Computer Support Forum

BackDoor-CJO, AD-Clipper & downloader-OX

Question: BackDoor-CJO, AD-Clipper & downloader-OX

Hi
I have mcafee virus scan profession and its all up to date and also my win xp is up to date but virus scan keeps coming up saying I have these viruses. I try to quarantine them it says it cant as I dont have permissoons.

I have tried turning off my system restore then going to RUN and typing REGEDIT and doing a search for each virus then deleting but when I restart they are back again.

The files that mcaffee detects are

or32sys32.exe
spsp32.exe
hhms64pe.exe
sy32nt.exe

any help is appreciated

Thanks

Relevance 100%
Preferred Solution: BackDoor-CJO, AD-Clipper & downloader-OX

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: BackDoor-CJO, AD-Clipper & downloader-OX

I was seeing McAfee return Downloader-OX and two other adware / virus threats. If you will look in the far right of the McAfee notification window (at least with McAfee Enterprise Edition) you will notice what applications are causing you the trouble.

I couldn't see anything in my startup files - either through regedit or Hijackthis! - I simply deleted the infected files (which turned out to be mplayer.exe and TELNET.EXE) and Windows XP restored them.

I'll let you know if I run across anything else, but I seem to be running clean. McAfee seemed to catch the infection before it spread, but everytime I ran Media Player the virus seemed to try and reactivate. Telnet.exe seemed to be automatically being called at points, but after deletion and recreation I haven't seen the problem return.

This issue must be new enough to not have very many posts. McAfee's VIL was no help whatsoever

1 more replies
Relevance 55.35%

Hey guys, my McAfee keeps popping up with Downloader-PS, BackDoor-BAC.gen.b, and Downloader-ME, so I run a full system virus scan, Ad-Aware SE, Spybot S&D, CWShredder, and then clear out the temp directory (where they are coming from), but they still keep coming back whenever I reboot. Turning off all start-up programs with msconfig keeps them from starting up, but that doesn't get them off my machine. I also tried searching the registry and couldn't find the files in it (but I'm really not a pro at this kinda stuff). Anyways, here's the HJT log after being run through HijackThis Analyzer. If anyone could help me out that would be great. Thanks

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 1/23/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /Sta... Read more

Answer:HJT log for Downloader-PS, Downloader-ME, and BackDoor-BAC.gen.b

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that Display the contents of System Folders' is checked. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Restart your computer. After we are finished with your log file and verified that it's clean, you may turn it back on and create a new restore point.

The Temp folders should be cleaned out periodically as inst... Read more

3 more replies
Relevance 54.94%

Hello Gurus,

I am a newbie here and need help to get rid of Downloader-YK, Backdoor-CPT, Startpage-DU.dll viruses. McCafee can identify them but can't remove. I read the other posts here and have downloaded Downloaded Hijackthis, CWBuster and AboutBuster.

The Hijackthis log file is as follows. Please advise on what I can do. Thanks so much.

- atlbpl

Logfile of HijackThis v1.99.1
Scan saved at 10:23:07 PM, on 5/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\System32\TpShocks.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msm... Read more

Answer:PLEASE HELP: Downloader-YK, Backdoor-CPT, Startpage-DU.dll

6 more replies
Relevance 54.12%

Hello all i recently vistited symantech site and ran virus scan to find that i had the following viruses backdoor.exdis as well as a downloader trojan. Yet i did not quite understand all steps that needed to be taken to remove these (im a complete dunce when it comes to computers) any help you all could give to resolving this problem would be greatly appreciated thanx
 

Answer:Backdoor.exdis and downloader trojan

7 more replies
Relevance 54.12%

Hello guys im fairly new to the saite and i ran a virus scan from the symtac site the other day and it says that i have a backdoor.exdis and downloader trojan viruses well i posted earlier and was informed that i needed to bring it over to the security section well guys anything you can do to help will be greatly appreciated.
 

Answer:backdoor.exdis and downloader trojan

16 more replies
Relevance 54.12%

Hi There, I have been trying to get rid of Backdoor Haxdoor and downloader Trojan Horse all week and nothing seems to work so I was hoping someone could help me. Below is my HJT log from yesterday. I have onl had my computer 2 weeks and its already screwed, is there anybody out there that can help??I have Windows XP Logfile of HijackThis v1.99.1Scan saved at 9:18:56 p.m., on 31/05/2005Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\System32\brsvc01a.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\brss01a.exeC:\WINDOWS\system32\Brmfrmps.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Norton AntiVirus\navapsvc.exeC:\WINDOWS\system32\slserv.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\ScanSoft\PaperPort�... Read more

Answer:Backdoor Haxdoor and Downloader Trojan Help!

Hello hcoring and welcome to the BC forums. I don't see haxdoor on here but there are a couple of items to fix up so let's do that. Please print these directions and then proceed with the following steps in order.Step #1Download CCleaner and install it but do not run it yet.Step #2Start in Safe Mode Using the F8 method:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.Use the arrow keys to select the Safe Mode menu item.Press the Enter key.Step #3Start HijackThis and click the Scan button to perform a scan. Look for the following items and click in the checkbox in front of each item to select it:O4 - HKCU\..\Run: [System] C:\WINDOWS\svchost.exeO9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htmO9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htmO20 - Winlogon Notify: iexplore - C:\WINDOWS\SYSTEM32\rSrET.dllNow close ALL open windows except HijackThis and click the Fix Checked button to finish the repair.Step #4We need to make sure all hidden files are showing so please:Click Start.Open My Computer.Select the Tools menu and click Folder Options.Select the View tab.Under the Hidden files and folders heading select Show hidden files and folders.Uncheck the Hide file extensions for known types option.Uncheck the Hide protected operating system files ... Read more

5 more replies
Relevance 54.12%

hi computer has xp running sp2, i have avast a/v spyware doctor and spyware blaster yet theese managed to get in, backdoor.ircbot.bmd, trojan-downloader.agent.duj! Spyware bot seems to have rid me of them how ever they managed to change my i explorer home page which ive now changed back and it seems ok! Will they have caused any other damage, hijack this log includedLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:49:18, on 06/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\DebugDiag\DbgSvc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware D... Read more

Answer:trojan downloader and backdoor ircbot

bump
 

2 more replies
Relevance 54.12%

Logfile of HijackThis v1.98.2Scan saved at 12:45:00, on 11-10-2004Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exeC:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exeC:\PROGRA~1\mcafee.com\vso\mcvsshld.exeC:\PROGRA~1\mcafee.com\agent\mcagent.exec:\progra~1\mcafee.com\vso\mcvsescn.exeC:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exeC:\WINDOWS\system32\gearsec.exec:\PROGRA~1\mcafee.com\vso\mcvsrte.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\ctfmon.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Logitech\SetPoint\KEM.exeC:\Program Files\P... Read more

Answer:problems ad-clicker, downloader-ox and backdoor

Hi maurice,

Your log looks clean. Do you have a specific problem with your 'puter ?

1 more replies
Relevance 54.12%

1. I was attacked by a bunch of virses while on-line. I have completed your 9-step preparation guide before posting. 2. My already installed McAfee Virus Scan intercepted: Downloader-AEX Downloader-OV Downloader-AFH Generic Downloader.g DC1.EXE AdClicker-BW Spy-Agent.iAfter disinfecting, the programs PPPCGM.EXE and SPHLP32.EXE persisted. I believe fragments of these programs remain in the registry.3. I disabled the System Restore function of XP.4. I installed trial Webroot Spy Sweeper (v 4.5.7); it indicates I am infected with: rootkit-masked files trojan-backdoor-us15info trojan-downloader-ruin trojan-secdrop cws_secure32.html hijack idesk unspypc.5. I loaded and ran Ad-Aware SE. It searched very slowly on my computer. It found some bad files, deleted them, and successfully scanned my hardrive. 6a. I loaded and ran Spybot. It took over 64 hours to search the 12GBs of data on my computer. Spybot Results 3, 13 Jan 06Found 6 problems--- Search result list ---CoolWWWSearch.WCADW: IE Search page (Registry change, nothing done) HKEY_USERSS-1-5-21-1614895754-492894223-1060284298-1003\Software\Microsoft\Internet Explorer\Main\Local Page=about:blankCoolWWWSearch.WCADW: IE start page (Registry change, nothing done) HKEY_USERSS-1-5-21-1614895754-492894223-1060284298-1003\Software\Microsoft\Internet Explorer\Main\Default_Page_URL=about:blankCoolWWWSearch.WCADW: IE Search page (Registry change, nothing done) HKEY_LOCAL_MA... Read more

Answer:Trojans (backdoor, Downloader, Secdrop)

Hello,I see you are running Teatimer.I suggest you to disable it because it can interfere with the changes you'll make on your system.When everything is done and your log is clean again, you can enable it again.If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.How to disable TeaTimer during HijackThis CleanupThen, Download ResetTeaTimer.bat.Double click ResetTeaTimer.bat to remove all entries set by TeaTimer.You may want to print out these instructions for reference, since you will have to restart your computer during the fix.Please download FixWareout from one of these sites:http://downloads.subratam.org/Fixwareout.exehttp://swandog46.geekstogo.com/Fixwareout.exeSave it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.When your system reboots, you'll see your desktop and taskbar won't load yet. This is normal, because it is still scanning. Please be patient.Afterwards, HijackThis will launch automatically. Please click Scan, and check the following items:R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blankR0 - HKCU\Software\Micro... Read more

10 more replies
Relevance 53.71%

Hi all!

Okay, I'm in real trouble at the moment. Today a Norton warning saying I'm infected with Backdoor.Tidserv!inf (probably caused by the Downloader.Generic) popped up, telling me it has to be manually removed. Immediately I thought of running a scan with my Spyware Doctor tool and Malwarebytes, but the thing is that my computer just freezes without warning very often, which makes it impossible to run those scans as they take a whole while to complete. So what do I do when I can't scan my computer?!

Getting kinda worried here now as I want to remove the trojan obviously. I have tried starting my computer in safe mode, but when I do the monitor just goes all black and nothing happens....

Please help me outta here. Thanks in advance!
 

More replies
Relevance 53.71%

As per title, I've been compromised by an insidious type of hijacking. I have Ad-Aware, Spybot, McAfee. None of these seem to rid my computer of this frustrating mess. Work out of home and need to access the web for work...please help!

Thanks,

Allen
 

Answer:Solved: about:blank, Downloader - YK, GenericDownloader.f, BackDoor - CPT

13 more replies
Relevance 53.71%

ok hi im new here (:anyways yesterday when i was playin DotA ppl complained about my LC host, they said they had spikes(which ppl get if ur downloading while hosting)and i uselly got perfect hosting so i didnt know what to do except close all other programs. The spikes were still there.So i knew somthing bad was upp, so i closed host and went to do a virus scan.Found this:---------------------------------------------------------AVG Anti-Spyware - Scan Report--------------------------------------------------------- + Created at: 23:02:00 2008-04-12 + Scan result: C:\System Volume Information\_restore{DED0C2EA-BE56-4F04-A722-6330635A4634}\RP11\A0005372.dll -> Adware.Minibug : Cleaned.C:\System Volume Information\_restore{DED0C2EA-BE56-4F04-A722-6330635A4634}\RP44\A0020045.exe -> Backdoor.IRCBot : Cleaned with backup (quarantined).C:\System Volume Information\_restore{DED0C2EA-BE56-4F04-A722-6330635A4634}\RP44\A0020046.exe -> Backdoor.IRCBot : Cleaned with backup (quarantined).C:\System Volume Information\_restore{DED0C2EA-BE56-4F04-A722-6330635A4634}\RP3\A0002586.exe -> Downloader.Agent.a : Cleaned with backup (quarantined).C:\WINDOWS\17PHolmes572.exe -> Downloader.Agent.iug : Cleaned with backup (quarantined).C:\WINDOWS\mrofinu1000106.exe -> Downloader.Agent.iug : Cleaned with backup (quarantined).C:\Program\Internet Explorer\gaqyv89104.dll ->... Read more

Answer:Infected With Downloader.agent.iug + Backdoor.ircbot + More Please Help !

The infected RP***\A00*****.exe file(s) identified by your scan are in the System Volume Information Folder (SVI) which is a part of System Restore. This is the feature that allows you to set points in time to roll back your computer to a clean working state. The SIV folder is protected by permissions that only allow the system to have access and is hidden by default unless you have reconfigured Windows to show it. System Restore will back up the good as well as the bad files so when malware is present on the system it gets included in any restore points as an A00***** file. When you scan your system with anti-virus or anti-malware tools, they may detect and place these files in quarantine.When an anti-virus quarantines a file by moving it into a virus vault (chest), that file is essentially disabled and prevented from causing any harm to your system. The quarantined file is safely held there and no longer a threat until you take action to delete it.IMPORTANT NOTE: One or more of the identified infections was a backdoor Trojan which previously was installed on your machine. Backdoor Trojans, IRCBots and Infostealers are very dangerous because they provide a means of accessing a computer system that bypasses security mechanisms and steal sensitive information like passwords, personal and financial data which they send back to the hacker. Remote attackers use backdoor Trojans as part of an exploit to to gain unauthorized access to a computer and take control of it without ... Read more

22 more replies
Relevance 53.71%

Recently started to get messages from AVG that computer was infected with Trojan Horse, etc. Had a lot of pop ups and "security program" warnings, but these seem to have stopped for now(with about 20 scans...)

Still getting warnings about Trojans, such as:

Trojan horse downloader generic7
trojan horse backdoor.ntrootkit.am
trojan horse proxy.aaqv
trojan horse downloader zlob.xdl

they don't seem to do anything any more, now that the pop ups and"security scanners" have stopped...
Log follows:

MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1... Read more

Answer:AVG-Trojan horse downloader, backdoor, proxy, etc

Bump!

2 more replies
Relevance 53.71%

hi there, have a virus on my pc. Jotti's scan has designated it as:
BackDoor.W32.VB.bax or...
Trojan-Downloader.Win32.Adload.gkw
Can anyone help me to get rid of it. Pls check my hijack logfile if everything's ok. Thanks.

Hijack this log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:08:18 PM, on 4/11/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\ATK Hotkey\HControlUser.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\P4P\P4P.exe
C:\Windows\AsScrPro.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTT... Read more

More replies
Relevance 53.71%

We have been hit with a troika:
Trojan Horse Backdoor.Small.5.BT (puts temp25.exe in temp directory)
Trojan Horse Downloader.Tibser.E (puts sbar[1] into Temp. Inet Files
Trojan Horse Downloader.Tibser.E (puts t.exe into windows\system32)

a bunch of dll's also appeared in system32: msdrs.dll, syfqwpaa.dll, lxossfaa.dll, dsmanager.dll, ntrsh.dll (they reappear after delete, that is, IF they can be deleted); other suspicious(?) ones are: open32.exe, open32.conf and open32_uninstall.exe

There is a BHO in the registry --> B72F75B8 etc. that is not legitimate.

During normal startup (I have XP, but have not yet gone to SP2), I notice a quick flash on the screen after which the Microsoft message comes up saying that IE encountered a problem and do I want to send the error report. Of course, when you check out the details, Microsoft indicates that it can't determine the problem. The latest manifestation is that my Google searches get hijacked and sometimes IE just comes up on its own with http://horseserver.net/etc...and some stupid page.

Grisoft AVG does find the trojans, and I put them in the vault and then deleted them. They have reappeared when I start up. Also, when you try a Google search, you get a different looking page of results with the first page always showing the same results no matter what the search. And then, to add insult to injury, even if you do not have an IE window open, up pops one with address of http://horseserver.net... Read more

Answer:trojan downloader.tibser & backdoor.small

I also found snim.dll in windows\system32.
 

33 more replies
Relevance 53.71%

Hello! This is my first post here. I appreciate any attempts to help. I seem to have picked up a pair of nasty infections in my computer and have not been able to delete them with the usual spyware or virus programs. Below I will outline the names, locations and symptoms of these problems.The Infections and Locations1. backdoor.hupigon.genfile location- c:\windows\system32.dll2. trojan.downloader.ruinsfile location- c:\windows\system32\kdjkl.exeregistry value- HKEY_LOCAL_MACHINE\SOFTWARE\MicrosoftWindows\WindowsNT\Current Version\Winlogon, Systemstartup program- HKEY_LOCAL_MACHINE\SOFTWARE\MicrosoftWindows\WindowsNT\Current Version\Winlogon c:\windows\system32\kdjkl.exePlease note: I am basing these infection names and locations on the information provided by Spyware Doctor 5, the free version, which identifies but does not delete infections.The Symptoms1. Programs seem to close arbitrarily. Windows is the most common. The system doesn't shut down it just freezes, the "program is not responding" box pops up and I have to start over on whatever I was doing.2. Slow start-up and shut down.3. Overall slow operation of everything.4. Norton anti-virus has an error on "script blocking."5. Occasional noises coming from computer of which there were none before.Currently Loaded Spyware and Anti-Virus Programs1. Ad-aware2. Spybot Search and Destroy3. Norton Anti-virus4... Read more

Answer:Backdoor.hupigon.gen And Trojan.downloader.ruins

Welcome to the BleepingComputer HijackThis Logs and Analysis forum Ajarn Please download DrWeb-CureIt & save it to your desktop. DO NOT perform a scan yet.You should copy/print the following because you need to be in Safe Mode from here on.Reboot your computer into SAFE MODE" using the F8 method. To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".Scan with DrWeb-CureIt as follows:* Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.* Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.* Once the short scan has finished, Click Options > Change settings* Choose the "Scan tab" and UNcheck "Heuristic analysis"* Back at the main window, click "Select drives" (a red dot will show which drives have been chosen)* Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.* When done, a message will be displayed at the bottom advising if any viruses were found.* Click "Yes to all" if it as... Read more

33 more replies
Relevance 52.89%

I am copying & pasting my message from another forum (as I don't think they will be able to help me anyway):I hope someone can help me because I've been trying all week to get rid of these trojans and they keep coming back. I am in way over my head with this one. I'm not a computer newbie but I am certainly not an expert either. I was getting tons of pop ups. I am not getting those now, but my computer is still very slow, my Internet Explorer settings (eg. privacy settings) are continually messed with, and at the moment I can't even start IE in my administrator account (which I just created a couple of days ago to have separate from my regular account).I have found Trojan.Virtumonde, Trojan-Downloader.ConHook, and Backdoor.Agent.LELI have an Inspiron 6400 laptop with Windows Vista Ultimate. I have McAffee Internet Security (I think total protection), it is up-to-date and scans frequently. It is not picking up anything.The programs that have picked up some or all of these are: Spyware Doctor, SuperAntiSpyware, and AdAware. I have tried running the programs & cleaning up the trojans in both regular and safe mode, not connected to internet. They claim to get rid of them. I reboot and delete cookies/temp internet files. I then scan again and the program(s) tell me my system is clean. BUT as soon as I reconnect to the internet and do another scan, the trojans have shown up again.I have tried several other suggested scanners/cleaners: VundoBeGone, Vundofix, Troj... Read more

Answer:Virtumonde//Trojan-Downloader.ConHook//Backdoor.Agent.LEL

Title was: HJT Log - Vundo, Need help removing. Also, windows update & IE problems ~ OBI was having a big Vundo/Virtumonde problem. I tried a huge variety of scanners and vundo removals suggested here and at other forums. The only programs I have had success with detecting the trojans are Spyware Doctor, SuperAntiSpyware, and Malwarebytes' AntiMalware. Malwarebyte's appeared to effectively get rid of it, as none of the scanners were detecting it anymore -- until now. Only the MBAM detected it this time. I have also been having these problems:- Windows Update: I am running Vista Ultimate. My computer keeps trying to update to SP1 but the installation fails.- I am supposed to have 4 GB of RAM, but now my system info says I only have 2 GB!? Could Vundo have caused this to happen??? - Internet Explorer keeps shutting down due to data execution protection.Below are my HJT and MBAM logs.Thank you for any help!! (BTW I do have UTorrent installed but that isn't how I got infected. I've always been super careful in the past, but I stupidly clicked on a free download against McAfee's warning, convinced it was safe).Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:44:05 AM, on 26/10/2008Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16757)Boot mode: NormalRunning processes:C:\Windows\System32\smss.exeC:\Windows\system32\csrss.exeC:\Windows\system32\wininit.exeC:\Window... Read more

23 more replies
Relevance 52.89%

firstly thank you for helping me
i used avast 4.8 professional & the full version of malwarebytes to clean up some infections i picked up but not sure if im clean could some nice person please take a look please....im new to this and virus removal.
if you need more info please let me know also have winlogin in startup
Thank You
DDS (Ver_09-10-26.01) - NTFSx86
Run by Nourtyboi at 2:41:28.54 on Wed 28/10/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.64.1033.18.1976.1382 [GMT 13:00]

AV: avast! antivirus 4.8.1356 [VPS 091026-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

c:\Program Files\Fingerprint Sensor\AtService.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Analo... Read more

Answer:backdoor poisonivy, trojan downloader, Win32:VB-LRY, winlogin

Title was: Trojan.DDoS, i have not been helped with last post this is a new detection ~ OBim sorry to be a nuisance but i have a new infection upon last post Trojan.DDoSi understand that you are all very busy helping othersjust had malwarebytes find a new infection having problems with internet disconnectingand connecting it takes me several attemptsany help is appreciated and thank youDDS (Ver_09-10-26.01) - NTFSx86 Run by Nourtyboi at 2:31:12.29 on Sun 01/11/2009Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.64.1033.18.1976.1388 [GMT 13:00]AV: avast! antivirus 4.8.1356 [VPS 091030-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}============== Running Processes ===============c:\Program Files\Fingerprint Sensor\AtService.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exesvchost.exesvchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\igfxsrvc.exeC:\WINDOWS\system32\igfxpers.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:&#... Read more

3 more replies
Relevance 52.48%

Mcafee has detected these trojans but said it is unable to quarantine, delete, or clean any of them. Here's the logfile:Logfile of HijackThis v1.99.1Scan saved at 10:23:58 AM, on 8/6/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\brsvc01a.exeC:\WINDOWS\system32\brss01a.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\CTsvcCDA.EXEC:\Program Files\ewido anti-spyware 4.0\guard.exec:\program files\mcafee.com\agent\mcdetect.exeC:\WINDOWS\system32\ishost.exec:\PROGRA~1\mcafee.com\vso\mcshield.exeC:\Program Files\McAfee.com\VSO\mcvsshld.exeC:\Program Files\McAfee.com\VSO\oasclnt.exec:\PROGRA~1\mcafee.com\agent\mctskshd.exeC:\WINDOWS\system32\ismon.exec:\progra~1\mcafee.com\vso\mcvsescn.exeC:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exeC:\Program Files\C... Read more

Answer:Infected W/ Backdoor-cvt, Generic Downloader.ab, Puper, Multidropper.d, Qlowzones-15

Hi RcKsolidCHMPNDownload SmitfraudFix (by S!Ri) to your Desktop.http://siri.urz.free.fr/Fix/SmitfraudFix.zipExtract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.Open the SmitfraudFix folder and double-click smitfraudfix.cmdSelect option #1 - Search by typing 1 and press EnterThis program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.IMPORTANT: Do NOT run any other options until you are asked to do so!1. Download this file - combofix.exe2. Double click combofix.exe & follow the prompts.3. When finished, it shall produce a log for you. Post that log in your next replyNote:Do not mouseclick combofix's window whilst it's running. That may cause it to stallSend:- smitfraudfix log- combofix log

20 more replies
Relevance 52.48%

hi recently i have found out using ewido that my computer has many viruses...i don't know how to get rid of them. here is my hijackthis log:Logfile of HijackThis v1.99.1Scan saved at 4:52:36 PM, on 27/06/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\Explorer.EXEC:\Program Files\ewido anti-spyware 4.0\guard.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\ewido anti-spyware 4.0\ewido.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Soft... Read more

Answer:Winfixer, Trojan.dialer, Downloader.delf, Backdoor.ircbot

Hello,

Can you rename Hijackthis.exe to Analyse.exe
Then scan with Analyse.exe and post the log in your next reply (which will be a hijackthislog ofcourse)

2 more replies
Relevance 52.48%

I tried to follow the posting rules by being as specific as possible in the title to help, but unfortunately, it's hard to do that after running all of the scans and resolving some of the major issues I was having with this PC. I'm trying to clean it up for a friend, and I think I've done a decent job on my own by running all of the programs I use on my own PC as well as some you all suggest we run before posting an HJT log. It's taken FOREVER considering this thing has a 300MHz celeron and only 128MB RAM. Needless to say, I'm tired of screwing with it now..

Enough with the blabbering on about useless information, though. So far I've ran these programs with reasonable success.

AVG Anti-virus(in safe mode)
Trendmicro online virus scan
BitDefender online virus scan
Ad-aware SE Personal with the VX2 Add-on(in safe mode)
Spybot(twice-once in safe mode)
CWShredder(safe mode)
CleanUP!

Everything was updated before scanning!

Here's the log..

Logfile of HijackThis v1.99.1
Scan saved at 10:29:39 AM, on 12/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\atievxx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\... Read more

Answer:BackDoor.Agent.2.H, Trojan horse Downloader.Istbar.PI, etc.(too much to list)

Hi there...


Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...ch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)


Open Windows Explorer and delete the following red folder/s

c:\program files\ 180solutions

Reboot.......................

================================

It is very important to keep Sun Java up to date to help avoid exploitation by malware .
The current version is Java Runtime Environment (JRE) 5.0 Update 9
Download the latest version of Java Runtime Environment (JRE) 5.0 Update 9.
Remove all prior versions using Add/Remove Programs, and delete the Java folder in Program Files.
Click the link to download the Wind... Read more

8 more replies
Relevance 52.48%

According to Symantec AntiVirus, my computer became infected with Trojan.Fakeavalert, Packed.Generic.188, Backdoor.Tidserv, and Downloader virus files, all of which I think I have removed, but want to be completly sure.

Up till now I have run UnHackMe, Spybot Search and Destroy, AVG 8.0 Antivirus (Free), and several full Symantec AntiVirus full scans, following removal instructions they gave, the latest of which were clean for all of those. All of these were run with either the latest downloaded versions or completely updated definition files.

I want to know if I have completely cleaned this up. Here is a current HijackThis Log from Safe Mood:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:25:01 AM, on 9/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\... Read more

Answer:Backdoor.Tidserv, Trojan.Fakeavalert, Downloader viruses - are they fully gone?

Hi, Welcome to TSG!!

Please download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Click Exit on the Main menu to close the program.


Please download Malwarebytes Anti-Malware and save it to your desktop. alternate download link 1 alternate download link 2
Make sure you are connected to the Internet.
Double-click on Download_mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware

Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
Make sure the "Perform Quick Scan" option is selected.
Then click on the Scan button.

If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message... Read more

1 more replies
Relevance 52.48%

here is my HJT log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:39:21 AM, on 3/25/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
C:\Windows\system32\svchost.exe
C:\Program Files\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\TUProgSt.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C... Read more

More replies
Relevance 51.66%

So Kaspersky found 3 threats however they are not in their database or virus list website. I am pretty sure my friend contracted them from looking at free porn on my computer! I know I should password protect my computer and I definitely have learned my lesson!

Backdoor.Win32.Rbot.Vqa

Trojan-Downloader.Win32.CodecPack.alm

Rootkit.Win32.TDSS.cjv

Thanks in advance for any advice or help!


DDS (Version 1.1.0) - NTFSx86
Run by Chupacabra at 22:31:07.51 on Thu 01/01/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_11
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.2047.1017 [GMT -5:00]

AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)
FW: Kaspersky Anti-Virus *disabled*

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C... Read more

Answer:Kaspersky found 3 Trojans, Backdoor, downloader, rootkit not in kas virus list!

Can someone help? Thanks.

2 more replies
Relevance 47.56%

DDS (Ver_09-05-14.01) - NTFSx86 Run by gus at 0:50:16.98 on Thu 06/11/2009Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.571 [GMT -4:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchC:\WINDOWS\system32\svchost -k rpcssC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k NetworkServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exeC:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\rundll32.exeC:\PROGRA~1\MYWEBS~1\bar\3.bin\m3SrchMn.exeC:\WINDOWS\system32\Rundll32.exeC:\WINDOWS\system32\Rundll32.exeC:\WINDOWS\system32\ctfmon.exeC:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exeC:\Program Files\Norton SystemWorks\... Read more

Answer:Packed Generic 214 , Infostealer Banker C ,Trojan Horse, Downloader, and Backdoor Trojan

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may ta... Read more

2 more replies
Relevance 47.56%

I'm about to use Evernote Clipper after months. Ive tried multiple times to change password and log onto Evernote Clipper. It tells me the password I'd just changed it to...is incorrect. I've closed/opened Chrome, Evernote Clipper and my computer - and gone to download the latest version - evidently i had the latest. This is feeling like a mobius loop. Any thoughts? Thank you!message edited by Chrisjh

Answer:Evernote Clipper - can't log in

Have you spoken to Evernote support?

3 more replies
Relevance 47.56%

does anyone know what happen to that "old" programming language, called clipper, like the old dbase language? what is clipper called today or computer programming language is the most similar to clipper?
 

Answer:ca-clipper 5.3b for dos/windows

OMG! My first job in the computer field! I was the install guy for a point of sale/accounting software for specialty gift shops, which was written in Clipper for DOS. Had to setup that program on point of sale computers for the front, and in the workstations in the office for the accounting part. They kept using the DOS version til past Win98 days, when I left that company. When I first got there they were using Artisoft LANtastic for the networking, on coax.

Pig of a DOS program, had to learn the art of fine tuning config.sys to get conventional memory up past 600.

The owners of the software company used to raise pit bulls...one of them came to the office every day, sorta the mascot of the office. His name was Clipper.

Anyways, I'm not a programmer, I'm a networking guy, but from what I remember in the days before I left that company, the programmers there were having a hard time migrating their program to a native Windows backend.

I believe Clipper for DOS remained for DOS
http://en.wikipedia.org/wiki/Clipper_(programming_language)
and one of the projects designed to migrate it to Windows almost made it..
http://en.wikipedia.org/wiki/Visual_Objects
 

7 more replies
Relevance 47.56%
Question: Clipper Summer87

Hello! I have never debugged in Clipper Summer87. Could someone tell me how step by step? I use Plink86 to link and link using a .bat file.

Example of .bat:

clipper @prog -l
clipper main.prg -l -m
clipper index.prg -l -m
clipper rept.prg -m -l

plink86 @prog

Thanks in advance!
 

Answer:Clipper Summer87

12 more replies
Relevance 47.56%
Question: Clipper program

Hi all!
After upgrading Clipper program I cannot open DBF format file.
The error message: 'Corruption detected Clipper'. I tried to search from google but no answer.
What's the problem? What should I do?

More replies
Relevance 47.56%

I installed the plug in webclipper, from http://pc.freediskspace.com/Index.asp. Its not working right and I just want it off my computer. I get no response from their tech support, and I can't find the application under add/remove programs. What do I do? And I need a recomondation as to some good virus software to install on my 350 mhz Intell Pent. II. I have a creative 48x cd-rom, and a V.90 56k Us Robotics voice Fax modem. Would the wrong driver stop my fax from operating? Does anyone know where to get the right drivers? HELP!
 

Answer:Web Clipper-from freediskspace.com

I like Norton AntiVirus.

If you want to try one for free though, go to www.antivirus.cai.com - it's pretty good too.

USR modem drivers:
http://consumer.3com.com/analog.html
[edit] - fixing my bad link
[This message has been edited by LarryCore (edited 03-11-2000).]
 

3 more replies
Relevance 47.56%
Question: Yankee Clipper fix

My YC has been dropping clippings. The YC website had me download a fix for that. Where I am now is that I have renamed to old YankClip.exe file to read YankClip.exeold, and now my YankClip[1] folder shows that old renamed file with a MS icon and the new file with a YC icon, just as was the case with the old file before I renamed it.

The YC instructions tell me to “Get the ZIP, stop the program, rename the old EXE, and finally copy the new file into the installation directory”. I wasn't sure at what point I was supposed to stop the program, I presume meaning the zip program, and how I was to do that, so what I did was to rename the old EXE first, and then download the new one without interrupting the program

Does what I did amount to “copying the new file into the installation directory"?

Since YC dropped clippings only sporadically, I am wanting to find out now if I did the fix right rather than just wait to see if the dropping problem happens again.

Thanks, grandpaw7
 

Answer:Yankee Clipper fix

Hiya

From what I'm reading, when they say 'stop the program', that may have been the YC program, not the zip.

The way I read it is as this..

Download the zip. Stop the YC program from running. Rename the exe to old, either like what you have done, or as YankClip.old, then open the zip, and extract the new exe into the same folder.

Is that what you did?

Regards

eddie
 

2 more replies
Relevance 47.56%

Hi
I am running a clipper program on a novell network, and my client machines have been running on Windows 95/98.
I have been operating with the following line in the autoexec.bat :SET CLIPPER=E:00;F:250;SWAPPATH:'C:\WINDOWS\TEMP\'

I have a machine that is not running on Windows XP, and i have no idea where to add the above line, or how to make it work..
each time i try to run that program i get the following error "Unrecoverable Error 5311; cannot create VM swap file"
where do i set the variables in Windows XP?.

Thanks!
 

Answer:Need help with clipper program!

Linpin:

Go to C:\windows\system32, and edit Autoexec.NT and Config.NT there is where the environment variables and DOS configuration must be set, every Dos Box that is opened will use the values within this files.

Don´t expect to see them if you type the SET command, but they are initialized and the clipper program will read them.
 

1 more replies
Relevance 47.56%

Am I the only one still having to modify and keep running mid '80's software, yes, prior to windoze. The s/w is run daily in a very large corporate in a win2000 environment.

Does anyone have any info on what I could use to help transfer the code to something more modern? Of course, the user interface would have to be rewritten.

Yep, I'm very old too.
 

Answer:dBase III+ and Clipper

11 more replies
Relevance 47.56%
Question: Yankee Clipper III

I don't know why, but I can never seem to understand the software instructions. I can get stuff to YC by highlighting it and clicking Edit>Copy, just like usual before I had YC. (I am surprised that the instructions don't say how to get stuff to the Clipboard.) But then how do I paste the stuff, say, in a document I am composing in MS Word? If you don't mind, I need the instructions you would give to a kindergartener. Thanks, grandpaw
 

Answer:Yankee Clipper III

If it is a Windozs app all the Windoze shortcut keys should apply

Ctrl + C = Copy
Ctrl + X = Cut
Ctrl + V = Paste
 

2 more replies
Relevance 47.56%

Hey i have a large .mpg file and i want to clip a section out of it. Do all programs need you to re-assemble all the parts before you play? I want to take a playable section out and delete the rest..like at specific start and end times and everything and then have a playable piece. I did a google search and there seems to be TONS of "editors". And they seem to do so many other things it all seems really complicated to go through all the programs. I would worry wich ones have spyware or would de-stabalize my system if they're done by amateurs.

Any Suggestions?
 

Answer:best MPG clipper/editor??

This is freeware. Not to hard to figure out.

1/ VirtualDub. If you want a close enough good enough edit just use virtualdub.

I've only used it on avi files but it seems to support other formats.
 

1 more replies
Relevance 47.56%

Yankee Clipper III YC3

A powerful Windows clipboard extender/memory- now in its third generation. Handles Pictures, Richtext, URLS, etc - any size. Features printing, drag and drop, optional permanent storage of clippings. Familiar "Outlook" interface. Freeware.




Features: Current version: 1.0.4.3
Saves past 200 text and RTF, 20 BMP and Metafile, and 200 URL clipboard entries.
Has the ability to save and re-use "boilerplate" clippings. Simply right-click on the item and select "Send to boilerplate". Unlimited boilerplate collections can be created.
URL aware- links copied to clipboard can be instantly launched.
Can float on top of other applications for fast pasting.
No size limits for "clippings".
Prints any text clipboard entry, nicely word-wrapped.
This is a simple program to understand and use.
Has a global hotkey to make the application visible when hidden, and another to instantly show and select past "clippings" without showing the application.
Clippings can be dragged & dropped to/from YCIII.
Can strip unwanted "quote" characters ("<", "|") from "clippings".
Supports ordering of boilerplate items.
Can automatically re-connect to clipboard when rogue applications break clipboard chain.

Answer:Yankee Clipper III YC3

This sounds like what I've been looking for, but does it work with Win 7-64? The site mentions only 32 bit systems.

9 more replies
Relevance 47.56%

DDS (Ver_09-01-18.01) - NTFSx86
Run by Owner at 8:21:49.90 on Wed 01/21/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.141 [GMT -6:00]
============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Java\jre6\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\Program Files ... Read more

Answer:Infected with Win/Heur, Downloader.generic Trojan and Backdoor Generic

Please close this post. Problem has been fixed.

2 more replies
Relevance 47.15%

Hello, I am using Clipper 5.2 and would like to know how to display a logo at the top of a letter before printing it out. Please help. Thanks!!

Answer:clipper 5.2 how to display logo

If you mean the database application. You will have to embed the logo or download it to the printer.

4 more replies
Relevance 47.15%

After getting my new XP computer, I downloaded the clipboard utility Yankee Clipper, which I used a lot on my older computer. However, I found out I downloaded the wrong version rather than the one I wanted and was used to. So I uninstalled it yesterday morning and instead installed the version I wanted. Then, I got to messing around trying to get YC on my startup and Quick Launch. Somehow, I messed things up so that YC wouldn't work. So I attempted to uninstall this second version of YC (the one I wanted). Add/Remove went through the usual procedure as though the uninstall worked fine. But it didn't. YC was no longer in Add/Remove, but it was big as life everywhere else although it still worked poorly. Then, I used System Restore to go back to yesterday morning before I uninstalled the version I didn't want. I wanted to start all over. So I tried to uninstall that version so I could newly install the good version. But now the bad version won't uninstall. When I try to do that via Add/Remove, I get a Wise Uninstall error saying "Could not open INSTALL.LOG file.

I have no idea what to do now. For one thing, I wonder if the error message means that the Add/Remove program now won't work for anything, or if that error message just applied to YC. I've thought about downloading free uninstaller but I prefer not to do anything till I can get some expert input.

Thank, grandpaw
 

Answer:Can't uninstall Yankee Clipper

6 more replies
Relevance 47.15%

Hi! I know, this is an old system. I program using VB but every now and then I need to make a change in an old, forgotten system and I really don't have any experience in Clipper. I hope I can find help in this forum.

I am trying to do a create. I have the following but i keep getting a TYPE MISMATCH error:

cPath = "C:\"
cStr = "TempTab"
SELECT 0
CREATE (cPath + cString)

What could I be doing wrong? I am trying to create an empty table to store the TempTab structure info in a new work area.

Thanks in advance!
 

Answer:Clipper Summer87 Question

What are the datatypes for cstr and cpath?

I do not know clipper, but I would guess you need to caste them to be the same, or the same as CREATE supports.

Also, a quick google makes me think you need to use dircreate to create a folder...
http://www.itlnet.net/programming/program/reference/c53g01c/ng39600.html
 

1 more replies
Relevance 47.15%

Download: OneNote Clipper

Save anything on the web to OneNote in one click

Keep all your web research in one place. Clip it to OneNote, organize it, and access it from any device.

OneNote Clipper - the easiest way to save anything on the web to OneNote in just one click. It's like your camera for the web.

Researching for a big trip? Gathering recipes for an upcoming party? Collecting inspiration for a home makeover? The OneNote Clipper helps you do all of this quickly and easily. Think of it as your camera for the web, snapshotting any webpage you see directly into OneNote.​
Features

One-click to save any webpage with the extension toolbar OneNote button
One-click to view your clipped webpage in OneNote Online directly from the OneNote Clipper
All of your clips are saved to the Quick Notes section of your default notebook on OneDrive - automatically accessible and fully searchable on all your devices

 

More replies
Relevance 47.15%

Operating System: Win 7/64
Computer: HP Elite i7

Problem: Somehow, the Clipper Tool (part of Windows 7) has disappeared. I did not receive the installation disks with my computer. What can I do to reinstall the app?
 

Answer:MS Clipper Tool Disapeared

I guess you mean the snipping tool. It has probably simply disappeared from the Start menu so type snip in the Start > Search box. Snipping tool should appear above.
 

2 more replies
Relevance 47.15%

The OneNote Web Clipper suddenly stopped working on all my browsers and computers. I cannot login and I am prompted to enable 3rd party cookies. I have tried deleting all cookies, uninstalling the extension and reinstalling it, but it doesn't work.
I have tried this on Chrome, Firefox and Edge. On all browsers the OneNote Clipper stopped working.
I also found a thread that started today at Microsoft: https://answers.microsoft.com/en-us/msoffice/forum/msoffice_onenote-mso_winother-msoversion_other/onenote-clipper-stopped-working-today-in-chrome/20669212-dc0c-43a0-84bb-e5390dd97bf9
Any ideas?

More replies
Relevance 47.15%

I maintain some legacy programs written under dBase and compiled with Clipper.I have a couple of problems when running under some versions of Windows ? especially XPNormally the key-code for the left arrow key is identical to Ctrl-S> - both, when tested with a utitlity, are correctly shown as being ASC 19However, when running in a virtual DOS environment, while the left-arrow key works fine, the Ctrl-S> is ignored. I assume that Windows is intercepting the code for some other purpose.Using the Properties of the desktop shortcut to the DOS environment, I have tried various combinations of Compatibility (for Windows) and disabling the Windows Shortcut keys, but no still solution is found.Secondly: the programs frequently use the higher ASCII codes to build boxes on-screen. These generally work fine, but on occasion ? and I can find no reason for why this only happens sometimes ? the characters get mis-interpreted and produce other graphics characters.Would be grateful if anyone knows a solution ? especially to the key-code issue - or even just a pointer to someone who might know.Many thanksDr Philip Ramage

More replies
Relevance 46.33%

We are in the process of developing apps for a manufacturing company and we are stump as to which programming language will be best. The apps wil include all accounts, production, warehousing, etc. and we estimate that it would involve a rather large database. We are thinking of using the ca-clippper language to develop the apps.

Pls give us you opinions and advices. We truly appreciate all opinions and advices.

Thanks & Regards.
 

More replies
Relevance 46.33%

I am using Yankee Clipper III (YC3) under Win7 64bit. Occasionally it looses the boilerplates and I can't get them back other than by recreating them. Under Win XP, according to what I have been able to find, the boilerplates are kept in Program Files/YCIII. That doesn't seem to the the case for Win 7. I have restored the YCIII portion of Program Files X86 from a True Image Backup but the boilerplates are still not there.

Will someone please help me get around the problem of having to recreate the boilerplates each time YC3 looses them?

Thank you very much.

Answer:Yankee Clipper III looses its boilerplates

About a year ago I posted this problem and never received a reply. I have nor used this machine very much until recently. The problem just occurred again so here I am again.

Yankee Clipper III looses its boilerplates

I am using Yankee Clipper III (YC3) under Windows 7 64bit. Occasionally it looses the boilerplates and I can't get them back other than by recreating them. Under Win XP, according to what I have been able to find, the boilerplates are kept in Program Files/YCIII. That doesn't seem to the the case for Win 7. I have restored the YCIII portion of Program Files X86 from a True Image Backup but the boilerplates are still not there.

Will someone please help me get around the problem of having to recreate the boilerplates each time YC3 looses them?

Thank you very much.

1 more replies
Relevance 46.33%

I have used Yankee Clipper for a number of years now and it has been a great deal of help to me, largely because of its simplicity. But after I got XP the YC icon on my System Tray started to disappear, not always, but when it did I couldn't find a way to get the YC window to display. When I would click on the YC icon on my desktop or go to YC in Windows Explorer, I would get a message that YC was already running and to look at the System Tray (where the YC icon was no longer there).

YC told me that the problem must have something to do with XP, but couldn't say what. YC suggested that I click Ctrl/Alt/Y. That sometimes brought up the YC screen but not always. It didn't restore the icon to the System Tray.

I wonder if anyone has a suggestion as to what might be the problem and how I can solve it.

grandpaw7
 

Answer:Disappearing Yankee Clipper icon

Perhaps it's not in your startup and should be (and used to be)?

Hit Start-->Run and type msconfig and hit enter.
Go to the Startup tab.
Do you see anything that resembles Yankee Clipper?
If you do and it is NOT checked, check it.
If you don't, reinstall Yankee Clipper. See if you're asked if you want it to start when Windows starts (or to put an icon in the system tray) and say "yes".
 

3 more replies
Relevance 46.33%

hi, it has been some time since anythng got me foxed but i could really use some assistance with this one please.basically i have a persistent problem. i use windows onecare and each time i start the PC it picks up several attempts to drop trojans. one care can clean them but does not seem to locate the sorce file which is instructing the drop. i havetaken several steps to fix the problem none of which have suceeded.my steps were. inspection if hijack this logs - couldnt see anything obviously wrongcleaning registry and start up entries, i was uncertain about a couple of them but nothing stood out.checking running processes - again i can't see anything obvious.manual search of win32 fils for anomalies, - this yielded several rogue .exe files and a couple of bitmaps, but i have to assume these were droped and not the source file.running onecare virus scan - finds nothingrunning malwarebytes scan - initially found a raft of infections and removed them but further scans yield nothing and the problem persists.clearly it seems i have a hidden file somewhere which is causing this to happen, i really do think there must be something in the start up .exe's as the problem always occurs on restart.help please, i am somewhat reluctant to simply wipe and start again from scratch as i have a whole heap of music editing software which will take several days to reinstallhere is my hijack this log, all halep and assistance gratefully received, many thnks in advance. now that i look... Read more

Answer:Hidden Downloader And Backdoor Trojans Trojans

Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen, click on the Show Results button t... Read more

1 more replies
Relevance 45.51%

It started on or about July 22. First we had popups circumventing our popup blocker. Then I noticed that there was an active connection listed in our firewall connection list that was called "??ool32\??crosoft.Our server had been down for almost a week because of an electrical storm, and we got a new modem with the fix from the broadband carrier. Our sercurity system may also have been down at the same time, but when we did a scan after getting our internet back, there was nothing found. After doing all of the steps recommended before doing the hijack this scan, we were told that we had all of the problems listed in the title of this post, and the House Doctor scan also said that there was an infection which couldn't be quarantined located in D:\SYSTEM VOLUME INFORMATION\_RESTORE{B9823275-D858-...\A0015881.DLL. The last 3 scans done using the same suggested programs have come back clean. During the last week the computer has begun to freeze and move very slowly. The firewall has also come up with warnings that ??ool32 has been attempting to connect with the internet, but has been blocked...so it is obviously still there. My Hijackthis logfile follows:

Logfile of HijackThis v1.99.1
Scan saved at 8:13:36 PM, on 04/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32&#... Read more

Answer:W32/backdoor.kzk, Trojan.downloader.purityscan, Java.trojan.exploit.bytverify, Trojan.clicker.vb.dw

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download Ewido Anti-spyware and save that file to your desktop.This is a 30 day trial of the programOnce you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.Once the setup is complete you will need run ewido and update the definition files.On the main screen select the icon "Update" then select the "Update now" link.Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.Once in the Settings screen click on "Recommended actions" and then select "Quarantine".Under "Reports"Select "Automatically generate report after every scan"Un-Select "Only if threats were found"Close Ewido anti-spyware. Do not run a scan just yet. We will shortly.Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.

Clean out your Temporary Internet filesClose Internet Explorer and close any instances of Windows Explorer.Click Start -> Control Panel and then double-click Internet Options.On the General tab, click Delete Files under Tem... Read more

10 more replies
Relevance 45.51%

I got two different names for a trojan yesterday and today, and after completely running your ?5 steps before posting a log? I am finding no trojan at all! I know this sounds like a good thing, but I'd like some explanation if possible. I am running WIndows XP Home.

Yesterday WebRoot SpySweeper found trojan-backdoor-progdav, which I eliminated on 2-17-07 by using TetonBob?s excellent instructions. Today I re-used those instructions, but the target files were not found, so I ran SpySweeper again ? and this time it found a different problem: trojan-downloader-ruin.

So I used POADB?s instructions (provided to jack5000 on 4-25-06) for removing trojan-downloader-ruin: downloaed CleanUp!, Ewido with updated database, and FixWareout; ran FixWareout online; then ran HiJackThis offline in safe mode. HJT didn?t list any of the items that jack5000 was told to delete. The file to manually delete (C:\WINDOWS\\System32\dmeue.exe) also was NOT present. Then I ran my first Panda scan.

Finding none of the target files, I went to TechSupportForum?s ?5 steps before posting a log? (now realize I should?ve done first.) Took ages, but the only things found were 1 malware program (Viewpoint Media Player, which I removed in Step 1), & 7 tracking cookies (which I quarantined using Ad-Aware SE in Step 2). In Step 4 no service packs were missing ? only upgraded IE (which I never use ? I?m a Firefox user) to IE 7.

After all of this, I decided to run SpySweeper again, and thi... Read more

Answer:Trojan change from trojan-backdoor-progdav to trojan-downloader-ruin, no target files

Welcome organicbarb

Are there any current spyware symtoms ?

Your logs look fine
You can delete
C:\install.dat
C:\dnsbak.reg
C:\fixwareout
fixwareout.exe and combofix,exe

You should update java, afterwards this old version should be uninstalled.
J2SE Runtime Environment 5.0 Update 2

1 more replies
Relevance 45.51%

I want to ask about porting / converting ancient (20 years old!) dBase / Clipper source code and files to Modern Windows XP environment.

Should I use Codebase and re-compile the program for Microsoft C?

http://www.codebase.com/products/

Is there any other better / simpler ways to port text only applications?

Thank you.
 

Answer:Porting dBase/Clipper Source Code And Files

Are you asking if there's any way of automatically converting the source code or you asking whether you you should rewrite the application. Codebase will not convert an XBase DOS program to a windows program. From what I understand Codebase is a library that allows you to manipulate XBase databases (DBase, Clipper, Paradox etc) with a windows language such as Visual Basic.
 

1 more replies
Relevance 45.51%

Each time I try to update the OneNote Web Clipper app via the Windows Store, it says the following in the screenshot.

Answer:Problems updating OneNote Web Clipper app from Windows Store

I have ran troubleshooting steps on this problem. Nothing seems to fix the problem. That's why I have came here for help. Please help!

4 more replies
Relevance 45.1%

I followed the instructions on the hijack this prep and below is the file. I am very concerned that I can't seem to get rid of some unusual files in my msconfig startup and running processes. Unidentified items in msconfig. startup are Zeno is under C:\WINDOWS\system 32\pwinqsap.exe CORN001, Z_Start C:\WINDOWS\system32\dwdsregt.exe CORN001, Then under SOFTWARE\Microsoft\Windows\CurrentVersion\Run are : 9339047 C:\PROGRA~\9339047\9339047.exe; sd "C:\PROGRA~1\AUTOST~1\sd.exe" --checkOnly; mhnn "C:\Program Files\Obla\mhnn.exe" -vt ndrv The mhnn is also in the task manager as a running process. I cannot find any of these listed in windows explorer or my registry. Logfile of HijackThis v1.99.1Scan saved at 6:35:30 PM, on 1/4/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared... Read more

Answer:Backdoor.dsnx, Hacktool, Trojan.cmapp, Download Trojan, Trojan.downloader.gen,

Sorry for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:Preparation Guide For Use Before Posting A Hijackthis Log

3 more replies
Relevance 43.05%

There are several trojan horse detected such as Trojan-Backdoor.Win32.Agent.sp,Trojan-Downloader.Win32.QQhelper.kb, Trojan-PSW.Win32.OnlineGame.qy,Trojan-PSW.Win32.OnlineGame.yn, Trojan-BAT.KillAV.es, Trojan-proxy.Win32.small.du, Trojan-Downloader.Win32.Zlob.gj and many more...I do not know how to remove those trojan, pls HELP!!!Logfile of HijackThis v1.99.1Scan saved at 10:49:43 PM, on 7/6/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\WINDOWS\FixCamera.exeC:\WINDOWS\tsnp2std.exeC:\WINDOWS\vsnp2std.exeC:\WINDOWS\system32... Read more

Answer:Several Trojan Such As Trojan-backdoor.win32.agent.sp, Downloader.win32 .qqhelper.kb

Sorry for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:Preparation Guide For Use Before Posting A Hijackthis LogPlease also post the problems you are having.

1 more replies
Relevance 43.05%

Hello,

This is my first post here. Hopefully, this will resolve my problems.

According to AVG Anti-Virus, I have these Trojan horses, neither of which is not "healable." There is a virus called "Virus identified exploit" that I noticed in the AVG Virus Vault as well. How can I fix these issues? Might it help to mention that the latter has been in the Vault since October 5, 2007 (I only noticed it now, when I was running a scan, but I-or the laptop-run scans often). The first Trojan since March 6, 2008 and the second trojan, since today.

Attached is my HJT Log. I did attempt to complete a Panda ActiveScan but an "Update error" prevents it, saying "Sorry, updating is incomplete due to an error. Please try again." I've tried several times to re-update but my attempts have been futile.

Logfile of HijackThis v1.99.1
Scan saved at 6:13:02 PM, on 5/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~... Read more

Answer:Trojan horse BackDoor.Ircbot.DME & Trojan horse Downloader.Zlob

This is the offender:

O2 - BHO: CIEObjectObj Object - {CA13D72F-2DAC-4D99-B08D-C5EA1C920E89} - C:\WINDOWS\IECodecPlg.dll


Ok.We need to download ComboFix.exe. This will give me a better view to the files that are running and also the ones that are hidden on your computer.

Please visit this webpage for download links, and instructions for running ComboFix


When the tool is finished, it will produce a report for you. Please copy and paste the "C:\ComboFix.txt" along with a new 'HijackThis' log so that we can continue to do any further cleaning that your system may require.

Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Mal use can cause serious computer problems

NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.

1 more replies
Relevance 41%

IE, Chrome and Firefox all experience the same symptoms. I type in nearly any search into the address bar, or in Google, it comes up with genuine search options in Google's page, I click on a link in the search, then it sends me to a not-legitimate page, or through a link to a different page (as if I clicked on an affiliate link).

Avast did not detect it at all; used Ad Aware to scan and remove, and it only detected 3 adtd cookies. Malwarebytes detected Trojan.VBKrypt and Backdoor,Bot and removed them, which temporarily (I mean 2-3 searches at most) stopped the issue. Uninstalled Avast and installed McAfee Total Protection Service which detected Generic.dx!iqs, Generic.dx, BackDoor-AWQ, Generic.dx!gic, and MWS. All removed, but as you can guess, the issue still persists.

Attached is the Attach.txt file.

Attached is a few files of RootRepeal crash logs. RootRepeal has a ton of errors causing me to not be able to scan or collect a log of any kind. Errors include 'FOPS - DeviceIoControl Error ! Error Code = 0xc0000024 Extended Info (oxoooooodc)', and when I attempt to scan, error 'DeviceIoControl Error ! Error Code = 0x0' appears. I'm guessing it might be because I'm using Windows 7...

Please advise on possible tasks and solutions. Thanks.

The following is my DDS.txt log file:

DDS (Ver_09-12-01.01) - NTFSx86
Run by Mike Faria at 14:34:34.42 on 20/12/2009
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17
Microsoft Windows ... Read more

Answer:generic.dx, backdoor-awq, mws, trojan.vbkrypt, backdoor.bot - browser redirects on searches

UPDATE - A day later, McAfee Total Protection Service detects Hiloti.gen in svchost.exe. All of these files pop up in c:\Windows\TEMP\filename.tmp\svchost.exe.Hundreds pop up, all throughout the day whether or not I am here. I left my PC on and came back to over 200 to delete. Anyways, I did a bunch of searching on Google and BC, on a different PC since this one sends me to illegitimate sites to buy their program... Result = no one has an answer. It seems every forum I go to, people are instructed to run scan x with x program, then run scan y with y program, etc. with the post unending, full of log files and no solutions.I'm still holding out hope ===========Hello While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular ... Read more

3 more replies
Relevance 40.59%

I have Spysweeper and it can't get rid of these trojans and other stuff. It just keeps getting stuck when trying to delete. Please help. Here is my hijackthis log followed by my SpySweeper log (note: see most recent Hijackthis 1.99.1 log in reply below):

Scan saved at 9:12:12 PM, on 1/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\Antivirus\pccguide.exe
C:\Program Files\Trend Micro\Antivirus\PCClient.exe
C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\WR... Read more

Answer:4 Trojans: Komforochka Smtp Relay + Dowloader 2pursuit + Backdoor Sapilayr + Backdoor Keylog Stes

Here's a more recent log from the latest version of Hijackthis:Logfile of HijackThis v1.99.1Scan saved at 1:22:25 PM, on 1/18/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Trend Micro\Antivirus\pccguide.exeC:\Program Files\Trend Micro\Antivirus\PCClient.exeC:\Program Files\Trend Micro\Antivirus\TMOAgent.exeC:\Program Files\Webroot\Spy Sweeper\SpySweeper.exeC:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exeC:\Program Files\Trend Micro\Antivirus\Tmntsrv.exeC:\Program Files\Trend Micro ... Read more

5 more replies
Relevance 40.18%

Ok I spent the evening trying to fix my cousin's computer. I was removing spyware and she said she had a problem with available memory. I checked it out and she has an 8 gig HD with only 61 MB available. So I scanned with her un-updated Norton and it detected a trojan virus. So I updated her Norton first then scanned the HD and it found the following viruses.

Pic.exe Backdoor.SubSeven2
Shawn1.jpg Backdoor Trojan
winsys98.bat IRC Worm Generic

Norton found them but was unable to remove and fix the problem...all it could do was quarrentine the files. Anyone have any advice?
 

Answer:Backdoor Trojan, Backdoor SubSeven2 and IRC Worm Generic

16 more replies
Relevance 39.77%

Orbit told me I should update their software so I did. Afterwards the "oneclick youtube downloader" was missing from firefox, which is fairly useful when downloading videos etc. I can't find it in the addons at firefox.com. Any ideas?

Thanks.

More replies
Relevance 39.77%

I appreciate all the help anyone can provide me in cleaning up my computer!I'm running WinXP SP2 with AVG Anti-Virus. With-in AVG's Vault I currently have 22 various Trojan Horse viruses, of three types:Trojan Horse Clicker.SXT with Path = C:\WINDOWS\system32\23lbM227.dllTrojan Horse Downloader.Generic8.ENX with Path = D:\DOCUME~1\Elliot\LOCALS~1\Temp\<-8 random letters->.exeTrojan Horse Downloader.Zlob.AGWB with Path = D:\DOCUME~1\Elliot\LOCALS~1\Temp\<-8 random letters->.exeLogfile of random's system information tool 1.04 (written by random/random)Run by Elliot at 2008-11-28 10:37:56Microsoft Windows XP Professional Service Pack 2System drive C: has 5 GB (5%) free of 95 GBTotal RAM: 511 MB (14% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:38:06 AM, on 28/11/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Java\jre1.6.0_05\bin\jusched.exeC:\PROGRA~1\AVG�... Read more

Answer:Infected with Trojan Horse Clicker.SXT, Downloader.Generic8.ENX and Downloader.Zlob.AGWB

Hi,* Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPost the log from ComboFix when you've accomplished that, along with a new HijackThis log.

8 more replies
Relevance 39.77%

Referred from here: http://www.bleepingcomputer.com/forums/topic403674.html ~ OBHave reinstalled windows and both entities are still present and the slow crunching sound of the hard drive is occasionally heard.Have not had any luck reformatting the disk. Have changed boot order in bios but still find operating system will boot from hard drive over the cd rom. Was going to attach hard drive to another computer and format it there as the operating system would not be in use on the infected drive but then saw your reply and here are the logs. Remember I have reinstalled windows and removed all extra programs prior to. Question can the bios get affected with a virus issue like I have?I did trial 10 bit products security 360 and Advanced system care 4 and have a feeling that this is where the infections have come from. Thankyou for your help.
 Attach.txt   4.2KB
  2 downloads.DDS (Ver_2011-06-12.02) - NTFSAMD64 Internet Explorer: 7.0.6001.18000Run by gino at 23:35:04 on 2011-06-17Microsoft® Windows Vista™ Business 6.0.6001.1.1252.1.1033.18.6142.4972 [GMT 10:00].SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k LocalSys... Read more

Answer:Trojan and worm removal W32/Cubot-J worm and IRC backdoor and Backdoor.Fuwudoor backdoor Trojan

Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for postin... Read more

1 more replies
Relevance 39.77%

Hi, I have just rebooted my computer and avg is picking up the trojan mentioned in the title, when it is removed there is a second one that comes from the recyclers folder, it is called dropper.Generic.bygt.dropper. They bsre one has just returned from the system volume information folder so I'm kind of worried they are not being cleared properly by avg. Thanks for any help you can give with this.



DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 20:35:44.85 on Tue 06/08/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.83 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\WINDOWS\Mixer.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Innovative Solutions\DriverMax\devices.exe
C:\Progra... Read more

Answer:Recently rebooted computer finds Trojan horse downloader downloader.generic9.bsre

BUMP please

10 more replies
Relevance 39.77%

First of all would like to say hi to everyone at TSG!

Have been referred to this while using McAfeeHelp, my system is infected with New Malware.j / Generic Downloader.f & Downloader-AYL.

Every time i start my browser, McAfee pops with messages of files infected by the above. It is able to delete files infected by Generic Downloader.f & Downloader-AYL but no the ones by New Malware.j. My system's 'TASK MANAGER' is not working. I get a message that 'Task Manager has been disabled by your administrator'.

Have tried scanning with Spyware Doctor 2.0.1.143 & Ad-Aware SE Personal but of no help. Reading the previous threads, have downloaded HijackThis. Kindly assist, find below the log file of HijackThis.

Logfile of HijackThis v1.99.1Scan saved at 2:35:07 PM, on 1/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\s... Read more

Answer:Solved: Help Removing Trojans : New Malware.j / Generic Downloader.f / Downloader-AYL

13 more replies
Relevance 39.77%

I'm new to the forum and recently had my system in fected by what Norton states is Backdoor.Graybird. However all attempts to remove have failed and I'm getting constant pop-ups with a notification confirming unable to quarantine. I ran ewido and system now shows an infection backdoor.hupigom.brn.

Below is my HiJackThis Report taken.... any help would be appreciated.
Logfile of HijackThis v1.99.1
Scan saved at 2:47:19 PM, on 9/27/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
c:\tt\guardian\guardianctrl.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\mgafg.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\rxmssync.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Webroot\Enterprise\CommAgent\CommAgent.exe
C:\Program Files\Webroot\Enterprise\Spy Sweeper\SpySweeper.ex... Read more

Answer:BackDoor.Graybird turns into Backdoor.Hupigon.brn... HELP!!!

After those problems have been solved, and your system is completly free of any virus/malware/spyware, you might consider updating to SP2.
 

1 more replies
Relevance 39.77%

Using windows xp home edition and Microsoft Antispyware Beta 1 I came across problems logging into partypoker.com as every time I logged in the above noted spywareTrojan.Backdoor.Small.FB Backdoor spyware was picked up by my spyware program and I had to delete it. My spyware was a freebie and running out soon so I went on line and downloaded the new beta 2 microsoft defender. Big mistake.... slowed everything down and started getting all kinds of disconnects and black screens, etc. etc. Anyway deleted the beta 2 and then reset my computer to previous date to get the beta 1 back and now the beta 1 isn't working either. Am also using AVG anti-virus program and that full scan comes up clean. Everything seems to be there,however, when I click on run scan for the spyware program nothing happens????? Any suggetions for a good spyware program download other than microsoft? Thank you.
 

Answer:Trojan.Backdoor.Small.FB Backdoor Spyware

8 more replies
Relevance 39.77%

I have run ad-aware and spybot. I have Norton Antivirus 2002. About/blank takes over start page, "unable to repair" pop notice from Norton reagarding backdoor trojan, backdoor agent, and download trojan. HELP
 

Answer:about/blank - backdoor agent b - backdoor trojan

Hi bogey6438

Welcome to TSG!

Please do this:

First create a permanent folder somewhere like in My Documents and name it Hijack This.

Now Click here to download Hijack This. Download and save the file to the Hijack This folder you just created.

Click on Hijackthis.exe to launch the program.

Click the "Scan" button when the scan is finished the scan button will become "Save Log" click that and save the log.

The log should open in notepad. Click on "Edit > Select All" then click on "Edit > Copy" then Paste the log back here in a reply.

DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required. Someone here will be glad to advise you on what to fix.
 

1 more replies
Relevance 39.77%

Hi. Can anyone PLEASE HELP ME. I've been infected with two backdoor virus (Backdoor.Sdbot and Backdoor.Ranky). Can anyone tell me how to remove these two from my computer.

I have Windows 2000 and Norton anti-virus installed.

Norton gave me a message that "the compressed file eger.exe within WINNT\SYSTEM32\xed.exe is infected with Backdoor.Sdbot virus - Delete Failed."

I also got a message saying "the compressed file pwedp.exe within WINNT\SYSTEM32\dahdah.exe is infected with Backdoor.Ranky virus - Delete Failed."

I ran hijackthis and my log is as follows:Logfile of HijackThis v1.98.2
Scan saved at 5:56:38 PM, on 8/28/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\WINNT\System32\CTsvcCDA.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~4\NPROTECT.EXE
C:\WINNT\system32\regsvc.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\WINNT\system32\MSTask.exe
C:\PROGRA~1\NORTON~1\NORTON~4\SPEEDD~1\... Read more

Answer:Backdoor.Sdbot and Backdoor.Ranky virus

Hi - Welcome to TSG!!

Go to control panel, add/remove programs and remove SpyKiller and Spyware Doctor, they are on the rogue list.
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Run HJT again and put a check in the following:

O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O4 - HKCU\..\Run: [ICQ] syscdd2.exe
O4 - HKCU\..\Run: [Regional Value] isng.exe

Close all applications and browser windows before you click "fix checked".

Restart in safe mode

Open Windows Explorer. Go to Tools, Folder Options and click on the View tab. Make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files". Now click "Apply to all folders"
Click "Apply" then "OK".

Now empty these folders:
C:\Documents and Settings\all profiles\local settings\temp
NOTE: all profiles means all of the profiles on the machine
c:\temp
c:\winnt\temp

Delete these files:
syscdd2.exe
isng.exe

Empty your recycle bin.

Reboot.
Download Spybot http://www.spybot.us/spybotsd13.exe

Click on "Search For updates" when prompted.

Scan, click on fix problems.

Reboot.

Download AdAware SE Personal: http://www.lavasoftusa.com/support/download/

Install the program and launch it.

First, in the bottom right-hand corner of the main window click on Check for updates now then click Connect and download the latest reference files.

Then, in the main window: Click Start and u... Read more

3 more replies
Relevance 39.77%

Several weeks on a laptop runnning MS Media Center I noticed a file named Ali.exe in the Startup Files. I tried removing it with Windows Defender and by using MS COnfig, but the files reappeared within a few seconds. After running Adaware and Spybot Search and destroy I discovered a malware called Bandook. Spybot S&D did not remove it. The resident portion of Spybot S&D, Teatime, would pop up 2 messages simultaneously about every 10-45 seconds saying the Bandook had been blocked. I have tried all of the methods listed as first steps but nothing seems to work. Every time I reboot I get the message that Ali.exe is being loaded and upon closing I am often presented with the message Ali.exe cannot be loaded because the computer is shutting down.

I have attached the three log files below. Can you help with the removal?

Thanks in advance,
 

Answer:Removal of Backdoor:Bandock or Backdoor:Bandook

Welcome to Major Geeks!

Uninstall the below old versions of software:
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 2

Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NBRY Agent] C:\WINDOWS\system32\Sys32\NBRY.exe
O4 - HKLM\..\RunOnce: [*Bandook] C:\WINDOWS\system32\ali.exe
O4 - HKCU\..\Run: [Bandook] C:\WINDOWS\system32\ali.exe

After clicking Fix, exit HJT.

Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it
double click it and allow it to merge with the registry.




REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bandook"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpyHunter"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"*Bandook"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]Click to expand...

Now download The Avenger by Swandog46, and save it to your Desktop.

Extract avenger.exe from the Zip file and save it to your des... Read more

5 more replies
Relevance 39.36%

First of all would like to say hi to everyone at Tech Support!

Have been referred to this while using McAfeeHelp, my system is infected with New Malware.j / Generic Downloader.f & Downloader-AYL.

Every time i start my browser, McAfee pops with messages of files infected by the above. It is able to delete files infected by Generic Downloader.f & Downloader-AYL but no the ones by New Malware.j. My system's 'TASK MANAGER' is not working. I get a message that 'Task Manager has been disabled by your administrator'.

Have tried scanning with Spyware Doctor 2.0.1.143 & Ad-Aware SE Personal but of no help. Reading the previous threads, have downloaded HijackThis. Kindly assist, find below the log file of HijackThis.

Logfile of HijackThis v1.99.1
Scan saved at 2:35:07 PM, on 1/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusche... Read more

Answer:Help Removing Trojans: New Malware.j / Generic Downloader.f / Downloader-AYL

Hello parry, and welcome to TSF


Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools,
then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.


Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding.
Please ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this
webpage would not be available when you're carrying out the fix.


IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.

----------------------------------------

The fixes we will use are specific to your problems and should only be used for this issue on this machine.

Please only use this topic to reply to. Do not start another thread.
If any other issues arise let me know.

The process is not instant. Please continue to review my answers until I tell you your machine is clear.
Absence of symptoms does not mean that everything is clear. So lets do this to the end!

Please make every effort to reply to my posts in a timely manner. Malware breeds malware and the longer an infection remains on a system, the more
likely additional infections will result.

----------------------------------------

DOWNLOADS


CLEANUP! version 4.52 ? TEMP... Read more

14 more replies
Relevance 39.36%

Hi, I've tried everything to get rid of this stupid infection! I've tried things from Avast, to Spybot Search and Destroy, to Ewido, to removal tools...It would remove it, but it would always come back. The computer was also infected with this thing called Bestselling Antivirus virus, where I had popups coming up advertising virus protection. It installed some kind of security tool bar. It also put some kind of thing in the tool bar that would blink and say that the computer was infected with a trojan/worm and would popup over and over again, till I finally some how removed both of those infections. Well, at least I think it is removed... The computer though is still infected with this trojan.vundo, Downloader, and Downloader.MisleadApp well, that's what her Symantec antivirus autoprotect says, and it won't go away, no matter what I use. Also, the random popups that keep popping up are annoying (like before, but not as bad)..Any help would be appreciated on here, my sister needs her laptop for school work, but she can't use it because it's all messed up.-------------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:39:27 PM, on 10/21/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\... Read more

Answer:Trojan.vundo, Downloader, Downloader.misleadapp Infection

Sorry for a repost, please don't delete my thread. I really need help getting rid of this infection!!

I see that people are looking at my post, but no replies

It's really annoying and it won't go away, and my sister really needs her laptop for her school work, but can't use it because it keeps acting up.

6 more replies
Relevance 38.54%

i started dealing w/ the popups a week or so ago, my sister was visiting a page for myspace layouts, can't remember the name and clicked on a link when the firewall popped up saying it stopped trojan from downloading. however, that's when the popups started. i ran ad aware, remove it pro 4.1and ran norton antivirus (subscription expired months ago tho). did this several times, sometimes in safe mode, several things were removed including trojans, but the popups remained. mainly they were from outerinfo and winantispyware pro...but there are a lot of others from random websites. i found out how to uninstall outerinfo on their website, and have had no more problems with it, but the others keep coming. also, i noticed under the privacy tab of internet options the settings keep resetting to "accept all cookies". i've changed it to medium-high several times, it keeps resetting. a few times i have received a "buffer runtime error" message and the desktop reloads, sort of acts like the computer restarts but all of the programs stay on the screen.

panda log:


Incident Status Location

Adware:Adware/DnsInsider ... Read more

Answer:popups; Trj/Downloader.OZB, Generic Malware, Trj/Downloader.PCQ

Hello, and Welcome to TSF.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

Once we've gotten a handle on the infection, we'll uninstall Norton (or you should renew the subscription) and get you a free Anti-Virus so the machine is protected. Having an outdated Anti-Virus program is almost like not having one at all.

---------------------------------------------------------------------------------------------
Download this file - http://download.bleepingcomputer.com...a/ComboFix.exe

* IMPORTANT !!! Place combofix.exe on your Desktop


Disconnect from the internet....pull the plug!
Go to -> Run -> paste in the following single line command & click OK

"%userprofile%\desktop\combofix.exe" /killall


Follow the prompts. Type "1" and press Enter to begin the scan.
Your desktop may go blank. ... Read more

19 more replies
Relevance 38.54%

Hi guys,

My AVG anivirus states that my computer is infected with the following 3 viruses:
Dropper.Small.7.AV...Downloader.Small.14.C.....Downloader.Mediket.H.

The Antivirus is unable to get rid of them saying that they are imbedded objects. Can you provide me with any solutions to this problem?. Thanks alot for your time
 

Answer:Help w/Downloader Mediket & Downloader small viruses

Try running a full system scan with AVG after booting in safe mode. If that does not help, please follow the steps below:

- Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

Make sure you check version numbers and get all updates.

- Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.
After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis:

Downloading, Installing, and Running HijackThis

.
 

4 more replies
Relevance 38.54%

If you are a fan of TED and would like to download the inspirational videos, you can do so only one video at a time.
TED Downloader is a freeware that allows you to download multiple videos and more! Features: Ability to Select which videos to Download.Ability to sort the videos by name, by the location they were held in, by the date they took place on and also by the duration of the videos(in case you want to download only videos which are short) while retaining previous selectionsAbility to add a Proxy.Ability to Refresh LinksAbility to Export the Download Paths, if you want to use a different download Manager.A new and better UI which not only allows you to individually select which videos to download but also provides a better indicator of the videos being downloaded and remaining.
Thanks for the heads up Obin Shah. Download Page.

More replies
Relevance 38.13%

Well, its doing a pretty good job. Infected my PC (xp media center) through a bad exe, and now it seems it can slip past full zonealarm lockdown. Cant boot to safe mode, nothing ive used can get rid of it.I have a norton ghost full backup, but it dates back ~3 weeks, and so i'drather not have to go back in time. According to AVG, the backdoor/trojan infected
C:\\Windows\System32\ntswrl32.dll
\ntcvx32.dl

I think there was another one, but i cant get AVG to find them reliably, and nothing else will find them at all. I found no info online. So here I am.

Logfile of HijackThis v1.99.1
Scan saved at 11:05:52 PM, on 9/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgup... Read more

Answer:Backdoor.generic2.slc / Backdoor.small.52.al ?

sorry, that second infected file was C:\\Windows\System32\ntcvx32.dll

11 more replies
Relevance 38.13%

Hello everyone,

my computer has infected by a trojan called backdoor-ceo

my mcafee antivirus alerts me that

file: drivers/etc/svwhost32.exe has infected backdoor-ceo trojan and cleaned...
after i reboot my computer this alert comes back.. in my hjackthis program i can not see that process

does anyone knows how to fix that problem?

Thanks for help
 

Answer:Backdoor problem (Backdoor-ceo) and svwhost32.exe

Have you tried booting to Safe Mode first and then, deleting it in Safe Mode?

how to boot to Safe Mode

http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406

Why don't you make sure you have the most recent version of HijackThis

download it here: http://tomcoyote.org/hjt

Save it to its own folder (maybe create a folder on the desktop called "HijackThis" and save it into there)

Run it, saving the logfile and then post it back here on this thread so we can have a look at it.
Wayne
 

3 more replies
Relevance 38.13%

I have completed everything in the Read & Run Me First.... - TWICE, lol

I just turned off sys Restore before rebooting for 2nd safe mode scan.

I've included all my text files from scans except one. Panda ActiveScan didn't find anything but that was after it had been removed by spyware doctor (it came back though)

Detected on my PC:

Backdoor.Graybird.GEN
Backdoor.Rbot.avm
Downloader.agent.arh
Riskware.Risktool.win32.processor.20

I have tried spyware doctor, ewido adaware, WindowsDefender, a2 free, spybot sd, and the online scans; but Backdoor.Graybird.GEN comes back.

Dell Dimension 8200
2.53 gigahertz Intel Pentium 4, 8, 512
80 gig hd

From System Properties under My Computer
Windows XP Home Edition Service Pack 2 (build 2600)
1.5 GB of RAM

Please help, I can't get rid of this thing on my own. I've even tried rebooting into safe mode 4 straight times removing it a couple times but it still comes back.

Thanks,

Dave
 

Answer:Help with Backdoor.Graybird.GEN & Backdoor.Rbot.avm

BitDefender scan
 

9 more replies
Relevance 38.13%

Hi everyone,

I did a full scan with MalwareBytes which picked up three things:

HKCU\SOFTWARE\CYBER (Backdoor.Trace)
HKCU\Software\Cyber|FirstExecution (Backdoor.Trace)
C:\Users\Shay\AppData\Roaming\Microsoft\Windows Update.exe (Backdoor.Agent)

All were quarantined and deleted successfully. I did a quick scan to follow up and I appear to be clean. However, browsing other topics on this forum led me to believe that this problem is not so easily gotten rid of. I'd appreciate some advice on what I should do, and if a nuke/pave is neccessary.

Thanks,

Invalio

Answer:Backdoor.Trace and Backdoor.Agent

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results hereDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

9 more replies
Relevance 37.72%

Hello, I scanned computer with Kaspersky Antivirus and it finds this trojans:Trojan.Win32.Agent.brboBackdoor.Win32.Hijack.alBackdoor.Win32.Hijack.anBackdoor.Win32.Small.hgiTrojan.Win32.Agent2.ehn It can remove them, but they come back immediatelly after I connect to internet... How I found that something is wrong: within one or two minutes after turning on computer websites start to load extremely slowly. Downloading of large files, which is started before, continues with maximum speed. Only thing that fixes loading of websites is unplugging of network cable for ten seconds and then plugging it back. Then it works fine - for one or two minutes:(---------------------------------------------HijackThis log: (i was unable to complete D.D.S., it only shows command line window for half hour and nothing happens)---------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:07:24, on 1.3.2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Acronis\Schedule2\schedul2.exeC:\Program Files\Kaspersk... Read more

Answer:Unable to remove trojans Backdoor.Win32.Small.hgi, Backdoor.Win32.Hijack.an etc.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for p... Read more

2 more replies
Relevance 37.31%

Hello Tech Support officers,
I scanned and found eXact.downloader (Trojan.downloader). Could you advise how I can get rid of it? I ran HiJactThis and attached the scan log and staruplist log below. Please kindly help me.

Sincerely,
Chuck

Logfile of HijackThis v1.99.0
Scan saved at 6:52:14 PM, on 1/23/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program F... Read more

Answer:eXact.downloader (Trojan.downloader)

Hi and welcome to TSF. Please don't post startup logs we do not request. Thx...

=====

Let's use a program to scan for any trojans that may exist. Download TDS-3. Learn how to use it here. Make sure to update it after you installed it. You can get the manual updates here. When you launch the program, it will scan your memory for running processes. This will take less than 30 seconds. Next go to System Testing on the menu and choose Full System Scan. After that's finished, post the log file by selecting everything on the top pane (select from bottom to top). If any alarms are found, it will be listed in the bottom window. Please copy and paste that here also if it applies.

3 more replies
Relevance 37.31%

Can any of your experts guide me in how to get rid of Trogen and popups that wont go away, I got in touch with Grisoft anti virus and they say those trogens are new I sent 'ntwy.exe' to AVG and they made an update to remove it which worked, however I stupidly deleted 'netat32.exe' before I could send it to AVG, anyway could anybody advice me what to do here???

Logfile of HijackThis v1.97.7
Scan saved at 21:33:44, on 23/06/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\WINDOWS\System32\carpserv.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINDOWS\javabx.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\Kenneth Isaac Smith\My Documents\Ad+spyware remove\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C... Read more

Answer:Help Downloader.Winshow.AN and Downloader.Agent.BF

Hi, I have the same trojans, any luck with removing them?
 

3 more replies
Relevance 37.31%

Norton picks these up as viruses. It appears to delete them. When i go to yahoo mail, it has problems opening up mail, and then tells me that my computer may be infected. It wants me to run some type of scan program. How do I remedy all of this. My virus defs are up to date. This particular time it wants to run "winxdefender". HELP!!
 

Answer:Solved: Downloader and Downloader.MisleadApp

16 more replies
Relevance 36.49%

Hello,My computer is infected with a couple of trojan viruses:- dropper.small.29E- downloader.small.58.K- collected.11.B- downloader.agent.KEB- winfixerI've done the various system scans listed on the preparation guide (i.e. housecall, ad aware, etc.) and appear successful in removing some of the trojan horses (although my only confirmation is that the programs didn't pick it up again on a subsequent scan). I'm not quite sure what else is still infecting my computer other than winfixer, which I have difficulty removing (without purchasing a software at least). Please find below a logfile of my computer's current state from hijackthis. If someone can advise me as to what I should manipulate, it will be greatly appreciated!Thank you very much in advance!Candy-----------------Logfile starts-----------------------------------Logfile of HijackThis v1.99.1Scan saved at 9:54:17 PM, on 04/17/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system3... Read more

Answer:Infected With Dropper.small.29e/ Downloader.small.58.k/ Collected.11.b/ Downloader.agent.keb/ Winfixer

Hello tintong and welcome to BC My name is SNOWHITE and I will be helping you with your Malware problem.As I am still in training I will be helping you under supervision of our expert teachers, so there may be a delay between posts. I will be analyzing your log now, and be back with you as soon as possible!Regards,

24 more replies
Relevance 36.08%

Symantec Anti-Virus and Spy Sweeper keep appearing stating that the Downloader Trojan Horse or Trojan-Downloader.gen has been quarantined. Symantec rates it very low and Spy Sweeper rates it very high as far as risk level.
I scanned my computer with Spy Hunter, Spy Sweeper, Symantec Anti-Virus (in safe mode) and Trojan Remover, all with the latest definitions. No trojans or other problems found.

If you go to www.artray.com/quarantine, there are three .bmp files there that you can save to your computer that show the quarantined items and names together with the location they keep appearing in, which is c:\winnt\temp

Can someone please help me remove these trojans. I am on a pc running Windows 2000.

Bob
Email is ptaker at gmail dot com
===========================================================================================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:09:41 PM, on 3/7/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\... Read more

Answer:Popup Warning of Quarantine for Downloader Trojan Horse or Trojan-Downloader.gen

Additional Information 3/10/2008 with Deckard's System Scanner
Deckard's System Scanner v20071014.68
Run by Administrator on 2008-03-10 15:33:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:34:25 PM, on 3/10/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Conversions Plus\FORMATM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$ICV\Binn\sqlservr.exe
C:\Program Files\NovaStor\NovaBACKUP\NMSAccessU.exe
C:\Program Files\NovaStor\NovaBACKUP\NSENGINE.exe
C:\WINNT\system32\nvsvc32.exe
C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\... Read more

2 more replies
Relevance 36.08%

Here is my HiJack This log..I need help!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:36:54 AM, on 7/18/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\acs.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\WINDOWS\system32\cisvc.exeC:\WINDOWS\system32\E_S00RP1.EXEC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\HPZipm12.exec:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exeC:\WINDOWS\RTHDCPL.EXEC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\WINDOWS\system32\igfxsrvc.exeC:\Program Files\Browser MOUSE\mouse32a.exeC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\Program Files\Java\jre1.6.0_06\... Read more

Answer:Trojan Downloader.purity.y Trojan, Downloader Generic 7.zkr And Someother Variations

Hello Anne Arp and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is complete... Read more

2 more replies
Relevance 35.26%

Hi, a couple months ago y'all helped me remove some particularly vicious malware from my computer, and it has been awesome since then! As part of that, I installed the free version of Avira on the computer. In the last couple weeks Avira has been decting "BDS/Backdoor.Gen - Backdoor Server" and the warning has been popping up on my computer about once an hour. Is there a way I can get rid of this??

Thanks (again)!

Spencer

More replies
Relevance 34.85%

Computer has been shutting down randomly and not letting me run Norton 360.
Went to safe mode and ran Kaspersky and found 2 problems supposedly:
trojan-downloader.java.agent.f also trojan-downloader.getcodec.n
I cannot find any info to get rid of these. In safe mode I ran updated Norton 360,
Malwarebytes AMWare, Trend Micro Housecall and Absolute systemcare. All found
nothing. What should I do? Older system (2000) running XP pro.
Thanks Bruce

Answer:trojan-downloader.java.agent.f also trojan-downloader.getcodec.n

When the computer shuts down do you get a blue screen error message?

30 more replies
Relevance 34.85%

IE is running slow and the URL redirects my requests to alternative web sites.
My previous restore points were infected as well.
AVG scan: (This has not eliminated the infection)
Healed;"High";"Trojan horse Downloader.Generic13.CAM";"C:\Windows\System32\svchost.exe (1212)";"Secured"
Healed;"High";"Trojan horse Downloader.Generic25.BCBS";"C:\Windows\System32\svchost.exe (1212)";"Secured"

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Enterprise
Boot Device: \Device\HarddiskVolume1
Install Date: 11/30/2011 11:22:03 AM
System Uptime: 11/29/2012 1:33:22 PM (5 hours ago)
.
Motherboard: Hewlett-Packard | | 30DC
Processor: Intel® Core™2 Duo CPU T9400 @ 2.53GHz | Intel® Genuine processor | 785/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 118.9 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 932 GiB total, 855.436 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP135: 11/28/2012 8:14:20 PM - Installed AVG PC TuneUp
.
==== Installed Programs ======================
.
2007 Microsoft Office Suite Service Pack 2 (SP2)
4500_G510gm_Help
4500G510gm
4500G510gm_Software_Min
64 Bit HP CIO Components Installer
Adobe AIR
Adobe Flash Player 11 ActiveX
Adob... Read more

Answer:Trojan downloader.generic13.CAM & Trojan downloader.generic25.BCBS

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top o... Read more

13 more replies
Relevance 34.44%

I have Downloader.MDW and Downloader.USY on my computer that I can't seem to get rid of. I've tried Adaware and Spybot and AVG keeps failing to install. I used the Panda online checker and it said it removed them both but they're still here. Anyway I'm fresh out of ideas and can't seem to find any definite way to get rid of them.IEXPLORE.EXE keeps popping up with random ads and my computer randomly makes noises.Up until this happened I let friends use my computer when I was at work/away. No more of that.Here's my HJT log. It doesn't show IEXPLORE.EXE on but I had just rebooted so maybe it hasn't gone into "annoy everyone" mode yet.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:11, on 10-15-2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Anti-Virus\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Windows Live\Messenger\msnmsgr.exeC:\WINDOWS\system32\spoolsv.... Read more

Answer:Infected with Downloader.MDW;Downloader.USY

Hi,I understand that you need help in order to get rid of the malware that is present on your system - But you need to help us first..I notice that you never scanned with an Antivirus previously before starting this thread - because you don't even have an Antivirus installed!This is somewhat suicidal in today's digital world.That's why I want you to install one first!!* Please install Avira Antivirus: http://www.free-av.com/This is a free Antivirus.Perform a full scan with Avira and let it delete everything it is finding.Then reboot.After reboot, open your Avira and select "reports".There doubleclick the report from the Full scan you have done. Click the "Report File" button and copy and paste this report in your next reply together with a new HijackThislog.Then we'll start from there, because it really makes no sense otherwise that we clean this up manually if an Antivirusscan is not present which should be able to deal with most and prevent further reinfection.

4 more replies
Relevance 34.44%

I'm using Windows XP, and I keep getting these messages from McAfee that it's blocking the downloader bfc and bea viruses. I'm pretty much ready to pull my hair out, especially since I just got rid of the vundo virus (I think, I hope). I haven't found much on the removal of the 2, and I'm not all that computer savvy, so if someone could help, it would be greatly appreciated.
 

Answer:Downloader bea, and Downloader bfc removal help.

Anybody at all?
 

3 more replies
Relevance 33.62%

I have an annoying little pop-up telling me that I am infected with the PSW.X-Vir trojan and when I ran BIT SCAN it said that it detected the following Viruses
Trojan. Downloader. VB.AWJ
Trojan.Downloader.Zlob.ZWU
I really don't know what I am doing here, HELP!
 

Answer:Trojan.Downloader.VB.AWJ and Trojan.Downloader.Zlob.ZWU detected

Click here to download HJTsetup.exe:

http://www.thespykiller.co.uk/index.php?action=tpmod;dl=item5

Scroll down to the download section where the download button is

Save HJTsetup.exe to your desktop.

Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
 

1 more replies
Relevance 33.62%

Hello,Here's what going on with my computer. It's very slow. I mean like sometimes 5-10 minutes before my homepage comes up.And when I close out a window, it closes slowly like pulling down a window shade,sometimes it takes 4-5 minutes before the window even closes. Also, I ran spybot, SuperAntispyware, and Adaware and nothing was found. AVG found the two Trojanhorse's mentioned in the topic title, and they are in the virus vault and AVG states that they are not healable and that they are backup copies. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:32:49 AM, on 9/13/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\WINDOWS\system32\cisvc.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\hkcmd.exeC:\Program Files\Intel\Modem Event Monitor\IntelMEM.exeC:\Program Files\Common Files\Dell\EUSW\Support.exeC:&#... Read more

Answer:Trojanhorse Downloader.zlob.jm And Trojanhorse Downloader Generic5.pio

Welcome to the BleepingComputer HijackThis Logs and Analysis forum gman My name is Richie and i'll be helping you to fix your problems.Download Combofix and save to your desktop:Note: It is important that it is saved directly to your desktop Close any open browsers. Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the entire contents of C:\ComboFix.txt into your next reply. Note: Do not mouseclick combofix's window while it's running. That may cause the program to freeze/hang. Do NOT post the ComboFix-quarantined-files.txt unless I ask.Download SmitfraudFix (by S!Ri), to your desktop.Double click on Smitfraudfix.cmdSelect option 1 ? Search, by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy and paste the content of that report into your next reply.*IMPORTANT* Do NOT run any other options until you are asked to do so!Also post a new Hijackthis log please.

5 more replies