I have windows vista ultimate.When i started my computer a dialogue box appeared saying you arer infected by an unknown trojan.click ok to download an antyspyware program.when i clicked ok i was taken to a site and i ran an online virus scan which detected trojanspm/lx.Previously i had ran windows defender and asquared free and both detected an infection each which was removed.But the dialogue box is appearing again.Please help me.Sorry i double posted in hurry
How-To Geek Forums » Windows Vista
Tip: Click Here to Update All Your PC's Outdated Drivers (Sponsored Link)
trojan attack
(14 posts)
category:
trojan downloader
description:
this program has potentially unwanted behaviour
resources
process:
pid2096
regkey
hklm\software\microsoft\windows\currentversion\uninstall\securebrowsing
uninstall
hklm\software\microsoft\windows\currentversion\uninstall\securebrowsing
file
C:\programfiles\netproject\sbun.exe
trojanspm/lx is one of those viruses that tries to trick you into buying bogus anti-virus software. Remember, your anti-virus software will take care of any viruses you get - it's not a good idea to click "OK" on a dialog box telling you to 'click here' to get rid of a virus or spyware. Once you do that, the "online virus check" you ran most likely did more damage than good.
A Google search for trojanspm/lx will bring up a number of links to detailed information for removing.
guys i scanned my pc with avg and it detected the trojan.but the message kept on displaying and explorer.exe was not working.when i looked today the screen was gray with windows is not genuine sign in the bottom.My vista is oem version.but i dont have a recovery partition.instead i have xp.my vista is genuine and i have validated it a no of times.please help.
Logfile of HijackThis v1.99.1
Scan saved at 5:24:58 PM, on 3/21/2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Running processes:
C:\Windows\Explorer.EXE
E:\setup files\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: e404 helper - {0D574C9F-71F9-4F3C-BA6D-CF9C0E1E3EE8} - C:\Program Files\Helper\1205843832.dll (file missing)
O2 - BHO: (no name) - {1F831238-6E25-4B14-8DD2-F89CAA093089} - C:\Windows\system32\xxyvv.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: QuickTalk 2.1 - {CF26FAC0-7D4E-46D8-AE64-B277B11443AC} - C:\Windows\System32\iesearch.dll
O2 - BHO: Windows Media Player - {D5A7151F-58D0-4AC8-9329-BEDD59625679} - C:\Windows\wmpdxm.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\jkkij.dll,#1
O4 - HKCU\..\Run: [SUPERAntiSpyware] E:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{FF8E13FE-48E0-48D8-848E-E25AD72FF25C}: NameServer = 218.248.240.23,218.248.240.135
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll
O23 - Service: a-squared Free Service (a2free) - Unknown owner - E:\program files\a-squared Free\a2service.exe (file missing)
here is the log file of hijack this.
I would do a repair/reinstall. Whith a mess like yours, that's probably the easiest way out: http://vistaultimate.windowsre.....tartup.htm
So you don't have a Window like the one at http://www.tweakvista.com/Article39153.aspx?
If so that is not reduced functionally mode. You have a different problem.
Not sure what though.
Reply
You must log in to post.