Home > General > Trojan.ExeShell.Gen

Trojan.ExeShell.Gen

I've noticed that my own Win 7 reg keys for NetBT are a little different from the XP one I gave you.Now it cannot start normallyPlease explain. Your cache administrator is webmaster. C:\Users\Steve\Local Settings\iei.exe (Trojan.FakeAV) -> Quarantined and deleted successfully. Checking service configuration: The start type of Dhcp service is OK. Source

uStart Page = hxxp://www.yahoo.com TCP: DhcpNameServer = 192.168.0.1 Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll . - - - - ORPHANS REMOVED - - - - . LAN connected. C:\Users\Steve\Local Settings\Application Data\hsx.exe (Trojan.ExeShell.Gen) -> Quarantined and deleted successfully. Back to top #2 cnm cnm Mother Lion of SWI Administrators 25,317 posts Posted 14 December 2011 - 03:27 PM Hello needhelponcomputer.Download a new Malwarebytes' Anti-Malware from HereDouble Click mbam-setup.exe to

Please run Farber and ComboFix (download a new copy, it was just updated). uStart Page = hxxp://www.yahoo.com TCP: DhcpNameServer = 192.168.0.1 Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - . - - - - ORPHANS REMOVED - - - - . I picked up the phone and called Bruce Harrison, our VP of Research, and asked for an explanation. The service key does not exist.File Check:===========C:\WINDOWS\system32\svchost.exe => MD5 is legitC:\WINDOWS\system32\rpcss.dll => MD5 is legitC:\WINDOWS\system32\services.exe => MD5 is legitC:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legitC:\WINDOWS\system32\Drivers\afd.sys => MD5 is legitAttention!

I just happened to open the Action Center and noticed the below screenshot which I thought was interesting, but probably not anything new. scanning hidden processes ... . C:\Users\Steve\AppData\Local\Temp\wera0.37253882863410515.exe (Trojan.FakeAV) -> Quarantined and deleted successfully. I did remove it and ran malware this morning and detected no threats.

AVG Free 9.0 ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware CCleaner Java 6 Update 17 Java SE Runtime Environment 6 Java SE Runtime Environment 6 Update 1 Java 6 Update 2 Java After downloading the tool, disconnect from the internet and disable all antivirus protection. Memory Processes Infected: c:UsersPaulAppDataLocalojx.exe (Trojan.ExeShell.Gen) -> 3508 -> No action taken. http://www.spywareinfoforum.com/topic/133029-trojanexeshellgen/ Register now!

All Activity Home Malware Removal Help Malware Removal for Windows Resolved Malware Removal Logs trojan.exeshell.gen and trojan.fakems Privacy Policy Contact Us Back to Top Malwarebytes Community Software by Invision Power Services, Microsoft MVP Windows Security 2005-2006How camest thou in this pickle? -- William Shakespeare:(1564-1616)The various helper groups hereUNITE Back to top #11 cnm cnm Mother Lion of SWI Administrators 25,317 posts Posted The ServiceDll of Dhcp service is OK. If ComboFix caused any error message, reboot again should fix it.

You'll be asked to confirm, click Yes. CONTRIBUTE TO OUR LEGAL DEFENSE All unused funds will be donated to the Electronic Frontier Foundation (EFF). Microsoft MVP Windows Security 2005-2006How camest thou in this pickle? -- William Shakespeare:(1564-1616)The various helper groups hereUNITE Back to top #5 needhelponcomputer needhelponcomputer Member Full Member 48 posts Posted 14 December Right click that file and select Send To>Compressed (zipped) file.

C:\Users\Steve\Local Settings\hsx.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. http://wpquickadminthemes.com/general/trojan-win-bho-cmd.html Several functions may not work. Thank you. Log-Analyse und Auswertung Archiv Search Engine Optimization by vBSEO ©2011, Crawlability, Inc. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19

c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] Microsoft Works Calendar Reminders.lnk - c:\windows\Installer\{9E266E6A-3A1E-11D3-A3E4-00C04F7989D8}\378E453F.exe [2008-2-24 29184] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] Checking service configuration: Checking Start type: Attention! Trojan.ExeShell.Gen Started by Kevin Stehlin , Jun 14 2011 01:07 PM This topic is locked 2 replies to this topic #1 Kevin Stehlin Kevin Stehlin Members 1 posts OFFLINE Local have a peek here Alles zum Thema: Trojan.exeshell.gen Letzter Beitrag Antworten Hits Forum Antivir findet EXP/CVE-2010-4452.CE Trojan.exeshell.gen - Vorweg, gutes neues Jahr und ein Hallo an alle!

Checking service configuration:Checking Start type: Attention! LAN connected. Computing.Net and Purch hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.

The value does not exist.

The computer still can't find the server. Register a free account to unlock additional features at BleepingComputer.com Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. type notepad and press enter. Please re-enable javascript to access full functionality.

Now it cannot start normally. Attached are the two text files that were created after running dds.ser. Unable to open NetBt registry key. Check This Out Sign Up All Content All Content Advanced Search Browse Forums Guidelines Staff Online Users Members More Activity All Activity My Activity Streams Unread Content Content I Started Search More Malwarebytes.com Malwarebytes

Removed with Malware Bytes... .exe not working Report • #1 donaho9 December 15, 2011 at 23:47:59 Found this thread and ran rogue killer and .exe helperhttp://www.computing.net/answers/se...exeHelper by RaktorBuild 20100414Run at 01:46:19 Registry Values Detected: 1 HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer (PUM.Bad.Proxy) -> Data: http=127.0.0.1:28091 -> Quarantined and deleted successfully. C:\Users\Steve\Local Settings\Application Data\rrp.exe (Trojan.ExeShell.Gen) -> Quarantined and deleted successfully. Attached Files OTL.Txt 78.59KB 114 downloads Back to top #15 needhelponcomputer needhelponcomputer Member Full Member 48 posts Posted 16 December 2011 - 10:57 PM Okay, now it's saying that I've used

Do not start a new topic. Logs can take some time to research, so please be patient with me. Possibly it is only browsing that you cannot do.You still have AVG installed. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please try the request again. ERROR The requested URL could not be retrieved The following error was encountered while trying to retrieve the URL: http://0.0.0.9/ Connection to 0.0.0.9 failed. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully. ========== REGISTRY ========== HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully! ========== FILES ========== File C:\WINDOWS\system32\Drivers\netbt.sys successfully replaced with C:\WINDOWS\system32\dllcache\netbt.sys ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp That said, here are the OTL results: All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.