Home > Please Help > Please Help - Potentially Infected By TR/Trash.Gen And TR/Drop.Softomat.AN

Please Help - Potentially Infected By TR/Trash.Gen And TR/Drop.Softomat.AN

AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\$NtUninstallKB902400$\es.dll[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB917953$\tcpip.sys[-] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . A case like this could easily cost hundreds of thousands of dollars. http://ircdhelp.org/please-help/please-help-infected-again.php

Latest detections from avira. Sign In Create Account Body Background skin color theme reset What the Tech Search Advanced Search section: Google This topic Forums Members Help Files Downloads Unreplied Topics View New Content Sorry this is not my computer, I let someone rope me into looking at it for them. Start here -> Malware Removal Forum. official site

A generic detection routine designed to detect common family characteristics shared in several variants. EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . Double-click OTL.exe to run. (Note: if using Vista, Win7 or Win8 use right-click and select Run as Administrator) Copy the text in the code box below and paste it into the I was thinking about replying to that thread with my log file but moved onto the READ & RUN ME FIRST section from Kestrel13's reply first.

  1. c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll[-] 2008-06-20 .
  2. BleepingComputer is being sued by Enigma Software because of a negative post of SpyHunter.
  3. Scan Your PC for Free Download SpyHunter's Spyware Scannerto Detect TR/Trash.Gen * SpyHunter's free version is only for malware detection.
  4. Now click the large button.
  5. The formula for percent changes results from current trends of a specific threat.
  6. c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll[-] 2005-09-01 .
  7. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.
  8. Anyway, I found and uninstalled McAfee Enterprise, but I could not see anything for AVG--nothing in the Add/Remove Programs menu, nothing in the start menu, nor anything in Program Files.
  9. Please read and follow the instructions below for updating and running MBAM.STEP 01Update and Scan with Malwarebytes' Anti-MalwareStart MalwareBytes AntiMalware (Vista users must Right click and choose RunAs Admin)Please DO NOT
  10. In addition to the effective scoring for each threat, we are able to interpret anonymous geographic data to list the top three countries infected with a particular threat.

scan completed successfullyhidden files: 0**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------[HKEY_USERS\S-1-5-21-343818398-1580436667-839522115-1003_Classes\Software\CLASSES\CLSID\{25EB5E92-21B4-AF9A-CF56-99DD81D12200}*\InprocServer32]"{25EB5E92-21B4-AF9A-CF56-99DD81D12200}"=hex:c9,18,b0,bc,db,b6,1f,e3,6f,06,a7, 62,2b,25,8b,d1,a9,55,4a,3e,75,70,21,3b,c9,18,b0,bc,db,b6,1f,e3,c9,18,b0,bc,\[HKEY_USERS\S-1-5-21-343818398-1580436667-839522115-1003_Classes\Software\CLASSES\CLSID\{772C157C-6EA6-0BEC-779D-78172C930E9F}*\InprocServer32]"{772C157C-6EA6-0BEC-779D-78172C930E9F}"=hex:ce,fb,c2,cb,c4,83,53,66,3b,29,cb, 82,b9,fa,af,04,b4,ec,ba,f5,95,a9,63,96,ce,fb,c2,cb,c4,83,53,66,ce,fb,c2,cb,\[HKEY_USERS\S-1-5-21-343818398-1580436667-839522115-1003_Classes\Software\CLASSES\CLSID\{7FFBE496-6CB5-91E2-7653-8972D7475AFE}*\InprocServer32]"{7FFBE496-6CB5-91E2-7653-8972D7475AFE}"=hex:1e,0f,d1,30,6c,e5,63,8f,49,07,b6, 0b,5d,bb,1e,ea,9d,2d,54,8e,d6,dc,20,0e,1e,0f,d1,30,6c,e5,63,8f,1e,0f,d1,30,\[HKEY_USERS\S-1-5-21-343818398-1580436667-839522115-1003_Classes\Software\CLASSES\CLSID\{9DBE6176-ED89-74C1-8C99-1FAA08DDDE0A}*\InprocServer32]"{9DBE6176-ED89-74C1-8C99-1FAA08DDDE0A}"=hex:47,83,88,a8,ca,21,f4,e8,a3,71,af, bc,07,fc,2c,af,7a,a8,0b,3f,65,72,15,b5,47,83,88,a8,ca,21,f4,e8,47,83,88,a8,\[HKEY_USERS\S-1-5-21-343818398-1580436667-839522115-1003_Classes\Software\CLASSES\CLSID\{BE1F9496-943E-3CC1-DCDE-7313DE3E1097}*\InprocServer32]"{BE1F9496-943E-3CC1-DCDE-7313DE3E1097}"=hex:b7,5d,70,6a,df,96,53,09,ec,93,49, 38,c7,6c,d1,0f,88,4b,2d,35,78,27,35,45,b7,5d,70,6a,df,96,53,09,b7,5d,70,6a,\.--------------------- DLLs Loaded Under Running Processes ---------------------- - - - - - - > 'winlogon.exe'(696)c:\program files\SUPERAntiSpyware\SASWINLO.dllc:\windows\system32\WININET.dllc:\windows\system32\Ati2evxx.dll.Completion time: 2009-10-28 Please help me finish this cleanup.Here is scan 1:Malwarebytes' Anti-Malware 1.41Database version: 2919Windows 5.1.2600 Service Pack 310/25/2009 7:02:38 PMmbam-log-2009-10-25 (19-02-38).txtScan type: Full Scan (C:\|)Objects scanned: 201700Time elapsed: 1 hour(s), 45 minute(s), Make sure all other windows are closed and to let it run uninterrupted.When the window appears, underneath Output at the top change it to Minimal Output.Check the boxes beside LOP Check c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ndis.sys[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . .

Go to add/remove programs and uninstall HijackThis. c:\windows\system32\drivers\ntfs.sys[-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . Next to the percentage change is the trend movement a specific malware threat does, either upward or downward, in the rankings. Logfile of Trend Micro HijackThis v2.0.4Scan saved at PM 8:34:26, on 24/10/2011Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\SUPERAntiSpyware\SASCORE.EXEC:\WINDOWS\System32\svchost.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\ESET\EAVService\EavService.exeC:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exeC:\Program

I hope its still curable though and i promise not to do any more things on my own from now onwards without your instruction . Here's how it works. WE'RE SURE THAT YOU'LL LOVE US! I can't quite remember the full details, but it involved a error with Minecraft and the only fix i could find was telling me to turn my antivirus off, so i

It is. Click the "Report File" button and copy and paste this report in your next reply together with a new HijackThislog.Then we'll start from there, because it really makes no sense otherwise AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . For a specific threat remaining unchanged, the percent change remains in its current state.

c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\comctl32.dll[-] 2006-08-25 . 11B508E0D26622D2BD25B60033245F6A . 925184 . . [6.0] . . navigate here It's continued detecting more and more and the latest is TR/Drop.Softomat.AN. c:\windows\system32\es.dll[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . .

Please download OTL by OldTimer. c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll[-] 2008-07-07 20:06 . ReleK, Jan 14, 2014 #6 chaslang MajorGeeks Admin - Master Malware Expert Staff Member Okay then since nothing works, you will have to hold in the power button to power down. Check This Out c:\windows\system32\lpk.dll[-] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . .

Just look for the most recent .log file. c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\lsass.exe[-] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . .

Did we mention that it's free.

If you have Avira, you’ll get that update too. Share this post Link to post Share on other sites miekiemoes    Forum Deity Moderators 8,339 posts Location: Belgium ID: 13   Posted October 29, 2009 Julia, Please see here: http://www.malwarebytes.org/forums/index.php?showtopic=24605If Please click here if you are not redirected within a few seconds. c:\windows\$NtUninstallKB900725$\linkinfo.dll[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . .

Can't Remove Malware? Many thanks for the response . The topics you are tracking can be found by clicking on My Topics at the top of any page. this contact form Firefox I assume.

c:\windows\system32\dllcache\cryptsvc.dll[-] 2008-04-13 . ThanksK....First the new MB scan:Malwarebytes' Anti-Malware 1.41Database version: 2878Windows 5.1.2600 Service Pack 29/30/2009 6:35:44 PMmbam-log-2009-09-30 (18-35-44).txtScan type: Quick ScanObjects scanned: 108124Time elapsed: 14 minute(s), 14 second(s)Memory Processes Infected: 0Memory Modules Infected: c:\windows\system32\netlogon. AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . .

Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra This special detection routine was developed in order to detect unknown variants and will be enhanced continuously. Attached Files: 01222014_133402.log File size: 51.7 KB Views: 2 MGlogs.zip File size: 241.8 KB Views: 1 ReleK, Jan 22, 2014 #15 chaslang MajorGeeks Admin - Master Malware Expert Staff Member Your c:\windows\system32\dllcache\null.sys[-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . .

My previous topic seems to have petered out.3. chaslang, Jan 24, 2014 #16 (You must log in or sign up to reply here.) Show Ignored Content Share This Page Your name or email address: Do you already have an A0102343.exe - TR/Rogue.9849688Click to expand... Close OTM.