o Sweep Cookies
o Sweep All User Accounts
o Enable Direct Disk Sweeping
o Sweep Contents of Compressed Files
o Sweep for Rootkits

o Please UNCHECK Do not Sweep System Restore Folder.

* Click Sweep Now on the left side.
* Click the Start button.
* When it's done scanning, click the Next button.
* Make sure everything has a check next to it, then click the Next button.
* It will remove all of the items found.
* Click Session Log in the upper right corner, copy everything in that window.
* Click the Summary tab and click Finish.
* Paste the contents of the session log you copied into your next reply.

Also post a new Hijack This log.
 

1 more replies
Relevance 41.41%

hi,
i have cable internet and i download music, games, and movies using Torrent downloaders and morpheus/limewire. my torrent downloaders (utorrent, bitcomet, and Azureus) just dont download what they use to (900kb/s-1250kb/s) now its 1kb/s-50kb/s and uploads seem to have more kb/s even though i have uploads at about 10-15% of download limit. but morpheus, limewire and websites dont have affected download/upload speeds.

PLEASE HELP!!!!!

here is my hijackthis file
 

Answer:Torrent downloaders

This is considered a warez discussion. If you need games, music & movies so bad, go out & buy them.

Thread closed.
 

1 more replies
Relevance 41.41%

Help pls!! I've picked up and can't get rid of several Trojan Downloaders:

Downloader.Dyfica.3Al
.Small.41.J
.lstbar.AP
.lstar.9D

Here's my HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 2:47:01 PM, on 7/21/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\NetZero\exec.exe
C:\PROGRA~1\MOZILL~1\THUNDE~1.EXE
C:\Program Files\SurfAccuracy\SAcc.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\sahagent.exe
C:\Program Files\180searchassistant\sais.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Owner\Desktop\Dwnld exe files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h... Read more

Answer:Help!!! Trojan Downloaders

Uninstall the following from Add/Remove Programs:

180solutions
PowerScan
SurfAccuracy
YourSiteBar
--------------------------------------------------------------------------
Download: Micro$oft Anti Spyware BETA:
http://www.microsoft.com/athome/security/spyware/software/default.mspx

First in the top menu click File then Check for updates to download the definitons updates.

After updating look in the right side of the main window under "Run Quick Scan Now".
Click Spyware scan options.
In that window put a tick by Run a full system scan.
Then put a check by all three options below that then click Run Scan now.

When the scan is finished, let it fix anything that it finds
(Have it quarantine the items that have that option rather than delete just in case.)
It is a BETA program and there may be false positives.

Reboot.
--------------------------------------------------------------------------
Click here to download the trial version of Ewido Security Suite:
http://www.ewido.net/en/download/

· Install Ewido.
· During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
· Launch ewido.
· It will prompt you to update click the OK button and it will go to the main screen.
· On the left side of the main screen click update.
· Click on Start and let it update.
· DO NOT run a scan yet.

Restart your computer into Safe Mode now.
(Start tapping the F8 key at Startup,... Read more

1 more replies
Relevance 41%

I am trying to find software to download You Tube videos. All I can seem to find is software that is stated to be clean and without any malware. After a lot of searching I eventually I find  they are all full of either malware or viruses or both together.
 
I am not worried if it's freeware or paid. I just want a first class downloader.
 
Anyone got a recommendation, preferably which they have been using for some time.

Answer:You Tube Downloaders without Malware

I use a Firefox browser and a plug in called Video DownloadHelper
Video DownloadHelper :: Add-ons for Firefox

16 more replies
Relevance 41%

This is the log created by hijack this, this is also my work computer so I'd like to avoid trouble and get it resolved quickly...I have installed AVG anti-virus and ZoneAlarm firewall and I have run AdawareSE and Spybot Search and Destroy.....Please help me.....Thank youNicholLogfile of HijackThis v1.99.1Scan saved at 9:20:44 AM, on 06/21/06Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\WINDOWS\csasvc.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Symantec AntiVirus\SavRoam.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Symantec AntiVirus\Rtvscan.exeC:\WINDOWS\SOUND... Read more

Answer:Trojan Downloaders And Worms

Welcome aboard, lets get started Download Combofix to your desktop:Double-click combofix.exe & follow the prompts.When finished, it shall produce a log for you. Post that log in your next reply.Note:Do not mouseclick combofix's window whilst it's running. That may cause it to stall.==Then after that, do the following scan and post the results:Please download Dr.Web CureIt to the desktop:Double-click the drweb-cureit.exe file and allow to run the Express scan.This will scan the files currently running in memory and when something is found, click the YES button when it asks you if you want to cure it. This is only a short scan.Once the short scan has finished, mark the drives that you want to scan.Select all drives. A red dot shows which drives have been chosen.Click the green arrow at the right, and the scan will start.Click 'Yes to all' if it asks if you want to cure/move the file.When the scan has finished, look if you can click next icon next to the files found: If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:

This will move it to the %userprofile%\DoctorWeb\quarantine-folder if it can't be cured. (this in case if we need samples)After selecting, in the Dr.Web CureIt menu on top, click file and choose save report listSave the report to your desktop. The report will be called DrWeb.csvClose Dr.Web Cureit.Reboot your computer!! Because it could be possible that files in use will be mo... Read more

14 more replies
Relevance 41%

Hello, I am an employee at a dental office. One of the receptionist's computer is experiencing Trojan softwares and frequent freezing problems. The computer uses Windows XP Professional and Internet Explorer as its browser. The computer is used for dental office softwares and for researching insurance details on the Internet. When the computer starts, after the login screen, the following error windows appear.Malwarebytes' Anti-Malware is already installed on the computer. However, it would not start up despite multiple attempts.The free version of Spyware Doctor is installed after the appearance of the freezing problems, and found the following spywares.Internet Explorer is also experiencing problems. Not only Google searches are slow, but also clicking on links opens a window either linking to advertisements or to a blank page with this message,Welcome to the MIVA DLL. Please enjoy your stay.Initialization errors: 0 with an URL similar to thishttp://204.137.28.195/bin/findwhat.dll?clickthroughy=52593x=1ZEJg6mkAsVK1apaET9Z54VbiTxZb7FmACEgEgsln2VXTCEnl47iICFmylE:5Tqv96IyQgSmsayKe4ZyylZSpaEYDtI0EN9LNiaIEJE4TNxqTCITslLLM2IQ5Hr;ABsIeTZdTtPA5aZrLarGDgIYt7bspcP2AlxqQCaguct0b4LwbcFFyJIzbufG3 The computer also freezes, and the freezing happens randomly. Sometimes Internet Explorer is running, while sometimes no programs are running at all.The computer is vital to continuing providing quality service to our patients. We appreciate any help Beeping Computer and its staff and m... Read more

Answer:Freezing with Trojan-Downloaders

The computer also can not create a restore point. It asks for a restart. However, it still does not work after restarts.

Also, the computer frequently freezes before showing the login screen. The computer must be restarted manually.

We value any help available. Thank you!

7 more replies
Relevance 41%

Hi guys, I'm trying to clean up a friend's hp pavilon xt 155 notebook. I've gone through all the steps in your read me first sticky but there seems to be a few stubborn viruses that keep coming back every time I run a virus scan. Here are some logs from BitDefender and Kaspersky scans,

Inline logs attached!

Can you guys help me get rid of these stubborn ones? I've run the bitDefender a few times over and it finds the same infections even when it says that it has deleted them before. Appreciate the help guys.
 

Answer:Re-Occuring trojan-downloaders

Please see the below thread, then attach a current HJT log.
Downloading, Installing, and Running HijackThis
 

24 more replies
Relevance 41%

This is what happened; I recently upgraded from Windows Explorer 7 to Explorer 9. since then, my Realplayer no longer comes up on the sites where I used to be able to download, such as Youtube. I lost DVDflick which used to be on Youtube as well. Both programs are still on my computer, but they don't come up on any of my sites. How do I fix that? Should I uninstall them and then re-install? Thanks.
 

More replies
Relevance 41%

hey can someone plz help me i have a zolob trojan downloader and it keeps giving me nvctrl.exe and mssearchnet.exe and other things i will run the smitrem and everything in windows safe mode it also occasionally gives me spy falcon and i will go through the deleting prccess in windows safe mode and it will be gone for a few minutes but then later it comes right back it shows up on my microsoft spyware remover as spyaxe and trojan downloader i will remove it but it does no good i also use ewido to clean them still no good it goes crazy on ewido. I AM AT WHITS END WITH THIS CRAP.

Answer:Zolob Trojan Downloaders

You could try A?, a Trojan hunter. Just recommended it a few posts above. Free download.

5 more replies
Relevance 41%

Hello, i've scanned a complete scan with.. ''SuperAntiSpyware Pro'' - ''A-Squard Anti-Malware'' (sorry for grammer)

I dont have the A-Squard Anti-Malware Scan Report

Here is the SuperAntiSpyware Pro Scan Report

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/04/2008 at 01:12 AM

Application Version : 4.0.1154

Core Rules Database Version : 3452
Trace Rules Database Version: 1444

Scan type : Complete Scan
Total Scan Time : 00:28:13

Memory items scanned : 470
Memory threats detected : 1
Registry items scanned : 4128
Registry threats detected : 36
File items scanned : 12660
File threats detected : 10

Trojan.Unclassified/Multi-Dropper (Packed)
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\LSZUXIDE\NCHKXELA.EXE
[310vLfCclX] C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\LSZUXIDE\NCHKXELA.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\LSZUXIDE\NCHKXELA.EXE
C:\WINDOWS\Prefetch\NCHKXELA.EXE-0D8EE804.pf

Trojan.Unclassified/Multi-Dropper
[jvsnvhjs] C:\WINDOWS\SYSTEM32\NYJMNWNO.EXE
C:\WINDOWS\SYSTEM32\NYJMNWNO.EXE
C:\WINDOWS\Prefetch\NYJMNWNO.EXE-1B98009E.pf

Trojan.FakeAlert-Pinch/N
HKLM\Software\Classes\CLSID\{69F6C0AE-0C78-4999-B6D1-62932A265C5D}
HKCR\CLSID\{69F6C0AE-0C78-4999-B6D1-62932A265C5D}
HKCR\CLSID\{69F6C0AE-0C78-4999-B6D1-62932A265C5D}
HKCR\CLSID\{69F6C0AE-0C78-4999-B6D1-62932A265C5D}#AppID
HKCR\CLSID\{69F6C0AE-0C78-4999-B6D1-62932A265C5D}#Lo... Read more

Answer:Virus / Spyware / Downloaders

Hello darkgifts2 and welcome,

If you still require assistance, please note that we prefer a more comprehensive set of logs to assist in detecting any malware that may be present. As noted in the final step (Step 5) of our sticky topic IMPORTANT - Read This Before Posting For Malware Removal Help....

Download Deckard's System Scanner (DSS) to your Desktop.

What DSS will do:create a new System Restore point in Windows XP and Vista.
clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
check some important areas of your system and produce a report for your analyst to review.
DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt in your next reply.
Please attach extra.txt to your post.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "... Read more

1 more replies
Relevance 41%

Hello. I've recently had a large problem with what I think were Trojan downloaders amongst other things. I've followed several of the suggestions on this site and no longer "seem" to have a problem. Previous problems included pop-ups and my Firefox browser trying to connect to a random site. Every time I ran a virus scan it keep coming up with new viruses. However, I think that they may be gone, but I am unsure and could use any help you have to offer. Thanks in advance.I'm not sure what I am doing, but here is my HJT log:(Moderator edit: log post moved to HJT log Forum for team analysis and member assistance. Enthusiast)Logfile of HijackThis v1.99.1Scan saved at 4:30:33 PM, on 31/10/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\PROGRA~1\Grisoft\AVGFRE~1&... Read more

Answer:Am I Clean? (trojan Downloaders Etc)

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you.
I apologize for the delay getting to your log, the helpers here are very busy.

If you still need help, please post a fresh Hijackthis log, in this thread, so I can help you with your malware problems.
If you have resolved this issue please let us know.

2 more replies
Relevance 41%

I had been getting various error messages when using windows explorer. I also get an error message when trying to use internet explorer. And subsequently can't use internet explorer. The error message looks something like this.Runtime ErrorProgram: C:\\ProgramFiles\InternetExplorer\IExplorer.exeThe application has requested the runtime to terminate it in an unusual way. Please contact the applications support team for more information.A while later the Mcafee software that I had been using detected a virtumonde virus, but it wasn't able to delete it. I have since unistalled Mcafee and installed the AVG Free edition. I have used the Vundo Fix and the VirtumondeBegone, they removed quite a lot of things in my computer, but I don't think that they got all of it out. So far, after all of this, I have ran the AVG Free antivirus, Spybot, ad-Adware SE, Super AntiSpyware, Ccleaner, BitDefender, Counterspy, and I installed a Zone Alarm Firewall. All of these programs seemed to find and fix different problems. After all of this, Im not getting the error message from using windows explorer, but Im still getting the error message when trying to use internet explorer. The AVG antivirus has been continously finding viruses in my system restore.Here is a recent log from HiJackThisogfile of HijackThis v1.99.1Scan saved at 4:56:55 PM, on 4/2/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes:C:\WINDOWS\S... Read more

Answer:Virtumonde/trojan Downloaders

Please download VundoFix.exeto your desktop. Double-click VundoFix.exe to run it.Click the Scan for Vundo button. Once it's done scanning, click the Remove Vundo button. You will receive a prompt asking if you want to remove the files, click YES Once you click yes, your desktop will go blank as it starts removing Vundo. When completed, it will prompt that it will reboot your computer, click OK. Please post the contents of C:\vundofix.txt and a new HiJackThis log.Note: It is possible that VundoFix encountered a file it could not remove.In this case, VundoFix will run on reboot, simply follow the aboveinstructions starting from "Click the Scan for Vundo button." whenVundoFix appears at reboot.

3 more replies
Relevance 41%

Here's the Log of my PC(it runs Vista). It wasn't directly infected, but I think a virus may have piggibacked off the infected Tablet on a USB drive I used. Logfile of HijackThis v1.99.1Scan saved at 10:36:49 PM, on 6/16/2007Platform: Unknown Windows (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Running processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Microsoft Windows OneCare Live\winssnotify.exeC:\hp\support\hpsysdrv.exeC:\hp\KBD\kbd.exeC:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exeC:\Windows\RtHDVCpl.exeC:\Program Files\HP\HP Software Update\hpwuSchd2.exeC:\Program Files\Java\jre1.6.0_01\bin\jusched.exeC:\Program Files\Microsoft IntelliPoint\ipoint.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Windows\WindowsMobile\wmdc.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\Internet Explorer\ieuser.exeC:\Windows\ehome\ehtray.exeC:\Program Files\Mozy\mozystat.exeC:\Windows\System32\rundll32.exeC:\Windows\ehome\ehmsas.exeC:\Windows\System32\mobsync.exeC:\Program Files\Windows S... Read more

Answer:Infected By Trojan Downloaders on PC

Hi ,

Our apologies for the delay. If you still require help, please post a new fresh log so I can see if anything has changed. And please describe why you think you might be infected and any symptoms you may have.

6 more replies
Relevance 41%

HiAlthough I run Spybot, AVG, Windows Defender, Comodo firewall and other programs, AVG Free is telling me I have a number of infections? Spybot is taking a long time to start & gives an error saying it cant write to the log. Computer often (but not always) runs slow and will often lock up on me. I also have seem to have a lot of programs running when I go into 'processes' in task manager but am not sure of which ones I need to keep running and how to identify any unneccessary ones??Any thoughts are very very much appreciated.Here are my logs;Deckard's System Scanner v20071014.68Run by Owner on 2008-07-07 20:31:36Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --151: 2008-07-07 10:31:53 UTC - RP1272 - Deckard's System Scanner Restore Point150: 2008-07-07 10:19:49 UTC - RP1271 - Removed Java™ SE Development Kit 6 Update 4149: 2008-07-07 10:11:59 UTC - RP1270 - changes148: 2008-07-07 10:00:48 UTC - RP1269 - Software Distribution Service 3.0147: 2008-07-07 07:52:13 UTC - RP1268 - Software Distribution Service 3.0-- First Restore Point -- 1: 2008-04-08 10:00:28 UTC - RP1122 - Software Distribution Service 3.0Backed up registry hives.Performed disk cleanup.-- HijackThis (run as Owner.exe) -----------------------------------------------Logfile of Tr... Read more

Answer:Avg Says Many Trojans, Downloaders & Loggers?

Welcome to the BleepingComputer Forums. Since it has been a few days, please post a new Deckard's System Scanner which includes the HijackThis log. Please see Preparation Guide for use before posting about your potential Malware problem. Thank you for your patience.If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

2 more replies
Relevance 41%

I found a torrent download of the Vista Recovery Disc around and was wondering if websites like Bitlet or Torrentrelay are good to rely on since I can't use this computer to download the uTorrent client.

Answer:Online torrent downloaders.

Bitlet and Torrentrelay are just host sites for the torrent file; they don't store or upload the data that the torrent actually "refers" to.

There is some security to torrents. Once a torrent is created it can't be changed. Altering file sizes or file names corrupts the torrent and nobody can download or upload a corrupt torrent. Comparing a torrent's hash with a known original, you know the data you're getting are the same data that were the original torrent.

BUT, if the original data the torrent refers to is corrupted, like virus infected or an unplayable file, you'll get the same data including the viruses and corruptions.

Just virus scan the data after you download all of it but before you actually use it. If the scanner is, you know... reputable and current... you'll have some assurance it's not some big virus carrier.

2 more replies
Relevance 41%

im wondering if any1 uses flash downloaders, which ones, and what sites or % of the time they work...

i use to use orbit downloader and i got TONS of stuff done with it, i stoped using it for maby 3 months and they updated it now it never works for me... i have the old version somewhere im gonna try it again soon but mean time i thought id start a thread and see what others are using...
 

Answer:Flash Content Downloaders

9 more replies
Relevance 41%

Here's my log. Tell me if I did something wrong, or you guys find something wrong.I already ran nornton/Spybot/ad aware/stinger and it found some stuff and deleted it, but I think theres more hiding because it keeps coming back.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:03:14 PM, on 1/16/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\CVSEXPSS.EXEC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\WINDOWS\system32\SXPESVC.EXEC:\Program Files\Norton AntiVirus ... Read more

Answer:Been Having Backdoor Trojans/downloaders

Hello JugSins and welcome to BleepingComputer!Apollogies for the delay. The forum has been very busy lately. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic: Preparation Guide For Use Before Posting A Hijackthis Log.Please also post the problems you are having.Thanks,Johannes

1 more replies
Relevance 41%

DDS (Ver_09-01-07.01) - NTFSx86
Run by Candice at 11:14:12.66 on Sun 01/11/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.521 [GMT -5:00]

AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\regsvr32.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\4t Tray Minimizer\4t-min.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Candice\Desktop\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Candice\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
uSearc... Read more

Answer:backdoors, downloaders, popups

Howdy, my name is Hoov, and I will be helping you with your dilemma. I appologize for the delay in getting you help.Please make sure you watch this thread for responses. If you click the options tab at the top of your first post, you can select to track this thread. Here is what I am asking you to do during the repair of your computer*Tell me everything that you have done, if anything, to try and fix this problem.*Please only use 1 forum to help clear up your problem. Posting on more than 1 and following instructions from more than 1 forum will cause those helping you to pull out thier hair.*Follow my instructions - If you can't for some reason, or if you don't understand something, please tell me. If you deviate from my instructions, tell me, it may make a difference on where we go. Don't install anything, even other programs that have nothing to do with security or malware, it could cause things to change, and I would never know it. *Have faith. I will do all I can to get your computer working, and if I can't - someone else here will know something else to try. *Stick with me to the end. My aim is to fix your problems, and give you the tools and knowledge to keep this from happening again.Now onto trying to fix your computer.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, f... Read more

2 more replies
Relevance 41%

I've been running AVG Free several times over the past couple of days to clear up infections, but it looks like they keep reinstalling during startup. I came to my computer this morning and Firefox was open with a lot of open tabs. I don't even browse with Firefox anymore since I use Chrome now, and Opera before that. [This morning I uninstalled Firefox after finding this.] I don't know exactly what happened since Firefox had frozen in the middle of the night because one of the cats sat on our wireless router or something. [I also thought that one of the cats had just been on my keyboard which is why I didn't write down what was in the Firefox tabs. I hadn't had my tea yet so I wasn't thinking coherently.]Anyway, this is my log. I'm running XP. I'm computer proficient enough to understand what you tell me, and if I have an ADD moment I can always ask my roommate, who runs Linux and builds her own computers, so she understands some of the moonspeak I don't.Good day to you!DDS (Ver_09-01-19.01) - NTFSx86 Run by Administrator at 10:19:48.56 on Sat 01/31/2009Internet Explorer: 6.0.2900.2096 BrowserJavaVersion: 1.6.0_11Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.159 [GMT 0:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:&... Read more

Answer:Speedrunner and downloaders AVG couldn't fix

Don't worry about it, I ended up following the instructions in another help thread here to fix it. I had the Vundo trojan [among some other stuff] and Malwarebytes' Anti-Malware cleared it up. Thanks!

2 more replies
Relevance 41%

I am trying to find software to download You Tube videos. All I can seem to find is software that is stated to be clean and without any malware. After a lot of searching I eventually I find  they are all full of either malware or viruses or both together.
 
I am not worried if it's freeware or paid. I just want a first class downloader.
 
Anyone got a recommendation, preferably which they have been using for some time.

Answer:You Tube Downloaders without Malware

I use a Firefox browser and a plug in called Video DownloadHelper

Video DownloadHelper :: Add-ons for Firefox

more replies
Relevance 41%

What is the easiest most effective way to block the ports used by Bittorrent. For example, if I wanted to block port 6881 used by Bittorrent, what is the best way to do it? I have a managed switch that I think I can block that traffic on, but is there a way to do it in Windows on the server side? I'm running a Windows 2003 Server that is set up for my internet gateway.

Thoughts and or suggestions?
 

Answer:Blocking bittorrent downloaders

I've got the same problem.. I noticed my ping go waaay up during the day and after resetting the modem for months I finally realized that turning off limewire on both their computers kept the ping down to ~100 or below instead of the astronomical 1,000 it had been when they were on... (a little different but p2p rather...)

I was hoping there was some way to block it in the router or to disable certain ports but i'll keep watch on this thread to read some suggestions...
 

1 more replies
Relevance 41%

Ok.. Let's start with the fact that I know enough about computers to do well turning the thing on! I did a free online scan that detected 9 Trojan downloaders on my computer. I suspected something was up because my Ad-Aware scans keep flagging a file in system32 (c:\windows\system32\tuwxvpfi.exe) but I couldn't get rid of it.

I read and attempted to follow all the instructions on your "READ ME" page. This is what I got:
 

Answer:trojan downloaders... Arghh

I have been unable to attach the stuff from Bit Defender. The attachment manager gives me an error when I try. I know you need this to help me, so if you have any suggestions about how to fix this, I'm all ears.

Thanks
 

10 more replies
Relevance 41%

XP HOME SP2, NIS 2006
I got a firewall intrusion alert saying a remote computer is trying to access my computer, lsass.exe was the process. It said the file had been modified since last time -?. I Blocked for This Instance Only so I could think about this.

I know lsass.exe is part of MS Updates and is necessary. I always see it running, it's familiar and trusted. But it never pops up on my screen wanting in like this. I usually never hear any alerts about it.
I found the description below. Does it mean that a a rogue app named lsass. exe can be a trojan and ALSO a downloader?! Wow how can we tell what's going on.
It says it depends on the directory it runs from or is located in, but I won't know that until I allow it in and it's already running. I don;t want things to get that far.
If it comes knocking again, what should I do? Ban it always? MS Updates are always allowed so won't the REAL lsass.exe get to my computer via that way?

-- Note: lsass.exe is a process which is registered as a trojan. This Trojan allows attackers to access your computer from remote locations, stealing passwords, Internet banking and personal data. This process is a security risk and should be removed from your system.
-- Note: lsass.exe is registered as a downloader. This process usually comes bundled with a virus or spyware and its main role is to do nothing other than download other viruses/spyware to your computer. This process is a security risk and should be removed... Read more

More replies
Relevance 41%

Hi,
My antivirus (AVG) started detecting some trojans two days ago, but I thought it cleaned them too. A lot of IE windows started opening up today and when I started scanning, it showed lots of threats. I wanted to install zone alarm and hence uninstalled avg.
Zone Alarm installation would stop in less than 10 seconds and things started to go wrong after that.

I tried the symantec online virus scan, and it showed some trojans, downloaders. (mgrs.exe...). Now it says I don't have permissions to open any exe file (not even HJT!). Please help!
 

Answer:Trojans, downloaders - not even able to install HJT!

Hi

I was able to install hijackthis. Please find the log generated by the scan:

Logfile of HijackThis v1.99.1
Scan saved at 3:48:07 AM, on 11/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\Explorer.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\Upd... Read more

2 more replies
Relevance 41%

Hi, I've had a problem for about 2 days now and can't get rid of it. I was able to find help getting rid of a virus called "vidcodecs" recently, but this is...different. I run AVG Anti-Spyware 7.5 and get this message about 10 minutes through:

"AVG Anti-Spyware 7.5 Exception"
"Something bad happened in the application. Error diagnostic file saved to 'C:\ProgramFiles\Grisoft\AVG Anti-Spyware 7.5\avgas.err"

Ok, fair enough. Anyway, I go there and can't open it because of the file type. Seems like an easy problem but it escapes me.

Also, the viruses seem to be driving Windows crazy. I get messages saying I'm "under attack" and popups from FindStuff.com. I searched "Downloader viruses" on Google and got a pop-up for "downloader viruses" at Mega-Market.com.

Anyway, any help would be great. If you need anything else from me, let me know.
 

More replies
Relevance 41%

I seem to have gotten new threats of win32 trojans on my anti virus software. I have run superantispyware, but it did not dectect any threats. I am running Windows Pro SP2. Here is my HijackThis Log.

Logfile of HijackThis v1.99.1
Scan saved at 10:43:40 AM, on 7/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Common Files\Apple\Mobile Device... Read more

Answer:More Win32 Trojan Downloaders

6 more replies
Relevance 41%

Introduction and a little background on the problem:

Hello! I am a new member (thank you, thank you) who is prone to having bad things happen to good computers. Ok ... here it is. I have removed viruses and spyware manually a couple of years ago, but nothing recently. This is not my own computer (but ironically, it is one I am using while my computer is getting fixed).

The other night I was looking at one of those sites for myspace greeting icons. A bunch of windows popped up and as I tried to keep up and X out of each one as the computer's speed would allow, something installed automatically. There was an instruction in the details of the program that indicated that if the program was unwanted, I could go to the website and uninstall it. STUPID, I know .... but I did.

I tried to run an anti-virus scan on the computer as this computer apparently has Norton / Symantec; however upon closer inspection, there were no executable files in the Norton folder. I could not get the computer to scan. So ... I went out and bought a cheap $20 Defender Pro 5-in-1 product from a store and ran a scan.

It detected Spyware AND viruses.

Seemingly I have "WinAntiSpyware" and can't get rid of it. I tried going to the Symantec website and it gave me instructions to remove the 2006 version. I have the 2007 version. None of the keys in the registry matched up with what the website said to remove.

It detected the following trojans:

1- Trojan-downloader.java.openconnection.... Read more

More replies
Relevance 41%

need help to remove the following

Trojan Horse Downloader.GENERIC4.TBL
Trojan Horse Downloader.Zlob.KYW
Trojan Horse Downloader.Zlob.KYV
Trojan Horse Downloader.Zlob.KYS

and more similar
Am using AVG free edition and AdAware se

They do find them and Quarintine them but more keep appearing
please help !!!!!
 

Answer:trojan horse downloaders

14 more replies
Relevance 41%

I recently got some adware through ActiveX while being stupid and viewing a web site through IE (my Firefox has AdBlockerPlus and lots of other good stuff). I got some adware, and the ads just keep coming! I think I've gotten some downloaders, and more adware is piling up. I think I have the Zedo rootkit, but last night I searched for it in Safe Mode (couldn't find the core.sys or related rootkits. Any new variants?) and ran a full Ad-Aware scan. I had adware and downloaders. I fixed it, but the ads are still here today! Please help, I'm pretty good with computers, but this is my last hope before I take it in and might have to re-format hard disk and recovery. I really appreciate it.
Here's the HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:10:48 PM, on 12/4/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Edit by chaslang: Inline HJT log removed. READ & RUN ME sticky not followed.
 

Answer:Zedo/Downloaders serious trouble

Welcome to Major Geeks!

Please follow the instructions in the below link and attach the requested logs when you finish these instructions.
READ & RUN ME FIRST. Malware Removal Guide

If something does not run, write down the info to explain to us later but keep on going.

Do not assume that because one step does not work that they all will not.
Notes:
If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode. You can run steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools on another PC and burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.

 

1 more replies
Relevance 41%

I am looking for a safe Torrent downloader, any info welcome
 

Answer:Which Torrent Downloaders are the SAFEST

It's usually not the software that you have to worry about, BUT there are plenty of untrustworthy file sharing applications out there. It's what you download with it that can easily have extra unwanted baggage. That and badly configured file sharing software can open up your entire computer/network so others can see/steal everything on your PC.

Anything at MajorGeeks is clean.

BitComet
Vuze (Formerly Azureus)
µTorrent

Be sure you know just what you are doing before hand, and the potential dangers involved.

The Dangers Of File Sharing
File-sharing dangers involve more than legal troubles
 

20 more replies
Relevance 41%

Just a warning about an upcoming government plan to STOP illigal downloading of music, movies etc.

I can't fid much on the internet about it, you know go on Google and type ing "illigal downloads" and you'll find alot of crap but amongst that now you will find BBC news reports of the governments idea's to stop downloading. That might have some of you worried, it looks like it' just the forst step, a trial if you will. The top 6 majour ISP's are all invloved I don't know who they are but I know BT and Orange are involved, like I said I can't find much info about it. They have been given till April 09 to prove they are doing something to stop downloads, it looks like they will be capping your speed making it more difficult/impossible to download anything, thus pissing off Online gamers who have an in-house downloader lol

This may in fact work, I supose we'll find out within the year. All I know is that programs like Bit Torrent and UTorrent may still be of use after you've been capped and thhere are plans to make a legal service with sme of the record compay's, at first I heard £10-15 double in dollars I belive then more recently £30. This service is a pay per month subscription based delio and you have unlimited downlods, which I think is a little pricey but a great idea.

If anyone can get anymore info I'd greatful as I (casually) download mysellf and I would like to get back some music I lost recently... Read more

Answer:Uk Illigal Downloaders Beware!

Here is an article that gives a bit more info.

http://www.zeropaid.com/news/9660/Green+Party+Calls+UK+P2P+Fight+an+'Attack+On+Civil+Liberties'

also if you type UK into the search box you will get a lot more info.
 

1 more replies
Relevance 41%

I'm having some real problems since yesterday with Hijacking, Adware, Downloaders, Spyware and Trojans and stuff. My Spydoctor and AVG 7.0.3 isn't working well enough to stop all of this. I just got Hijack this so I here's my log.

Logfile of HijackThis v1.99.0
Scan saved at 4:33:43 PM, on 1/26/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\pctspk.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Spyware Doctor\spydoctor.exe
C:\WINNT\System32\ctfmon.exe
C:\WINNT\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res

://C:\WINNT\system32\ydull.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res

://C:\WINNT\system32\ydull.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Pag... Read more

Answer:Help me, Hijacking, Downloaders, Trojans and more.

11 more replies
Relevance 41%

How does the riaa track downloaders?
Do they actually have to go to a persons ISP and check their server logs?
And do ISP's know where people go on the Web and keep records? Just curious ever since I found this over at CNN:Revealed: How RIAA tracks downloaders

 

Answer:how does the riaa track downloaders?

they are busting the people who have there shared folders open with copy right material in i think its not so bad for the people downloading! But i also think a cd does not cost so much in the shop you can better buy it! Lets face it stealing from the artists is ilegal!
adam
 

2 more replies
Relevance 41%

My laptop is running a lot slower than before. Kaspersky Internet Security 7.0 detects lots of malware, mostly trojan-downloaders and other spyware. I choose to delete them, but when I reboot, the same viruses pop up. Also, new viruses pop up too. I've tried using CounterSpy, KIS 8.0, ESET Nod32, but none of them could remove the malware. Please reply. Thanks in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:45:23 AM, on 5/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\afinding.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
C:\Program Files\Common Files\MicroWorld\Agent\MWAgent.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\WINDOWS\system32\perfs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wserving.exe
C:\Program Files\In... Read more

More replies
Relevance 41%

Hello, i have downloaded something that im not sure of.... and i deleted it right away!!!!
Plz help me!

I will give u a HIJACKTHIS log, And a A-Squared Virus Scan Report.
1. A-Squared Anti-Malware Virus Scan Report

a-squared Anti-Malware - Version 3.5
Last update: 5/3/2008 8:24:50 PM

Scan settings:

Objects: Memory, Traces, C:\
Scan archives: On
Heuristics: On
ADS Scan: On

Scan start: 5/3/2008 8:32:02 PM

C:\Documents and Settings\Dark\Local Settings\Temp\A18D-tmpapi.exe detected: Trojan-Downloader.Win32.Peregar.cg
C:\Documents and Settings\Dark\Local Settings\Temp\A191-tmpapi.exe detected: Trojan-Downloader.Win32.Peregar.cg
C:\Documents and Settings\Dark\Local Settings\Temp\A197-tmpapi.exe detected: Trojan-Downloader.Win32.Peregar.cg
C:\Documents and Settings\Dark\Local Settings\Temporary Internet Files\Content.IE5\3FSVT8RU\drv32[1].data detected: Trojan-Downloader.Win32.Peregar.cg

Scanned

Files: 17743
Traces: 393643
Cookies: 0
Processes: 37

Found

Files: 4
Traces: 0
Cookies: 0
Processes: 0
Registry keys: 0

Scan end: 5/3/2008 8:38:47 PM
Scan time: 0:06:45

P.S. this scan was not complete!
2. Hijackthis Scan Report!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:41:29 PM, on 5/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\... Read more

Answer:Virus / Spyware / Downloaders plz help!

i just remembered the thing i downloaded was from a video i was going to watch but it said something about ''Video ActiveX Object Error'' so i downloaded it.. and ran it and internet explorer came up and with a google search of ''Porn'' and something else came up saying ur computer is highly infected
 

1 more replies
Relevance 40.59%

Hey guys --

I have a computer that was infected so I did the necessary things to clean it out, or so I thought. I use TrendMicro's OfficeScan on the computer. After cleaning, it did not find any threats, but the next day the threats started at around the same time(noon). It seemed like a downloader since it pulled 20 threats in under a couple of minutes and stopped once I pulled the network cable out. The first day I had a process named 17PHolmes572.exe which had multiple instances in task manager. Cleared those and the next day it became something like b133.exe.bin . And today I noticed a process mrofinu572.exe which I looked up and it said that it was malware. The types of viruses found by officescan are TROJ_VUNDO.BIN, TROJ_PURITY.AD, TROJ_DLOADER.AER, TROJ_RENOS.FV, TROJ_Generic.A, TROJ_ZEROML.BJR, TROJ_DROPPER.AIO, TROJ_DLOADER.HBK, TROJ_AGENT.HGN (Multiple instances of each). Also ran Ad-Aware which cleaned registry infections and possible browser hijacks. I've cleaned with ad-aware, scanned with officescan, cleared temp files and folders and also the ones under Content.IE5 path. A few of the files wouldn't delete under this path so I ended the explorer process and deleted them through the command prompt. This seemed to rid of them. Heres the posting of my HiJackThis log from today. All help is much appreciated . The process C:\WINDOWS\TEMP\XV7FB1.EXE is what OfficeScan uses to redirect an intruder. Something to do with OfcDog.
Logfile of Trend Micro ... Read more

More replies
Relevance 40.59%

I have ran 2 free anti-virus programs and they showed files that are supose to be in my C:/_Restore...etc. (listed below)

I am wondering if these files are lying in my System Restore (win ME) and will boot up if I should restore to an earlier point? Or can they be removed?

<!-- Since resolved, I have removed this part to avoid clogging ours and internet search engines, nothing personal, just housekeeping -->

I have also ran my NAV 2004 and the program shows no threats.

Opinions??
 

Answer:Removing trojan downloaders in restore

Yes turn OFF your system restore and reboot that will clear the restore points and erase those nastys, once rebooted do run those AV scans again just to double check, then if ok turn on your system restore.



info on turning off system restore...
http://forums.majorgeeks.com/showthread.php?t=31668
 

3 more replies
Relevance 40.59%

Hi! I have adaware and Yahoo anti-spy. They keep picking up trojans, adware etc. I can't get rid of some of it. I downloaded Hijack this (thank you) and ran a scan. Here it is. Thank you for any help u can give me.

Logfile of HijackThis v1.99.1
Scan saved at 3:03:45 PM, on 3/30/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\dllmgr64.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\mstskmgr.exe
C:\WINDOWS\System32\tcpipmon.exe
C:\WINDOWS\System32\crsrs.exe
C:\PROGRA~1\AIM\AIMWDI~1.EXE
C:\WINDOWS\System32\kernels32.exe
C:\WINDOWS\System32\lnwin.exe
C:\Program Files\Common Files\{4C0BA0B0-05FC-1033-1128-020406180001}\Update.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\adirka.exe
C:\WINDOWS\System32\wwSecure.exe
C:\WINDOWS\System32\tcpipmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TrueAssistant\TrueAssistant.exe
C:\WINDOWS\System32\rasautou.exe
C:\PROGRA~1\AT&T\WnClient\Programs\WNConnect.exe
C:\PROGRA~1\AT&T\WnClient\Programs\WNCSMS~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C... Read more

Answer:Trojans, Adware, Malware, Downloaders

16 more replies
Relevance 40.59%

I have recently been hit with trojan horses and have read some other posts on this board and have tried some of the advice, but they still keep coming back.

I am getting AVG alerts informing me of following files:
trojan horse downloader.generic2.cxp
trojan horse downloader.generic2.ahr
trojan horse downloader.generic2.cvc
trojan horse dialer.btg
trojan horse dialer.btc

I have tried running CCcleaner, AVG, Ewido, Smitfraudfix, but have not been successful.
I am willing to run through the steps again and any other tips or advice.

I have just installed and run HJT and included the log. I didn't fix anything via HJT yet.
I also have included my Panda log.

Thanks for your help!

Logfile of HijackThis v1.99.1
Scan saved at 1:42:03 PM, on 6/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PR... Read more

Answer:Trojan Horse downloaders and dialers

7 more replies
Relevance 40.59%

Hi.

I am new here
my pc is very slow. i have avg 7 and avs anti-spyware 7.5
It found downloder and I deleted them but the pc is very slow and the C: is getting full all the time

Logfile of HijackThis v1.99.1
Scan saved at 10:41:16, on 15/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\PROGRA~1\Grisoft\AVG7\avgwb.dat
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MICROS~3\OFFICE11\OUTLOOK.EXE
C:\Program Files\Grisoft\AVG7\avgvv.exe
C:\Documents and Settings\&#1513;&#1496;&#1504;&#1513;&#1496;&#1497;&#1497;&#1503;\&#1513;&#1493;&#1500;&#1495;&#1503; &#1492;&#1506;&#1489;&#1493;&... Read more

Answer:Slow computer have virues and downloaders

somone plz
 

2 more replies
Relevance 40.59%

Hi...started using this new Anti-Virus tool...AVG. When it ran, says I have 2 infected files, "Trojan Horse Downloaders .Keenval.K" Both from the same game site, both games on my desktop...offline play them all the time...from Game Rival, Skyblocks, Goldmine. AVG directed me to "move to the Virus Vault", quarantine I suppose. When I went to do this, have this error message in AVG that says they both cannot be removed! And no action is taken, still sitting on my hard drive. Norton, nor any other spyware, adware stuff I have going found these, have had the games on my system for about 2 years, if not more now.
My question is: what do I do with these files now? Do I go to Game Rival with this? AVG has no customer support, is a free program, just was trying something new. Now am worried I have these virus-in-waitings.
Wanted to post a "hijack this" log..but for some reason I cannot find the site it is in...even after searching in here...if someone could pass that info along to me..will be appreciated! Thanks for you help with this...really is appreciated...Leeann/parrotplay
 

More replies
Relevance 40.59%

AVG finds the following items: backdoor.ruledor.exe, scanportal.a, realtens.b, trojan: secthought.b, downloader goldenp.a, adroar.a, small.4.b (and many variants), downloaders.agent.au, downloaders.purityscan.e

I have removed them several times. They keep coming back. I have turned off system restore. I have run AVG updates. I loaded updated & ran adaware. I have loaded a firewall (Kerio). I have run trend micro system cleaner. Any suggestions?
 

Answer:Solved: downloaders detected, keep reloading

madchick, do you Spybot installed and have you run it?

Then go here:

http://tools.radiosplace.com/HijackThis.exe
http://tools.radiosplace.com/hijackthis.zip
http://www.downloads.subratam.org/hijackthis.zip
http://tools.zerosrealm.com/hjt.zip
http://spywarewarrior.com/files/hijackthis.zip
http://spywarewarrior.com/files/HijackThis.exe
Create a folder on your hard drive somewhere like in "My Documents or the Programs folder" and name it Hijackthis download 'Hijack This to that folder. Then extract hijackthis into the folder you have created and run it from there. The reason for this is that Hijackthis backup files may be deleted if it is being run from a temporary folder.

Doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log"
button.

Press that, save the log, load it in Notepad, and copy its contents here. Most
of what it lists will be harmless or even essential, DO NOT fix anything yet.

Then re-run AdAware using this method:
update it B4 scanning.

In settings under 'scanning,' have it set to 'scan within archives,'

'scan active processes,'

'scan registry,'

'deepscan registry'

'scan my IE Favorites for banned URL's,'

'scan my host's file.'

In 'tweaks' under 'scanning engine' set it to 'unload recognized processes

during scanning.' Also in 'tw... Read more

3 more replies
Relevance 40.59%

Trying to clean up my parents computer. Ran ESET NOD32 and it fixed what it could. Same with Spybot, ABAM, ComboFix...Still reporting infections, Have two logs, HJT and Combo fix. I'm not really sure what to do with the log after I have it. Is there documentation regarding items on the log so I can go through and determine what processes/files/entries are legitimate?Here are the logs... Hijack this log: Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:53:30 AM, on 4/11/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\ESET\ESET NOD32 Antivirus\egui.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\JaBack8\jre\bin\javaw.exeC:\Program Files\BinarySense\HDDlife\HDDlifePro.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files�... Read more

Answer:Help--Virtumonde,Downloaders,Podnuha detected

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

2 more replies
Relevance 40.59%

I recently acquired a virus/trojan that started by dropping my firewall. I'm not entirely certain where I picked it up, but believe it was an application on Facebook.

Either way, it has blocked my access to the registry, and constantly opens new tabs / hidden buttons on my laptop. Many of the new tabs are from http://sagipsul.com/go/?cmp=vm_mg_juan&uid=A7BE4696DE8B11DD8B7C166350CFFFFF&lid[...]&cl=superjuan The information in [...] varies dramatically and is lengthy, but the detail listed is the same from popup to popup.

First, I used AVG Free to scan. It found and removed several files and threats, but not the virus. I then used System Mechanic 4, which shows multiple registry errors. However, it will not fix them as "Registry editing has been disabled by your administrator". I have tried to run regedit, but get the same error message.

Can you help? This is the computer I use for work and my online business. It is critical (to me) to get it fixed.

Thank you!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:08:26 PM, on 1/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C... Read more

Answer:Crypt Virus and Trojan Downloaders

Although I didn't really want to resort to a complete reinstall, it was urgent to resolve the problem.

For everyone who looked at my post, thank you.
 

1 more replies
Relevance 40.59%

THis i the tablet I mentioned in my earlier post. It got infected by which then proceeded to download a bunch of others. THis tablet is running XP.Logfile of HijackThis v1.99.1Scan saved at 10:42:21 PM, on 6/16/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\ccmsetup\ccmsetup.exeC:\WINDOWS\system32\Dashsvc.exeC:\Program Files\Microsoft Firewall Client 2004\FwcAgent.exeC:\Program Files\Softex\OmniPass\Omniserv.exec:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\CCM\CcmExec.exeC:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exeC:\Program Files\Microsoft Windows OneCare Live\winss.exeC:\Program Files\Softex\OmniPass\OPXPApp.exeC:\Window... Read more

Answer:Infected By Trojan Downloaders on Tablet

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today. Please print off a copy of these instructions, and also save them to a Notepad file on your desktop, so they are easily accessible. We are going to boot into Safe Mode later in the fix, and there is no internet access. From your log it appears that you are missing one important program: an antivirus. This is somewhat suicidal in today's digital world. Without one you are at a high-risk of reinfection; while I can try to sort your problem out, if you have no protection, the infections will keep resurfacing. Here are some great free antivirus programs:Antivir, Avast!, AVG, Bitdefender FreeInstall one of these, then run a full scan, letting it quarantine/delete anything it finds. Let me know if there is anything that it reports but can not remove.Please move HijackThis to a permanent folder. Anywhere is fine, other than your Desktop or a temporary folder. If it is in one of these locations, there is a risk that you may accidentally delete the backups; which may be needed if we fix something we're not meant to.If you use Windows XP it may be that you just double clicked on the HijackThis.exe file, but this only extracts the file to a temporary folder. If you right click on it and select Extract, you can choose a folder to place it in.How to make a permanent folder:Click Start | My Computer | Local Disk (C: ) | Program Files.In the menu bar at the top, go to File | New | ... Read more

25 more replies
Relevance 40.59%

I recently scanned my PC with Norton AntiVirus, and I have multiple threats;
most of which include Downloaders and Trojans. It could not get rid of them as repair and delete failed.
AdAware was also no help.

I am running Windows XP and most of the threats are coming from temporary internet files, but the folder is not there.

Here is my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:14:33, on 14/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
H:\Program Files\Common Files\Symantec Shared\ccProxy.exe
H:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
H:\Program Files\Norton Internet Security\ISSVC.exe
H:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
H:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
H:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
H:\Program Files\Common Files\Symantec Shared\ccApp.exe
H:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
H:\Program Files\Razer\Habu\razerhid.exe
H:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
H:\Program Files\Java\jre1.6.0_02... Read more

Answer:Downloaders & Trojan Horse (Text[1].dat)

15 more replies
Relevance 40.59%

Hey guys,
Not that good with computers but just ran Norton and it said that I have:

- Backdoor.Farmador
- Downloader
- Trojan Horse
- Trojan.Vundo
- Tracking Cookie

It says that Norton can't remove any of them... so ughh?

Here's my Hijack This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:00:38, on 05/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehms... Read more

Answer:I have trojans and downloaders - hijackthis included

Hi Welcome to TSG!!
Please download Malwarebytes Anti-Malware and save it to your desktop. alternate download link 1 alternate download link 2
Make sure you are connected to the Internet.
Double-click on Download_mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware

Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
Make sure the "Perform Quick Scan" option is selected.
Then click on the Scan button.

If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scann... Read more

1 more replies
Relevance 40.59%

I recently scanned my computer with superantispyware and it cleaned up a few things. I thought I had scanned with AVG earlier but I don't think I had as it started by itself this morning. I had to leave it - I saw it had found something 'bad' and have been trying to find out what it was now that it was all finished scanning. BUT I can just find records of viruses found in scans from a few months back which I didn't even know had been found.

Anyway, what I have are:
Trojan Horse Downloader.Zlob.MCQ

and

Trojan Horse Clicker.GMC

The clicker one is located in a programme I use a lot. I have had this trojan horse there before and when I 'fixed' it, it deleted the whole programme. Will I have to do this again??

I also posted on the malware thread with my HJT log, before I saw these trojan things. Why did superantispyware not pick these up? Are they really a problem?

Please help. Thanks.
 

Answer:are trojan horse downloaders and clickers bad? Please help.

sorry - i think I was looking at my virus vault.

The one it found today ('exploit') was also there.

should I empty my vault?
 

1 more replies
Relevance 40.59%

hi, i was wondering how many other people thing the same about this as i do????read this click here please and let me know what you thing about it...virgin media already started with their download monitoring program i cought them lowering my download speed to a half from 2meg to 1meg just because i was downloading large file before 5 and 8 PM. i rang CS and tried to explain that i have unlimited download but they would not understand that. its imposible to go around it (the monitoring program) it aplies for all customers so forget about unlimited download with virgin they are wotching you. i had to copmplain to get some refund for cuting my speed but as i said it has already started and i thing it will get much worse and i was not downloading anything ilegal. i thing that ilegal is what virgin is doing now its definitely breaching of contract between virgin and customers.they dont see it that way but i know its true why would i get £50 in credit from them if i was wrong???what do you thing ????

Answer:Illegal downloaders 'face UK ban' it has started

had the same happen to me. were on the "unlimited download" package but after 300mb we get cut from 2mb to 1mb sometimes lower...have complained but keep getting people in india and places like that

10 more replies
Relevance 40.59%

My computer keeps shutting down and trojans, dialers, etc. are being detected by McAfee. I would appreciate any help you can give me - Thanks in advance

Here's my HJT log.

Logfile of HijackThis v1.99.1
Scan saved at 6:29:08 PM, on 1/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint\Apoint.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\StorageSync\StrgSync.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroDist.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\kernelwind32.exe
C:\WINDOWS\system32\newmaxxsv234.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Windows... Read more

Answer:Solved: Downloaders, Trojans and Worms...Oh My!!

16 more replies
Relevance 40.59%

Currently infected with some sort of Trojan that slows me down and keepd pushing all kinds of ads onto my computer anytime I go online. Any help would be greatly appreciated. Thanks in Advance!Logfile of random's system information tool 1.04 (written by random/random)Run by Administrator at 2008-12-12 15:16:39Microsoft Windows XP Professional Service Pack 2System drive C: has 24 GB (64%) free of 38 GBTotal RAM: 766 MB (12% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:17:18 PM, on 12/12/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\hkcmd.exeC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Messenger\msmsgs.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Common Fi... Read more

Answer:Infected with Trojan Horse Downloaders

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable a... Read more

2 more replies
Relevance 40.59%

Hey guys, listen, I've been a long time fan of this site and what you guys do. You guys are a great help and have helped me greatly in the past, even though this is a new account.

So once again I need your wisdom.

My sister recently downloaded a game from the internet, and I'm sure by doing this, she also downloaded a trojan that came with it.

As I was logging in to my admin account on WinXP Pro SP2, I was greeted by my normal start-up applications and then out of nowhere the command prompt boots up...then a German application pops up (minimized) on my desktop bar...next thing I know McAfee (my anti-virus program) pops up asking if I want to grant the program "Project 1" access to the internet. That's an obvious no. Well McAfee pops up two to three times more prompting the same thing, only with two other programs that I'm sure were viruses/generic downloaders.

So I do my standard clean-up...I run Ad-aware SE Pro, McAfee Anti-Virus '05, and McAfee Anti-spyware. Ad-Aware finished and everything it picked up, I deleted. McAfee anti-spyware finished and I deleted a whole bunch of spyware/adware...pretty standard. McAfee anti-virus pops up with 5 components all which it labled as Trojans or Generic Downloaders. Each trojan, (I believe) was named "Dollar Revenue." McAfee asked me if I wanted to "Clean," "Quarantine," or "Delete" the Trojans. I tried all three options but mcAfee was unable to do any of them. I fi... Read more

Answer:Generic Downloaders & Trojan Aftermath

Bump.

6 more replies
Relevance 40.59%

The Internet is almost impossible to use on my dad's computer. I ran adaware and got 1104 critical items, installed AVG anti-virus and found trojans: vendare.exe, apropo.AJ, cxtpls.exe, lgef.exe, small.p. It is still redirecting pages in explorer and downloading things. The log pasted below was created using the HJT analyzer. Thanks for looking!

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 8/4/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 5:39:40 PM, on 08/23/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\system32\kghs43j9.exe
C:\WINDOWS\system32\atticons.exe
C:\PROGRA~1\Yaplock\YaplockTray.ex... Read more

Answer:Downloaders, popups, redirected pages

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading, select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm and then click OK.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Make sure you downloaded, installed, updated and ran these programs already - Ad-aware, Spybot and Microsoft AntiSpyware. If you didn't, do them now. For more information, go to http://www.greyknight17.com/spyware.htm

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Make sure to close any open browsers. Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:

Preci... Read more

5 more replies
Relevance 40.59%

Ok....I have done the steps...except Panda because it says ERROR every time.

This is my school laptop and Symantec is on it. It is in a continous loop of quarantining downloaders and trojans such as:

APQB48.TMP and they seem to generate new .tmp files by going up a letter or 2 and the list is huge.

1 says: jaun_20070726 and says its a file/macro for browser cache remediation or something.

I have posted the logs that I think I was supposed to. Basically, Symantec quarentines endlessly and every 5 seconds, my machine lags for 30 sec.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:58, on 2007-09-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\PJ Technologies\GOVsrv\GOVsrv.exe
C:\WINDOWS\Sys... Read more

Answer:System Lag - Major - Downloaders & Trojans

Also, I just noticed that using Safari, I have no delay lag, hangs at all while with Firefox and IE, there are huge lags....

1 more replies
Relevance 40.59%

I have an old laptop which used to be pretty ok. But for a while I started getting a lot of notices in AVG. And things went to heck in the past while. And I haven't felt capable to deconstruct whatever is happening till now the holidays.

Below are some of the reports I get from AVG.

Would appreciate some assistance with this stuff. AVG doesn't get rid of it. I don't understand why.

I have also done some serious scans with all the mainstream tools: SpyBot, Kaspersky, Adaware, Ccleaner.

System Restore is off.
Hidden files are enabled as viewable.


"" "" "Trojan horse Downloader.Generic.AJW" "C:\Documents and Settings\TheUser\Local Settings\Temp\11627.exe" "9/12/2005 12:08:15 AM" "11627.exe" "11 KB"
"" "" "C:\WINNT\SYSTEM32\ZoneLockup.exe" "C:\WINNT\SYSTEM32\ZoneLockup.exe" "12/18/2004 5:22:47 PM" "ZoneLockup.exe" "14 KB"
"" "" "Trojan horse Downloader.Generic.AJW" "C:\Documents and Settings\TheUser\Local Settings\Temp\12102.exe" "9/12/2005 12:08:16 AM" "12102.exe" "11 KB"
"" "" "Trojan horse Downloader.Generic.AJW" "C:\Documents and Settings\TheUser\Local Settings\Temp\22281.exe" "9/12/2005 12:08:16 AM" "22281.exe" "11 KB"
"" "" "Trojan h... Read more

More replies
Relevance 40.59%

I have three listed from AVG
Trogan horse Downloader.Generic6.SJK
Torgan horse Downloader.Zlob.MCQ
Trojan horse Generic2.PKN

I need access to C:\system volume information folder. I have the folder showing in the c:\ however I double click on it and windows states I do not have access to this folder. I was reading some directions and it states to right click on it and choose security tab. I right click and no security tab.

Can I have some help please.

I am running windows XP Pro Service pack 2

Answer:Virus help please: Trogan horse downloaders

follow the 5 steps here
http://www.techsupportforum.com/showthread.php?t=15968

1 more replies
Relevance 40.59%

This is a business computer on a network- so far it's the only client infected. Several hours of work have apparently removed many infections, only to have some reappear from these infections which I can't seem to lick.I have run Adaware (from Lavasoft), Spybot Search and destroy, Trendmicro's free online scanner, and have since installed AVG anti-virus. Hijack this fails to run generating an error, many websites (including this one) are blocked on the affected client- I have to correspond from another client.Here are my Kaspersky log, followed by my DSS logs.--------------------------------------------------------------------------------KASPERSKY ONLINE SCANNER 7 REPORT Monday, July 21, 2008 Operating System: Microsoft Windows 2000 Professional Service Pack 4 (build 2195) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Monday, July 21, 2008 18:17:33 Records in database: 981279--------------------------------------------------------------------------------Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yesScan area - Critical Areas: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup C:\Documents and Settings\All Users\Start Menu\Programs\Startup C:\Program Files C:\WINNTScan statistics: Files scanned: 11383 Threat name: 3 Infected objects: 3 Suspicious objects: 0 Duration of the scan: 00:36:31File name / Threat name / Threa... Read more

Answer:2 Trojan Downloaders, Virtumonde, And Possibly More

Hello Justme- and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed... Read more

16 more replies
Relevance 40.18%

My computer became infected with several types of things that do not seem to be completely deleted or cleaned by any of the various system scans i have doneOne common thing that my McAfee firewall is repeatedly detecting and removing is the Vundo trojan, which i assume is a result from a trojan downloader that is difficult to removeI'll still get random pop-ups when online and i usually get redirected from my homepage to a random ad site when using Internet ExplorerAny help would be greatly appreciated, thank youHere is my log: Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:05:51 PM, on 12/9/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16544)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\ehome\ehtray.exeC:\Program File... Read more

Answer:Infected With Virtumonde, Trojan Downloaders, And Adware/ad Pop Ups

Hi,First of all.. I see you are running Teatimer.I suggest you to disable it because it can interfere with the changes you'll make on your system.When everything is done and your log is clean again, you can enable it again.If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.How to disable TeaTimer <== click me for instructions.After you disabled Teatimer, download ResetTeaTimer.bat to your desktop. (In case you use Firefox, rightclick the link and choose "save as").Doubleclick ResetTeaTimer.bat and let it run.This will only take a few seconds.Then, I see you have Viewpoint installed...Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.ViewpointViewpoint ManagerViewpoint Media PlayerThen, * Download ComboFix from here. **Save it to your desktop**In case you have used Combofix before, please delete the version you are having and redownload it again, because Combofix is being updated everyday.In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix, please disable your s... Read more

14 more replies
Relevance 40.18%

Hi,

I have lots of spyware or downloaders on my laptop. It's a Inspiron Dell 5160.
Here's a current log of HijackThis...hope you can help! It's really slow and crashing all the time.

onikam
Logfile of HijackThis v1.99.1
Scan saved at 2:34:58 AM, on 6/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Dell\AccessDirect\DadTray.exe
C:\Program Files\iTunes\iTunesHelper.... Read more

Answer:Auto-Protect Results going crazy with downloaders

16 more replies
Relevance 40.18%

https://malwaretips.com/threads/1-8-16-13.61883/
(Thanks to @Solarquest for the "cookies" )

I've seen there are, inside the zipped archive, several scripted downloaders with some obfuscation methods (.vbs , .js, .wsf)

I will use this thread to analyse , and show what it looks like once deobfuscated (or not )

(1) The .wsf files

11 annual report -ACAE1246-.wsf
13 annual report -EDAB2336-.wsf
10 07e81be27f.wsf
9 PV1.wsf
I add from same sub-wave : a file I received as a target, yesterday :
annual report -DFC52512-.wsf
"Dear DardiM,

Please review the attached corrected annual report.

Yours faithfully
Isabel Sutton"

=> reported, this is the result : https://www.hybrid-analysis.com/sam...f309f2add84d337c11ca00c25b0?environmentId=100

This samples are similar downloaders than the one I analysed here, once deobfuscated :
https://malwaretips.com/threads/war...nt-js-trojandownloader-nemucod-july-28.61796/

So, I won't describe again the deobfuscated parts, just talk about some funny parts

- No need to deobfuscate them (very bad obfuscation method used, see below) : only with a "notepad edit" we can see some parts that I already described on my precedent post (from the fresh new sample received on last wave July,28) :

- Some important clues that appear clearly in the "obfuscated file", by a simple "find" option (it made me laugh ) :
=> var random
=> rawprng()
=> var mash = Mash();
=> function uhe... Read more

Answer:Downloaders - Scripted samples from Malware Vault - 1-8-16 13#

I can't edit more the first post, so I put here the third part

(3) "4 6183943701_01-08-2016.js" ( same method as "7 9329606101_01-08-2016.wsf") :

When first editing this file, the obfuscation method looks interesting
In the spoiler only few parts, to give you an idea


Spoiler: What it looks like - only a small part, with the end included
votgorodazaspinoyiputkoroheCCCrodmands.create = function(){
var votgorodazaspinoyiputkoroheCCCpublisher = new votgorodazaspinoyiputkoroheCCCMBJSL.votgorodazaspinoyiputkoroheCCCPublisher();
var votgorodazaspinoyiputkoroheCCCspyFunction1 = votgorodazaspinoyiputkoroheCCCsinon.votgorodazaspinoyiputkoroheCCCspy();
votgorodazaspinoyiputkoroheCCCpublisher.votgorodazaspinoyiputkoroheCCCsubscribe(votgorodazaspinoyiputkoroheCCCspyFunction1, this.votgorodazaspinoyiputkoroheCCCtype1);
votgorodazaspinoyiputkoroheCCCpublisher.votgorodazaspinoyiputkoroheCCCpublish(this.votgorodazaspinoyiputkoroheCCCtype1);
votgorodazaspinoyiputkoroheCCCok(votgorodazaspinoyiputkoroheCCCspyFunction1.votgorodazaspinoyiputkoroheCCCcalledWith(), "Function called without arguments");
votgorodazaspinoyiputkoroheCCCpublisher.votgorodazaspinoyiputkoroheCCCpublish(this.votgorodazaspinoyiputkoroheCCCtype1, "PROPER1");
votgorodazaspinoyiputkoroheCCCok(votgorodazaspinoyiputkoroheCCCspyFunction1.votgorodazaspinoyiputkoroheCCCcalledWith("PROPER1"), "Function called with 'PROPER1' argument");
votgorodazaspino... Read more

7 more replies
Relevance 40.18%

hello,i have tried & downloaded a few players/video downloaders to save my favorite videos off youtube etc but they are not working.example, tried to instal RealPlayer & downloaded the installer clicked install & it flicks up "installing" then dissapears! & doesnt install at all!!!same with Xvideoservicethief actaully got that installed but when i go & open it it flicks up then dissapears!!!almost as if something is blocking them...had a strange hunch the other day when it said i was using a ad-blocker??? now i dont take no notice of ads so i definately havent installed anything to block them!!!also on some sites when a video appears (JW player was one i think...) & u click play it just endlessly circles loading but never plays...&the internet connection is A+!!!!!!!had a few little issues lately... & im no rocket scientist when it comes to computers but surely this stuff shoudlnt being this should they??any help would be appreciated, thanks you.

Answer:try & install players/downloaders but they wont work?

Are you using Chrome? If so, Google will not allow any video downloaders to work on Chrome. Try it on Firefox.

12 more replies
Relevance 40.18%

Hi TSG,

I urgently need help: currently both AVG and SUPERAntiSpyware both picking up traces of trojans, downloaders, and tracking/vundo adware. I've already tried using the VundoFix from googling a previous TSG thread, however even after rebooting, removal doesn't work. However, I'll post a fresh HiJack log as well as a SUPERAntiSpyware log, and start from the beginning. Any help would be greatly appreciated! Thanks.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:56:10 AM, on 10/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "... Read more

More replies
Relevance 40.18%

I often dream of a day when the world will no longer need anti-virus software, a day when all virus authors have been marched off a cliff?but that day is is not today. Matter o? fact, it looks like things are getting progressively worse.

Exploits, malicious software, and hacking accounted for 13 percent of all security breach notifications recorded in the second half of last year, while 57 percent of the breaches publicly disclosed involved lost or stolen equipment, the latest six-month Microsoft Security Intelligence Report says.

[H]ard|OCP - www.hardocp.com

More replies
Relevance 40.18%

Hi,
I have huge problems on my PC.

I am getting explorer windows pop up automaticly to sites like:

http://securityonpage.com/?gai=hamm...608_6a295baf 1F5A3DAA18D04B889F591CDD447849B4

and

http://www.protectroom.com/?gai=ham...608_6a295baf 1F5A3DAA18D04B889F591CDD447849B4

and

http://www.savetheinformation.com/v...608_6a295baf 1F5A3DAA18D04B889F591CDD447849B4

also i am getting ballons continually poping up with things like:
System Alert : Melware Threats
Security Alert: [email protected]
System Performance Monitor: Warning (summery system slowed 47%)
Security Alert: Spyware Found - WSA Trojan
Security Alert: Trojan-spyware win32.mx

and error messages like:
Security Warning: New Variant of [email protected] Trojan
Fatel Error! Unhandled Exception: Invalid Operation - Would you like to download latest version of antivirus software?

and these 2 icons keep appearing on my desktop, in my start menu and in my internet Favs. as soon as i link my Local Area Connection
they are : Online Security Guide
and Live Security Warning

It Just won't Stop. every 10 seconds or so, something is poping up.

i see that there is alot of other people with similar probs so i tried a few of the solutions and came up empty handed.

Here is a copy of my latest HJT report.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:31, on 2007-11-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDO... Read more

Answer:Solved: HELP!! Trojan, Downloaders, Worms & Possible Spyware

15 more replies
Relevance 40.18%

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 8/4/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00... Read more

Answer:multiple trojan downloaders and spyware issues

another problem seems to be spamming - can't see desktop for small email boxes covering it 4 fold when net connection active!

need my pc for uni on monday - typical timing!

16 more replies
Relevance 40.18%

i went through and i scanned using spybot, norton, ad-aware, stinger, bit defender, and i got alot of trojan horses and downlaoaders and some redirected hosts. But im not sure if i got everything.this log is sort of old, nobody responded to my other post about this. (i think i needed a better title)Logfile of HijackThis v1.99.1Scan saved at 12:33:38 PM, on 3/25/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) (i need to get ie 7)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\System32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exeC:\Program Files&... Read more

Answer:Trojan Horses, Redirected Websites, Downloaders

Welcome to the BleepingComputer HijackThis forum shinji1146 Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'. Make sure all browser and all Windows Explorer windows are closed before fixing:O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)O20 - Winlogon Notify: winuqw32 - winuqw32.dll (file missing)Exit Hijackthis.*******************************Download\install CleanUp.Launch CleanUp,then click on 'Options'.Now move the slider on the left up to 'Standard Cleanup!'.Click 'Ok',now run the program by clicking on the 'Cleanup' button.Reboot,or log off/log on when it's finished.*******************************Please run this online virus scan:Activescan using Internet Explorer.Once you are on the Panda site click the Scan your PC button A new window will open...click the Check Now button Enter your Country Enter your State/Province Enter your e-mail address and click send Select either Home User or Com... Read more

9 more replies
Relevance 40.18%

After the Pop Candy attack I got from the recent DVD Videosoft update, it caused me to reinstall my OS sytem. Short story, I need to find a new way to download Youtube videos and mp3 files. If anyone has any recommendations be welcome to share it with me. I can't find any Firefox add-ons either because Youtube has been blocking add-ons from downloading their content.

Answer:Anyone know any good freeware Youtube video and mp3 downloaders?

I use the Firefox addon Easy Video Downloader. It works on all videos, not just Youtube. I used it yesterday.

24 more replies
Relevance 40.18%

ok i just Re formated my . Dell Computer .

and im getting all pop ups and something downloaded automaticly on my pc after 20 minutes... i uninstalled and deleted in folder by the name of it

Works fine but one thing now

( i got Avast4! btw just downloaded and installed )

most of the time when i click a link i search on google.com like
i search this website

Google.com > Tech Support Guys > then sometimes it goes to a different website then it should go to....

pop ups seem to under control

I blame norton

LOL I JUST GOT A LITTLE ERROR LOOK-A-LIKE POP UP SAYING

Get Free Viagra

.... please fix that lol

Hijackthis log

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:27:12 AM, on 12/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\_svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Java\j2re1.4.2_03\bin\ju... Read more

Answer:Popups / Trojan / Virus / Downloaders / THIS IS MAJOR

10 more replies