Computer Support Forum

Norton said found Trojan Horse detected on Windows XP lost part of windows!!!!

Question: Norton said found Trojan Horse detected on Windows XP lost part of windows!!!!

I had Avast on my xp. It was down for a few months 1) It was running exceptionally slow at the time, 2) when I went to clean it out I forgot about the processor goo that I needed to reattach the heat sync to the processor 3) Avast kept popping up with a message that my computer didn't update. when I got it back together with the processor goo and plugged in set up it still ran really slow did a boot scan with Avast and it said I had like 35 viruses and started deleting things in system folder! I stopped it. got windows back up and tried to uninstall avast. DID NOT HAVE AN UNINSTALL PROGRAM!! went to avast and downloaded the uninstall program. then  I found out that there is a virus that shadows Avast! so I installed  Norton. After installing Norton provided by my ISP did a scan and norton detected a trojan horse in big bold letters. don't know what it deleted, but now half of my system is gone, I can't reinstall windows because I never got a disk, and since the computer is much older I cannot install win 7 on it until I upgrade some of the hardware. yet I do have an activation code for windows. everything that is on the computer is infected including malware bytes.(which I downloaded after finding out I had a virus) I am messaging on my new computer that I am almost positive is not infected. (I say almost because I think my husbands computer may have a virus on it too, and we are connected to a wireless network also I have a usb flash drive that I used on both our computers.)  can someone please give me some advice or help as to what to do for this problem? 
 
Thank you in advanced you are an inspiration to the entire computing community!!!
 
BTW my computer and my husbands computer are both running win 7 the only one running win xp is the desktop.

Relevance 100%
Preferred Solution: Norton said found Trojan Horse detected on Windows XP lost part of windows!!!!

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Norton said found Trojan Horse detected on Windows XP lost part of windows!!!!

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/511998 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.Please do this even if you have previously posted logs for us.If you were unable to produce the logs originally please try once more.If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available. Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.
Thank you for your patience, and again sorry for the delay.
***************************************************
We need to see some information about what is happening in your machine. Please perform the following scan again: Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.DDS.com Download LinkDouble click on the DDS icon, allow it to run. A small box will open, with an explanation about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that pop up for posting the results. Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control can be found HERE.As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

2 more replies
Relevance 91.02%

Trying to sort through some problems on my father-in-laws pc running 2000 professional and I am visiting and here only once a year. Three Norton issues:

Norton Internet Security 2006 shows a trojan horse C:\WINNT\system32\delttsul.exe
It says access denied and can't delete it. I have read up on it on the Norton site and I am going to make a registry backup and then follow Norton's instructions to get rid of it.
Any problem/suggestions concerning me doing this?

Norton also gets a message during live update. : security update 1 of 1 failed LU1801.
Is this related to the trojan horse or another issue? All other updates seem to be ok and virus definitions are up to date.

When I run system scan and then tick full system scan, the scan is short and only scans 676 files and it used to scan thousands so I know this is wrong...what is up?,,trojan horse again?

Any suggestions appreciated.

To site administrator, sorry, I previously posted this in the all other software forum by mistake so I re-posted it here.
 

Answer:trojan horse found by Norton/failed update LU1801/scan problem Norton

16 more replies
Relevance 87.74%

I have tried Adaware, Spybot, Stinger, And the instruction from Symantec and I wont go away,,,, Any Ideas would be great!!
 

Answer:Norton has detected Trojan Horse on hosts file

Closing duplicate thread, Continue here:
http://forums.techguy.org/showthread.php?t=252379
 

1 more replies
Relevance 86.51%

Norton Corporate edition has found the wimad trojan horse on my computer. The problem is Norton can't do anything with it (sucks). So I downloaded Trojan Remover 6.5.0 to help resolve the problem but I'm not sure if it did or not. I run the scan and there is one particular file " C:\windows\system32\??od32.exe" that it can't do anything with. Now I don't know if this is something needed or not. I need help guys or gals.

Now I have Windows XP service pack 2, and I use spyware blaster, Ad-aware SE Personal, Spyware blaster, spybot search and destroy, Trojan Remover and finally Norton antivirus Corporate edition (sucks) .

Any help is appreciated.

Answer:Norton Found The Wimad Trojan Horse, Need Help

Hello atapp21,Try the following..Please download Ewido anti-spyware 4; it is a 30 day trial version of the program.Install ewido security suiteEwido will automatically run at the end.The program will now open to the main screen.When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.You will need to update ewido to the latest definition files.On the top row of the main screen click update.Then click on "Start Update".The update will start and a progress bar will show the updates being installed.
(the status bar at the top will display ("Update successful")If you are having problems with the updater, you can use this link to manually update ewido.ewido manual updatesDon't run it yet.Reboot into SAFE MODEBy pressing the F8 key right when Windows starts, usually right after you hear your computer beep when you reboot it (some versions of windows will display 'Starting Windows' with a grey progress bar) you will be brought to a menu where you can choose to boot into safe mode. Open Ewido anti-malware Click on the scanner button in the top row.Click Complete System Scan and the scan will begin.If you have any infections you will prompted, then select "Apply all actions"Next select the "Reports" icon at the top.Select the "Save report as" button in the lower left hand of the screen.Save the report to your desktop.Close EwidoPlease reboot back to normal mode and the ewido log you previously save to your de... Read more

5 more replies
Relevance 85.69%

I have scanned several times with Norton AV and I get 2 Trojan Horses (no name given) that are "high" level of risk. Also get 1 Adware (medium level risk)..all 3 cannot remove. This has led to slower computer I believe and freeze ups. I am constantly rebooting to "unfreeze". Thanks for any help. <<EMAIL REMOVED>>
DDS (Ver_09-10-26.01) - NTFSx86
Run by Barry Yunes at 16:04:07.20 on Wed 11/18/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.332 [GMT 8:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUp... Read more

Answer:2 Trojan Horse Virus and 1 Adware found by Norton AV

Hello,We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up.My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if youwould let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Then please post back here with the following: log.txt info.txtThanks

2 more replies
Relevance 82.41%

Thanks in advance for your help! You all are so awesome!

I have Windows Vista and run Avast antivirus software. I found trojan horse JS:Agent-Q on my computer in what appeared to be a porn file. I don't go to porn sites so I guess I've been hoaxed for lack of a better term. Please help me to get rid of it. This is a brand new computer and I use it for my work.

I might add here that I've already downloaded these software programs, (prompted by another thread) but was afraid to run them without someone's help:
AVG Anti-Spyware v7.5
Panda's ActiveScan
ComboFix
The Avenger

Here's the Hijack This logfile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:47:04 PM, on 10/16/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\CNYHKey.exe
C:\Windows\ModLEDKey.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\MySurvey Messenger\MySurveyMessenger.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windo... Read more

More replies
Relevance 82.41%

Hi! I'm running a PC with Windows XP, and have Zone Alarm, NAV 2002 and AVG Viruschecker running. AVG found this Trojan Horse, and "Healed" the file, but keeps repeating the message "Virus Trojan Horse Downloader, Turown A is found in file c:\system Volume Information\_restore.....To remove this virus, please run AVG for Windows". The first time I ran AVG I got the log file response that the file had been healed, but the message keeps popping up! I tried running a PCA provided fix for the registry called Trojfix.reg that updates the registry by one increment after the file has been removed (healed) but this has made no difference. What is going on here?

Answer:AVG for Windows has found Trojan Horse "Turown A"

Did you disable system restore before using the antivirus program and the provided fix for the registry ?

6 more replies
Relevance 82%

My friend's computer became very slow a couple of weeks ago.
After looking at it for a few days and installing and unistalling software and/or programs, her workmate told  that her computer had been infected with a virus and that he had cleaned it, but since it was still slow, he would need to reformat the C: drive. She dropped off the laptop with me for help.
 
The OS is Windows 7 Starter, Version 6.1 (Build 7601: Service Pack1)
 
There were some missing drivers, which I installed from the official Toshiba site.  I updated Windows, but it is still slow. It takes ages to start or shut down any program.
 
I then installed free AVG 2014 and scanned it. The virus vault lists the following:
 
faXcooL.exe
 
3 Trojan horses BackDoor.Generic_c.LPW, a corrupted executable file. Should I delete these from the vault?
 
MBAM picks up nothing.
 
Please help.

Answer:Windows 7, Slow, Trojan horse BackDoor.Generic_c.LPW detected by AVG 2014

Since you found this for some time after it had been on the computer, then it is advisable to do a clean reinstall of
Windows OS. That's what any expert in malware would tell you. Backdoors do a lot of damage and there is no guarantee to find
and fix the damage that allows remote access to computer.
 
You should let the owner know that all personal info on that computer has been compromised including financial passwords
etc. If the owner does banking on that computer the owner should notify the owner's bank.
 
It is possible to backup/ save documents, pictures, etc. before doing the clean reinstall.

1 more replies
Relevance 81.59%

Hello!

This is my first post so bear with me. I am helping a friend with a serious virus problem.
Her operating system is Windows XP Home. She was using AVG antivirus protection. She kept getting antivirus messages about several different Trojan viruses. I installed a Norton Internet Security 2004 software and did a scan. It deleted 20 infections and 6 were quarantined. There was another 6 that we were to either choose to exclude in the next scan or skip. We chose exclude since we just were not sure what to do. We then got the message that there were still more viruses on the computer. The six we excluded were in files for Zango and Netscape. I reluctantly went into the registry and deleted any files related to those names. Also deleted Openme.exe file that I read was connected to the Trojan Horse virus.
At this point the only Norton message I was for Trojan Horse in the file C:\Windows\System32\ssqro.dll and it could not help with it.
I started another scan and at 72,000 files I had 2 viruses detected and 1 fixed. I was probably opening up to many other things at the same time and it locked up. I decided to
let it rest and myself.
Now I'm home and looking for some advise on how to deal with this Trojan Horse problem.
Can you please help?
Thanks much,
Putergal
 

Answer:Trojan Horse found in C:\Windows\System32\ssqro.dll

10 more replies
Relevance 80.77%

i have windows 98 se i ran norton anti virus and it detected the trojan horse,
says it can't be removed or quarrantined.. i haven't ran this in a long time, i have been having problems with all these windows opening in the bottom of my screen with nothing in them and i have to close them out they never pop up and say anything?.... and to let you know i downloaded directx a few weeks ago and now i get this fatal exception OE error. probably two different things. i ran spybot search and destory and it didn't detect the virus. how can i get rid of it and should i get rid of directx?
 

Answer:windows 98se norton detecs trojan horse can't be removed or quarantined

14 more replies
Relevance 79.13%

i have his trojan cannot find it.

c:\windows\fixcamera.exe

it will not remove or even be detected by shaw security centre.

i have windows vista and do have firewall.

relatively computer competent i have removed trojans before but i can't find this one!

please help.

janet
 

More replies
Relevance 79.13%

Hi everyone

I'm having a few problems with my wife's laptop, after finding a few trojans in the temp folder then having AVG tell me the infection was no longer there when told to heal/remove.

I cleared all my temp folders via the control panel clean up, then cleaned up via Spybot, and then ran AVG scan a couple of times yesterday and here are the results

First Scan, December 5 2011
Two infections found
infection 1
"Object name";"C:\WINDOWS\system32\DRIVERS\mrxsmb.sys"
"Detection name";"Trojan horse BackDoor.Generic14.CACY"
"Result";"Object is white-listed (critical/system file that should not be removed)"

infection 2
"Object name";"C:\WINDOWS\system32\drivers\mrxsmb.sys"
"Detection name";"Trojan horse BackDoor.Generic14.CACY"
"Result";"Object is white-listed (critical/system file that should not be removed)"
Second Scan December 5 2011
One infection found
"Object name";"C:\WINDOWS\system32\drivers\mrxsmb.sys"
"Detection name";"Trojan horse BackDoor.Generic14.CACY"
"Result";"Object is white-listed (critical/system file that should not be removed)"
First Scan Today December 6 2011
One infection found
"Object name";"C:\WINDOWS\system32\drivers\mrxsmb.sys"
"Detection name";"... Read more

Answer:"Detection name";"Trojan horse BackDoor.Generic14.CACY" found in "Object name";"C:\WINDOWS...

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

1 more replies
Relevance 79.13%

Hello

I am in dire need of technical help. My system performance has been very slow.
My virtual memory is always low and the AVG detects the viruses namely
C:/windows/system23/cmcfg3.dll and Trojan Horse Downloader Delf.12.AN but
cannot heal or remove them. I am getting virus detected pop ups whenever I
launch the Internet Explorer. The following process names are infected:
1. C:/Windows/Explorer.exe
2. C:/Program Files/Internet Explorer/Iexplorer.exe

It takes a long time to boot up my system. Everytime it boots up, the time and date
resets to 10 AM 09/05/2020. I believe that there are a lot of applications that are
automatically loaded but I rarely need. Most of the time, I will be getting a message
of low virtual memory and sometimes out of memory. And during shut down, it takes
half an hour or more to complete it.

I am attaching the HJT log of my personal laptop that I ran last 05/15/09. If you need
me to run it again or use the DSS program then kindly inform me. Thank you in advance.

Regards

mhoji

Answer:Virus Found: C:/windows/system32/cmcfg3.dll and Trojan horse downloader delf.12.an

Hello and welcome to the BleepingComputer.com! In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Please post back and let me know if you're still experiencing problems and post the logs from RSIT:Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)regards _temp_

17 more replies
Relevance 78.31%

Hi, I have a trojan horse which AVG can't heal or place in the virus vault, located in the c:/programs/winad client folder and I am not sure if I should try to delete the c:/programs/winad client folder, which contains the trojan horse, because it appears to be an installed program that needs to be gotten rid of via uninstalling; the program shows as available under the control panel's ad/remove programs, but when I try to remove it, AVG free asks me if I want to enable access [and I don't want to say yes for fear of it setting the trojan horse in motion. So when I say no, the program won't uninstall.] I did run Adaware as well as Spybot, the most recent, up-to-date versions, and fixed whatever came up, and have now run HJT, so here is my log-file, if anyone can help, it is much appreciated. Thanks! :)

Logfile of HijackThis v1.98.2
Scan saved at 12:59:32 PM, on 9/13/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MSGLOOP.EXE
C:\WINDOWS\SYSTEM\MSG32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\PROGRAM FILES\CREATIVE\SBAUDIGY LS\SURROUND MIXER\CTSYSVOL.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTI... Read more

Answer:Trojan horse found in windows '98SE c:programs/winad client - can not heal or vault

Hi, I posted this yesterday, early, and now, a day and a half later, I am looking for a response. If anyone knows how I can get rid of the trojan horse on my system, please view my logfiles and assist, thank you so much! :)

2 more replies
Relevance 71.75%

Below is the rest of my Hijack this logfileC:\WINDOWS\SYSTEM\MSDXM.OCXO4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVG7\AVGCC.EXE /STARTUPO4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVG7\AVGEMC.EXEO4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVG7\AVGAMSVR.EXEO4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorunO4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exeO4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -sO4 - HKLM\..\Run: [SystemTray] SysTray.ExeO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrSchemeO4 - HKLM\..\Run: [Hidserv] Hidserv.exe runO4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottimeO4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrSchemeO4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exeO4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exeO4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /backgroundO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_07\BIN\SSV.DLLO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_07\BIN\SSV.DLLO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - click hereO16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - click hereO16 - DPF: {CE2... Read more

Answer:I had a Trojan Horse, am I now clean? Part B

Hi, I have only had time for a quick look but donot like the look of this entry,O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorunIf you have not used SAS Superantispyware I would recommend you do,Download SAS and check for any updates,Then restart your computer into safe mode,That is repeat pressing of the F8 key on the restartDo a full scan with SAS,Let us know the results The FREE version click heremfletch

1 more replies
Relevance 71.75%

Hi,I had a trojan horse AdSpy.TTC and deleted it with my Spybot program.I would so greatly appreciate your help on what I can rid my system of, if anything nasty remains.Because of the word limit I have posted this (Part A) and (Part B) which includes my Logfile of Hijack this.Thank you so much,James Peter WatsonPart ALogfile of HijackThis v1.99.1Scan saved at 12:34:49 AM, on 4/01/2008Platform: Windows ME (Win9x 4.90.3000)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\SYSTEM\KERNEL32.DLLC:\WINDOWS\SYSTEM\MSGSRV32.EXEC:\WINDOWS\SYSTEM\SPOOL32.EXEC:\WINDOWS\SYSTEM\MPREXE.EXEC:\WINDOWS\SYSTEM\MSTASK.EXEC:\WINDOWS\SYSTEM\mmtask.tskC:\WINDOWS\EXPLORER.EXEC:\WINDOWS\SYSTEM\RESTORE\STMGR.EXEC:\PROGRAM FILES\GRISOFT\AVG7\AVGCC.EXEC:\PROGRAM FILES\GRISOFT\AVG7\AVGEMC.EXEC:\PROGRAM FILES\GRISOFT\AVG7\AVGAMSVR.EXEC:\WINDOWS\TASKMON.EXEC:\WINDOWS\SYSTEM\SYSTRAY.EXEC:\WINDOWS\SYSTEM\QTTASK.EXEC:\WINDOWS\SYSTEM\HIDSERV.EXEC:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXEC:\WINDOWS\SYSTEM\WMIEXE.EXEC:\WINDOWS\SYSTEM\STIMON.EXEC:\PROGRAM FILES\GRISOFT\AVG7\AVGWB.DATC:\WINDOWS\SYSTEM\RNAAPP.EXEC:\WINDOWS\SYSTEM\TAPISRV.EXEC:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXEC:\PROGRAM FILES\MSN APPS\UPDATER\01.03.0000.1005\EN-NZ\MSNAPPAU.EXEC:\WINDOWS\SYSTEM\DDHELP.EXEC:\WINDOWS\DESKTOP\HIJACKTHIS.EXER0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = click hereR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!... Read more

Answer:I had a trojan horse, am I now clean? Part A

For a quick check you could post your HJT logfile here click here or here click here.And for more detailed help you could ask click here or here click here. I know there is a lot of good advice in this forum but the people who specialise may well provide a quicker response.

1 more replies
Relevance 70.52%

I used to think that I knew quite a bit about how to properly maintain a healthy computer. But that was until my laptop became infested with these trojans and whatever else they are. It started out with a couple notifications from my AVG and this was not out of the ordinary. My internet started acting up and booting me offline every 30 minutes or so. Then the websites that I was trying to look at were "redirected" to http://bts.scour.com/index.html?3. I thought I'd be smart and block bts.scour.com in my Internet Options but it simply chose another route. So I blocked that site. Then it sent in another reroute site. These sites remind me of popups or those annoying "scan your computer for faster service" sites. Y'know the ones that would entice you to scan your computer and make you believe there was something wrong with your computer, but there wasn't.(that is until you scanned with their program and it would take control of your computer at the worst of times.) The Trojan Horse Back Door Generic 15 made its entrance right after the "bt.scour" did. AVG 's only option was to ignore it, but I still wasnt worried.Everytime I blocked at redirect, the more intense the attack on my computer became. I gradually lost control of my computer. When I thought I should check Windows firewall, it was to late for any security measures. It was turned off and when I tried to turn it back on, it would give me an error(0x8000ffff). It wou... Read more

Answer:HELP!! UNINVITED GUESTS: Lune.Sirefef.A,Trojan horse Patched_C.LYU, Trojan horse Generic_r,Trojan horse Back Door Gener...

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the ... Read more

13 more replies
Relevance 70.11%

Hi,

I saw that my automatic updates was not on but when I try to turn it on in the system it stay off. I am also getting pop ups asking me to download varuious virus proctection/scan software. When I re booted my machine AVG found the following

Trojan Horse Genericll.AKAA,
Trojan Horse Vundo.t
Virus found - win32/heur

Any help would be most apprecited. I have noted my log file below. I have run the panda scan but can not seem to attch it to this email.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:07:21, on 30/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\P... Read more

Answer:Trogan Horse Genericll.Akaa - Trojan Horse - Vundo.T, several pop ups and Windows Aup

Bump, Please help

9 more replies
Relevance 68.06%

hello.
my laptop detected a trojan horse virus this morning. symantec has cleaned the virus but the start up of my windows vista is really slow. below is the hijact this log.
thannks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:59:36 PM, on 7/5/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Mai... Read more

More replies
Relevance 68.06%

**This is possibly a double post, the forums were acting strange when I posted the first time - if that is the case then this is the correct post***Hello,I am a new IT guy in a small non-profit company and we are running a Windows XP on our domain.Ever since I have started this computer has been performing slowly. It is a newer PC (relatively speaking, for non-profit new means < 5 years old), Symantec Endpoint Protection won't update regularily, the computer is running very slowly and if I run Hitman Pro it comes up with hits but Symantec throws an error which says access is denied. The 80 gig hard drive is almost (~70 gigs full, but using Treesize doesn't show what the space is being take up by. Normally we have about 15 gigs being used as not much data is stored on the machines. I have tried Malware Bytes and Hitman Pro to see if I can detect the problem.When scanning the following alert comes up from Symantec:Scan type: Auto-Protect ScanEvent: Security Risk Found!Security risk detected: Trojan HorseFile: C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\xfer\4b8c0db8.tmpLocation: QuarantineComputer: **********User: AdministratorAction taken: Quarantine succeeded : Access deniedDate found: Wednesday, April 21, 2010 09:24:17 AMThe files the scans find are C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Antivirus Corporat... Read more

Answer:Trojan Horse Detected

This problem has been resolved and this thread can be removed.Thank you for anyone who had looked into it.

2 more replies
Relevance 68.06%

Hello,
I keep getting error messages about a trjoan horse being found. Please help by reviewing the JT below....
Thank you very much!

Logfile of HijackThis v1.98.2
Scan saved at 19:46:40, on 18/10/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Barak013\fts.exe
C:\Program Files\Winamp3\winampa.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\cisvc.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\cidaemon.exe
C:\PROGRA~1\Grisoft\AVG6\AVGCC32.EXE
C:\Program Files\Grisoft\AVG6\avgw.exe
D:\&#1497;&a... Read more

Answer:Trojan horse detected

Please download and run the following programs:

AD-AWARE

Go here: http://www.lavasoftusa.com/support/download/
and download Ad-Aware SE Personal

Install the program and launch it.

First, in the bottom right-hand corner of the main window click on Check for updates now then click Connect and download the latest reference files.

Then, in the main window: Click Start and under Select a scan Mode tick Perform full system scan.

Then, deselect Search for negligible risk entries.

To start the scan, click the Next button.

When the scan is finished mark everything for removal and get rid of it. (Right-click the window and choose select all from the drop down menu and then click Next)

Restart your computer.

SPYBOT SEARCH & DESTROY

http://majorgeeks.com/download2471.html

Open Spybot Search & Destroy (Click Start, Programs, Spybot S&D (Advanced Mode). Click online, Search for updates, Download all available updates. Close all Browser windows, Click ''Check for Problems''. Anything that needs to be fixed it will show in red and have a green check in the box to the left. Click ''Fix Selected Problems'', Then restart your computer.

Then, after rebooting, please post another log and we’ll see what’s left to get rid of.
 

3 more replies
Relevance 68.06%

Hello. My AVG just gave me a warning that I have winupdate4181470[1].exe Trojan. I had AVG Heal it and now it is in my Vault. I also got a warning that I had winupdate49576881[1].exe. Both of these were found in my Temp Internet Folder. AVG labeled them as Trojan Horse Drop.Small.18.av

Does anyone know anything about these? Should I delete the from my vault? Thanks.

Answer:Help. [1].exe Trojan horse detected?

if AVG healed it, then its ok.

5 more replies
Relevance 68.06%

After being on the net recently I started getting infection notices from my virus protectionI have a Gateway GT5040, .99GB RAM,Pentium D 2.8GHzOS Windows XP, Media Center Version 2002, SP3This is a home computerAttached are all the scan logs as requestedFurther info added at 7:36I do have AVGThe warnings seem to occur when I startup the PC and when I log onto the netThreat detected File name  C\:WINDOWS\system32\drivers\ws2_32sik.sys    and others similarThreat name   Trojan horse Rookit-agent.CWSome threats I can heal or move to the vault and some indicate they cannot be healedCan you help?  Regards DougSUPERAntiSpyware Scan Loghttp://www.superantispyware.comGenerated 04/05/2009 at 01:03 PMApplication Version : 4.26.1000Core Rules Database Version : 3829Trace Rules Database Version: 1785Scan type       : Complete ScanTotal Scan Time : 01:17:14Memory items scanned      : 576Memory threats detected   : 0Registry items scanned    : 6140Registry threats detected : 0File items scanned        : 94770File threats detected     : 0Malwarebytes' Anti-Malware 1.35Database version: 1940Windows 5.1.2600 Service Pack 305/04/2009 1:19:10 PMmbam-log-2009-04-05 (13-19-10).txtScan type: Quick ScanObjects scanned: 76902Time elapsed: 3 minute(s), 40 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 6Registry Values Infected: 0Registry ... Read more

Answer:trojan horse detected

your hearts toolbar looks like spyware go to below and read                                                          http://www.anti-spyware-101.com/remove-100freeheartstoolbar http://www.enigmasoftware.com/support/100freeheartstoolbar-removal/you might also be asked to remove uniblue but wait for an expert to tell you , i'm only trying to help , harry

7 more replies
Relevance 68.06%

Some Time Back My System Is Detected With Trojan Horse By Avg.
Everytime I Start The System It Stopped Startup Programs From Loading. After Resetting The System For 2 To 3 Times They Used To Load. And Now They Stopped Permanently And Even No Otehr Program Is Working. When I Try To Run An Exe File It Opens Openwith Dialog Box. And When I Try To Open A Shortcut It Shows Error Message Application Not Found. I Am Unable To Run Antivirus Also. But The Programs Are Abe To Run Through Command Prompt. My Os Is Xp. Kindly Help

Answer:Trojan Horse Detected

you don't say if you have got rid of the trojan horse. If you have not, or you are not sure, your first port of call should be the Hijack This forum, they have a 5 step program to go through.
If you are absolutely sure the trojan horse is gone, I think you should post your system specs here.

1 more replies
Relevance 68.06%

Have installed and been running happily ACT Proffesional on my desktop for many months with Zonealarms full Internet security suite ........ i have recently purchased a laptop c/w a trial perios Norton anti virus and installed the ACT software on the laptop when launching ACT on the Laptop Norton is advising that it is blocking a Gatecrsher Trojan horse ..... Why is norton detecting this and not Zonealarm ...... Is it harmful?......... Can i remove it?

Answer:Trojan Horse detected

If you have broadband, give your laptop a scan with this online service; click hereWhat antivirus software do you have on the desktop machine? Does the ZA security suite come with it's own?

10 more replies
Relevance 68.06%

I am running AVG antivirus and it has detected a trojan horse. It recommends 'move to vault' but will not let me. Is there a freeware program to delete this?

Answer:Trojan horse detected.How do i get rid

what trojan is it?

2 more replies
Relevance 68.06%

Hey
So about 2 weeks ago I was on Tumblr, and the Moneypak Met. Police Virus Page thing came up asking me to pay £100 so I knew it was a virus, I deleted my blog instantly. I system restored my laptop, did a virus scan with AVG and the trojan was moved to the vault.I then did regular whole computer scans with AVG and did some recently with malwarebytes, and nothing was detected. I thought that my laptop was fine because of this.
However, tonight, I can't remember what page it was, but SSL Security Certificate perhaps? Something about the websites security certificate not being recognised OR that I was under attack by hackers? SO, this lead me to believe that perhaps my laptop still had a trojan or something so I went into safe mode and did a quick scan with malware bytes, and nothing was detected. HOWEVER, with AVG, pretty much every single file is coming up as "Locked File. Not tested.". Just now a notification came up "AVG Command Line Scanning Utility has stopped working."  I honestly don't know what to do, I recently purchased items online on that computer and don't want my bank details or personal details (Facebook) to be known. I don't know what to do? How do I get rid of it?
Please help me.

Answer:Trojan Horse - not being detected.

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/523318 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

2 more replies
Relevance 68.06%

Tonight while trying to open an internet shortcut my AVG notified me that the shortcut had a trojan horse. I quarantined it and have no signs of trouble. My question is how did I get it? Where did it come from? Why did it attach itself to a shortcut? Why didn't my Comodo firewall stop it? I'm totally paranoid now. Any feedback would be appreciated.

Answer:Trojan Horse Detected

Here is some reading material:So how did I get infected in the first place?

1 more replies
Relevance 68.06%

Hi,

First of all, Happy Thanksgiving and Happy blackfriday shopping, enjoy your holiday... I don't expect any response today.

I just have this trojan detected by Symantec. It just says "Trojan Horse" in the tittle. It was quarantined, but it kept coming back. I copied the directory of these files, and they are:
C:\SYSTEM~1\_RESTO~1\RP87\A0012725.dll
C:\SYSTEM~1\_RESTO~1\RP87\A0012739.dll
C:\SYSTEM~1\_RESTO~1\RP87\A0012759.dll
C:\SYSTEM~1\_RESTO~1\RP87\A0012779.exe
C:\SYSTEM~1\_RESTO~1\RP87\A0012682.dll

So far, there's not thing unusual with the machine yet, and everything runs fine except for the notice of trojan infected once in a while. I did all the required steps and attached all the files in here. Please help, thank you in advance. I really appreciate it.



DDS (Version 1.0) - NTFSx86
Run by Trinh at 19:21:08.50 on Thu 11/27/2008
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.767.278 [GMT -8:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\P... Read more

Answer:Trojan Horse detected

Hello Sakait and welcome,


I refuse to shop on Black Friday.

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

9 more replies
Relevance 67.24%

AVG popped up with a threat detection message saying:c:\Windows\System32\services.exeTrojan horse Patched_c.LXTDetected on open.and only gave me the option to ignore. How do I remove it?Screenshot:Thank you!!Sammy

Answer:AVG detected 'Trojan horse Patched_c.LXT'

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) DownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results hereDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

1 more replies
Relevance 67.24%

Gday from Oz.
Please be patient with me as I've tried as many tips from u guys as I could. CPU diagnostics:
256mb Ram
Intel pent 4
40gbHD 2.02ghz
windows xp on NT platform.

recently got a trojan dialer and i thought i had it fixed for a week. not detected by ad aware and no probs. However in the last few days, AVG resident shield is decting it in this file:

C:\DOCUME~1\OWNER~1.KAT\LOCALS~1\Temp\svchost.exe
it is also being detected by avg's complete test, but only once every three runs, and the reference file is 3 days old
Avg complete test is detecting the virus in:
C:\ Documents and Settings\Owner.KATEANDDYLANS\Local Settings\TEMP\SVCHOST.EXE

How do i get rid of it guys, where to from here. all help is greatly appreciated. and thanks in advance for your time, Dylan (sprock)
cheers and beers.
 

Answer:trojan horse dialer still detected

Just delete the file:

C:\ Documents and Settings\Owner.KATEANDDYLANS\Local Settings\TEMP\SVCHOST.EXE

If you cannot do it in normal boot mode something must be loading it. Then boot to safe mode and delete it. Boot to safe mode by reading this: http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406?OpenDocument&src=sec_doc_nam

svchost.exe is a windows process but not when running from where you show it.

If you have a problem doing this, you may need to post a HijackThis log.
 

6 more replies
Relevance 67.24%

AVG Free firewall reported that it had detected this virus. Based on a similar post, I downloaded and ran Deckard's System Scanner (DSS).

I have attached file extra.txt. The contents from main.txt is:
Deckard's System Scanner v20071014.68
Run by Peter on 2007-11-26 20:58:05
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
47: 2007-11-26 09:58:20 UTC - RP667 - Deckard's System Scanner Restore Point
46: 2007-11-25 23:14:14 UTC - RP666 - System Checkpoint
45: 2007-11-24 09:38:23 UTC - RP665 - System Checkpoint
44: 2007-11-22 10:51:04 UTC - RP664 - System Checkpoint
43: 2007-11-20 06:03:35 UTC - RP663 - System Checkpoint


-- First Restore Point --
1: 2007-08-28 22:24:47 UTC - RP621 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 78% (more than 75%).
Total Physical Memory: 224 MiB (512 MiB recommended).
System Drive C: has 5 GiB (less than 15%) free.


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-11-26 21:00:44
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WIN... Read more

More replies
Relevance 67.24%

I have posted two separate threads this week on trying to get rid of this trojan horse, but no one is responding to me. I need help removing a trojan horse from my system. I have microsoft security essentials, superantispyware and malwarebytes. I don't know how I managed to get a trojan. PLEASE HELP! SOMEONE RESPOND!

Thanks,

Idris
 

Answer:Trojan horse detected by Superantispyware

Closing duplicate, please reply here:

http://forums.techguy.org/virus-oth...stant-flickering-within-all-applications.html

eddie
 

1 more replies
Relevance 67.24%

Hello. I have followed the instructions, and am ready to post. I will now describe my problem.

AVG has detected something called "Trojan Horse Generic9.AVRP". The letters after the dot often vary. The location is in system32, and it is always .dll. It seems that AVG detects a fresh batch every time I start up.

Thank you very much in advance for any help you may give me, as I am quite annoyed with this virus. That being said, I am very patient and willing to work through this.

I am posting the following:
1. Hijackthis Log
2. Panda Online Virus Scan Report
3. Main.txt from Deckard's

I seem to have lost the extra.txt file, and after re-running deckard's it was not created a second time.

Thanks again for any help

Sincerely,
James

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:35:38 PM, on 1/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Messenger\msmsgs.... Read more

Answer:Trojan Horse Generic9--detected by AVG

Hello -

I'd prefer to see the first main.txt, along with the extra.txt

They should both be located at C:\Deckard\System Scanner\< a numbered folder >\

Please locate them and post.

3 more replies
Relevance 67.24%

Norton Antivirus has detected a Trojan Horse in file c:\windows\system32\cfgmgr3.dll

It is a HBO Trojan Horse.

I saw some other dude on this forum has had a similar problem and I tried following the advices given to him but it didn’t help.

I have tried running Hijackthis, Combofix, Superantispyware, Vundofix and KillBox and neither of them has solved the problem.

I tried running them in safemode aswell.

Hijackthis can see the file but can’t delete it.

Killbox can’t delete the file directly and if I try making it delete it on reboot I get the following error message, while it is verifying registry entries:

“PendingFileRenameOperations Registry Data has been removed by external Process”
Here you have my Hijackthis, Combofix, Superantispyware and Vundofix logs.
Hope you got an idea of how to proceed.

Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 15:07:26, on 17-12-2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\Programmer\Norton Internet Security\NISUM.EXE
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\Programmer\Brot... Read more

Answer:HBO Trojan Horse Detected in CFGMGR3.DLL

Anyone got any idea of how to proceed with this problem?

any help would be greatly appreciated.
 

1 more replies
Relevance 67.24%

Hi all

It seems i have a virus and i have no real idea what to do ... so im asking for help !

Ive just scanned the computer and here is the log details.

Malwarebytes' Anti-Malware 1.32
Database version: 1617
Windows 5.1.2600 Service Pack 2

01/05/2009 3:36:08 PM
mbam-log-2009-01-05 (15-36-08).txt

Scan type: Quick Scan
Objects scanned: 60034
Time elapsed: 3 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\prunnet (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Owner\Local Settings\Temp\prun.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekabpjcqdrv.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekaeaootkpu.dll (Trojan.A... Read more

Answer:Trojan Horse Generic_c.TSW detected

Now rescan again with MBAM but this time perform a Full Scan in normal mode and check all items found for removal. Don't forgot to check for updates through the program's interface (preferable way) before scanning and to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. When done, click the Logs tab and copy/paste the contents of the new report in your next reply.IMPORTANT NOTE: One or more of the identified infections was related to a rootkit component. Rootkits and backdoor Trojans are very dangerous because they use advanced techniques (backdoors) as a means of accessing a computer system that bypasses security mechanisms and steal sensitive information which they send back to the hacker. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. Remote attackers use backdoor Trojans and rootkits as part of an exploit to gain unauthorized access to a computer and take control of it without your knowledge. If your computer was used for online banking, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised. They should be changed by using a different computer and not the infected one. If not, an attacker may get the new passwords and transaction information. If us... Read more

3 more replies
Relevance 67.24%

I recently downloaded Avast! Anti-Virus and it found a Trojan that no other virus scanner I've used detected. I originally just needed a few questions answered about Avast! and upon clearing out McAfee using the McAfee Removal Tool and restarting my computer, Avast! picked up a Trojan Horse.

Here is a link to the original topic: http://www.techsupportforum.com/f112...ml#post2204621

Here are my DDS.txt, Attach.txt, and ark.txt:

DDS.txt:

DDS (Version 1.0) - NTFSx86
Run by Alex and Kyle at 16:15:22.90 on Tue 06/23/2009
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.628 [GMT -6:00]

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
svchos... Read more

Answer:Avast! detected a Trojan Horse!

Hello again -

Based on the comments made in the other thread regarding proquota.exe, I believe we should run this tool.

Please visit this webpage for download links, and instructions for running combofix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

You can get help on disabling your protection programs here

Please include the C:\ComboFix.txt in your next reply for further review.

13 more replies
Relevance 67.24%

I have Norton SystemWorks 2003 and it has detected a Trojan Horse virus in C:\WINDOWS\system32\req.dll, I have tried to delete the virus, but Norton will not delete it. I have also tried to delete the virus by going into Windows XP safe mode (while shutting off the system restore), and a menu bar appears saying: this file you are trying to delete is being used by another person, or program right now. I have no idea how to get rid of it, and before I spend money to get a computer tech to fix it, I thought I might as well try you guys out. Please help me!

Thank you
 

Answer:Solved: Trojan Horse Detected In Req.dll

13 more replies
Relevance 67.24%

Hi guys, running AVG virus scan pops up a few trojan horses that have been detected. I'm going to list the following ones that come up:Trojan horse.Collected.ZTrojan horse.Downloader.Generic3.TKJAll of the files are located in my C:\Documents and Settings\LocalService\Temporary Internet Files\Content.IE5\ folder, and they have the extension of a .htm or .txt file.I have already ran the following programs:SpybotSuperAnitSpywareAdawareCCleanerVCleaner from AVG (just because)and a couple others I forget about.I used to have a bunch of files in my c:\ that would be created when I rebooted but they seem to have disappeared (possibly because I turned off system restore option).Below I'm going to post my HiJackThis log, I've never used this before so hopefully I do it right, let me know if I didn't. Any help would be greatly appreciated because I can't find any information online anywhere.THANKS!Logfile of HijackThis v1.99.1Scan saved at 9:12:51 AM, on 27/02/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\TGTSoft\StyleXP\StyleXPService.e... Read more

Answer:Annoying Trojan Horse(s) Detected

This topic is closed,'Duplicate'.

1 more replies
Relevance 67.24%

hi guys...
Please do help me!
I ran symantec full scan on my windows vista home basic.
It found many Trojan virus: Trojan horse, trojan Zlob, trojan.adh
one of it cant be cleaned or deleted. file name is java plugin.exe

I ran hijack this and the log is as follows:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:26:01, on 2011/2/18
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18565)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
C:\Program Files\Cyberlink\PowerDVD\PDVDServ.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\SingTel\McciTrayApp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Windows\system32\wuauclt.exe
C:\Program ... Read more

Answer:Help numerous Trojan horse detected

Decided to bump my post back up as it has been more than 24hours. So sorry! But I do need help with this.Thank you so much in advance!
 

1 more replies
Relevance 67.24%

Hi there, i may have a trojan horse on my pc, can you pls analyze my hijack log, thx!

here it is:

Logfile of HijackThis v1.99.1
Scan saved at 1:38:27, on 30-7-2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\SYSTEM32\astsrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\gearsec.exe
C:\WINDOWS\ALCWZRD.EXE
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Seagate\Sync\SeaSyncServices.exe
C:\WINDOWS\system32\s... Read more

Answer:Trojan horse detected; hijack this log

16 more replies
Relevance 67.24%

HP 2000 Notebook x64 based PC
Microsoft Windows 8.1 version 6.3.9600 Build 9600
AVG AntiVirus Free Edition
Program file version: 2016.0.7442
AVG Framework version: 1.52.1.51612
AVG Setup Version: 1.52.1.51612
Security Information:
Virus database version: 4522/11612(2/12/2016, 10:09 AM)
LinkScanner version: 2829
Anti-Spam Version: N/A
 
I was attempting to update drivers through HP driver/software website and AVG stopped the setup file from finishing (auto detect drivers..).
 
AVG report:

Trojan horse Crypt_c.APWH, c:\Windows\Installer\MSIEC54.tmp

Secured

2/10/2016, 9:06:53 PM

File or Directory

c:\Windows\SysWOW64\msiexec.exe

Trojan horse Crypt_c.APWH, c:\Windows\Installer\MSI75B3.tmp

Unresolved

2/10/2016, 8:27:36 AM

File or Directory

c:\Windows\SysWOW64\msiexec.exe

Trojan horse Crypt_c.APWH, c:\Windows\Installer\MSIA7BE.tmp

Unresolved

2/10/2016, 8:26:43 AM

File or Directory

c:\Windows\SysWOW64\msiexec.exe

Trojan horse Crypt_c.APWH, c:\Windows\Installer\MSI3B3C.tmp

Secured

2/10/2016, 8:24:05 AM

File or Directory

c:\Windows\SysWOW64\msiexec.exe

Trojan horse Crypt_c.APWH, c:\Windows\Installer\MSIAE7.tmp

Secured

2/10/2016, 8:18:25 AM

File or Directory

c:\Windows\SysWOW64\msiexec.exe

Found MalSign.Generic.139, c:\Users\Administrator\AppData\Local\Temp\is-ITFND.tmp\OCSetupHlp... Read more

Answer:AVG detected c.APWH trojan horse

Hello novice3,
My name is Ray and I'll be assisting you with your issue. Please give me about a day to review your logs and prepare a reply. Since I'm still a trainee, all my posts have to be reviewed by my instructor prior to being posted to make sure that you receive the best assistance possible.
Thank you for your understanding, I'll be with you shortly!
RayS

20 more replies
Relevance 67.24%

My antivirus, Panda Free Antivirus, detected a trojan horse in system 32. The path is: c:\Windows\system32\oobe\OEM\OOBE.cmd and it's called Deldir.A. The Panda database has this information on it.
What do I do? Is this for real? How dangerous is it?

Answer:System 32 trojan horse detected?

I'm leaning toward that detection as being a false positive. But, since Panda says it isn't, best to scan the file at VirusTotal - Free Online Virus and Malware Scan. It will be scanned
by multiple well known security programs.
You can post the results if you like or if other programs say the same as Panda please let us know.

0 more replies
Relevance 67.24%

Hello,

My superantispyware has detected a trojan horse, but I can't remove it even after Ihave performed multiple scans as it requested I also have microsoft security essentials, malwarebytes, and microsoft fix cleaner full versions installed on my laptop, so I have no idea how my system could have gotten infected with a trojan horse when they scan every almost every hour and update definitions constantly. PLEASE HELP!

Idris Abdul-Latif
 

Answer:Trojan horse detected by Superantispyware

Closing duplicate, please reply here:

http://forums.techguy.org/virus-oth...stant-flickering-within-all-applications.html
eddie
 

1 more replies
Relevance 67.24%

So I went to open the internet tonight on my computer and AVG comes up with this warning for me about picking up this trojan horse.........My computer has definately been running very slow lately and now I have an idea why......Any help on removing this would be appreciated...this doesnt seem to be the first time that AVG has detected this in the last month or so keep trying to heal the file but it always seems to come back. I have also noticed a strange program running in task manager under processes called bakweb something?>
Enclosed is an HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:35:11 PM, on 9/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\eh... Read more

Answer:Trojan horse generic5.ujx detected!

And on a side note after doing a scan with spybot it detected virtumonde generic.....
Any help removing this stuff would be greatly appreciated as I have tried multiple times and it keeps returning.
 

2 more replies
Relevance 67.24%

Hi,

This machine is running windows XP home service pack 3 and AVG Anti Virus Free Edition 8.5.421 and has been infected with the SHeur2.BJYP virus, it has 2 external hard drives E and F, when the virus was first detected the C drive was formatted and windows re-installed, and then the AVG detected the SHeur2 trojan when opening the F drive, this is all I know at this point, I am looking forward to your help, Thanks in advance. Here is the DDS data as requested. Also, the RootRepeal detected MBR rootkit, I have attached the ark.txt logfile. I have also attached an image of the last threat detected, Exploit RealPlayer Import exploit.
DDS (Ver_09-10-13.01) - NTFSx86
Run by Jeff at 19:52:44.51 on Tue 10/13/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.106 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\... Read more

Answer:SHeur2 Trojan Horse Detected

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 67.24%

Hi,
AVG Pro just detected TrojanHorse BHO.BPY.
When I was surfing, AVG popped up and asked what to do. I selected Heal, which it stated it had done so successfully.
Then I just ran a scan in AVG on my non-Admin account(the account I was on when this happened) and it found it again and says it deleted it.
How should I proceed? Should I stay on the non-Admin account? Run Hijackthis? Only it's on the Admin account. Can I log out of the non-Admin account and go into the Admin account to run Hijackthis?
Also, is the trojan really deleted as AVG states it is?
How to proceed...Thanks for your time
 

Answer:Solved: AVG Detected Trojan Horse

8 more replies
Relevance 67.24%

AVG found trojan horse "downloader VB.3.F" & "Dyfica.AJ." I ran Ad-aware & Spybot and then ran AVG again, all clear.

How does the log file look?
Logfile of HijackThis v1.97.7
Scan saved at 7:53:33 AM, on 4/24/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\WINDOWS\System32\taskswitch.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\PowerPanel\upssrv.exe
C:\PowerPanel\upsio.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\wjview.exe
C:\PROGRA~1\Grisoft\AVG6\AVGCC32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Start Menu\Programs\System Tools\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Soft... Read more

Answer:hijackthis log, trojan horse detected

Run HJT again check:

O2 - BHO: (no name) - {112C020C-CCE3-4174-ABE3-AFE372E5B7FA} - C:\WINDOWS\aktyyqfg.dll
O4 - HKLM\..\Run: [anueeo] C:\WINDOWS\ijnm.exe
O8 - Extra context menu item: Coupons - file://C:\Program Files\EbatesMoeMoneyMaker\System\Temp\couponsandoffers_script0.htm
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/mini...ransporter.cab?
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.roings.com/cabs/roing.cab

Close all browser windows and applications before clicking "fix checked".
 

1 more replies
Relevance 67.24%

AVG has detected Tojan Horse but when I try to put it 'into the vault' it says I am unable to do this. The file it is quoting is C:\Restore\Temp\A0177517.CPY. How do I remove it manually? As usual I'm asking for a reply in very simple English and as usual thanking you in anticipation. I am running ME. :-((((

Answer:AVG detected Trojan Horse - but can't remove

To remove this one you need to disable system restore as it is in one of your restore points, you wil lose all restore points tho,

6 more replies
Relevance 67.24%

Someone gave me a CD with a copy of Photo Shop on it and I put the disc in the tray and ran it, .


My Scanner flashed a warning that it was on the CD so I have it in the AVG Vault, . .

I discontinued running the CD, . . but today I noticed saving a Paint that I could not find it, and searched it the search revealed that it was in My Docs, but I could not find it, I sent it into my Docs file from the search and it was then there however another search then reveals two copies , and now three, I can only account for one, . .

is it possible that it may have done some damage, as it seems that the warning and having it removed to the vault should have prevented it from running, I did another full scan of dick C:
and found nothing therefore I assume that if it detected it the first time there should be no further problem ?? Right ?

Answer:Trojan horse Agent CBX detected

That should be correct. C is the CD drive with the CD in it? In other words scan the Hard drive and the suspect CD. Is the removed file in the AVG quarantine?

5 more replies
Relevance 67.24%

I realized I posted this in the wrong forum originally so I'm going to repost it here. If someone can delete it from here: http://www.bleepingcomputer.com/forums/t/83003/annoying-trojan-horses-detected/ it would be greatly appreciated.Hi guys, running AVG virus scan pops up a few trojan horses that have been detected. I'm going to list the following ones that come up:Trojan horse.Collected.ZTrojan horse.Downloader.Generic3.TKJAll of the files are located in my C:\Documents and Settings\LocalService\Temporary Internet Files\Content.IE5\ folder, and they have the extension of a .htm or .txt file.I have already ran the following programs:SpybotSuperAnitSpywareAdawareCCleanerVCleaner from AVG (just because)and a couple others I forget about.I used to have a bunch of files in my c:\ that would be created when I rebooted but they seem to have disappeared (possibly because I turned off system restore option).Below I'm going to post my HiJackThis log, I've never used this before so hopefully I do it right, let me know if I didn't. Any help would be greatly appreciated because I can't find any information online anywhere.THANKS!Logfile of HijackThis v1.99.1Scan saved at 9:12:51 AM, on 27/02/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\W... Read more

Answer:Annoying Trojan Horse(s) Detected

Welcome Craiggerz Download\install CleanUp.Launch CleanUp,then click on 'Options'.Now move the slider on the left up to 'Standard Cleanup!'.Click 'Ok',now run the program by clicking on the 'Cleanup' button.Reboot,or log off/log on when it's finished.****************************Download and scan with the free 15 day trial of CounterspyOnce installed launch Counterspy.Click on 'Spyware Scan',then click 'Updates' at the top right.Once any available updates have been installed,click the 'Scan Now' button.Save the report when it's finished:1.Once Counterspy has done scanning,the 'Scan Results' box will appear.2.Click on 'View Results'.3.Under (Recommended Action),using the drop down menus at the side of each entry found,set EVERYTHING to 'Remove'.4.Then click on 'Take Action'.5.Once everything has been removed,click on 'View Details'.6.Copy and Paste those details into a Word/Text document,then save it to your desktop.****************************Download 'e Scan MWAV' from here to your desktop:http://www.mwti.net/download/tools/mwav.exeDisconnect from the internet,close all running programs.Double click on the mwav icon on your desktop.The program will start,the Licence Agreement will pop up.Select 'I accept the agreement',then press Ok.The program will open,leave all the settings as they are.Now press the 'Scan & Clean' button.The program will now start scanning your pc.Once the scan has finished,post the results from the lower window 'Virus Log Information'.Reboot... Read more

7 more replies
Relevance 67.24%

AVG has detected a threat in the file: 'C:\Users\T Godson\AppData\Local\Windows\winhelp.exe'. When I select remove selected threats the file is deleted momentarily, then returns.Any help would be appreciated. TomDDS (Ver_10-03-17.01) - NTFSx86 Run by T Godson at 17:57:34.67 on 16/08/2010Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_21Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.44.1033.18.3263.1878 [GMT 1:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k rpcssC:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k... Read more

Answer:Trojan Horse detected in winhelp.exe

Hello tag404Welcome to BleepingComputer ==========================Download OTL to your desktop.Double click on OTL to run it. When the window appears, underneath Output at the top change it to Minimal Output.Under the Standard Registry box change it to All.Under Custom scan's and fixes section paste in the below in boldnetsvcs%SYSTEMDRIVE%\*.*%systemroot%\system32\*.dll /lockedfiles%systemroot%\Tasks\*.job /lockedfiles%systemroot%\System32\config\*.sav %systemroot%\system32\drivers\*.sys /90%systemroot%\system32\Spool\prtprocs\w32x86\*.dllCheck the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

2 more replies
Relevance 67.24%

Please help me gyes!Recently i realized suspicious activity on my pc.My security progz are:Nod 32 2.70,Outpost Firewall,Ad-Aware Professional,Spyware Terminator.I downloaded the free trial of Spy sweeper (only for scanning not for removal) and it keeps telling me that i have a Trojan Horse called trojan agent winlogonhook.From a quick search on the internet a can understand that this trojan is a dangerous one,hard to remove and that it can steal password send emails etc.Can you please help me remove this threat from my computer?Please reply to me!Thank you very very much!
 

Answer:Trojan Horse found: trojan agent winlogonhook

Welcome to Majorgeeks!

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, renaming, running, and posting HijackThis logs as attachments.
Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
Make sure you check version numbers and get all updates.
Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
Downloading, Installing, and Running HijackThis​Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.​
When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:
CounterSpy
AVG Antispyware log - ONLY IF NEEDED you were not able to run CounterSpy
Bitdefender - from step 6
Panda Scan - from step 6
runkeys.txt - the log from GetRunKey.bat
newfiles.txt - the log from ShowNew.bat
HijackThis

NOTE: You can only attach 3 files in a single message so it will require that you use two messages t... Read more

8 more replies
Relevance 67.24%

Spy Sweeper found: Trojan Horse found: trojan-backdoor-securemulti.
I have no idea how to clean this. I got it through a link over msn messenger. When I try to quaranteen it from spysweeper it doesn't do anything, and when I try to use anything to do with highjackthis it automatically shuts down the file or program.
HELP?!!! PLEASE
 

Answer:Trojan Horse found: trojan-backdoor-securemulti

Welcome to TSG

What location was it found in?

Click here to download the trial version of Ewido Security Suite:
http://www.ewido.net/en/download/

· Install Ewido.
· During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
· Launch ewido.
· It will prompt you to update click the OK button and it will go to the main screen.
· On the left side of the main screen click update.
· Click on Start and let it update.
· DO NOT run a scan yet.

Restart your computer into Safe Mode now.
(Start tapping the F8 key at Startup, before the Windows logo screen).
Perform the following steps in Safe Mode:

* Run Ewido:
Click on scanner
Click Complete System Scan and the scan will begin.
During the scan it will prompt you to clean files, click OK.
When the scan is finished, look at the bottom of the screen and click the Save report button.
Save the report to your desktop.

Reboot.

Post a new Hijack This log and the results of the Ewido scan.
 

3 more replies
Relevance 67.24%

Hi guys im new to this site
i think i have picked up something ive been trying for hours to get rid of it but just cant i saw some old posts on this trojan but from 2 years ago so i thought maybe there was a new way to do as i tried the first way from this site that was posted in may 2006 and it didnt work so im hoping someone has a new way
when i scan with spywseeper it detects as follows
adware found: virtumonde
Trojan horse found : trojan agent winlogonhook

thanks for your help
marc
 

Answer:Trojan horse found: trojan agent winlogonhook

Welcome to Major Geeks!

Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

If something does not run, write down the info to explain to us later but keep on going.
Do not assume that because one step does not work that they all will not.
READ & RUN ME FIRST. Malware Removal Guide

Notes:
If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode. You can running steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools on another PC and burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.

 

1 more replies
Relevance 67.24%

I am running spy sweeper and this notice keeps coming up. I have read the forum instructions on how to remove them but I am not familiar with some of the things that need to be done to fix this problem. Can someone please help?
 

Answer:Trojan Horse found: trojan agent winlogonhook

Which part of the instructions are you having a problem with ?
 

1 more replies
Relevance 67.24%

Must have got these a week ago. Noticed after my google search results links would bring me to adsites half the time.

Answer:"Trojan horse BackDoor.Generic11.IZW" "Trojan horse SHeur2.ADCY" "Trojan horse PSW.Agent.ZSP"

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_Sca... Read more

2 more replies
Relevance 67.24%

Hi - need some help to determine my problem with windows network error. Also, I don't know if this is a cause, but my wireless signal is horrible after purchasing a Netgear N600 wireless router - I have a cable modem connected through ethernet to wireless router.

Here's my system info:
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft® Windows Vista&#8482; Home Premium, Service Pack 2, 64 bit
Processor: Intel(R) Pentium(R) Dual CPU E2220 @ 2.40GHz, Intel64 Family 6 Model 15 Stepping 13
Processor Count: 2
RAM: 4085 Mb
Graphics Card: Intel(R) G33/G31 Express Chipset Family, 320 Mb
Hard Drives: C: Total - 463759 MB, Free - 119890 MB; D: Total - 13178 MB, Free - 1801 MB;
Motherboard: PEGATRON CORPORATION, Benicia
Antivirus: Microsoft Security Essentials, Updated and Enabled

ipconfig/all

Microsoft Windows [Version 6.0.6002]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.
C:\Windows\system32>ipconfig/all
Windows IP Configuration
Host Name . . . . . . . . . . . . : POLITOBONITO-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8168C(P)/8111C(P) Family PCI-E
Gigabit Ethernet NIC (NDIS 6.0)
Physical Address. . . . . . . . . : 00-24-8C-6C-E9-35
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfigurati... Read more

Answer:2-Part Problem - Windows has detected an IP Address conflict and Poor Wireless Signal

10 more replies
Relevance 66.42%

Uh, yeah, so I just booted up my computer today and was waiting for all my apps and such to load when I got a alert that Trojan horse SHeur.CIE was detected in the exe of a game on my harddrive. Now, the thing is, I've had this game installed for months and haven't played it for the longest time.. The exe is called vampire.exe and it was just a small roleplaying game put out by activision.. The reason I'm posting this here is because I did a full system scan with avg (newest updates), and have run an adaware se (fully updated) scan... and It still hasn't found anything... I googled the virus name as it appears in my "virus vault" and google turns up with no results whatsoever its only after I take off the CIE at the end where it comes up with results for, what I'm guessing are a few different variants of it..

Currently it says its backed up and still infected, and wasn't able to heal it... I'm about to put it into safemode and do a scan after this and see if it finds anything there.. Everything seems to be normal however. I can still access regedit, taskmanager, etc... It just seems 100% random that a virus would show up there... Do you think this could be a false positive?
 

Answer:Trojan horse SHeur.CIE oddly detected...

Welcome to Majorgeeks!

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.
Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
Make sure you check version numbers and get all updates.
Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
Downloading, Installing, and Running HijackThis​Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.​
When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:
CounterSpy
AVG Antispyware log - ONLY IF NEEDED you were not able to run CounterSpy
Bitdefender - from step 6
Panda Scan - from step 6
runkeys.txt - the log from GetRunKey.bat
newfiles.txt - the log from ShowNew.bat
HijackThis

NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach ... Read more

1 more replies
Relevance 66.42%

Last night my AVG free piped up claiming that 2 Trojan Horse Generic29.AJGE viruses had been detected, and could not be removed by the software. Since then I have tried many different solutions that people have posted on the internet but to no avail, this thing will just not go away!
 
EDIT:   This is what AVG is saying about them:
 
Detection name: Trojan horse Generic29.AJGE
Description: c:\$Recycle.Bin\S-1-5-18\$35d59ab0ddcae84948f3b4dc0bfd8615\n
Severity: High
State: Infected
Source: Resident Shield
Date: 06/05/2013, 13:46:30
 
Extended element information:
Process name: C\Program Files (x86)\Malwarebytes' Anti-MAlware/mbam.exe
Process ID: 4292
Created: 06/05/2013, 13:46:30
Username:
Session ID: 4292
 
I downloaded Malawarebytes (I was surprised that I didn't have it installed already but hey ho) and performed a quick scan, it did find something but it clearly wasn't anything to do with the trojans as they are still here!
 
I can see that there are other threads concerning this same problem, but thought it would be wise to begin my own concerning my problem specifically, as it seems possible to me that I might not be having the EXACT same problem as somebody else and my problem will be resolved more efficiently if I can get some one-on-one advice concerning my specific issues. 
 
Since the Trojans appeared, my genuine version of Windows 7 is now claiming that it is not genuine after a restart. Great... 
 
I ... Read more

Answer:AVG detected 2x Trojan Horse Generic29.AJGE

Hi James,
 
Welcome to the forum.
 
Please download Farbar Recovery Scan Tool and save it to your desktop.
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
 

9 more replies
Relevance 66.42%

Hi all,I have purchaed a mobile phone unlocking CD from a well known auction site. As a precaution though I would scan it with AVG 9.00 first. From 140,000 file on the the cd it found 7 Trojan Horse infections and some broken digital signatures.The Trojan Horses are:Trojan Horse Downloader Generic 10.HU on Nokia Unlockers\ DCT4\working\unlocker.exe. (This is the one I want to use.) ( 1 file infected)Trojan Horse VB.2V (3 files infected)Trojan Horse Generic 18.FQI (4 files infected)As they are on a cd and not on my hard drive will I still be able to remove or heal these infections enable me to use the cd safely with no infections?if not and I used these to try to unlick my phone, will they harm my phone as well as my computer? Thanks in anticipation

Answer:trojan horse downloader generic10 hu detected

AVG has been known to report lots of false positives. Try a few other scans with Avast, Bitdefender, Avira and see what they come up with.Some HELP in posting on Computing.net plus free progs and instructions Cheers

2 more replies
Relevance 66.42%

Hi I am running windows 7 on my laptop and have Kasprsky Internet security 2010 installed whicih has identified 3 trojans and 1 virus { virus:HEUR Trojan-Downloader.script.generic} the laptop runs very slow at times and internt explorer also stops responding. When I try connecting the laptop to the printer it the printer also doesnt print what I want it to. Here is the HJT logfile:
Logfile of HijackThis v1.99.1
Scan saved at 20:00:11, on 20/07/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\CyberLink\YouCam\YouCamTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\VirginMedia\V Stuff Backup\v_stuff_backup.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\conhost.exe
C:\Program Files\VirginMedia\V Stuff Backup\AGMailAgent.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\E_DPPE03.EXE
C:\Windows\system32\spool\DRIVERS\W32X86... Read more

More replies
Relevance 66.42%

Hi

My AVG 2011 detected trojan horse agent_r.xj but could not remove the problem. I have run the READ and RUN ME process but still seam to be experienceing a slow system. Could you have a look over the log files and let me know if this is due to malware or just a cluttered system.

Note despite disabling AVG before running ComboFix. It insisted i uninstalled AVG. I did so with AVG Uninstall utilitty and continued with ComboFix.

Otherwise all other log files attached
Many thanks in advance

Andy
 

Answer:trojan horse agent_r.xj detected with AVG 2011

last log file attached
 

8 more replies
Relevance 66.42%

Hi, my AVG has detected Trojan Horse SHeur2.AEHG as well as Trojan Horse Agent.AETU, a few times and now i've been getting unwanted popups.

thanks, much appreciated !

here is my Malwarebyte's Anti-Malwaure log from a full scan.



ADMIN EDIT: Please read and follow the following to gain a full picture of malware on your pc READ & RUN ME FIRST. Malware Removal Guide and HOW TO: Attach Items To Your Post, many thanks.
 

Answer:Trojan Horse SHeur2.AEHG detected

Welcome to Major Geeks!

Please follow the instructions in the READ & RUN ME FIRST link given futher down and attach the requested logs when you finish these instructions.

If you have problems where no tools seem to run, please try following the steps given in the below and then continue on no matter what you find. You only need to try the TDSSserv steps if having problems getting scans in the Read & Run Me First.
TDSSserv Non-Plug & Play Driver Disable

If something does not run, write down the info to explain to us later but keep on going.
Do not assume that because one step does not work that they all will not.
READ & RUN ME FIRST. Malware Removal Guide

After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:
If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware, Malwarebytes and Spybot ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. ... Read more

1 more replies
Relevance 66.42%

AVG said it found trojan horse proxy.accx in a local settings object called Sintfnt.dll and the process norton navw32.exe. I deleted it from the virus vault and clicked heal. How do i find out if it has been succesfully deleted?
 

Answer:Help!!!! AVG Resident Shield Detected Trojan Horse!!!!!

please help =(
 

2 more replies
Relevance 66.42%

Hi,
My virus protection program, MicroTrend's pc-illin keeps on detecting this trojan horse program and is unable to clean it. I have repeatedly deleted the file it says are infected but it continuously reappears. It located in my temporary internet files, the exact location is....

c:\documents and Settings\my name\Local Settings\Temporary Internet Files\content.IE5\FAWR3XWX\

and now also in this location as well

c:\documents and Settings\my name\Local Settings\Temporary Internet Files\content.IE5\89NH33GV\

There are other subsequent .exe files in my C:\DOCUME~1\JOSHUA~1\LOCALS~1\TEMP location that are being brought up under as a virus as well but I am pretty sure they are related to the trojan horse I have as when I get one warning about about the upayb[1].int trojan horse, I get a warning about a virus detected in that temp folder as well....

Thanks a bunch!
 

Answer:upayb[1].int trojan horse program detected

I noticed that everybody else was posting HJT information so I thought I would add mine....
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:41:59 PM, on 7/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\DOCUME~1\JOSHUA~1\LOCALS~1\Temp\clclean.0001
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\McAfee\SpamKiller\MSKDetct.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\pccguide.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
c:\progra~1\intern~1\iexplore.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Microso... Read more

1 more replies
Relevance 66.42%

My AVG antivirus said my laptop is affected with Trojan Horse Agent.AIIK Thanks in advance for the help.

Here is my Hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:15:26 PM, on 3/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\AstSrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program F... Read more

Answer:Trojan Horse Agent.AIIK detected!

I saw another thread on this forum which has similar virus. I followed the first few steps from that thread. I've downloaded ComboFix and ran a scan. Here's my ComboFix log

ComboFix 09-03-23.01 - Yong Jian 2009-03-25 21:33:14.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.924 [GMT 11:00]
Running from: c:\documents and settings\Yong Jian\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
FW: Sunbelt Personal Firewall *enabled*
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-02-25 to 2009-03-25 )))))))))))))))))))))))))))))))
.

2009-03-24 00:22 . 2009-03-24 00:22 <DIR> d--h----- c:\windows\PIF
2009-03-24 00:21 . 2003-12-19 19:48 89,184 --a------ c:\windows\system32\drivers\imagedrv.sys
2009-03-24 00:21 . 2004-01-14 18:57 57,344 --a------ c:\windows\system32\ImageDrive.cpl
2009-03-24 00:15 . 2009-03-24 00:15 <DIR> d-------- c:\documents and settings\Yong Jian\Application Data\Ahead
2009-03-24 00:14 . 2009-03-24 00:14 <DIR> d-------- c:\program files\Common Files\Ahead
2009-03-24 00:14 . 2009-03-24 00:20 <DIR> d-------- c:\program files\Ahead
2009-03-24 00:14 . 2001-07-06 13:41 569,344 --a------ c:\windows\system32\imagr5.dll
2009-03-24 00:14 . 2001-07-06 11:44 544,768 --a------ c:\windows\system32\imagx5.dll
2009-03-24 00:14 . 2001-07-06 17:24 283,920 --a------ c:\windows\system32\ImagXpr5.dll
2009-03-24 00:14 . 2001-07-09 10:50 155,648 --a------ ... Read more

2 more replies
Relevance 66.42%

Been through a long series of events and have so far been unable to remove this piece of malware.

Norton's 2009 says it is a "Trojan Horse" and the infected file is C:\windows\system32\gaopdxtsmyvudx.dll.

Have run Spybot, Malwarebytes and NAV but it cannot be exorcised. Everytime I open the brower it returns and NAV says it is "resolved".

Any ideas or should I post some logs of some sort?

Thanks in advance.

Answer:Trojan Horse detected at browser startup

The process of cleaning your computer may require you to temporarily disable some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".C... Read more

4 more replies
Relevance 66.42%

Hi,Could somebody please help with the removal of this pesky Trojan Horse. AVG does *not* " heal" or "Move to Vault" and Trend Micro HouseCalls does not even find it and an older version of HJT also did not remove the file identified. (have not tried with this version yet)Thanks in advance for any assistance! MHLogfile of Trend Micro HijackThis v2.0.2Scan saved at 11:05:43 AM, on 06/05/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\WINDOWS\system32\lxczcoms.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Java\jre1.6.0_03\bin\jusched.exeC:\Program Files\Lexmark 1200 Series\lxczbmgr.exeC:\PROGRA~1\Grisoft&... Read more

Answer:Avg Threat Detected - Trojan Horse Clicker.ndn

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please go to this page and scroll down to step 6.http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/Follow the directions there to run DSS and then post those logs back here in your next reply.

13 more replies
Relevance 66.42%

How can I determine if downloader.generic10.asx is a virus (Trojan Horse) or a false positive? The software title is: 0003326_020313_x86sw.exe

Answer:AVG detected a Trojan Horse: downloader.generic10.asx

The software was downloaded from the website: cdrbsoftware.com

10 more replies
Relevance 66.42%

Hey there,I'm new to this forum so I might do some things wrong. I have read the Preparation guide and made the logs. Excuse me for my english, wich isn't the best.My AV ( avg ) detected a trojan horse (generic20.JFZ) in winhelp, located at /users/public/documents/windows/winhelp.exe. Now my AV cant do anything to this and i cannot manually delete the file. There for i made the logs wich were recommended in the guide, hope that you guys can help me out.DDS log.
DDS (Ver_11-03-05.01) - NTFSx86
Run by mathieu at 21:38:58,72 on zo 27-03-2011
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_21
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.31.1043.18.2815.1458 [GMT 2:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k ... Read more

Answer:Trojan Horse detected & Google keeps redirecting

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your ... Read more

12 more replies
Relevance 66.42%

See my log below.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:59:48 AM, on 07/28/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Winamp\winampa.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\iTunes\iTunesHelper.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exeC:\Program Files\D-Link\Wireless G WDA-1320\AirGCFG.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exeC:\WINDOWS\s... Read more

Answer:Threat Detected, Trojan Horse Sheur.cps

Welcome to the BleepingComputer HijackThis Logs and Analysis forum ssowder My name is Richie and i'll be helping you to fix your problems.Download and run Fixwareout from the link below: http://www.bleepingcomputer.com/files/lonny/Fixwareout.exeAfter the reboot post the contents of the logfile C:\fixwareout\report.txt in your next reply.----------------------------------------------Please download Combofix and save to your desktop:Note: It is important that it is saved directly to your desktop Close any open browsers. Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the entire contents of C:\ComboFix.txt into your next reply. Note: Do not mouseclick combofix's window while it's running. That may cause the program to freeze/hang. Also post a new Hijackthis log.

1 more replies
Relevance 66.42%

Hi there! I was doing a routine scan using AVG Free Anti-virus on my PC and this came up. I did a scan using Malwarebyte with similar results. Been googling for a solution for the past hour, please advise on how I should rectify this.

This is what's on my resident shield alert:

Malwarebyte has similar reports and requesting me to reboot my PC, I'm just to freaked out to that:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4202

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/16/2010 2:47:35 PM
mbam-log-2010-06-16 (14-47-35).txt

Scan type: Full scan (C:\|)
Objects scanned: 292606
Time elapsed: 1 hour(s), 12 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 8
Registry Values Infected: 5
Registry Data Items Infected: 0
Folders Infected: 19
Files Infected: 173

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\WINDOWS\system32\sshnas21.dll (Trojan.FakeAlert) -> No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\funshion (Adware.Funshion) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\V71IQL7HI7 (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cdrom (Trojan.Patched) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sshnas (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Funshi... Read more

Answer:PLEASE HELP ME! Trojan horse Rootkit-Agent.EL detected

16 more replies
Relevance 66.42%

Hi
 
I have a 32 bit HP PC running Windows XP SP3.
 
AVG is reporting that Trojan Horse Rootkit-Pakes.BI has infected c:\windows\system32\driver\volsnap.sys. I have attached a screen shot of the AVG report.
 
I have tried many things over the last couple of weeks try and get rid of it.
 
I cannot list everything I done because its all happened in a bit of a mess! Most recently I have:
 
Run combofix (I have attached the report)
 
I followed this by running the online scanner from eset which detected nothing.
 
Previously I have tried to run malware bytes anti-malware which also detected nothing.
 
Any help is most appreciated.
 
Matt
 
ComboFix 13-02-23.01 - Administrator 23/02/2013  17:02:36.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3055.2212 [GMT 0:00]
Running from: c:\documents and settings\Administrator\Desktop\Malware Removal\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
(((((((((((((((((((((((((   Files Created from 2013-01-23 to 2013-02-23  )))))))))))))))))))))))))))))))
.
.
2013-02-23 16:43 . 2013-02-23 16:43    --------    d-----w-    c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2013-02-23 16:42 . 2013-02-23 16:43    --------    d-----w-    c:\program files\SUPERAntiSpyware... Read more

Answer:Trojan Horse Rootkit-Pakes.BI Detected by AVG

Hello scatymaty Welcome to The Forums!!Around here they call me Gringo and I'll be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at ... Read more

21 more replies
Relevance 66.42%

Could someone please help me?

For a couple weeks now my avg anti virus has been detecting Trojan Horse Generic5.PVX. I keep clicking on Remove Threats but it keeps popping up again and again. I am no expert so I went on google and typed in the name of the threat in the hope that I could find the solution there. The page that I navigated to said that I should download hijackthis, do a log scan and submit it to a forum. Is there anyone that can help me with this problem. I have used AVG, Spyhunter v3, SpyDoctor and XsoftSpy and either they do not detect it or it simpley returns. Here is my log File.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:39:03 PM, on 7/8/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPo... Read more

Answer:Threat Detected: Trojan Horse Generic5.PVX

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

We want all our members to follow our 5 Step process outlined here:

IMPORTANT - Read This Before Posting For Malware Removal Help

After running through all the steps, you shall have a proper set of logs. Please post them.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

1 more replies
Relevance 66.42%

This was just detected by Malware Hunter.  File was located at: C:\Program Files\Dell\Dell Foundation Services\ShellHelper.exe
 
Not sure of process needed to remove this.  Been experiencing odd events lately and suspect this is the cause.
 
Any help would be greatly appreciated.

Answer:Trojan horse TR/Dropper.MSIL.Gen detected! Now What!!

Hello delaroo and welcome to Bleeping Computer.This is not so much of a malware issue as a "Dell" issue with certain models.See this article. Hope it helps.

0 more replies
Relevance 66.01%

Since Norton Antivirus could only quarintine a trojan horse on my computer and could not repair it, do I need to worry about it. I know that this is a question for Norton but it will cost me $29.95 to find out the answer. Any past experience in this matter would be greatly apreciated. Seems like Norton generally does not repair trojan horse viruses automatically.
 

Answer:Trojan horse Norton question

Used Norton, its not as good as award winning "Webroot's" Spysweeper.
http://www.webroot.com/
 

2 more replies
Relevance 66.01%

Norton antivirus has detected a trojan horse but is unable to remove it. I have tried to follow the instructions on the symantec website to manually remove it but to no avail. It is in the registry, the details on Norton AV are as follows:

c:\windows\system32\autodis.dll

when I clicked for more details it said 1 file is affected and 2 registry keys as follows:

hKEY_Local_machine\software\microsoft\windows\current version\explorer\browser helper objects\{77fod5d0-4f98-422b-8a1e-4ed160996d80}

and

Hkey_classes_root\clsid\{77fod5d0-4f98-422b-8a1e-4ed160996d80}

Please help, I don't really know what to do to get rid of it, I have not tried just deleting it as it is in the registry and I don't know what the effects would be.

Thanks in anticipation.

My OS is windows XP home edition with service pack 2 installed.

My HJThis log is as follows:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:37:13, on 5/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.ex... Read more

More replies
Relevance 66.01%

Norton says it is a virus and the repair failed. They said to quarantine, which I did. It says quarantine failed. Now they want to delete the file. Do I push the delete button? Anything else I should do?

More replies
Relevance 66.01%

Hey guys -

Yesterday I got an alert from my Norton Internet Security/AntiVirus that they found a Trojan Horse on my comp. I followed the instructions on the website - turne off system restore, restarted in safe mode and did a full system scan - but it only found 1 infected file - it was Adaware. I think it deleted it - so when I started the in normal mode - I scanned my computer with Spybot and AdAware - they removed 7 files total. I also did a trojan scan via http://windowsecurity.com/trojanscan/
I scanned again with Norton and nothing was detected. However, I still am concerned - I remember that when I run a scan with Norton Anti Virus, after it has detected spyware or adware, it asks me to check which ones to delete. I do so, but then it asks which ones I want to exclude - I usually excluded them, and I think that they still are on my computer - because when I look at the scan logs - it says "delete failed" for most of the adware and spyware.

Any suggestions for good trojan scans to make sure I don't have it on the computer anymore, and also how to "unexclude" adware and spyware, etc on Norton AV so that I can properly detect and delete remaining files?

Thanks

-Matt
 

Answer:trojan horse...but not? and Norton AV question...

8 more replies
Relevance 65.6%
Question: Trojan Horse Found

My Symantec Antivirus keeps poping up that it has found a Trojan
AVG keeps poping up that I have a Trojan
I tried to get you a copy of the message but the warning boxes are not poping up right now
Computer is running slow
I cannot open my Symantec using the yellow shield in the bottom right corner or by using the start menu.
This is my first time doing this so bear with me please

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:05:19 AM, on 4/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PRO... Read more

Answer:Trojan Horse Found

Hi and welcome to TSG,

Please close/disable all anti-virus and anti-malware programs so they do not interfere with the running of SDFix and make sure you are disconnected from the Internet after downloading the program but before extracting the files.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with SDFix and remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Remember to re-enable the protection again afterwards before connecting to the Internet.
Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually
Instead of Windows loading as normal, the Advanced Options Menu should appear
Select the first option, to run Windows in Safe Mode, then press Enter
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Ser... Read more

1 more replies
Relevance 65.6%

Just yesterday My avast scanner keeps popping up with a warnign saying "A Trojan horse was found"
I kept deleting the file or moving to chest but the message has been popping up at least a 100 times

I posted hijackthis post

can someone take a look at this
 

Answer:Trojan Horse found, cant get rid of it

Welcome to Major Geeks!

Please read ALL of this message including the notes before doing anything.

Pleases follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide
and attach the requested logs when you finish these instructions.
**** If something does not run, write down the info to explain to us later but keep on going. ****
Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.

After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:

If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
If you cannot seem to login to an infected user account, try using a differe... Read more

21 more replies
Relevance 65.6%

My AVG scanner has found a trojan horse, dropper swicer A on my PC but can't get rid of it. What can I do?

Answer:Trojan Horse found on my PC

Had same thing on my pc a while back AVG found it with the resident scan,ran a full scan and it did clean it but it left nasty affects had to format,might not be like that with you have a lookclick heremight help Regards.

9 more replies
Relevance 65.6%
Question: Trojan Horse found

Hello All! About 2 nights ago i contracted something bad on my computer and i've been getting ambushed by pop-ups ever since.I run my spysweeper and it finds a bunch of stuff and deletes but they come right back.Today it found a trojan horse called Vesbiz Downloader but can't get rid of it.I have hijack this, would that work and what would I look for in the logfile.I have already looked on it but can't find anything matching them words.
 

Answer:Trojan Horse found

HijackThis is not the first or second step. Please follow the steps below:

- Run ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

Make sure you check version numbers and get all updates.

- Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.
After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps below:

- Download HijackThis 1.99.1

- Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

- Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

- Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

- Run HijackThis and save your log file.

- Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).
 

25 more replies
Relevance 65.6%

hello i need some iformation please, I am using an old IBM pc, running windows xp professional, service pack 2, and AVG 7.5 free version.On 14 October the antivirus AVG picked up the following TROJAN Horse 7.MCU, and the next day also it picked up the same only in a different location, and with a different file name. prior to this a few months ago AVG detected  a virus called obfustat.ITZ, now these two are in quaranting in the virus vault, i am wondering if these could cause any harm, should i delete them from the virus vault.And are there any possibilities of having any more viruses. I have run spy bot and no threat  were  found. I would like very much to post a screen shot of the contents in the virus vault, but can't find out how to do it.Any suggestions or help will be very much appreciated.thanks The Saint.

Answer:TROJAN HORSE FOUND BY AVG

You can  create a screen shot by pressing the print screen key . This will usually take the screen shot and place it into the computer clipboard. Once in the clipboard you can use the screen shot in anyway you want, you may upload it to Photobucket and from there you can copy it and paste it here.( the options to copy it are on the  side of the picture , choose copy to forums option .

9 more replies
Relevance 65.6%
Question: trojan horse found

hi guys, hope you all had a splendid christmas. My computor, however seems poorly AVG has found a trojan horse, SHeur.ALJL. Ever since, my laptop has been very slow with pop ups coming and going. Also, it seems to have lost the ability to memorise some settings like having to log in to my regular sites when previously it would automatically go into. Hope you can help. cheers

my computor is running windows vista premium
 

More replies
Relevance 65.6%
Question: trojan horse found

Now on the right post

Hi guys, hope you all had a splendid christmas. My computor, however seems poorly AVG has found a trojan horse, SHeur.ALJL. Ever since, my laptop has been very slow with pop ups coming and going. Also, it seems to have lost the ability to memorise some settings like having to log in to my regular sites when previously it would automatically go into. Hope you can help. cheers

my computor is running windows vista premium
 

More replies
Relevance 65.6%
Question: Trojan Horse found

Hiya, wondered if you could help. I started my computer and it flashed up with the words - 'Trojan horse downloader small AI found in file C:/system volume information\-restore'Any idea what this is? I tried AVG but it found no viruses.

Answer:Trojan Horse found

trojan's are not viruses you need a different program.Regards

10 more replies
Relevance 65.6%

Over the last couple of days, my laptop has been running a bit slower than normal and yestaerday popups kept appearing for shopping pages (ebay etc). I have Malwarebytles free and AVG free on my laptop, AVG found 2 trojan horse Vundo virus' which we put intot he virus vault, last night another scan found trojan horse generic 16. Today we have had less pop ups but any searches result in being redirected to a shopping page! Lots of tracking cookies have been found this morning and malwarebtyees is performing a ful scan as I write. (it currecntly says I have9 infections)

Please help! We are ok on the computer but would really like simple language and simple steps to follow

Thanks

Answer:Trojan horse found - please help

anyone any suggestions?

2 more replies
Relevance 65.6%

hello, My son seems to have infected my computer with a couple of Trojan Horse viruses. I believe all this has come from MSN and my computer has been acting wierd over the last 24hrs or so. AVG has picked them up and healed them but something somewhere is still lurking as AVG is still picking them up. So far I have had something called collected.AF, Downloader generic2.YJS and downloader Agent.HBT. I also seemed to have something on my desktop last night which I have never seen before and that was vset.exe and I have the 888bar. Any help would be greatly appreciated. TIA

Heres my log:

Logfile of HijackThis v1.99.1
Scan saved at 18:38:45, on 28/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Fi... Read more

Answer:Trojan Horse Found Can someone take a look at my HJT log please.

Kids eh!...who would want em?

You have 2 A/V programs by the look of things,I would remove one of them as they dont work in tandem at all.

=============================================
Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing... Read more

3 more replies
Relevance 65.6%
Question: Trojan Horse Found

Did some spring cleaning on my system today. Ran ad-aware, spybot, and avast and a trojan horse (vundo?) was found, then let avast remove it for me. Is everything Kosher now? Thanks in advance.

The following is the result of DDS scan:

DDS (Ver_09-05-14.01) - NTFSx86
Run by The Communist at 15:27:36.20 on Sat 05/30/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1582 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Documents and Settings\The Communist\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Calibrize\CalibrizeResume.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\The Communist\Desktop\dds.scr

============== Pseudo HJT Report ===============

uDefault_Search_URL = hxxp://ie.search.msn.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&a... Read more

Answer:Trojan Horse Found

Howdy there csurugbyhooker and welcome to TSF Forums

I'm Steve and I will be helping you throughout this fix.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. It is IMPORTANT that you don't miss a step. Please perform everything in the correct order/sequence.

Vista users please make sure you all run commands with administrator rights (right click icon - run as administrator)

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription

Please note that the forum is very busy and if I don't hear from you within three days from this initial posting then the thread will be closed.

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

7 more replies