Home > General > TrojanDownloader:WIN32/Renos.BAH

TrojanDownloader:WIN32/Renos.BAH

Using the site is easy and fun. It's better to be sure and safe than sorry.Please reply to this thread. This applies only to the original poster. C:\DOCUME~1\Hagens\LOCALS~1\Temp\~DFB434.tmp scheduled to be deleted on reboot. Source

Choose C: At top, click on More Options tab. Preloader] "C:\Program Files\ACT\ACT for Windows\Act8.exe" -stayrunning O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Sign in AccountManage my profileView sample submissionsHelpMalware Protection CenterSearchMenuSearch Malware Protection Center Search Microsoft.com Search the Web AccountAccountManage my profileView sample submissionsHelpHomeSecurity softwareGet Microsoft softwareDownloadCompare our softwareMicrosoft Security EssentialsWindows DefenderMalicious Software Please perform the following scan:Download DDS by sUBs from one of the following links.

McAfee┬« for Consumer United StatesArgentinaAustraliaBoliviaBrasilCanadaChile中国 (China)ColombiaHrvatskaČeská republikaDanmarkSuomiFranceDeutschlandΕλλάδαMagyarországIndiaישראלItalia日本 (Japan)한국 (Korea)LuxembourgMalaysiaMéxicoNederlandNew ZealandNorgePerúPhilippinesPolskaPortugalРоссияSrbijaSingaporeSlovenskoSouth AfricaEspañaSverigeSchweiz台灣 (Taiwan)TürkiyeالعربيةUnited KingdomVenezuela About McAfee Contact Us Search ProductsCross-Device McAfee Total Protection McAfee LiveSafe McAfee Internet Security McAfee AntiVirus Plus McAfee Couldn't open my Outlook Express mail, but that seems to be an issue w/ DBNotify & requires a reboot it seems to get into mail. It seems to get especially mad & do this when I try to do a repair off the WinXP disk on boot, which freezes too at the point of entering the

Are you sure it exists? XoftSpyHere is my DDS log:DDS (Ver_09-02-01.01) - NTFSx86 Run by admin at 8:05:45.79 on Fri 03/13/2009Internet Explorer: 8.0.6001.18372Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.255.31 [GMT -6:00]AV: McAfee VirusScan *On-access scanning disabled* (Updated)FW: mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-3-5 40552]S3 SASENUM;SASENUM;f:\program files\superantispyware\SASENUM.SYS [2009-2-17 7408]S4 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\bsudf.sys [2004-10-5 448640]S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-3-5 606736]=============== Created Last 30 ================2009-03-13 03:24 1,256 ac------ c:\windows\system32\drivers\kgpcpy.cfg2009-03-13 03:12 118 ac------ c:\windows\system32\MRT.INI2009-03-12 11:09 64 ac------ File C:\WINDOWS\temp\TMP0000005F7B3521412BCAC46E not found! _____________________________________________________________ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:05:14 PM, on 5/1/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode:

contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing) O9 - Extra 'Tools' menuitem: Attach Web page to ACT! Please go to Kaspersky website and perform an online antivirus scan. This Topic is closed. I would also suggest you read this: So how did I get infected in the first place?

DOWNLOAD NOW Most Popular MalwareCerber [email protected] Ransomware'[email protected]' RansomwareRansomware.FBI MoneypakRevetonNginx VirusKovter RansomwareDNS ChangerRandom Audio Ads VirusGoogle Redirect Virus Top TrojansHackTool:Win32/KeygenJS/Downloader.Agent New Malware RansomPlus RansomwareNetflix RansomwareCryptConsole Ransomware‘.Merry File Extension' RansomwareZekwaCrypt RansomwareLataRebo Locker Ransomware‘.potato Username Forum Password I've forgotten my password Remember me This is not recommended for shared computers Sign in anonymously Don't add me to the active users list Privacy Policy

Please There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Should you need it reopened, please contact a Forum Moderator.

C:\DOCUME~1\Hagens\LOCALS~1\Temp\~DFFBED.tmp scheduled to be deleted on reboot. https://forums.whatthetech.com/index.php?showtopic=102402&page=2 By default, this is C:\Windows or C:\Winnt. Join 91124 other members! Virus cleanup?

contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing) O9 - Extra 'Tools' menuitem: Attach Web page to ACT! this contact form Register now! Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).Copy the lines in the codebox below to the clipboard Alert notifications from installed antivirus software may be the only symptom(s).

contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - On Windows Vista and 7: Insert the Windows CD into the CD-ROM drive and restart the computer.Click on "Repair Your Computer"When the System Recovery Options dialog comes up, choose the Command Under Temporary Internet Files, click the Settings... have a peek here BLEEPINGCOMPUTER NEEDS YOUR HELP!

Click the View tab. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Site Changelog Community Forum Software by IP.Board Sign In Use Facebook Use Twitter Need an account?

Could that be the problem?

What the Tech → Spyware / Malware / Virus Removal → Virus, Spyware & Malware Removal Javascript Disabled Detected You currently have javascript disabled. Tomk ------------------------------------------------------------ Topics are closed after 5 days without response Back to top #5 MikeBoa MikeBoa Authentic Member Authentic Member 57 posts Posted 01 May 2009 - 08:58 AM Tom, All Logs below. If you have a new issue, please start a New Topic.

Thanks again, Mike ========== PROCESSES ========== Process explorer.exe killed successfully. ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== ========== FILES ========== C:\WINDOWS\CouponPrinter.ocx unregistered successfully. Local Service Temporary Internet Files folder emptied. button.Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and Check This Out Before today, I had no idea what my computer may have been infected with13.

Include the address of this thread in your request. C:\Documents and Settings\Hagens\Local Settings\Temporary Internet Files\Content.IE5\LGK6TM0S\iframe[1].htm scheduled to be deleted on reboot. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged On windows XP: Insert the Windows XP CD into the CD-ROM drive and restart the computer.When the "Welcome to Setup" screen appears, press R to start the Recovery Console.Select the Windows

Have your PC fixed remotely - while you watch! $89.95 Free Security Newsletter Sign Up for Security News and Special Offers: Indications of Infection: Risk Assessment: Register now! mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-3-5 35272]R3 mferkdk;McAfee Inc. Click here to Register a free account now!

WE'RE SURE THAT YOU'LL LOVE US! If we have ever helped you in the past, please consider helping us. Have your PC fixed remotely - while you watch! $89.95 Free Security Newsletter Sign Up for Security News and Special Offers: Indications of Infection: Risk Assessment: Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up.

You don't stop laughing when you get old; you get old when you stop laughing.A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)Malware Removal University Masters GraduateJoin The Fight Do not start a new topic.