Home > General > Trojan.Metajuan

Trojan.Metajuan

scan completed successfullyhidden files: 0**************************************************************************[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus]"ImagePath"="\"C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gmhxxcla]"ImagePath"="system32\drivers\psjgpcqb.dat".------------------------ Other Running Processes ------------------------.C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exeC:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\verclsid.exe.**************************************************************************.Completion time: 2008-09-27 20:37:08 - This can be very dangerous and cause harm to your system. C:\DOCUME~1\Owner\Complete\Microsoft Office 2007 Applications Keygen Only-MiCROSOFT.zip moved succ Jump to content Resolved Malware Removal Logs Existing user? Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Delete on reboot. have a peek at this web-site

Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. Here's the hjt log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:48:36 PM, on 8/6/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\desk98.exeC:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXEC:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\Common Joe Raedle/Getty Images News/Getty Images Related Articles How to Remove AdwareAlert How Does Spybot Work? Path: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{D5F4BBAC-8EF4-FE43-286F-F23476B4FBCD}\68\5468-{EB56783E-CEAE-4BF1-ABCC-EAD889A0B842}-v5468-{EB56783E-CEAE-4BF1-ABCC-EAD889A0B842}-v5468-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. click to read more

C:\DOCUME~1\Owner\Complete\FEAR Extraction Point with update crack{www IPTorrents com}.zip moved successfully. Cleanup after Trojan.Metajuan +others Discussion in 'Virus & Other Malware Removal' started by smithy21, Sep 14, 2008. Path: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{D5F4BBAC-8EF4-FE43-286F-F23476B4FBCD}\55\5455-{EB56783E-CEAE-4BF1-ABCC-EAD889A0B842}-v5455-{EB56783E-CEAE-4BF1-ABCC-EAD889A0B842}-v5455-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk.

Completion time: 2008-09-14 18:09:09 - machine was rebooted ComboFix-quarantined-files.txt 2008-09-14 08:09:04 Pre-Run: 48,217,759,744 bytes free Post-Run: 48,056,033,280 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Clear editor Insert other media Insert existing attachment Insert image from URL × Desktop Tablet Phone Security Check Send Recently Browsing 0 members No registered users viewing this page. Please re-enable javascript to access full functionality. Jan 27, 2017 at 3:46 PM Solved BitDefender unable to remove Trojan.Poweliks.Gen.2 ArekDorun, Jan 11, 2017, in forum: Virus & Other Malware Removal Replies: 8 Views: 292 ArekDorun Jan 13, 2017

FULL!!.zip C:\DOCUME~1\Owner\Complete\Steam Keygen Unlock all games.zip C:\DOCUME~1\Owner\Complete\The GodFather-The Game- PC with Crack,Trainer & Daemon Tools.zip C:\DOCUME~1\Owner\Complete\Tom Clancys Rainbow Six Vegas CRACK ONLY-HATRED NewTorrents.info ownz .zip C:\DOCUME~1\Owner\Complete\TuneUp Utilities 2007 6.0.1255.0 FINAL with Had to run it twice, as my computer locked up during the restart. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to https://www.bleepingcomputer.com/forums/t/250085/infected-with-trojanmetajuan/ Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllO3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\SiteAdv.dll (file missing)O4 - HKLM\..\Run: [BM37dce39f] Rundll32.exe "C:\WINDOWS\system32\qtjgljit.dll",sO4 - HKCU\..\Run: [P2kAutostart] C:\Documents and Settings\Owner\Desktop\New Folder (3)\P2kCommander-V3.3.0\P2kAutostart.exeO4 -

R0 -: HKCU-Main,Start Page = hxxp://www.google.com.au/ R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms} R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://www.optusnet.com.au/ R1 -: HKCU-Internet Settings,ProxyOverride = 0;localhost; R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s O9 -: Local US & World Sports Business Entertainment Lifestyle Jobs Cars Real Estate Advertise With Us Purchase ads for web, social media, and print via Hearst Media Services Place a classified ad OK ! --------------------\\ Searching with S_Lop No Lop folder found ! --------------------\\ Searching for Lop Files - Folders C:\DOCUME~1\Owner\Cookies\[email protected][2].txt --------------------\\ Searching within the Registry ..... C:\DOCUME~1\Owner\Complete\Bigfish Games - Flower Shop - Big City Break + Crack (Reflexive).zip moved successfully.

Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\3.0.0.135\coIEPlg.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - https://forums.malwarebytes.org/topic/21372-trojanmetajuan/ Path: C:\WINDOWS\system32\UACgoevruwxut.dll Status: Invisible to the Windows API! While the computer is booting up press and hold the "F8" key before the Windows logo appears. 2. Check for updates and then perform another full system scan. 3.

Happy computing, Orange Blossom Help us help you. http://wpquickadminthemes.com/general/trojan-win-bho-cmd.html BleepingComputer is being sued by the creators of SpyHunter. Infected with Trojan.Metajuan Started by Juan Jose , Aug 16 2009 12:57 PM This topic is locked 3 replies to this topic #1 Juan Jose Juan Jose Members 10 posts OFFLINE or read our Welcome Guide to learn how to use this site.

Back to top #6 boopme boopme To Insanity and Beyond Global Moderator 67,104 posts OFFLINE Gender:Male Location:NJ USA Local time:08:40 AM Posted 02 August 2009 - 06:43 PM Yes,please. BleepingComputer is being sued by Enigma Software because of a negative post of SpyHunter. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site. Source Save the log to your desktop, using a distinctive name, such as RootRepeal.txt.

Back to top #4 Orange Blossom Orange Blossom OBleepin Investigator Moderator 35,738 posts OFFLINE Gender:Not Telling Location:Bloomington, IN Local time:08:40 AM Posted 16 August 2009 - 04:44 PM Hello Thank Select "Turn off system protection" under the "Restore Settings" section and then click "Apply" or "OK." In Windows XP, select the "System Restore" tab, select the hard drive with your Windows or read our Welcome Guide to learn how to use this site.

Register now!

Run a full virus scan once Windows finishes booting up and remove any infected files; then restart your computer normally. Advertisement smithy21 Thread Starter Joined: Sep 14, 2008 Messages: 1 My step-daughter complained that her system was getting slower each week, with pop-ups appearing regularly, until it eventually got to the C:\DOCUME~1\Owner\Complete\Google Earth Pro Map with Crack by DvS Radar.zip moved successfully. BLEEPINGCOMPUTER NEEDS YOUR HELP!

What do I do? Yesterday I did a complete scan in safe mode and removed two threats. Please re-enable javascript to access full functionality. have a peek here Join our site today to ask your question.

If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.NEVER fix anything in HijackThis or other programs on your own! Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Help us defend our right of Free Speech! Photo Credits Joe Raedle/Getty Images News/Getty Images Suggest an Article Correction Related Searches More Articles [Win32/Poly Crypt Virus] | How to Remove the Win32/Poly Crypt Virus [Free Firewall] | Top-rated Free

Path: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{D5F4BBAC-8EF4-FE43-286F-F23476B4FBCD}\67\5467-{EB56783E-CEAE-4BF1-ABCC-EAD889A0B842}-v5467-{EB56783E-CEAE-4BF1-ABCC-EAD889A0B842}-v5467-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Here it is: ROOTREPEAL AD, 2007-2009 ================================================== Scan Start Time: 2009/08/02 18:48 Program Version: Version 1.3.3.0 Windows Version: Windows XP SP2 ================================================== Drivers ------------------- Name: am0bfo1z.SYS Image Path: C:\WINDOWS\System32\Drivers\am0bfo1z.SYS Address: C:\DOCUME~1\Owner\Complete\Google Earth Pro Map with Crack by DvS Radar zip 3590829 TPB.zip moved successfully. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged

Help us defend our right of Free Speech! References (3) Symantec: Trojan.MetajuanSymantec: Trojan.Metajuan - RemovalMicrosoft: Turn System Restore On or Off Resources (2) Microsoft: What happened to the Run command?AVG Free About the Author Ben Richard began writing in Back to top #15 boopme boopme To Insanity and Beyond Global Moderator 67,104 posts OFFLINE Gender:Male Location:NJ USA Local time:08:40 AM Posted 04 August 2009 - 10:27 AM Well since Richard writes on technology and specializes in web design.

How do I get help? Path: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{D5F4BBAC-8EF4-FE43-286F-F23476B4FBCD}\59\5459-{EB56783E-CEAE-4BF1-ABCC-EAD889A0B842}-v5459-{EB56783E-CEAE-4BF1-ABCC-EAD889A0B842}-v5459-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{D5F4BBAC-8EF4-FE43-286F-F23476B4FBCD}\60\5460-{EB56783E-CEAE-4BF1-ABCC-EAD889A0B842}-v5460-{EB56783E-CEAE-4BF1-ABCC-EAD889A0B842}-v5460-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Type in "68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50" and press "Enter." The editor should find some entries and display the key on the right frame.

Register now to gain access to all of our features, it's FREE and only takes one minute. Edit: it appears to be good now. C:\DOCUME~1\Owner\Complete\Clone DVD 3+KeyGen.zip moved successfully. In the future you will have to reformat as you wont get helped here.Let's go on Please download the OTMoveIt2 by OldTimer.Save it to your desktop.Please double-click OTMoveIt2.exe to run it.

c:\WINDOWS\system32\UACgoevruwxut.dll (Trojan.Agent) -> Quarantined and deleted successfully. Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exeO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dllO16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - Symantec reported multiple instances of five different types of problems that were Quarantined (and subsequently removed): - Trojan.Metajuan - Trojan Horse - Trojan.Vundo - Trojan.Mascript!html - Downloader (List of files &