Trojan virus

March 15, 2010 at 19:48:45
Specs: Windows Vista
I have Trend Micro and it found TROJ_GEN.MZ40L8 trojan virus that it can't remove. I've tried Malware bytes, trend house call, windows defender and I just can't get rid of it. Please help me. thank you

See More: Trojan virus

Report •


#1
March 15, 2010 at 20:04:31
Please download and install the latest version of HijackThis v2.0.2:


Download the "HijackThis" Installer from this link:
Hijack This


1. Save " HJTInstall.exe" to your desktop.
2. Double click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.


Report •

#2
March 15, 2010 at 22:22:24

Report •

#3
March 15, 2010 at 23:54:08
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:49:02 AM, on 3/16/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Common Files\aol\1263722270\ee\aolsoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\ION\EZ VHS Converter\MediaTVMonitor.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\AOL 9.5\waol.exe
C:\Program Files\AOL 9.5\shellmon.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Users\Linda-PC\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AOL Toolbar Search Class - {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files\AOL Toolbar\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: AOL Toolbar Loader - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1263722270\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.5\AOL.EXE" -b
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: EZ VHS Converter Monitor.lnk = C:\Program Files\ION\EZ VHS Converter\MediaTVMonitor.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\Windows\system32\Shdocvw.dll
O13 - Gopher Prefix:
O16 - DPF: {5BCC24A7-7D3F-4CC9-AC86-4380FCD68D1E} (PCInfoOcxEN Control) - http://esupport.trendmicro.com/_lay...
O17 - HKLM\System\CCS\Services\Tcpip\..\{4BD89E04-22D7-4C1F-8A80-B9D440F266E0}: NameServer = 71.250.0.12 71.242.0.12
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9635 bytes


Report •

Related Solutions

#4
March 16, 2010 at 04:05:12
Go to start> control panel> click the Java icon> update tab> update now and allow Java to update. If you are prompted for any add-ons uncheck the box and continue. The newest Java is version 6 update 18.

Remember..your Trend Micro antivirus and Windows Defender must be turned off or disabled before running ComboFix. The clickable link "This Link" in the ComboFix tutorial will help you get them disabled.

Please download ComboFix to the desktop from one of the following links:

ComboFix

Rename the setup file, combofix.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename combofix.exe to to Combo-Fix> click save.
Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.
If you are using Firefox, make sure that your download settings are as follows:
Tools->Options->Main tab
Set to "Always ask me where to Save the files".

Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
Double click on Combo-Fix.exe & follow the prompts.
Install the recovery console when asked.
When finished, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" .
Note: Do not mouseclick combo-fix's window while it's running. That may cause it to hang.


Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything unless told to do so while we are fixing your problem.


Report •

#5
March 16, 2010 at 11:28:29
hey it is a false positive hijack this doesn't provide a detailed report on vista

Report •

#6
March 16, 2010 at 11:33:15

Report •

#7
March 16, 2010 at 12:28:20
What is a false positive hi jack? I believe you, but I don't know what it is, and how do I get rid of it. It keeps coming up in my Trend Micro scan. I did the Trend Micro Twin Fix, and it's still there. Windows Defender doesn't show it, House call doesn't pick it up, malware bytes doesn't pick it up either. I went into the Communitydell.com site you gave me, but there is nothing there. it was a blank page
it says it's in the Folder path
C:\program files\common files\aol\acs\
infected file XPAT.dll
I just did a full scan now and it showed the Trojan twice. I clicked to fix it, and it deleted and fixed one, but the other one it couldn't fix. Yet they were the same virus.
Thank you

I read about XPAT.dll and I know it's an important file. I can't figure out how to delete it in the folder path or program file. Thank you. I'm not a genius on the computer, but I can follow easy step by step instructions. Thank you.


Report •

#8
March 16, 2010 at 12:42:03
did you try trojan remover?
If that doesn't find the problem you can try Hitman Pro
That should nip it in the bud.

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

#9
March 16, 2010 at 15:32:41
its a FALSE POSITIVE it isn't a virus! read that whole forum it has a solution that isn't complicated i will post the link to the patch

Report •

#10
March 16, 2010 at 15:42:38
this is from that forum and i no (at least in my opinion)that its true bc i have worked on vista comps. this is what they said to somebody with ur problem.

Hi Andrea,

While we appreciate their trying to assist, the members who replied are not on the list of trained helpers at the top of this forum, so they may not be aware that HijackThis does not give an accurate output log for Vista 64-bit systems. Before we run additional diagnostic tools, I am wondering if this may be a false positive. Please update Trend Micro, reboot, and run another scan. Is that problem still showing up?

If so, you could also get a second opinion from an online virus scan by Kaspersky from HERE.

1. At the main page. Press on "Accept". After reading the contents.
2. At the next window Select Update. Allow the Database to update.
Note: If prompted to run or update your Java, then follow the prompts to do so. Kaspersky requires Java to run.
3. Once the Database has finished, under the Scan icon Select My Computer to start the scan. The scan may take a few minutes to complete.
4. Select Scan Report.
5. If any threats were found they will appear in the report
6. Select "Save error report as"
Then in the file name just type in kaspersky
Under "save as type" select text .txt
Save it to your Desktop.

Copy and post the results of the Kaspersky Online scan. If no threats were found then report that as well.


Report •

#11
March 16, 2010 at 15:44:15
and as i have noticed u operate using vista so this might b ur problem if u aren't using 64-bit then sorry it isn't a false positive i just wanted to b sure b4 u delete something that u shouldn't

Report •

#12
March 16, 2010 at 21:35:46
Thank you for all the info. I think my computer is 32 bit. It's just kind of strange that nothing else is picking this virus up except Trend Micro.
Trojan remover and hitman pro. I haven't tried that yet. Are these free to use?
I was just told today that you can never get rid of Trojan viruses, and the only way is to format your computer. Please tell me that is not true. I'll be sick. :(
I just wish I knew how to find the file and delete it. I don't think the file is all that important.
Thank you all.

Report •

#13
March 17, 2010 at 07:45:58
Hi Everyone,
Just want to thank you all again. I got rid of the virus. I ran the trend micro scan and it's not there. I started deleting files. I believe I found the one. :)

Report •

#14
March 17, 2010 at 08:02:47
Trojan remover and hitman pro
If you had at LEAST gone to the download site you would have seen that they are BOTH fully functional trials for 30 days.
Sometimes I wonder why we try to help when people don't even make an effort to try a solution. Those 2 are about the best to remove almost any infection ;-)
Oh well

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

#15
March 17, 2010 at 09:54:35
Dear XpUser4Real,
I did go to Hitman pro. I saved it in my email. I was very appreciative of these sites and I have them saved if God forbid I ever have a problem again. You were truly helpful in sending me those sites. I didn't know they existed. I just wanted to try one thing before I downloaded Hitman pro. I was looking through files that were dated within the last few days that I know weren't connected to anything I was using and may have been files left over from a converter that I installed online and turned out to be usless. Then I decided to run my scan one more time before I used the Hitman Pro. I was shocked that it came up clean. To make sure, I ran the full scan again, and it's definitely gone. So please believe me, I have every suggestion saved in my files for future use if I ever run into this again. Please except my thank you and know that your help and expertise are very much appreciated. (I did make a mistake thinking I was downloading Trojan remover) At the bottom of this page, I saw Trojan remover download, which I though you were talking about, and I started downloading it, but it was wanting to download anti virus too. I already have trend micro, and was always told to only have one Virus Scanner. It actually wasn't trojan remover. It was Spyware something, I forgot the name. I have Hitman Pro tucked away for future use, and hoping I never have to use it. :) Everyone that offered me help, I just want to say Thank You.
God Bless

Report •

#16
March 17, 2010 at 11:28:35
no problem, apology accepted, also keep note of trojan remover as it may help you in further problems:
http://www.simplysup.com/tremover/d...
Run it untill it is clean and then you can uninstall it. Same as the Hitman Pro.

Trend Micro, I've uninstalled that on many PC's and installed Avast free which IMO is an awesome anti-virus program.

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

#17
March 17, 2010 at 12:12:33
Thanks again. I do have to admit, I'm disappointed in trend micro, but I just paid for it for the year about a month ago. I thought they were one of the best. I guess I was wrong. Thanks again for everything. Happy St. Patricks Day!!

Report •

Ask Question