Home > Problem With > Problem With Trojen C:\drsmartload45a.exe

Problem With Trojen C:\drsmartload45a.exe

avg finds a few viruses and heals them but they come back. I have pasted the log file below, if you please look at them. C:\WINDOWS\system32\ddcca.dll -> Adware.Virtumonde : Cleaned with backup (quarantined). Click Sweep Now on the left side. check over here

General Computing Anti-Spyware Software General Off Topic Feedback Announcements Newsgroups Virus Information Spyware Computer Security i ran BFU. that you get through AIM. C:\Documents and Settings\Chris\Local Settings\Temporary Internet Files\Content.IE5\8J7RQC59\ac3[1].txt -> Downloader.Agent.awb : Cleaned with backup (quarantined).

C:\Documents and Settings\Chris\Cookies\[email protected][2].txt -> TrackingCookie.Tribalfusion : Cleaned. Logfile of HijackThis v1.99.1 Scan saved at 9:20:28 AM, on 9/9/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\Ati2evxx.exe Javascript Disabled Detected You currently have javascript disabled. When you have done this, go here and run the online scanner (disable your antivirus program first).

  1. Click on "Scanner" and choose "Settings". 2.
  2. You're so helpful!
  3. If you guys could check the logfile and make sure that there are no more unwanted things on my computer, that'd be great.
  4. I personally prefer Spybot, because of its low memory footprint, but they're both good.
  5. Be sure to follow ALL instructions!
  6. is a number of two digits.
  7. Look2Me-Destroyer will now shutdown your computer, click OK. * Your computer will then shutdown. * Turn your computer back on. * Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis

Just a thought. Thread Status: Not open for further replies. Free Computer Help. Mon May 08 08:49:27 2006 => File C:\WINDOWS\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\041C0000.VBN infected by "Trojan-Downloader.Win32.Qoologic.bj" Virus.

C:\Documents and Settings\Chris\Cookies\[email protected][2].txt -> TrackingCookie.Kmpads : Cleaned. by the way, dvk01, i don't understand what you want me to upload to that forum? C:\Documents and Settings\Chris\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned. get redirected here C:\Documents and Settings\Chris\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned.

If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory. Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [Microsoft IntelliType Unfortunately I dont have the excellent list of helper forums at hand, but you shld post a HJT log to one of the following forums: http://www.bleepingcomputer.com http://www.spywareinfo.com http://www..castlecops.com http://forums.tomcoyote.org ....forgive me Select either Home User or Company.

C:\Documents and Settings\Chris\Cookies\[email protected][2].txt -> TrackingCookie.Clickhype : Cleaned. http://tweaks.azurewebsites.net/forum/topic/196955/i-have-aemena-problems-too/2/ Attempting to delete: C:\System Volume Information\_restore{66F23E54-A1A0-4309-B298-096C8FB5561D}\RP344\A0092607.dll C:\System Volume Information\_restore{66F23E54-A1A0-4309-B298-096C8FB5561D}\RP344\A0092607.dll Deleted successfully! Last week I decide I should finally install the McAfee program that I bought for this purpose. Mon May 08 08:49:28 2006 => File C:\WINDOWS\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04100000.VBN infected by "Trojan-Downloader.Win32.Qoologic.bj" Virus.

Code: Logfile of HijackThis v1.99.1 Scan saved at 1:06:00 PM, on 6/14/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe http://ircdhelp.org/problem-with/problem-with-avg.php Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [Microsoft IntelliType If you receive this keep trying to run kavupd.exe, it means the definition server is busy, but you will eventually get through. A new report-file will be created under C:\ Please copy and paste the last 30 days of this file to your thread.

Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_0.dll O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ALi5289] C:\Program Files\ULI5289\ALi5289.exe O4 So it looks like things are getting better. Back to top BC AdBot (Login to Remove) BleepingComputer.com Register to remove ads #2 quietman7 quietman7 Bleepin' Janitor Global Moderator 47,093 posts OFFLINE Gender:Male Location:Virginia, USA Local time:10:00 PM this content For additional help in booting into Safe Mode, see the following site:http://www.pchell.com/support/safemode.shtml Once in Safe Mode, please run Ewido, and do a full scan.

C:\Documents and Settings\Chris\Cookies\[email protected][1].txt -> TrackingCookie.Addynamix : Cleaned. Qoofix [9/6/2006] at [2:45:52 PM] But that doesn't matter now... -- i really dont want to have to reboot is there anything i can do? Also do not use your computer during the scan).

Double click on combo.exe & follow the prompts. 2.

C:\RECYCLER\NPROTECT\00369221.dll Infected! If CTH has helped you, please consider liking and sharing us on Facebook Search Forums Show Threads Show Posts Advanced Search Go to Page... Half of your hijackthis log is still malware... It will prompt you to update to the latest definitions, click Yes.

Zone Alarm is no longer telling me that this services.exe file is trying to access the internet. Attempting to delete: C:\RECYCLER\NPROTECT\00369861.dll C:\RECYCLER\NPROTECT\00369861.dll Deleted successfully! Under "Script file to execute" choose "Input Script Manually". http://ircdhelp.org/problem-with/problem-with-www-0dp.php CONTRIBUTE TO OUR LEGAL DEFENSE All unused funds will be donated to the Electronic Frontier Foundation (EFF).

drsmartload[1].exe current detection dollarrevenue Trojan http://vil.nai.com/vil/content/v_139042.htm -- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm David H. Action Taken: File Renamed. C:\Documents and Settings\Chris\Cookies\[email protected][2].txt -> TrackingCookie.Bfast : Cleaned. Try our mobile theme.

C:\Documents and Settings\Chris\Cookies\[email protected][1].txt -> TrackingCookie.Adbrite : Cleaned. Can you upload that ZIP file with your next reply? 0 Discussion Starter jd51edwin 10 Years Ago Hi swatkat......the tasks seemed to go okay....here are the files you asked for: 1) I have seen these fuiles that are Trojans. > > Where ?? RichieUK 36762 posts ModeratorsPosted 10 years, 283 days ago Strange,ok if you're certain it's not there:Boot into Safe Mode,find and delete if present:C:\WINNT\system32\bitsec.exeC:\WINNT\SYSTEM32\wxtwdx.dllReboot normally,run ATF Cleaner. ======================Click on Start>Run,type regedit press

This occurs unknown to the user.Status: QuarantinedInfected files detectedc:\whcc2.exe SpySheriff Rogue Security Program more information...Details: SpySheriff is a purported anti-spyware application to scan for and remove spyware from users' computers.Status: QuarantinedInfected There are two possibilities: You may want to flatten and rebuild your system in a short time to get it cleaned up or we can try to clean it up. Next, please reboot your computer in Safe Mode by doing the following: 1) Restart your computer 2) After hearing your computer beep once during startup, but before the Windows icon appears, Posts 14,022 Points 2335 I wish you'd run combofix first...