We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide
Trojan Possibly Crashing Avira?
Fire_Fox
Posts: 26,026 Forumite
in Techie Stuff
I have previously had a trojan and some excellent advice from you guys to delete the same. As a result I am currently running Avira (up to date version, last clean scan 10 Feb) plus use Malwarebytes every so often (up to date version, last clean scan 11 Feb), still on Windows firewall as couldn't work the recommended one. 
I have always been on Firefox as browser.
For a few months my laptop has been turning itself off occasionally with no warning usually in the middle of an Avira scan, but about ten days ago also happened when I tried to update MWB. Had to uninstall, reinstall and update and then worked fine with a clean full scan.
Just now I had a trojan try to access my computer, now I think about it this is not the first time. Today I only had one window (MSE) open so I pressed quarantine. I have TR/ agent.92676 trojan.
Now I think maybe I have had this trojan for ages and all the crashing was down to the trojan ...
Anyway, not really sure what to do as Avira and Malwarebytes keep crashing and haven't found anything in the past?? Do I just keep trying until they find something? I am not very technical so please be gentle.
I have always been on Firefox as browser.For a few months my laptop has been turning itself off occasionally with no warning usually in the middle of an Avira scan, but about ten days ago also happened when I tried to update MWB. Had to uninstall, reinstall and update and then worked fine with a clean full scan.
Just now I had a trojan try to access my computer, now I think about it this is not the first time. Today I only had one window (MSE) open so I pressed quarantine. I have TR/ agent.92676 trojan.
Now I think maybe I have had this trojan for ages and all the crashing was down to the trojan ...Anyway, not really sure what to do as Avira and Malwarebytes keep crashing and haven't found anything in the past?? Do I just keep trying until they find something? I am not very technical so please be gentle.
Declutterbug-in-progress.⭐️⭐️⭐️ ⭐️⭐️
0
Comments
-
Hi Fire Fox
Okay, first things first.
Scan again with Malwarebytes but update first before scanning.
Delete anything Malwarebytes finds.
Then post the Malwarebytes log file here.0 -
Download HIJACK THIS (Make sure you click 'DOWNLOAD LATEST VERSION')
http://www.filehippo.com/download_hijackthis/
Click MAIN MENU then DO A SYSTEM SCAN AND SAVE A LOGFILE(Takes seconds) then post the log so we can see whats running
(do NOT do anything else with Hijack but scan and post the FULL log)
reboot
Keep pressing F8 to go into SAFE MODE WITH NETWORKING
Attempt to UPDATE and SCAN with malwarebytes from there (Switch OFF aviras guard if its on)
Post the WHOLE log:idea:0 -
Hi Fire Fox
Okay, first things first.
Scan again with Malwarebytes but update first before scanning.
Delete anything Malwarebytes finds.
Then post the Malwarebytes log file here.
Thank you: I ran SuperAntiSpyware last night (after updating) and it found nothing. Malwarebytes also found nothing!
Malwarebytes' Anti-Malware 1.44
Database version: 3779
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18882
23/02/2010 14:15:53
mbam-log-2010-02-23 (14-15-53).txt
Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 230041
Time elapsed: 1 hour(s), 2 minute(s), 16 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)Declutterbug-in-progress.⭐️⭐️⭐️ ⭐️⭐️0 -
Download HIJACK THIS (Make sure you click 'DOWNLOAD LATEST VERSION')
http://www.filehippo.com/download_hijackthis/
Click MAIN MENU then DO A SYSTEM SCAN AND SAVE A LOGFILE(Takes seconds) then post the log so we can see whats running
(do NOT do anything else with Hijack but scan and post the FULL log)
reboot
Keep pressing F8 to go into SAFE MODE WITH NETWORKING
Attempt to UPDATE and SCAN with malwarebytes from there (Switch OFF aviras guard if its on)
Post the WHOLE log
Thank you: I already have Hijack This but it is a year old, I can't see how to update or uninstall??Declutterbug-in-progress.⭐️⭐️⭐️ ⭐️⭐️0 -
Just click on the link in Riks post or hereThank you: I already have Hijack This but it is a year old, I can't see how to update or uninstall??4.8kWp 12x400W Longhi 9.6 kWh battery Giv-hy 5.0 Inverter, WSW facing Essex . Aint no sunshine ☀️ Octopus gas fixed dec 24 @ 5.74 tracker again+ Octopus Intelligent Flux leccy
CEC Email energyclub@moneysavingexpert.com0 -
I am sooooo thick, it told me to 'run as administrator' and I was clicking on the shortcut instead of the start menu icon!!!!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:47:16, on 23/02/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
C:\Program Files\Dantz\Retrospect Express HD\RetroExpress.exe
C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
C:\Program Files\Maxtor\OneTouch\Utils\OneTouch.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Users\Kitty McKatty\AppData\Local\Valued Opinions\PanelApp\PanelApp.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\3\3Connect\AutoUpdateSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [lxdxmon.exe] "C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe"
O4 - HKLM\..\Run: [lxdxamon] "C:\Program Files\Lexmark 3600-4600 Series\lxdxamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NielsenOnline] C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe /h
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [PanelApp] C:\Users\Kitty McKatty\AppData\Local\Valued Opinions\PanelApp\PanelApp.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe (User 'Default user')
O4 - Global Startup: Update Agent.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: CopySafe Helper Service (CSHelper) - Unknown owner - C:\Windows\system32\CSHelper.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: lxdxCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdxserv.exe
O23 - Service: lxdx_device - - C:\Windows\system32\lxdxcoms.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PanelSvc - Unknown owner - C:\Program Files\Valued Opinions\PanelApp\PanelSvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect Express HD\retrorun.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe
--
End of file - 7873 bytesDeclutterbug-in-progress.⭐️⭐️⭐️ ⭐️⭐️0 -
Anything that says Nielsen is spying on my use of the internet with my full permission so the company can send me paid surveys, I also get paid for it being there. Neilsen is a huge market research company and the software was downloaded from a reputable source. This was questioned last time, and it doesn't seem to cause any problems on the machine. Thank you for your time, much appreciated! :TDeclutterbug-in-progress.⭐️⭐️⭐️ ⭐️⭐️0
-
TICK and FIX these ~
O4 - HKUS\S-1-5-18\..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe (User 'Default user')
O4 - Global Startup: Update Agent.lnk = ?
The only other things in the log are your surveys. Theres a fair chance they dont help matters but obviously thats entirely your call
Please run COMBOFIX
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Shut down your anti virus
Follow the simple instructions it gives
Post the COMPLETE log it creates here (Split into sections if need be)
If it comes up with a RENAMING error then RIGHT click the exe file and RENAME and call it QWERTY (Making the complete file name 'QWERTY.exe') Or SAVE as 'QWERTY' on download:idea:0 -
Also still on SP1?Move along, nothing to see.0
-
Please run COMBOFIX
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Shut down your anti virus
Follow the simple instructions it gives
Post the COMPLETE log it creates here (Split into sections if need be)
If it comes up with a RENAMING error then RIGHT click the exe file and RENAME and call it QWERTY (Making the complete file name 'QWERTY.exe') Or SAVE as 'QWERTY' on download
I have fixed the three issues, thank you. I have downloaded Combofix but I don't have an icon on my desktop, if I search in my start menu I do find Combofix. I can double click and then it says "Windown cannot find Combofix(2).exe. Make sure you typed the name correctly and then try again." If I right click and try to run as administrator I get the little coloured bar and all the icons on my desktop flash like it has loaded, but that's it no instructions or log or renaming error. And I have two Hijackthis icons on my start menu and they are both the new Beta version but I only downloaded that once! Declutterbug-in-progress.⭐️⭐️⭐️ ⭐️⭐️0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 354.4K Banking & Borrowing
- 254.4K Reduce Debt & Boost Income
- 455.4K Spending & Discounts
- 247.3K Work, Benefits & Business
- 604.1K Mortgages, Homes & Bills
- 178.4K Life & Family
- 261.6K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards