Tech Support Forum - View Single Post - Adware-gen + Trojan-gen + Agent-LTS --- rmv.exe etc. -- Red Wallpaper

lachs99 · 11-28-2007, 02:57 AM

My avast engine keeps comping up with these files
%USER%\LOCALS~1\Temp\ac8zt2\main_uninstaller.exe
%USER%\LOCALS~1\Temp\ac8zt2\msmdev.dll
%USER%\LOCALS~1\Temp\ac8zt2\nsduo.dll
%USER%\LOCALS~1\Temp\ac8zt2\rmv.exe
C:\WINDOWS\nsduo.dll
C:\WINDOWS\msmdev.dll

complaining to find
Win32:Adware-gen [Adw]
Win32:Trojan-gen {Other}
Win32:Agent-LTS [Trj]

Then I choose to permanently delete the items found. Afterwards, explorer exits and restarts again. This procedure repeats itself about every 5 minutes. During the first times, "Task Manager" option after STRG+ALT+DEL was disabled, but I managed to have it restored. Later, an ugly red wallpaper came up saying "Your privacy is in danger".

WHAT I TRIED SO FAR (several times):
- started Windows in Safe Mode with and without Network Support (F8)
- Ran avast! Anti Virus tool - deleted all found files
- Ran SuperAntispyware Complete Scan with all files - deleted all threats
- Ran SmitfraudFix (by S!Ri) option 2 and 3
- Ran ATF Cleaner
- Ran VundoFix (found nothing)
- Looked for entires in Control Panel>Display>Desktop>Customize>Desktop>Web> -- nothing there
- Ran SmitfraudFix (by S!Ri) option 2 again
- Ran SuperAntispyware Complete Scan with all files again
- Ran online scanner on bitdefender.com/scan8 and deleted all threats
- Ran Spybot and deleted all threats
- Ran avast! Anti Virus tool again (found nothing)

Well, I got rid off the red wallpaper with SmitfraudFix but when I start in normal mode after 5 minutes the files where found again, avast deletes the files, explorer restarts. Anything else seems to function normally.

I'll post HJT log later tonight as I am currently in the office. Do I run HTJ in normal mode or safe mode or does that not matter? (sorry, first time I'm dealing with this)

11-28-2007, 02:57 AM	#1 (permalink)
lachs99 Registered User Join Date: Nov 2007 Posts: 15 OS: WIN XP SP2	Adware-gen + Trojan-gen + Agent-LTS --- rmv.exe etc. -- Red Wallpaper My avast engine keeps comping up with these files %USER%\LOCALS~1\Temp\ac8zt2\main_uninstaller.exe %USER%\LOCALS~1\Temp\ac8zt2\msmdev.dll %USER%\LOCALS~1\Temp\ac8zt2\nsduo.dll %USER%\LOCALS~1\Temp\ac8zt2\rmv.exe C:\WINDOWS\nsduo.dll C:\WINDOWS\msmdev.dll complaining to find Win32:Adware-gen [Adw] Win32:Trojan-gen {Other} Win32:Agent-LTS [Trj] Then I choose to permanently delete the items found. Afterwards, explorer exits and restarts again. This procedure repeats itself about every 5 minutes. During the first times, "Task Manager" option after STRG+ALT+DEL was disabled, but I managed to have it restored. Later, an ugly red wallpaper came up saying "Your privacy is in danger". WHAT I TRIED SO FAR (several times): - started Windows in Safe Mode with and without Network Support (F8) - Ran avast! Anti Virus tool - deleted all found files - Ran SuperAntispyware Complete Scan with all files - deleted all threats - Ran SmitfraudFix (by S!Ri) option 2 and 3 - Ran ATF Cleaner - Ran VundoFix (found nothing) - Looked for entires in Control Panel>Display>Desktop>Customize>Desktop>Web> -- nothing there - Ran SmitfraudFix (by S!Ri) option 2 again - Ran SuperAntispyware Complete Scan with all files again - Ran online scanner on bitdefender.com/scan8 and deleted all threats - Ran Spybot and deleted all threats - Ran avast! Anti Virus tool again (found nothing) Well, I got rid off the red wallpaper with SmitfraudFix but when I start in normal mode after 5 minutes the files where found again, avast deletes the files, explorer restarts. Anything else seems to function normally. I'll post HJT log later tonight as I am currently in the office. Do I run HTJ in normal mode or safe mode or does that not matter? (sorry, first time I'm dealing with this)