Jump to content

spyware.passwords.xgen


Recommended Posts

Hello

Since a few weeks I have noticed my not too old pc slowing down and today two blue screens. Upon using virus checker and malwarebytes, I am now warned about this spyware.passwords.xgen. It cleans, I reboot to get rid of two registry values, even tried deleting manually but everytime I start up and check, more warnings appear!!

Where do I start, how can I get rid of this?

Many thanks in advance

Ingeborg

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

Link to post
Share on other sites

Hi

Thanks very much for replying.

I *think* I know what it turned out to be after many hours of fiddling.

It was referring to the rundll32.exe file which was in use, mainly by the Mcafee antivirus software I'm running. After turning that off, I was able to remove the files nloadwBC.dll that kept coming back in various locations, including the registry. And of course, end the processes.

[nloadwBC.dll (Spyware.Passwords.XGen) -> No action taken.

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NvCplDaemonTool (Spyware.Passwords.XGen) -> Value: NvCplDaemonTool -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NvCplDaemonTool (Spyware.Passwords.XGen) -> Value: NvCplDaemonTool -> No action taken.]

I ended up removing the antivirus software, reinstalling it, then reinstalling the malwarebyes antimalware: none of the files were there anymore... (and just before posting this, ran it again: no problems!).

No idea if this was really the cause, but the system is 10x faster again and seems to be running smoothly. Thought that was interesting...

Thanks again for taking the time to reply.

Inge

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

Link to post
Share on other sites

  • Staff

Great news!

Let's double check to ensure that everything is fine.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.