Home > Help > HELP - Trojan Horse -- AIM6\uninst.exe

HELP - Trojan Horse -- AIM6\uninst.exe

what should i do? Page 1 of 4 123 ... HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Quarantined and deleted successfully. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C Code: KillAll:: File:: C:\WINDOWS\tasks\xsjadyzc.job C:\WINDOWS\system32\kjijPqru.ini2 C:\WINDOWS\system32\swqvvuop.ini C:\WINDOWS\system32\kjijPqru.ini C:\WINDOWS\system32\rn.tmp C:\WINDOWS\zip.exe C:\WINDOWS\VFIND.exe C:\WINDOWS\SWXCACLS.exe C:\WINDOWS\SWSC.exe C:\WINDOWS\SWREG.exe C:\WINDOWS\sed.exe C:\WINDOWS\NIRCMD.exe check over here

Record Number: 4856 Source Name: Service Control Manager Time Written: 20081102153030.000000-480 Event Type: information User: NT AUTHORITY\SYSTEM Computer Name: CHARMIAN Event Code: 7035 Message: The Remote Access Connection Manager service was Select a target to scan: Click on "My Computer" and the scan will begin.8. Log Logfile of random's system information tool 1.04 (written by random/random) Run by Owner at 2008-11-11 19:24:35 Microsoft Windows XP Professional Service Pack 3 System drive C: has 120 GB (83%) Please click here if you are not redirected within a few seconds.

here is whats in the vault can anyone please give me some advice Trojan horse Generic14.AUHC";"C:\Users\Administrator\AppData\Local\Temp\ECC6.tmp Trojan horse Generic14.AUHC";"C:\Users\Administrator\AppData\Local\Temp\7416.tmp Trojan horse Generic14.AUHC";"C:\Users\Administrator\AppData\Local\Temp\5A5E.tmp Trojan horse SHeur2.AWOR";"C:\Windows\System32\SystemX86\255.serial.zip Trojan horse SHeur2.AWKT";"C:\Windows\System32\SystemX86\254.keygen.zip Trojan horse SHeur2.AWOJ";"C:\Windows\System32\SystemX86\253.crack.zip It must be Notepad, not Wordpad. 2. Viewpoint is foistware installed without your permission, please remove it as well.NEXTUse Windows Explorer and remove the following (if present):C:\Program Files\BearShare <-- This is an application known to install NewDotnet infection,

If you think you have similar problems, please post a log in the HJT forum and wait for help. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a8eaf5b6-6f61-4607-8b11-81c72ba9e4a6} (Trojan.Vundo.H) -> Quarantined and deleted successfully. Go to Start > Run > type Notepad.exe and click OK to open Notepad. Do not worry, the points below are not any form of rules, it's just a few pointers that can ensure that you will get the best help from me.

HKEY_CLASSES_ROOT\Typelib\{8e3c68cd-f500-4a2a-8cb9-132bb38c3573} (Trojan.BHO) -> Quarantined and deleted successfully. LinkBack LinkBack URL About LinkBacks Thread Tools Show Printable Version Email this Page… Subscribe to this Thread… 01-11-200911:26 PM #1 Charms Member Join Date Jan 2009 Posts 19 Points 0 Computer Let SCars do it for you. her latest blog Please observe these rules while we work: Please Read All Instructions Carefully If you don't understand something, stop and ask!

If you have any doubts or uncertainty about any part of my instructions, feel free to post on here and ask me about them. Be sure top save it to the Desktop. Newer Than: Search this thread only Search this forum only Display results as threads Useful Searches Recent Posts More... any help is appreciated!new scan of anti-malware got this trojan.vundo heres a logMalwarebytes' Anti-Malware 1.23Database version: 985Windows 5.1.2600 Service Pack 23:58:19 AM 7/24/2008mbam-log-7-24-2008 (03-58-19).txtScan type: Quick ScanObjects scanned: 49588Time elapsed: 11

Merged topics. ~ OB Back to top #3 thcbytes thcbytes Malware Response Team 14,790 posts OFFLINE Gender:Male Local time:09:20 AM Posted 30 September 2009 - 08:46 PM Hello and welcome Last Jump to page: « Previous Thread | Next Thread » Menu - Home - Help! To ensure that you are informed of the latest replies to your thread, you may like to right click on Options at the top right hand corner of this page and I gave up trying to "heal" the infected files and just simply moved them to my Virus Vault.

button:Under Save as type select Text file write name for the file and save it to your Desktop.Locate the file at the Desktop, open it, then copy and paste that information check my blog Don't keep going on. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. Record Number: 4855 Source Name: Service Control Manager Time Written: 20081102153030.000000-480 Event Type: information User: CHARMIAN\Char Computer Name: CHARMIAN Event Code: 7036 Message: The Telephony service entered the running state.

C:\WINDOWS\system32\rqplzg.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. Please reply to this thread. Start here -> Malware Removal Forum. this content HKEY_CLASSES_ROOT\AppID\{a0e1054b-01ee-4d57-a059-4d99f339709f} (Trojan.BHO) -> Quarantined and deleted successfully.

Thanks for your patience and understanding. 0 #3 Ltangelic Posted 28 October 2008 - 12:08 AM Ltangelic Angel Annihilator of Malware Retired Staff 2,008 posts Hey ruroken,I don't see much in Register now! Free Computer Help.

HKEY_CLASSES_ROOT\CLSID\{a8eaf5b6-6f61-4607-8b11-81c72ba9e4a6} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

The fixes are specific to your problem and should only be used for the issues on this machine. SEO by vBSEO 3.5.2 Please click here if you are not redirected within a few seconds. Please save it to a convenient location.The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txtOr at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txtPost that log back here. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged

Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Need help remembering Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. have a peek at these guys Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.If you do not receive notice about possible rootkit activity remain

All rights reserved. Please go to C:\RSIT folder and locate info.txt and post the log here. 0 #8 ruroken Posted 29 October 2008 - 11:03 PM ruroken Member Topic Starter Member 49 posts info.txt Record Number: 1658 Source Name: SecurityCenter Time Written: 20090112214354.000000-480 Event Type: information User: Computer Name: CHARMIAN Event Code: 1 Message: Record Number: 1657 Source Name: avg8emc Time Written: 20090112214354.000000-480 Event Type: Messenger" "C:\Program Files\Windows Media Player\wmplayer.exe"="C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player" "C:\Documents and Settings\Administrator\Desktop\NR2003.exe"="C:\Documents and Settings\Administrator\Desktop\NR2003.exe:*:Disabled:NASCAR Racing 2003 Season" "C:\Program Files\BDR Motorsports SkinHound\Skinhound.exe"="C:\Program Files\BDR Motorsports SkinHound\Skinhound.exe:*:Disabled:Skinhound" "C:\Papyrus\NASCAR Racing 2003 Season\NR2003.exe"="C:\Papyrus\NASCAR Racing 2003

Post that log (Combofix.txt) in your next reply. Show Ignored Content As Seen On Welcome to Tech Support Guy! Click "Allow"5. Wait for the scanner to initialize and update its databases.

Trojan Horse Generic10.bhes Started by Vince86 , Jul 24 2008 02:16 AM This topic is locked 14 replies to this topic #1 Vince86 Vince86 Members 84 posts OFFLINE Local time:10:20 Join our site today to ask your question. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff