Home > General > Trojan.Zefarchgen


Trojan:Win32/Hiloti.gen!D (Microsoft); Hiloti.gen.e (McAfee); Trojan.Zefarch!gen1...Cimag.gk (v) (Sunbelt); Gen:Variant.Hiloti.1 (FSecure) TROJ_HILOTI.EP ...LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\{random characters} Trojan:Win32/Hiloti.gen!D (Microsoft); Hiloti.gen.q (Mcafee) ↑ Top of page Connect with us on | | | | Products & Free I installed System Mechanic to clean things up. Norton found and quanatined them, but evidently there are still virus remnants continuing to cause problems. Clean failed but quarantine was successful. Source

One thing I do see is the Windows Auto Update execution muliplied when it runs. After the Desktop comes up, and as the system is loading the quick access icons on the tool bar in the lower right hand corner (sorry, I don't know the proper For Business Popular Products Worry-Free Business Security Services Worry-Free Business Security Advanced Worry-Free Business Security Standard Deep Security OfficeScan InterScan Web Security Deep Discovery Trend Micro Mobile Security ScanMail for Microsoft Please continue with the download, AVZ linked in this forum is fully safe. https://www.symantec.com/security_response/writeup.jsp?docid=2010-020814-2115-99

Discussions cover how to detect, fix, and remove viruses, spyware, adware, malware, and other vulnerabilities on Windows, Mac OS X, and Linux.Real-Time ActivityMy Tracked DiscussionsFAQsPoliciesModerators General discussion VIRUS \ SPYWARE ALERTS Use a removable media. Please attach the avptool_sysinfo.zip at your convenience, and we shall take it from there.Hmm, I just don't seem to be getting the hang of uploading files on this system. Aliases Mal/Hiloti-D (Sophos), Trojan.Zefarch (Symantec), Trojan:Win32/Hiloti.gen!D (Microsoft) Back to Top View Virus Characteristics Virus Characteristics -- Updated on November 24, 2010 -- This is a Trojan detection.

If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Technical Information File System Details Trojan.Zefarch creates the following file(s): # File Name 1 %Windir%\[RANDOM CHARACTERS].dll 2 %UserProfile%\Application Data\Mozilla\Firefox\Extensions\chrome\content\_cfg.js 3 %UserProfile%\Application Data\Mozilla\Firefox\Extensions\chrome.manifest 4 %UserProfile%\Application Data\Mozilla\Firefox\Extensions\chrome\content\c.js 5 %UserProfile%\Application Data\Mozilla\Firefox\Extensions\install.rdf 6 %UserProfile%\Application Data\Mozilla\Firefox\Extensions\chrome\content\overlay.xul This dll file is injected into a legitimate Windows process to perform malicious activity. But how do I ever get rid of this attempt to load it?I'm not convinced that eliminating the adware cured things.

When replying, Browse > click once to select file > Open > Upload > add reply. -------------------- Please see the Important topics, located at the top of this section, and at CNET Reviews Best Products Appliances Audio Cameras Cars Networking Desktops Drones Headphones Laptops Phones Printers Software Smart Home Tablets TVs Virtual Reality Wearable Tech Web Hosting Forums News Apple Computers Deals In addition to the effective scoring for each threat, we are able to interpret anonymous geographic data to list the top three countries infected with a particular threat. I have always saved Print Screens (we called them screen shots) in Word, but I have such an old version of Word, would you be able to open it?

and type: CleanmgrClick "Ok". Startup tab > post screenshots of the startup tab. The system is still very slow to boot up and very slow opening Internet Explorer. Please see the first Important topic.

Also found another devdoli.dll which was also successfully quarantined. http://www.enigmasoftware.com/trojanzefarchgen2-removal/ McAfee® for Consumer United StatesArgentinaAustraliaBoliviaBrasilCanadaChile中国 (China)ColombiaHrvatskaČeská republikaDanmarkSuomiFranceDeutschlandΕλλάδαMagyarországIndiaישראלItalia日本 (Japan)한국 (Korea)LuxembourgMalaysiaMéxicoNederlandNew ZealandNorgePerúPhilippinesPolskaPortugalРоссияSrbijaSingaporeSlovenskoSouth AfricaEspañaSverigeSchweiz台灣 (Taiwan)TürkiyeالعربيةUnited KingdomVenezuela About McAfee Contact Us Search ProductsCross-Device McAfee Total Protection McAfee LiveSafe McAfee Internet Security McAfee AntiVirus Plus McAfee Please let me know if you received it. Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer.

This post has been edited by Suzeeque: 2.01.2012 03:36 richbuff View Member Profile 2.01.2012 03:52 Post #2 Helper Group: Global moderators Posts: 1008840 Joined: 14.06.2007 Welcome. http://wpquickadminthemes.com/general/trojan-win-bho-cmd.html com http://www.sophos.com/security/analyses/viruses-and-spyware/trojmdropckl.html?_log_from=rss Flag Permalink This was helpful (0) Collapse - W32/Tiotua-CA by Marianna Schmudlach / February 8, 2010 11:23 PM PST In reply to: VIRUS \ SPYWARE ALERTS - February 9, Suzeeque View Member Profile 6.01.2012 05:01 Post #15 Member Group: Members Posts: 17 Joined: 2.01.2012 I deleted the items identified by malwarebytes and system rebooted. File System Details Trojan.Zefarch!gen2 creates the following file(s): # File Name Size MD5 Detection Count 1 %WINDIR%\etukecofez.dll 266,240 871dd960120e5ea797994892be563fd8 255 2 %LOCALAPPDATA%\dlelcfde.dll 86,016 043fae5b561770c58d0d41ef2aefa2ff 81 3 %WINDIR%\drlbcype.dll 135,168 9f806ec9f494128e9250156126ad486c 75 4

Here's the Services Tab: Attached File(s) SysConfig__Services_Tab.doc ( 242K ) Number of downloads: 2 richbuff View Member Profile 6.01.2012 08:42 Post #20 Helper Group: Global moderators Posts: 1008840 Joined: Technical details are not currently available.https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan:DOS/Antiwin&ThreatID=-2147468882 Flag Permalink This was helpful (0) Collapse - Backdoor:Win32/Asylum.0_13 by Marianna Schmudlach / February 8, 2010 11:45 PM PST In reply to: VIRUS \ SPYWARE http://www.sophos.com/security/analyses/viruses-and-spyware/w32autorunazl.html?_log_from=rss Flag Permalink This was helpful (0) Collapse - W32/Autorun-AZM by Marianna Schmudlach / February 8, 2010 11:26 PM PST In reply to: VIRUS \ SPYWARE ALERTS - February 9, 2010 have a peek here Suzeeque View Member Profile 5.01.2012 09:55 Post #11 Member Group: Members Posts: 17 Joined: 2.01.2012 Oh, duh, I found the little save button but could only save it as a TXT

Keep a log of this so you can find it easily should you need to use System Restore.Then use Disk Cleanup to remove all but the most recently created Restore Point.Go Scan Your PC for Free Download SpyHunter's Spyware Scannerto Detect Trojan.Zefarch * SpyHunter's free version is only for malware detection. Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

Back to top BC AdBot (Login to Remove) BleepingComputer.com Register to remove ads #2 nomadiclv nomadiclv Topic Starter Members 15 posts OFFLINE Local time:05:52 AM Posted 13 October 2010

If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Timestamp (4) Before 2010-07-15 (8)Between 2010-07-15 and 2010-12-01 (7)Between 2010-12-01 and 2011-07-26 (8)2011-07-26 or after (7) Data Source (3) Malware (82)Malware (Other Web Attacks) (30)Malicious URLs (6) Category (1) Disease Vector The new point will be stamped with the current date and time. Kaspersky Lab Kaspersky Lab Technical Support Help Search Members Kaspersky Lab's Fan Club Forum (RU) Kaspersky Lab's Fan Club Portal (EN) Search this forum only?

The different threat levels are discussed in the SpyHunter Risk Assessment Model. Warning! Also, if you don't have Kaspersky installed, please feel free to use the AVP Tool. Check This Out BleepingComputer is being sued by Enigma Software because of a negative post of SpyHunter.

TROJ_HILOTI.SMFX ...an automated analysis system. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE. The threat level is based on a particular threat's behavior and other risk factors.

aol. Preview post Submit post Cancel post You are reporting the following post: VIRUS \ SPYWARE ALERTS - February 9, 2010 This post has been flagged and will be reviewed by our Now add the link to the report you have just made in your post.AVZ instructions: Please attach the zipped virusinfo_syscure.zip; instructions, see: http://forum.kaspersky.com/index.php?s=&am...st&p=678334 -------------------- Please see the Important topics, located at http://www.symantec.com/business/security_response/writeup.jsp?docid=2010-020815-0936-99 Flag Permalink This was helpful (0) Collapse - Trojan.Patchload.A!inf by Marianna Schmudlach / February 8, 2010 11:40 PM PST In reply to: VIRUS \ SPYWARE ALERTS - February 9, 2010

This post has been edited by richbuff: 6.01.2012 08:43 -------------------- Please see the Important topics, located at the top of this section, and at the top of other sections of this They are spread manually, often under the premise that the executable is something beneficial. When the system is booted I always get the error message that: hiqucoruwuya.dll cannot be located. Summary| Technical Details| Removal Search Threats Search by nameExample: [email protected] INFORMATION FOR: Enterprise Small Business Consumer (Norton) Partners OUR OFFERINGS: Products Products A-Z Services Solutions CONNECT WITH US: Support Connect Communities

SHOW ME NOW CNET © CBS Interactive Inc.  /  All Rights Reserved. Scan with Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php Update it first, scan and attach its log, but Please Don't remove anything yet, until the log is reviewed. -------------------- Please see the Important topics, located TROJ_HILOTI.SME2 ...an automated analysis system. Trojan:Win32/Hiloti.gen!A (Microsoft); Hiloti.gen (McAfee); Trojan.Gen (Symantec); Trojan...Agent.clmv (Kaspersky); Trojan.Win32.Hiloti.gen (v) (Sunbelt); Trojan:W32/Hiloti...

Unlike viruses, trojans do not self-replicate. Trojan:Win32/Hiloti.gen!D is a generic detection for a trojan that interferes with an affected user's browsing habits and downloads and executes arbitrary files.