Tech Problem Aggregator

Infected while visiting a website ??? newbie here...

Q: Infected while visiting a website ??? newbie here...

Hi!
 
Today, while  visiting a website with IE, I suddenly got a new window which contained a message from "NSA+ FBI" ( or smthg like that), telling me that I am at risk of being thrown to jail for the next 5-7 years unless I pay a fine of about 150$ either with my credit card or by buying some sort of prepaid phone cards. It was imposible for me to close the window or to use CTRL+ ALT+DEL so as to close it from Task Manager. So, I shut down the computer from the start menu.
 
After restarting it, the internet works much slower.
 
Since then, I ran a quick scan with my Security Essentials (updated right before starting the scan), which lasted for about 70 minutes (!!!) but found nothing . I have also performed a scan using Microsoft's Safety Scanner, which returned the result that there are no unwanted programs on my computer.
 
But if no unwanted software is on my computer, then how come did I got that screen asking me for money on behalf of CIA/ FBI.. etc... ?????
 
Thank you
 
 
OS: Windows 7 Home premium
Anti-virus: Security Essential

A: Infected while visiting a website ??? newbie here...

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware (MBAM) to your desktop.NOTE. If you already have MBAM 2.0 installed scroll down.Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:

Launch Malwarebytes Anti-MalwareA 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
Click Finish.On the Dashboard, click the 'Update Now >>' linkAfter the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.If an update is available, click the Update Now button.
A Threat Scan will begin.When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.In most cases, a restart will be required.Wait for the prompt to restart the computer to appear, then click on Yes.If you already have MBAM 2.0 installed:On the Dashboard, click the 'Update Now >>' linkAfter the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.If an update is available, click the Update Now button.
A Threat Scan will begin.When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.In most cases, a restart will be required.Wait for the prompt to restart the computer to appear, then click on Yes.How to get logs:(Export log to save as txt)After the restart once you are back at your desktop, open MBAM once more.Click on the History tab > Application Logs.Double click on the Scan Log which shows the Date and time of the scan just performed.Click 'Export'.Click 'Text file (*.txt)'In the Save File dialog box which appears, click on Desktop.In the File name: box type a name for your scan log.A message box named 'File Saved' should appear stating "Your file has been successfully exported".Click OkAttach that saved log to your next reply.(Copy to clipboard for pasting into forum replies or tickets)After the restart once you are back at your desktop, open MBAM once more.Click on the History tab > Application Logs.Double click on the Scan Log which shows the Date and time of the scan just performed.Click 'Copy to Clipboard'Paste the contents of the clipboard into your reply.Download Malwarebytes Anti-Rootkit (MBAR) to your desktop.Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.Double click on downloaded file. OK self extracting prompt.MBAR will start. Click "Next" to continue.Click in the following screen "Update" to obtain the latest malware definitions.Once the update is complete select "Next" and click "Scan".When the scan is finished and no malware has been found select "Exit".If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
"mbar-log-{date} (xx-xx-xx).txt""system-log.txt"NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes Anti-Malware icon in the system tray and click on Exit. Please download Rkill (courtesy of BleepingComputer.com) to your desktop.There are 2 different versions. If one of them won't run then download and try to run the other one.You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/Double-click on the Rkill desktop icon to run the tool.If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.Do not reboot until instructed.If the tool does not run from any of the links provided, please let me know.If normal mode still doesn't work, run the tool from safe mode.When the scan is done Notepad will open with rKill log.Post it in your next reply.NOTE. rKill.txt log will also be present on your desktop.NOTE Do NOT wrap your logs in "quote" or "code" brackets.Do NOT use spoilers.Do NOT edit your reply to post additional logs. Create new reply. I'll not get any email notifications about edits so I won't know you posted something new.

10 more replies
Answer Match 65.1%

I'm usually a lot smarter than this.. but I read someones post in a forum about how a website has set up a popular game, San Andreas Multiplayer, in a frame that remotes a machine so you can play in the browser. The game is a bit more involved than a typical browser game, so of course i figured it would be unplayable at best, but curiosity got the best of me and I visited the site.I immediately figured out that it was just a video of someone logging into a server, and i was most likely being infected while watching.. I checked around and saw some minimal info about the site including this post:http://www.gtaforums.com/index.php?showtopic=538035The site I visited was: www,sampfreeonline,tk .. which points to: samponlinefree,orq,pl(dots were replaced with commas so no one clicks by accident)Can anyone verify if this is indeed a malicious site.. I'm thinking I have a keylogger installed now and its just waiting for me to join a server... ..or even worse..Any help is greatly appreciated!Thanks!!
 

A:Tricked into visiting fake website...

Welcome aboard  There is not much info about those sites.  Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.* Double-click mbam-setup.exe and follow the prompts to install the program.* At th... Read more

5 more replies
Answer Match 65.1%

Hello,
 
So I've always wondered if you can get a virus/malware just by visiting a website?
 
I always thought this was a No, because I believe a user is only infected when he/she opens up that malware/virus FILE, once you open it up and install it then you are infected.
 
I know there are drive by downloads, but your anti-virus or anti-malware program should detect the file and automatically delete it.
 
Malware/virus can't infect your computer unless you open the file, right?

A:can you get a virus/malware just by visiting a website?

Hi NEMS Yes, it's entirely possible to get infected by simply visiting a website. Most commonly via what we call "Exploit Kits". Right now, EK are used to deliver a lot of dangerous malware (such as banking trojans and Cryptoware) to computers worldwide. So using a standard Antivirus and Antimalware won't cut it. Using a program that protects your web browser against such threats, like Malwarebytes Anti-Exploit will. but your anti-virus or anti-malware program should detect the file and automatically delete it.This is assuming that the file pushed on your system is already known to your Antivirus or Antimalware (in its database). If it's not, it won't do anything. And we all know that no products have a 100% detection ratio.Edit: For more information on Exploit Kits and how they work, see the article below.Tools of the Trade: Exploit Kits

27 more replies
Answer Match 65.1%

I am working on this for someone. They try to log in to their online banking, and Internet Explorer 7 will shut down their browser and give the following message displayed on their desktop: Data Execution Prevention. Vista was recently installed, error came about at that time. Suggestions? What is this feature?

A:Error Message when visiting website

Does anyone know what this is? I have tried working with it, but I'm not having any luck. Any advice would be greatly appreciated.

1 more replies
Answer Match 65.1%

I saw reunion.com posting my personal info on a google search of my name. I never gave that info. I called and they said they created that account for me from public info. However, when I clicked on the site, something downloaded and now my PC is slow!

IBM ThinkPad T41 / Win XP.
HJT below!

Thank You!!!!!!!!!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:11:50 PM, on 8/18/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\RegSrvc.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\lenovo\system update\suservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_pr... Read more

More replies
Answer Match 65.1%

Hi Guys,

Recently i have been having a lot of BSOD issues while visiting a certain website on all browsers.The said website access my webcam as well as microphone.After few BSOD's i thought maybe its a adobe flash player issue so i uninstalled flash player.

Now to test my system further i visited the said website using IE and google chrome which have built-in flash player plugin and i got the same BSOD error.Tried the same in Guest account with the same BSOD error repeating itself.

I am attaching the relevant zip file.

Oh my system is DELL Inspiron 14 laptop with windows 8.1 installed.

TIA

A:BSOD while visiting certain website on all browsers

All of your dumpfiles blames Probably caused by : RTKVHD64.sys ( RTKVHD64+1af077 )
This is the driver for your Realtek High Definition Audio Function Driver

Your Dell model only supports windows 7 drivers see here
Product Support | Dell US

But maybe the generic driver from Realtek will also work on your Dell machine. Try updating to the latest windows 8.1 compatible driver from here.
Driver Description: Realtek High Definition Audio Function Driver
Driver Update Site: Realtek

2 more replies
Answer Match 65.1%

hxxp://gotlurk.net

I think this is the website where the malware came from, but I'm not sure. I've included the URL here, in case it helps someone figure out what my problem is.

I didn't click on any of the advertisements or install any new programs or download any files. But within 5 minutes of my visiting the page, popups began to rapidly show up. I usually use FireFox, but they were coming from Internet Explorer. They were coming very fast- maybe 20 within as many seconds, so I unplugged my wireless router and forcibly disconnected my computer from the internet.

I used another computer to look up tutorials on how to get rid of a malware problem, and downloaded recommended programs. I also edited the registry myself and deleted registry keys that were obviously associated with the malware that hadn't been there before (named things like "vvxxasjdfdsf.exe" and such) but this malware is obviously beyond my limited expertise, because it is still there.

My computer hasn't been connected to the internet since. (I'm using a different computer to post here.)

When the computer's on, Internet Explorer attempts to connect to the internet every few minutes. For the first few minutes where I didn't realize I had a problem, I'm pretty sure it connected to more malware sites and downloaded more crap onto my computer. Spybot seems to have gotten almost everything, except for the very stubborn root problem, which Spybot says is "Smitfraud.C"

I'm not en... Read more

A:constant popups from visiting a website

Quote:




Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.





Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work: Please Read All Instructions Carefully
If you don't understand something, stop and ask! Don't keep going on.
Please do not run any other tools or scans whilst I am helping you
Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)
If you can do those few things, everything should go smoothly

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe
----------------------------------------------------------------------------------------
Information
IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

BitComet 0.97

I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

Also available here.

My recommendation is you go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).
Please note: you must NOT us... Read more

4 more replies
Answer Match 64.26%

Hi all,

First post bc I can't find a good answer to this question anywhere.

I play guitar and as such, I frequently visit www.ultimate-guitar.com. For the past few months, whenever I visit the site, there is a good chance of my computer spontaneously just shutting down. It doesn't happen every time, but it happens a good portion of the time that I go to the site, and it only ever happens on that site.

I'm currently running 64-bit Vista Home Premium. This happens on both Chrome and Firefox.
 

A:Computer shuts down when visiting specific website

8 more replies
Answer Match 64.26%

Hi,
 
I opened a link I probably shouldn't have on Facebook and ever since Avast! has been giving me the 'Suspicious item has been detected' dialog every thirty seconds or so.
 

 
Infection Details:
URL:          http://r1---sn-8pgbpohxqp5-ac5e.gvt1.com/crx/blobs/QgAAAC6..(more stuff but it's hidden)
Infection:   Win32:Evo-gen [Susp]
Process:   C:\Windows\System32\svchost.exe 

 
Now, the URL seems telling. The domain gvt1.com is owned by Google, and a CRX is a Chrome extension, so I suspect it's trying to download a malicious Chrome extension onto my PC. And it would appear it attempts to download it every 30 seconds, but Avast! keeps blocking it. However, I have no idea what to do to stop it from doing this and indeed whether or not my PC is already pwned. 
 
I've run a full MBAM scan and thus far found no hint of any malware in memory nor in the file system, but I'm still scared my PC's been pwned and I don't know whether I should shut it down or run rkill or what.
 
Thank you for your help.
 
edit: forgot to mention, I run Windows 7.

A:Avast! alerts after visiting a website [urgent]

Lets run these xereeto

MiniToolBox
Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:
Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.[/list]Please download AdwCleaner by Xplode and save to your Desktop.Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As AdministratorClick on the Scan button.AdwCleaner will begin...be patient as the scan may take some time to complete.After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.Copy and paste the contents of that logfile in your next reply.A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.[/list]
Junkware Removal Tool
Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential confli... Read more

1 more replies
Answer Match 63.84%

(not sure if i put this in the correct section sorry)

Im with BT Broadband at the moment, earlier today there was a new update, im guessing for the router, so i downloaded it.

Since then i have been getting the above warning on certain sites i try to enter which i have been on before with no problems (for instance, the BBC website).

Is this just coincidence or did the update do this?
... and if so, does anyone know how i got about un-installing the update?

Thanks.

A:Google - Warning visiting this website may harm your computer.

Its not u only. Everybody is having it as google is partnering with another team to do this.

However it is gone for now

3 more replies
Answer Match 63.84%

Hi everyone.

I received a link to a video entitled "Russian Guy touching 1000 Breasts". While the link opened, I closed the window but was watching a YouTube video at the same time. A pop-up came up for installing a YouTube and Flash update for the YouTube player, and I didn't think twice and clicked it assuming it was legitimate. Now I highly doubt it was. Every time I visit any site with Google Chrome the same warning message is displayed concerning the site allinfree.net, no matter what site has been visited. I have attached a sample screenshot as google_warning.jpg.

I searched online and found someone complaining of the same problem: https://community.mcafee.com/message/223287 However, detailed steps were not provided as to how to solve the problem.

I ran scans using Avira Free Antivirus, McAffee Stinger, Malwarebytes Anti-Malware, and SUPERAntiSpyware Free Edition to try and clean my computer, however the message was still coming up in Chrome.

I came across this site and was following instructions for posting concerning a Malware infection. I was able to get a DDS report however in the middle of scanning using GMER, my computer froze, crashed, and re-started. Now the computer runs extremely slowly, and every time I try to get a GMER log the same events happen. I have attached my DDS log (Attach.txt) and a HijackThis! log (hijackthis_log.txt) for support.

Please let me know how to proceed. Thank you for your time, help, and input .

Phebotalus
DDS... Read more

A:Google Chrome Warns of Visiting allinfree.net for Every Website

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

8 more replies
Answer Match 62.16%

With Mozilla Firefox, I frequent various reputable websites for news and usually it will have a video that I want to watch. Seems like within the past month, video ads that are located on side of the page that I NEVER CLICK ON OR HOVER MY CURSER over, will start playing at the same time. I have to pause my news story to scroll up and or down to find the ad that is playing. Sometime there is not a pause/stop button on those ads.  Would a pop-up blocker work or something else.

A:Visiting website to view news story and video ads also play at same time!

The Adblock Plus Extension should take care of the video ads. To get rid of all ads open Extensions under Tools >  Add-ons > Extensions. Go to adblock options , click the Filter Preferences button and uncheck the "allow some non-intrusive Advertising" box.  Also for Filter preferences make sure Easylist and Adblock Warning Removal list are checked. Click the add filter subscrption button and add the EasyPrivacy List, making sure you check it's box to activate it.
 
https://adblockplus.org/

5 more replies
Answer Match 61.74%

We just started having this problem today at one of our computers at work, we run on Windows XP. Every time I navigate to a new web page (even here), I get a pop up warning:

Internet Explorer Warning - visiting this web site may harm your computer!

Most likely causes:
The website contains exploits that can launch a malicious code on your computer
Suspicious network activity detected
There might be an active spyware running on your computer

What you can try:
Activate Antivirus 360 for secure Internet surfing (Recommended).
Check your computer for viruses and malware.
More information

Can you please help me get rid of this? I have tried to attach the 2 things that came up with the DDS

A:Internet Explorer Warning - visiting this website may harm your computer Antivirus 360 Malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_Sca... Read more

2 more replies
Answer Match 57.12%

So today I logged on to wikipedia only to see the sopa blackout message. within two minutes my firewalls detected numerous incoming and outgoing connections. then my desktop froze followed by all commands. I then turned my computer off. waited. then turned it back on. after going to the black xp screen it reboots to the "we apologize for the inconveinice but windows.." last known config-reboots to the we apologize screen. start normal-same thing. safe mode works. I ran malwarebytes in safe mode and it found the following threats:
trojan.winlock
pup.removeWGA
exploit.drop.7

after scan and necessary reboot, my computer gets caught in the restart loop with no way to start windows except choosing safemode or safemode with networking. and the threats keep reappearing. they will not go away!

A:Computer infected after visiting wikipedia during the blackout

You need to click on the Report button (bottom left corner of your post) and request being moved to the "Am I Infected" forum.

21 more replies
Answer Match 56.28%

This problem has been very persistent and whatever I do I can't seem to get rid of it! I've included screen shots below. The jist of this is whenever I go to a website (doens't really matter which one) i get those errors! I am running Windows XP Service Pack 2. If you would like more information just ask.http://i16.photobucket.com/albums/b40/boog...galz92/wth2.jpghttp://i16.photobucket.com/albums/b40/boogaboogalz92/wth.jpgI'm guessing it's the same problem as this guy had... http://www.bleepingcomputer.com/forums/t/167891/what-if-i-dont-want-to-buy-their-anti-spyware/Stating that, I've already done what the guy said in post number 2 (with the Malwarebytes' Anti-Malware program) Here's my log:Malwarebytes' Anti-Malware 1.28Database version: 1166Windows 5.1.2600 Service Pack 22008-09-17 20:14:11mbam-log-2008-09-17 (20-14-11).txtScan type: Quick ScanObjects scanned: 47395Time elapsed: 3 minute(s), 53 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 5Registry Values Infected: 2Registry Data Items Infected: 0Folders Infected: 1Files Infected: 3Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_CLASSES_ROOT\CLSID\{7221E2B7-FFBF-337E-7121-006F0D253BCC} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.HKE... Read more

A:Warning! Your Pc Possible Infected Due To Visiting Exploited (hacked) Site...

Hi, you know it's bogus when you see the grammar they used in link two.Warning! You infected by this siteOk good did you do the needed reboot? If not do that. Then check for an update to MBam,rescan and post another log.

12 more replies
Answer Match 55.44%

First - Thank you for your time.

I'm in the beginning stages of creating a website for sharing family pictures and it may expand to cover others things later.

Publishing software - which would you recommend I know nothing about html codes so would it be FrontPage or Dreamweaver?

Also I have a large group of pictures that I want to share with everyone but emailing is out of the question close to 60mb. I was planning on creating a package to put on the website for everyone to download, but i have been unable to access the information needed to get this done. Any help on this matter would be appreciated.

Thanks again
Danny
www.bxmag.net
 

A:website newbie ---> help

12 more replies
Answer Match 53.76%

http://photos.liphook.co.uk/c6143_13.html

I normally have no problem viewing photos and pictures on websites. Except for the one on the above URL

Can anyone suggest what I can check out to try to resolve the problem? I have sent the url to various friends and they are viewing the photos OK. As I say, I haven't had this problem before, so reckon I need to unblock something or other. Be patient with me - I am a granny who is progressing fast with computers, but I wasn't born knowing about them like the rest of you!!

A:newbie has difficulty viewing pics in website

Welcome to TSF Granny

I can't view those photo either... Will try in different computer....

19 more replies
Answer Match 52.08%

XP Pro system, SP2, running Comodo firewall, Avira, Windows Defender. Have run Mbam, SAS, CWshredder in safe mode. Have also run Panda and Sophos, OTscanIT, Asquared, RootRepeal, etc. After all this, I ran SDFix yesterday and it found and deleted a trojan in C:\Windows called '1.tmp'. Still unable to open www.symantec.com website. Unable to open www.pctools.com website. I've tried pinging those websites and get 'request timed out'. Believe this machine is still infected and I need help at this point. Thanks, guys.Just to clarify the above... When booting up in safe mode with networking enabled, no problem reaching www.symantec.com or www.pctools.com. However, in normal bootup those sites - and others - are unreachable.Merged posts. ~ OB

A:Infected with unknown. Unable to open symantec website, pctools website, etc

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resouce! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/412560 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the low... Read more

21 more replies
Answer Match 47.88%

Hi! Im new to this site. I want to ask if my computer is infected. I downloaded a djvu reader file from softonic.com using Google Chrome. After that, I noticed that every time i open Google Chrome, my default browser is softonic.com. Aside from that, I keep getting random pop-ups from enterfactory.com.My linkMy only source of protection is Panda Antivirus but it seems that there were no detection of a virus, whatsoever. I recently downloaded an anti-malware file, Malwarebytes, but still, the problem persists. I am not sure what is happening. Anyone can enlighten me? Thank you (in advance).

A:Newbie: Am I infected?

Btw, I have already deleted the softonic program in my computer from the control panel. I also changed the homepage address but still, it does not work.

Here is my scan result last time:

Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.10.20.07

Protection: Enabled

10/22/2012 9:42:24 PM
mbam-log-2012-10-22 (21-42-24).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 295834
Time elapsed: 1 hour(s), 32 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKLM\SOFTWARE\Tuto4pc (PUP.Tuto4PC) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Tuto4pc_is1 (PUP.Tuto4PC) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\Users\becbec\AppData\Local\Temp\is-IPM2H.tmp\Tuto4pc\setup_tuto4pc_ph_softonic_agence.exe (Adware.Eorezo) -> Quarantined and deleted successfully.
C:\Windows\Crack\Crack.exe (Worm.VB) -> Quarantined and deleted successfu... Read more

6 more replies
Answer Match 47.88%

Attached is a link from my original post, in the wrong forum.

http://www.bleepingcomputer.com/forums/topic442619.html

I'm running Windows 7. Originally, I was infected by a w32 worm blaster virus or so i thought. Might have been a rogue.security virus.

now, I think I'm infected with the google redirect virus, i also think i have the search milk virus. on top of that, google asks for a captcha everytime i try to search it! aagh!

any help would be great. thanks in advance.

per the instructions from the other forum, I'm going to post my dds log and the others that I can.

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_27
Run by Paul at 19:11:12 on 2012-02-14
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1015.426 [GMT -5:00]
.
AV: Trend Micro Titanium *Enabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium *Enabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windo... Read more

A:Really Infected - Help a newbie

Hello I Would like you to do the following.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Double click on combofix.exe & follow the prompts. When finished, it will produce a report for you. Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stallNote 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer"information and logs"In your next post I need the following
Log from Combofixlet me know of any problems you may have had
How is the computer doing now?Gringo

48 more replies
Answer Match 47.88%

sorry. not sure what i'm dealing with and i'm unable to provide a screenshot thanks to the malware. regardless of what program i try to open/use the same window appears in the middle of the screen asking if i would like to run or save the (attempted) download file. the following is a start: thanks in advance.OS 7hijackthis logLogfile of Trend Micro HijackThis v2.0.2Scan saved at 10:36:01 AM, on 7/23/2010Platform: Unknown Windows (WinNT 6.01.3504)MSIE: Internet Explorer v8.00 (8.00.7600.16385)Boot mode: Safe mode with network supportRunning processes:C:\Program Files (x86)\SpywareBlaster\spywareblaster.exeC:\Program Files (x86)\SpywareBlaster\spywareblaster.exeC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACG...d0z115a4431x586R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACG...d0z115a4431x586R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKL... Read more

A:another infected newbie

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 47.88%

Hi,

I'm brand new on the bleepingcomputer site. I have a problem, but first some background.

I'm a search engine evaluator, so I see a lot of sites, some of which are not reliable and full of junk (spyware, adware,etc.). I have Windows 7 and my security is Micro Trend.

On Friday night while working, my laptop was taken over by what I thought was w32/worm blaster. I did some research and from what's out there, because I'm running Windows 7, I can't have that.

I ran spyhunter and found out it was something called rogue.security shield. Spyhunter found it for me, but because I can't drop the $30 - $40 for it, I had to see about another way to get rid of it. I ran SuperAntiSpyware and it found the same rogue and I thought it eliminated it and moved on.

I ran MalwareBytes also.

I think I still have a problem with the rogue and on top of that, I think I have a problem with the search milk virus/trojan.

I get onto google, run a search and that works. When I try to select a link, I'm automatically sent to a complete spam/scam site, courtesy of search milk.

I tried re-running Malware and SuperAntiSpy and they find nothing.

Now I try to get onto google and I'm told by google that I can't and I need to enter a word into a captiva box to get online and when I do, it produces another captiva box. A complete runaround or a new virus??

Please help!

I'm losing my mind over this.

Any help would be huge and greatly appr... Read more

A:Really Infected - Help a Newbie!

Please follow the instructions in ==>Malware Removal and Log Section Preparation Guide<==.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Once you have created the new topic, please reply back here with a link to the new topic.Most importantly please be patient till you get a reply to your topic.

3 more replies
Answer Match 47.88%

hi there i am a total novice when it comes to things like this.. i have looked over a few bits in the forums but dont want to make matters worse...
My son has a note book/ net book what ever the diference is and his anti virus had expired unknowingly he now has a virus that wont let us do anything we cant connect to internet on it or select any other programs as it flashes up that it may be infected

i have other computers that i can use (obviously) but the note book obviously has no disk drives

any help gratefuly recieved then i will have a happy teen ager again...

A:help newbie infected need help...

ANYONE??????

1 more replies
Answer Match 47.88%

I am on a desktop connected thru a router to access Internet browsing and TV viewing. I do not share nor wish to share anything and most importantly don't wish any remote activities. I think I have a DOS based mmc hijack mainly because of being redirected to fake login pages at Yahoo and Facebook PLEASE stir me in the right direction. I run XP Pro sp2. On FDB login my emailaddress has a space in between some characters and different font. Can page source info be used to verify site validity?

THANKS

A:newbie think am infected

I apologize to all of you wonderful help staff for not reading the new user orientation and posting info prior to my post. I have started the proper submittal process and see that my stupidity in the past has made my infections into major diseased pc's at my home now. I think it will be best to wipe out the systems and start over with proper security in order before they are reinfected. I do run XP Pro and do need some advice on how to start over myb setup. I have several pc s with wired and wireless lan connections to a cable modem. I wish to prevent all shares and/or remote viewing and controling. PLEASE Help me find out how without reading a whole encyclopedia. AND I thank you in advance for your generosity in helping me outTxDon

1 more replies
Answer Match 47.46%

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:02:47 PM, on 10/11/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Sygate\SPF\smc.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Symantec\pcAnywhere\awhost32.exeC:\WINDOWS\system32\basfipm.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\WINDOWS\System32\snmp.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exeC:\Program Files\Synaptics\SynTP\SynT... Read more

A:Newbie. Followed Protocol Still Infected Please Help

Hi ZmmartinDelete any copies of HijackThis that you already have saved.Please download the self-extracting version of HijackThis from here:HijackThis Installer DownloadSave HJTInstall.exe to your desktop.Double-click the file then click the Install button.The file will be extracted to C:\Program Files\Trend Micro\HijackThis\HijackThis.exeA shortcut for future use will also be created on your desktop and the Intro Frame of HijackThis will open.Click Do a system scan and save a log file. Copy the entire contents of that log and post it here by clicking the Add Reply button.Please use the shortcut to run the extracted HijackThis.exe from now on.

1 more replies
Answer Match 47.46%

hi everyone newbie woman who hasan't got a clue needs help (easy as possible please)

I have virus's on my p.c i just can not kill......
at the bottom of my desk top a ballons keeps popping up saying
a critical error could occur,stop 0x0000078 inacccessible handler or device click ballon to fix
done this but still comes back....
after all day just downloading spyware ect and running everyone
im still plagued with the things.....
ie:superiorads and keep getting microsoft windows popping up
all over the place with casino adds on
and all sorts of adverts..
i have defragged/cleaned cookies/files.all the usual stuff.
spybotted it and avg cleaner, and trend micro housecall this took 3 hours.
all yesturday i downloaded spyware trojon killers the lot
tried about 6 in all.some said can not get rid. some said no path.?
but still there there.
i have searched and deleted and even been in msconfig
there hiding somewhere but i can't find them.
now i deleted one of the spyware i think it was spybot.?
and now im left with 500 files in my documents
that wont delete.. called POSS 1B5A all these are the same but go
POSS 1B5B C D E F G >>>>> ECT ECT.
im on a p.c.world E Machine (6 months old)
netgear router and windows x.p.
can anyone help please,or is there no hope.
thanks Chez

A:Help Please Newbie Infected With Virus's

Hello and to beemerchez,

In order to assist you, we need to know what your operating system is: Windows XP, Vista, etc.

Also, could you post the log from Spybot please?

Orange Blossom

15 more replies
Answer Match 47.04%

I have gone threw "Preparation Guide For Use Before Posting A Hijackthis Log" everysingle step and nothing. I still have pop-ups and my notebook keeps freezing on me. I have been up since last night till 5:30 am working to remove this horrible thing. Now, I feel like I'm going to have a nervous break down. So, please can anyone please help me.

A:Infected With Winspyware 2007! Newbie

Hello,This is a stubborn infection. The automated tools don't seem to be able to cope with it -- at least, not yet. Post your HijackThis log according to the instructions in the Preparation Guide.Be sure to post it in the HijackThis forum, not this one. Also, name the infection in your topic title, as you did here.Please be patient. It may take a few days before someone picks up your log, we try to take the older logs first.Best of luck.

4 more replies
Answer Match 47.04%

Pop-ups are on my screen, the pc is slow in response, and different pop-ups ads seems to appeare. can anybody help me im a newbie
THIS Shows up when I Start the Windows

p-07-01000 irql : 1f SYSVER 0xff00024 NT_Kernel error 1265
KMODE_EXCEPTION_NOT_HANDLED

"0x01d62739" referenced memory at "0x02354e50". The memory could not be "read.

Here is my Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:42, on 2008-01-30
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Programmer\Network Associates\Common Framework\FrameworkService.exe
C:\Programmer\Network Associates\VirusScan\VsTskMgr.exe
C:\Programmer\Network Associates\VirusScan\SHSTAT.EXE
C:\Programmer\Network Associates\Common Framework\UpdaterUI.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\devldr32.exe
C:\Programmer\Fælles filer\Network Associates\TalkBack\TBMon.exe
... Read more

A:Help Newbie: Trojan infected my system

16 more replies
Answer Match 47.04%

Hi there, wondering if someone can help. I keep getting pop-ups for 888.com, Cassava, Ringtone, Winfixer and various other pages in Internet Explorer. I have run all the recommended scans before doing a Hijack This log, all of which have come up clean.My log file is as follows:Logfile of HijackThis v1.99.1Scan saved at 20:13:48, on 01/02/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\SOUNDMAN.EXEC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Microsoft ActiveSync\WCESCOMM.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Messenger\MSMSGS.EXEC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\Program Files\Microsoft SQL Server\MSSQL$A... Read more

A:Newbie Infected With 888.com, Cassava, Winfixer And Various Other Pop-ups

Click here to download ewido anti-malware - it is a trial version of the program.Install ewido.When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".Launch ewido, there should be an icon on your desktop double-click it.The program will now go to the main screen.You will need to update ewido to the latest definition files.On the left hand side of the main screen click updateThen click on Start UpdateThe update will start and a progress bar will show the updates being installed. Then:Click on scannerClick on Complete System Scan and the scan will begin (do not open any folders or open the windows control panel while the scan is in progress).While the scan is in progress you will be prompted to clean files, click OKWhen it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.Once the scan has completed, there will be a button located on the bottom of the screen named Save reportClick Save report.Save the report .txt file to your desktop.Now close ewido.Rescan with HJT and post a new log here together with the ewido log so that any remnants can be removed manually.

14 more replies
Answer Match 47.04%

Hi,

My laptop appears to have been infected a couple of days back and has been giving a variety of problems. I have McAfee Anti-Virus Corporate Edition installed on my machine and it did detect a virus which it claimed to have cleaned.

However, soon after I started getting the "Windows Security Alert" messages (Warning! Potential Spyware Operation! Your computer is making unauthorized copies of your ...". I downloaded and installed AVG Anti-Spyware on my laptop and ran a full scan. It detected 5-8 trojans/ infected files and claimed to have cleaned/ or deleted them.

However, things have only gotten worse since then. I see a variety of problems:

1. I can't run most programs - when I try to run something, it automatically gets killed. I can't even run AVG Anti-spyware anymore. I also downloaded HijackThis, but I can't install it because the minute I fire it up, it gets killed.

2. I can't see "Control Panel" in my "Start" Menu.

3. When I try to right-click on "My Computer" and click on "Properties", I get a message saying "This operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrator."

4. Every now and then, I get a pop-up window saying something like "NT system has initiated a shutdown" and the system boots after a timer of 60 seconds expires. This only happens sometimes and I haven't been able to detect a pat... Read more

A:Newbie Needs Urgent Help With Infected Laptop

Hello Rajat Gupta, Please follow these instructions. Your having Problems with HJT, You may need to change the name to something else because some malware kills the program as it starts. Rename HiJackThis.exe to something else, like Analyse.exeDownload and scan with SUPERAntiSpyware Free for Home Users* Double-click SUPERAntiSpyware.exe and use the default settings for installation.* An icon will be created on your desktop. Double-click that icon to launch the program.* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)* When done, select "Scan for Harmful Software".* There are three scanning options. Choose "Perform Complete Scan" and click "Next".* When done, a Scan Summary will appear with potentially harmful items that were detected. Click "OK".* Make sure they all have a checkmark next to them and click "Next".* A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.* Click Preferences and then click the statistics/logs tab.* Click the dated log and press View log. A text file will appear so you can see the results.* Select close to exit the program.* Scan in SAFE MODEThen* Clean your Cache and Cookies in IE:* Close all instances of Outlook Express and Internet Explorer* Go to Control Panel > I... Read more

5 more replies
Answer Match 45.78%

Hi ,
 
in my browserpages I get continuous pop-ups from Hypenet & HotDeals .
I already run Norton, but found out that this doen'st work on PUP. Well for me it's not a PUP but a DUP. Definitely Unwanted Program.
Also when starting up I need to press F11 in order to get the thing goibg otherwise it just hangs. So there might be something in the boot.
I am not familiar with all this things, but I would like to receive help/advice to remove.
 
I think I have Windows Vista and my browser is Google Chrome. Already installed adblock, but it only helps if I per page block the adverts. And that's not do-able of course .
I don't know what else you need to know.
 
Anke

A:Newbie is infected with a browser hijjacker - Hot deals/ Hypenet

Hi anke71 and welcome to BleepingComputer!
 
Please download AdwCleaner by Xplode and save to your Desktop.NOTE : Please close or save all work, as the computer will be RebootedDouble-click on AdwCleaner.exe to run the tool.Vista/Windows 7/8 users right-click and select Run As Administrator.Click on the Scan button. (only once)AdwCleaner will begin...be patient as the scan may take some time to complete.After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.If you see any which you do not want removed, remove the check mark next to it.Next: Click on the Clean button (only once) to remove the selected items.You will receive a message telling you that all programs will be close so that the infections can be removed.Click on OK, and then OK again to confirm the reboot.When cleaning process is complete a log (AdwCleaner[S0].txt ) of what was removed will be on your desktop.Please copy and the paste this log in your next post.
 
 
 
 
 
  Please download Junkware Removal Tool to your desktop.
Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open start scanning your system.
Please be patient as this can take a while to complete dependi... Read more

8 more replies
Answer Match 45.78%

Windows 7 Home Edition has been infected with Windows Advanced Security Center. I was referred to this Experts area because this infection prevents me from downloading anything (like Malwarebytes and DDS), opening any browser, running iexplore.exe, etc. I literally cannot do anything that I've been advised to do, even in Safe Mode! Please help!

A:Newbie infected with Windows Advanced Security Center.

hit the f8 key to bring up the advanced boot menu (boot with command prompt)
 
at the prompt type:
C:\windows\system32\rstrui.exe , and press Enter
restore should run, pick a date before infection.
 
then run malwarebytes and hitmanpro

3 more replies
Answer Match 45.36%

Hello Form,

I have a Dell Latitude Laptop D600 running Windows XP Pro.

Google Links are re-directed to very weird sites. PopUps and Super-Slow.

I WAS running the free Avast protection but since this problem, I removed it and installed the Windows Defender. Don't know if that was a good move or not.

Thank You in Advance,

HiJack This Log Follows:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:04:16 AM, on 2/20/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Lexmark 6500 Series\lxdfmon.exe
C:\Program Files\Lexmark 6500 Series\lxdfamon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
C:... Read more

A:Infected with Malware/Spryware? Redirecting-Superslow-PopUps - I'm a Newbie

12 more replies
Answer Match 44.94%

Hello folks!
i am having some problems with my system.
im using a acer extensa 2001lm_512 notebook with windows xp.
i know its my own fault having problems because i surfed the net unprotected for 2 days.
i had norton antivirus 2004 installed but it is not working anymore.
i spent some time reading here and have done the following:
installed ad-aware, spybot, zonealarm. used fix-agent and cwshredder.
had my system scanned online at RAV.
installed a 30day trial antivirus software and tuneup2004 trial.
ran virus scans and found a lot of them and got rid of what i found.

so, now i am having these problems with my computer being really slow---opening folders takes a long time, displaying icons takes time to load.
random programs having problems and being closed.
antiviruskit-guard telling me of prevented virus infections in folders i can not find searching for. and of course the problem with not being able to shut my system down.
so i finally downloaded hjt and hjt-analyzer and iw ould really appreciate it if you could help me out a bit because i do not know how to fix my problems.

i have been here before some time ago and i know you guys are experts and friendly ones as well
thanks for any help and please excuse my poor english

Log was analyzed using HijackThis Analyzer - Updated on 12/4/04
Get updates at http://www.greyknight17.com/download.htm#programs

Logfile of HijackThis v1.98.2
Scan saved at 15:28:03, on 05.12.2004
Platform: Windows XP SP1 (... Read more

A:hijacked, virus-infected, shut-down impossible, slow, and a newbie as a user :)

Hi
Just remove this file from your drive...

O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe

1 more replies
Answer Match 43.26%

A few weeks ago my website was listed on Google as possibly harmful. I had my web people remove a few lines of malicious code and now it is OK on Google. I have a Google Adwords account that I associated with my website and was advertising for awhile. I have since paused the campaign and have received no charges for any advertising for a month now.

So since this time I have noticed on my traffic stats that I am getting "hits" from a website that is advertising with my URL. The strange thing is that if I click on their ad it goes to this page that's full of sponsored Google links. So I thought probably something had infected my computer and hacked into my google adwords account. Sure enough there was a another person verified in my account. So, I removed that person (and the code on my website that correlated with that user) and thought that would wrap it up. But it didn't. I ran spyware, virus scan and malware and found 15 malicious malware issues. I deleted those. So where I am at now is that they are still advertising under my url, but if no charges are occurring in my adwords account how can this be? The only thing I can think of is that it's pinging my site to look good to Google and then it goes to their site. Could my computer still be infected and/or could something still be on the website that is directing them to their website....but who is paying for all of this? Here's the URL. Any help would be appreciated as this is driving me nuts. h... Read more

A:Am I Infected or is My Website?

We need a deeper look. Please go here....Preparation Guide ,do steps 6 - 9.Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.If Gmer won't run,skip it and move on.Let me know if that went well.

1 more replies
Answer Match 43.26%

Two fairly technical types have told me today they received a virus popup while surfing my website. McAfee popup said web page HDFLJAL1\LLLISTING[1].HTM (not a URL on my site) was infected by the Exploit-MhtRedir.gen trojan. Norton picked up the Bloodhound6 virus.

I have Norton and use Mozilla, have not gotten any warnings.

Is there a HijackThis for websites? How do I determine if there is a problem on the site vs. them being infected from elsewhere?

Am I allowed to post the URL here?
 

More replies
Answer Match 43.26%

Hi,

Someone alerted me to an infection at my website. When I attempted to visit the site, my AVG blocked it and identified the infection as Rogue Scanner (type 1007). I've dealt with an infected computer in the past, but don't know what to do about an infected website. I don't think the infection came from my computer, as I haven't uploaded anything in ages and when I do make edits, I make them at the host, not on my computer.

Any help appreciated. Thanks!

PS. FWIW, I also got an alert that it's type 1035, although it usually says 1007.

A:Infected Website

Well, I wouldn't know how to run a log on the website.

But anyway, I think I've got it corrected. My htaccess file was altered to redirect my site to an infected site when people came in through google, bing, etc.

The big question is, how did this happen?

1 more replies
Answer Match 43.26%

did a google search, and a bad website infected me. can't run certain programs now, difficult opening browser as well.

RogueAntiSpyware.XPAntispyware

please help, thanks!

A:website infected me, please help!

Please download one of the following versions of Rkill by Grinler and save it to your desktop.rkill.comrkill.scrrkill.pifrkill.exeRenamed versions:iExplore.exeuSeRiNiT.exeWiNlOgOn.exeDouble-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If it did not, delete the file, then download and use another version (i.e. rkill.scr, rkill.pif, etc).If it still does not work, repeat the process and attempt to use one of the remaining links until the tool runs.Note: You may have to make repeated attempts to use Rkill several times before it will run as some malware variants try to block it.Do not reboot until instructed.A log file will be created and saved to the root directory, C:\rkill.logCopy and paste the contents of rkill.log in your next reply.-- If you get an alert that Rkill is infected, ignore it. The alert is a fake warning given by the rogue software which attempts to terminate tools that try to remove it. If you see such a warning, leave the warning on the screen and then run Rkill again. By not closing the warning, this sometimes allows you to bypass the malware's attempt to protect itself so that Rkill can perform its routine.Please download Malwarebytes Anti-Malware (v1.45) and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine.... Read more

1 more replies
Answer Match 42.84%

I am helping a friend fix his daughters laptop. Windows XP. Was a mess when I first got it, no antispyware, etc. I downloaded ANG free, updated windows, firefox, downloaded superantispyware, malwarebytes, maybe a few others. I seem to be in pretty good shape except for a redirect in google. Doen't matter if I use IE or firefox, but if clicking on a link during a google search I get redirected using "theclicksdirect.gosearch.com" the combo fix log belowComboFix 09-10-10.02 - Tevens 10/11/2009 11:34.1.2 - NTFSx86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.489 [GMT -4:00]Running from: c:\documents and settings\Tevens\Desktop\ComboFix.exeAV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\program files\driverc:\windows\Installer\1c19a.msic:\windows\Installer\3de34c5.mspc:\windows\Installer\67f053d.mspc:\windows\Installer\67f053e.mspc:\windows\Installer\67f053f.mspc:\windows\Installer\67f0540.mspc:\windows\Installer\67f0541.mspc:\windows\Installer\67f0542.mspc:\windows\Installer\67f0543.mspc:\windows\Installer\67f0544.mspc:\windows\Installer\67f0545.mspc:\windows\Installer\683... Read more

A:am i infected? website redirect

Hello bethd127,Please note the message text in blue at the top of the Am I infected? What do I do? forum.ComboFix logs should not to be posted outside the HijackThis forums and then only when requested by a HJT Team member. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.Please create a new topic explaining the nature of your problem in the Am I infected? What do I do? forum. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.If needed, we will direct you to our HJT Preparation Guide.Thank you for using BleepingComputer as your malware removal source.This topic is now closed. If you have any questions, please PM me or another Moderator.The BC Staff

1 more replies
Answer Match 42.84%

Hello. I was trying to go to weather.com when I forgot to type the 'r' at the end of the address. I hit 'Enter' and I was taken to this odd website that caused my computer to start beeping uncontrollably and I lost control of my mouse cursor. Some windows I had open were maximizing and minimizing on their own. There was an odd warning that popped up in the browser I was using (Firefox) that talked about Windows Defender, if I remember correctly. I'm not sure what it said as I closed Firefox as soon as this happened, disconnected my wireless, and then force shutdown my computer.
 
When I restarted it, there was no beeping sound and I had regained control of my mouse cursor, but as a precaution, I ran CCleaner to empty out all of my temporary files because I thought maybe whatever caused my issues may have been left behind.
 
I guess the reason I'm here is to have help in determining if I have anything left behind on my system and what I should use to scan it with.
 
For antivirus protection, I use Microsoft Security Essentials on Windows 7. It did not detect anything that I'm aware of.
 
If you need any other pieces of information, I'll be more than happy to provide it.
 
Thank you for your assistance and time.

A:Website possibly infected me with something

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware (MBAM) to your desktop.NOTE. If you already have MBAM 2.0 installed scr... Read more

7 more replies
Answer Match 42.84%

Everytime I visit my own website I get a popup from my antivirus software saying it's infected with JS/Exploit-BO.gen. I researched this trojan and it said it comes from infected websites, but I do not know how my website got infected.

My question is considering the fact that it is my own website, how do I get rid of it from the site? I do not want to run a site that is downloading viruses on to my own as well as others computers.

The website is http://www.olsen-fan.net

Here is a screenshot of one of the virus alerts and the virus script in action....

http://img440.imageshack.us/img440/8504/virusscriptkt3.jpg

http://img46.imageshack.us/img46/9683/virusscript2fn1.jpg
 

A:My website infected with JS/Exploit-BO.gen

I hope it is okay to bump this...
 

1 more replies
Answer Match 42.84%

hi ,
one of my website s infected by malware . the site s hosted n a shared hosting space and running php and mysql .

on accessing the website from ie8 , avira anti virus gives the alert saying your computer is affected by the following " HTML/Crypted.Gen Description:To avoid detection by antivirus software, authors of HTML malware use browser features like Java and VisualBasic Script. These scripts are small and very often quite simple encryption routines hiding the malicious parts of the script. Encrypted malware is detected as HTML/Crypted.Gen."
with firefox however there are no issues , using noscript firefox addon it was observed that the site is infected by malware and scripts are pointed towards hifgejig.cn , prostmirkost.net,traffics-inspector.cn

I took the site down and dropped the table and recreated it, changed all the passwords.

i verified all the java scripts and found no scripts are altered n the server side.

After cleaning up the site , put the site back and again within a day's time it got infected again

can some one guide me on what steps to be taken when cleaning up the site ?
 

More replies
Answer Match 42.84%

Whenever I try to to go to my website (www.blueprintgfx.com), Google Chrome tells me it's infected with malware from "iopap.upperdarby26.com". I deleted all the files from my ftp host, scanned all the files that were on my website, and reuploaded them. It worked again for a while then eventually it tells me I'm infected again. I use Webpage Maker to upload my files to the server, and I manually add some files with Filezilla (I scanned them all with Avira Antivir and Malware Bytes Antimalware). Does anybody know how I was infected and how to get rid of it permanently? Thanks...

A:My website is infected with malware

Also when I tried to go to my website with Firefox, Avira said there was a virus attacking my computer. The file 'C:\Users\Richie\AppData\Local\Temp\services.exe'contained a virus or unwanted program 'TR/Crypt.ZPACK.Gen' [trojan]Action(s) taken:The file was moved to the quarantine directory under the name '48432d9b.qua'.

2 more replies
Answer Match 42.84%

Hi,

Recently, I've been getting occasional pop-ups for suspicious survey websites when browsing legitimate sites (like the Atlantic Magazine's website theatlantic.com, for example). This doesn't happen every time, but it happens often enough that I'm starting to suspect some kind of infection.

Scanning my system with Norton Security Suite, MalwareBytes AntiMalware, SuperAntiSpyware don't detect any threats. I even tried running TDSSKiller, but that only seemed to show false positives that I skipped.

Are there any other tools that I should try running to check for an infection? Or am I just being a little paranoid?

Any help that I could get would be very appreciated.

ED: I forgot to mention that I'm running Windows 7 Home Premium SP1, 64-bit edition.

A:Survey Website Pop-ups: Am I Infected?

Welcome aboard Which browser is affected?How about other browser(s)?

26 more replies
Answer Match 42%

Hi --

Hoping you can help us.

We have a couple of websites on two different servers with the same host company. In the past few months, both sites have been infected. We have cleaned the affected files, changed the passwords, and upgraded the software, but the infections return. While we are diligent about scanning and updating the Anti-Virus software on our computer, as well as running Ad-Aware and Spybot, we are concerned that the infection may be in our computer, and not on the server as originally thought. Before we go about changing passwords again, we would like to verify that our computer is clean.

We have also noticed that some Internet access tends to be sluggish. Not sure if it is at all related, but just thought I would add that observation.

We can't quite figure out where to look, so we are hoping you will be able to help us.

Here is the log from HijackThis.

Thanks so much.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:35:06, on 06/14/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResp... Read more

A:Potentially compromised PC - website infected

15 more replies
Answer Match 42%

Hi, I was looking for some specific information about a hardware company. It is trusted, I will give the page below. When I was click a page which owner is the same company I saw the page is hacked. Definetly I was wondering can I infected by some malware or codes or something like this for entering this page. I run Avira and Windows Defender. Both of them said that system is clear. Then I looked HiJackThis and there is no different type of entires. Everything is OK. But I'm wondering about this encounter. Should I do something (changing passwords ect.)?


http://www.thermaltake.com/2010survey/index.html

Thanks a lot.

A:Entering a hacked website (infected?)

If you didn't find anything yet you are probably okay.

I would also download Malwarebytes and run it. You can leave it installed. It is just a scanner when you close the app it is off so it won't interfere with the Avira.
Download the Free big blue button top left of page.
Malwarebytes

Install and then Update. Run a full scan.
If it finds nothing I'd say your clean.

If you keep Malwarebytes just update each time you use it.
Sometimes it will tell you there are updates and sometimes it won't but there are always updates.
I run it every one to two weeks as a precautionary measure.

Mike

9 more replies
Answer Match 42%

Hello ! I`'m new here ;)
 
How can i clean my files from my site, my AV NOD32 ESET5 says that the site is infected with JS/Kryptik.AIO trojan
but when i downloaded all those files in my PC, and scan it, there are no viruses.
SO i scan it again, here,virustotal.com, and here's the log
 
...
McAfee-GW-Edition JS/Exploit-Blacole.gc
...
...
Sophos Troj/JSRedir-JT
 
 
What can i do next?

A:Website infected with JS/Kryptik.AIO trojan

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===
Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.

1: DDS.scr (Not recommended if you use Chrome to download this .scr file. Use the other options.)
2: DDS.pif
3: DDS.COM

Double click on the DDS icon, allow it to run.
A small box will open, with an explanation about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.[/list]Please note: You may have to disable any script protection running if the scan fails to run.

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.===

Third party programs if not up to date can be the cause of infiltration an infection.
===

Please run this security check for my review.

Download Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Search and delete the AdWare, PUP (Potentially Unwanted... Read more

2 more replies
Answer Match 42%

Hi Bleeping computer team,Last week i visit client website and Avast warn me immedielty about some malware trying to get in to my notebook.I choose to disable the connection and close browser immedietly, but after 5-10 minutes everytime i try to enter facebook or hotmail, Avast warn me about some Rootkit malware reside in the system.So, I am pretty sure that i got infected from the client website (THIS SITE GOT VIRUS***www.saraya-inter.com***THIS SITE GOT VIRUS) I am sure that the malware still on there as this client do not have web master to update it yet.But once i restart my computer all the warning from Avast has gone. Appreciate you kind help to look on my problem.=============================================DSS LOG=============================================DDS (Ver_09-12-01.01) - NTFSx86 Run by Kong1 at 10:07:44.39 on Tue 03/02/2010Internet Explorer: 7.0.5730.13Microsoft Windows XP Professional 5.1.2600.3.874.66.1033.18.2046.1246 [GMT 7:00]AV: avast! antivirus 4.8.1368 [VPS 100301-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}============== Running Processes ===============C:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost -k DcomLaunchC:\WINDOWS\system32\svchost -k rpcssC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k NetworkServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\Program Files&#... Read more

A:Infected with Rootkit from client website

This is warning message which i capture the first time i visit the site, i knew i might need it! I hope this prodive a better idea of what kind rootkit we are dealing with.

26 more replies
Answer Match 42%

Hello all,

Our company is having a recently relaunched wordpress based website which got infected 2 weeks ago. (http://www.elcome.ae)

Charecteristics of the Infection: The website template was found to have inappropriate keywords to our line of business. A thorough check later uncovered that the footer template is infected. We have cleaned the file and reinstalled the same in a couple of hours. But the same infection appeared next day and still it continues. Some hidden script is inserting more than 185 hidden hyperlinks with hidden keywords to the website template. Only change that happens everyday is that the hyperlinks change everyday, pointing to a unique website each time.

Kindly advice if the problem lies in the hosting server of "network solutions" or with the style scripts.

A solution to clean this mess up would be a great help for me. Please find below the hidden unknown script in our website template.

Thanks & Best Regards


</div>
<!-- End of column 2 -->

</div>
<!-- End of column wrapper -->

<!-- Start of footer -->
<!-- 7351cddd5241ca58498562e9ce7eb252 --><style>
div#b0ce344a48ba0278f7975e27a757d0744, div#b0ce344a48ba0278f7975e27a757d0744 a
{
font-style: normal;
font-weight: normal;
font-family: Verdana, Tahoma, sans-serif;
font-size: 8px;
text-decoration: none;
display:none;
color: gray;
text-align: center;
}
</style>
<div id='b0ce344a48ba0278f7975e27a757d0744'><a href=&qu... Read more

More replies
Answer Match 42%

Yeah, I was looking for pictures of ladies and got into trouble. If you want to go hunting for this one, go to google image search for "vice suicide girl" with moderate filtering. One of the results on the first page, can't remember which one, did this to me I'm thinking.While browsing,/ a Java splash screen came up. I could not think of what activated it except for the paged I browsed to, so I clicked back. A few seconds later (Windows XP Pro Sp 2) informed me that my virus scan (Symantec AntiVirus 10.1.5.5000) was deactivated. Then programs started crashing like Firefox, Explorer and svchost. I rebooted and tried to restart firefox, but my desktop shortcut did not work. It could not find the Firefox exe! The infection must have deleted it, it was missing from the Program Files\Mozilla Firefox folder! So I downloaded Firefox and reinstalled it, but it crashed again. This is where I restarted in safemode and did a Malwarebytes scan. It came back with two results: Malware.Trace (C:\Documents and Settings\[user]\Application Data\avdrn.dat) and Trojan.Agent (C:\Documents and Settings\[user]\Local Settings\Temp\svchost.exe). Both quarantined and deleted successfully.I am restarting after the scan now. Is there anything else I should do? I have not seen an invasion like that before. What can I do to best protect against it next time (besides stopping the behavior in the first paragraph ;) )E... Read more

More replies
Answer Match 42%

I used to go to adult website called www.webcamnow.com but I don't anymore. Recently my computer was infected with an undetermined infection that corrupted 2 windows files then my pc stopped bootting into windows xp. I reformatted my hard drive and got a new hard drive installed. I was using a webcam on webcamnnow.com which uses adobe flash player. I also was running webcammax software. Someone projected images onto my cam that weren't mine. Is it possible that someone hacked into cam or worse hacked into my pc? After reformating, I got spam addressed to my user account email address and subject line contained my User Id name for that site. The email came after I reformatted my hard drive. Could the original infection have been put on my backup external hard drive?
In conclusion, I run Norton 2010 Security Suite which didn't detect the original infection.

A:Did my pc get infected thru my webcam at adult website?

It's possible that the infection was in your Master Boot Record. Rera=e but I think a possibility depending on the reformay.. Or even whay was reinsstalled.I feel the safest and smartest thing to do now is...go here....Preparation Guide ,do steps 6 - 9.Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.If Gmer won't run,skip it and move on.Let me know if that went well.

1 more replies
Answer Match 42%

I've used spybot search and destroy with no luck.
DDS (Ver_10-11-10.01) - NTFSx86
Run by Owner at 18:17:16.46 on Wed 11/24/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2039.966 [GMT -5:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\windows\system32\svchost -k DcomLaunch
svchost.exe
svchost.exe
svchost.exe
C:\windows\system32\spoolsv.exe
svchost.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\windows\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\windows\system32\igfxtray.exe
C:\windows\system32\S3apphk.exe
C:\SCANJET\PrecisionScanLT\hppwrsav.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program ... Read more

A:Infected with website redirect virus

Hello yurchata1 ,Download TDSSKiller.zipExtract it to your desktopDouble click TDSSKiller.exePress Start Scan
If Malicious objects are found then ensure Cure is selectedThen click Continue > Reboot nowCopy and paste the log in your next reply
A copy of the log will be saved automatically to the root of the drive (typically C:\)Thanks,tea

10 more replies
Answer Match 41.58%

Norton detected an infection and I need help getting rid of it. It says it's high risk. I've attached the logs. Thanks.
Category: Intrusion Prevention
Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Attacker URL,Destination Address,Source Address,Traffic Description
11/4/2013 5:31:01 PM,High,An intrusion attempt by KATE-PC was blocked.,Blocked,No Action Required,Web Attack: Neutrino Exploit Kit Website 4,No Action Required,No Action Required,"KATE-PC (10.0.0.11, 51306)",reehoh7.nebraskasky.net:8000/zimwppoqbhlwmziet,"62.113.243.95, 8000",10.0.0.11 (10.0.0.11),"TCP, Port 51306"
Network traffic from <b>reehoh7.nebraskasky.net:8000/zimwppoqbhlwmziet</b> matches the signature of a known attack.  The attack was resulted from \DEVICE\HARDDISKVOLUME1\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE.  To stop being notified for this type of traffic, in the <b>Actions</b> panel, click <b>Stop Notifying Me</b>.

A:PC infected with Web Attack: Neutrino Exploit Kit Website 4

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Nothing suspicious was found on your DDS log.Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the Report button and the report will open in Notepad.IMPORTANTIf you click the Clean button all items listed in the report will be removed.If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Check off the element(s) you wish to keep.Click on the Clean button follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Sn].txt (n is a number). Please downloadJunkware Removal Tool to your Desktop.Please close your security software to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.The tool will open and start scanning your system.Please be patient as this can take a while to c... Read more

10 more replies
Answer Match 41.58%

Both Firefox and IE re-route me to YellowPages.com or to google with random search terms. Then it got worse and now when I go to Google News and click on links, I can see all kinds of hijacking of my URL going on, where it is redirecting to different sites. My PC is definitely infected, hopefully someone has seen this before and can help me.

Windows2000, SP4
IE 6.0
Firefox 3.0.7

Thanks.

A:Windows 2000 PC Infected - Website Redirects

Hello danworden and welcome to BC Please note that ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert." It is NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.Running ComboFix by yourself is like performing open heart surgery on yourself--the scalpel and other surgical tools that is ComboFix is meant to be wielded by a highly trained surgeon only in emergencies or dire circumstances. When the surgeon is thru s/he leaves the room. So combofix should be removed from a system once it has accomplished its job, unlike an AV that is there to protect you from future infections.. . . CF does make some alterations to your system if you run it. Even if you had no malware removed and run the uninstall command, some things may be different now on your system. I can tell you that one thing is that all your restore points will be flushed out and a new one created. There is a good reason to do that when you have a severe infection--but if you aren't infected you might need those restore points.Read and abide by the disclaimer people. It's there for a reason. Stick to running and protecting yourself with a good AV and firewall and an anti-malware s... Read more

1 more replies
Answer Match 41.58%

Hi, I'm an owner of a few small websites (in Poland). The address of infected are www.aptekastatim.pl and www.civ2.pl

When I type an invalid address (eg. www.civ2.pl/gagha) I'm redirected to unknown site and got a message from Avast (security allert) instead of getting error 404!

Can you help me? I've been looking for tips allover the net, but I can't find anything. I tried AVG Online Virus Scan for URL, but it hadn't found anything... What to do?

Mike!
 

More replies
Answer Match 41.58%

Hello there,
Seems my laptop (windows 7, 32 bit) has been infected with some type of malware that redirects web search links. This does not happen every lnk I clink, but maybe around 25% or so (One site that I get redirected to is "looksmart"). I had Trend Titanium installed, obviously that didn't work! My kids are always downloading photos from the internet, perhaps that is how I was infected, but not really sure.
I ran Malwarebytes, it found a few things that I removed, but the problem still exists. I just installed Microsoft Security Essentials as well, but that did not help either.

I also ran and hav the DDS and GMER logs, should I post them here?

Thanks in Advance!

A:Kids Infected My Laptop - Website Redirect

DDS and GMER logs are not needed hereDownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results hereDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

15 more replies
Answer Match 41.58%

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_21
Run by Richard at 22:21:44 on 2013-01-20
#Option MBR scan is disabled.
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.985.355 [GMT 7:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program F... Read more

A:Infected by privitize vpn, keep redirecting into other unknown website

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top o... Read more

19 more replies
Answer Match 41.58%

Hello, I am new here, i read over the first steps post and hope I do this correctly, please let me know if anything else is needed to be posted...


ok, i was browsing a website earlier, i had clicked on a link and then all of a sudden the resident shield of AVG popped up with a warning saying it had found several infected files with this generic7... attached you can see a JPG from the history of the shield




so upon seeing this, i researched more into it, and many people seem to have had this "generic7" problem but always with a different extension, i could not find info on ".aqhl" but i saw many posts with other extensions of this. From what i read it is a trojan downloader that can download other malware to the pc and even steal information, thus im very worried... I scanned with the virus scanner in AVG and it found nothing but I read from other people that this virus keeps coming back if they remove it... I am wondering if anyone can help me to remove this, even though the scanner does not show it I believe it to still be there. I ran the file in first steps but i didn't get an info.txt anywhere, just this i will paste from the log.txt



i also tried to run GMER but it would not complete for some reason

any help would be appreciated


thank you


PS. I know it says just to paste the log.txt results in thread, but i have tried and it says

"You have included 29 images in your message. You are limited to using 25 images s... Read more

More replies
Answer Match 41.58%

Recently I tried a Firefox extension called Whitelist Ninja and after I setup the password for it I tried to go to my add-ons and it blocked it of course but I wasn't paying attention to what it said it was blocking apparently it redirected me hxxp://www.undefined.com/ this website sounds fishy just by the name alone and looks just as fishy. Now most of my software is up to date except for Java and Flash although I have Firefox configured to automatically clear cache when I close it and hardware acceleration is off plus all my plug-ins are disabled (except VLC "ask-only") I also have Noscript and Request Policy installed but nothings bullet proof. So I would like to determine if I'm infected or not.

A:Accidentally went to a strange website unsure if I'm infected

Hello SuperSapien64:
 
You may wish to initiate your own self directed investigation by submitting suspicious URLs to VirusTotal.com (VT) amongst many others.
 
Also, please consider obfuscating URLs (you are suspicious of) in your posts so that less experienced readers do not click on them. e.g. hxxp://someresource.com or place them in a BB "code" box:

http://www.undefined.com/

In this individual case above, VT scores that website as 0/63. (benign)
 
Installing Malwarebytes Anti-Exploit will serve to strengthen your system's defensive arsenal by blocking malware exploits towards the computer's OS and through most popular browsers.
 
Your friendly moderator (quietman7) may graciously follow-up with a comprehensive list of other websites that automate the investigation of URLs .
 
Thank you.

10 more replies
Answer Match 41.58%

I was on a video game news site and I clicked on the link to the website an article was mentioning. The webpage told me my computer is infected with a virus. I knew I had the "MyWebSearch" malware from before so I thought maybe that was the issue. So I downloaded Malwarebytes and ran it (everything it detected was related to MyWebSearch) and it got rid of it. But I still get the same message when I go to that webpage. My computer doesn't seem to be running abnormally and based on the replies to that article I seem to be the only one getting this page. I know I can't exactly trust what a webpage tells me though this doesn't appear to be rouge-ish, if that counts for anything... Has anyone else seen this before? (The webpage is www. fifthindependent.com/multimedia/programs/mega-man-revolution/)(I'm running Windows XP SP3 and was using Firefox 12.0 at the time.)

A:"Access Rectricted" - Website says I'm infected with a virus

Please post the malwarebytes log.Hello,And welcome to BleepingComputer.com, before we can assist you with your question of: Am I infected? You will need to perform the following tasks and post the logs of each if you can. If you have performed any of the scans below post the logs for those scans, and then perform the ones you have not done.Please download and run Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.SUPERAntiSpyware:Please download and scan with SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)In the Main Menu, click the Preferences... button.Click the "General and Startup" tab, a... Read more

19 more replies
Answer Match 41.58%

Hi guys,
This is the second time within 2 months I get something nasty from a Russian website....
At fist it installed a browser called mediahit in silent mode and I hardly removed it.
Now I sense it still has some issue since I get access denied on stopping services and I am using the original Windows 7 built in admin account.
OS is Win 7 Ent. x64.
 
 
I used MalwareBytes, it found some PUP entries which I removed.
I have Avira premium, I did not scan fully with it yet. But it also did not pop up with a warning.
 
Here is the DDS log, thanks in advance!
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2
Run by cat at 0:48:38 on 2013-12-05
Microsoft Windows 7 Enterprise   6.1.7601.1.1255.972.1033.18.8104.5138 [GMT 2:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:... Read more

A:Russian website visit - laptop is infected?

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===--RogueKiller--Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit Quit all programs that you may have started.Please disconnect any USB or external drives from the computer before you run this scan!For Vista or Windows 7, right-click and select "Run as Administrator to start"For Windows XP, double-click to start.Wait until Prescan has finished ...Then Click on "Scan" buttonWait until the Status box shows "Scan Finished"click on "delete"Wait until the Status box shows "Deleting Finished"Click on "Report" and copy/paste the content of the Notepad into your next reply.The log should be found in RKreport[1].txt on your DesktopExit/Close RogueKiller+==============Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the Report button and the report will open in Notepad.IMPORTANTIf you click the Clean button all items listed in the report will be removed.If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and... Read more

2 more replies
Answer Match 41.58%

When I visited this morning, I got a message from google about the page being unavailable, then AVG gave me a threat warning:
 

A:The Sans institute website appears to be infected

Looks like a false positive if you ask me.https://www.virustotal.com/fr/url/148dc0ac7d7332e0a69f55dba29a5d979a9b6fc4faba7cae5d7e7de22921a29c/analysis/1455563826/No detection at all on VirusTotal and AVG doesn't detect a sure threat, just a "possible" one. I would rely on these kind of detections to determinate whether or not a website is infected.

15 more replies
Answer Match 41.58%

After following all the steps I am not able to run any of the provided tools. (dds, gmer) They just shut down after I click on them. Seems like this may be a bit more than I can handle. Thanks ahead.

Should I just go to a bigbox place, or is there still hope? Wouldn't be surprised some of you guy work magic.

A:Comp infected with tdds website are redirected

See if you can run OTL and skip GMER for now.If you cannot get DDS to work, please try this instead. Please download OTL by OldTimer and save it to your Desktop.Close all other applications and windows so that you have nothing open and are at your Desktop. Double click on the OTL icon on your desktop. Select 30 days from the File Age: drop down menu. Click the "Scan All Users" checkbox. Click the button to start. Do not use the computer while the scan is in progress. When the scan is complete, two log files will open in Notepad:OTL.txt <- (will be maximized) Extras.txt <- (will be minimized in the Task Bar).Both logs are automatically saved to the Desktop. Please copy the contents of OTL.txt to the clipboard by highlighting everything and pressing Ctrl+C or after highlighting, right-click and choose Copy and then paste it into a new topic in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here. Also copy and paste the contents of Extras.Txt in your next reply as well. If the Extras.Txt log is too long, you may need to add a second reply to your thread. Click the red X in the upper right corner to exit OTL.Important: Be sure to mention that you tried to follow the Prep Guide but were unable to get DDS to run. If OTL did not work, then reply back here.

11 more replies
Answer Match 41.16%

Over the past weeks I received many reports from people getting popups about "Total Security" only when they visit my website.

I have experienced the same in IE (also only when visiting my own site) and in Firefox I see http 503 errors in Firebug.
This doesn't happen constantly, but kind of in waves. Some days the problems are pretty bad, then there is no problem for days.

The hosting provider keeps telling me that my PC must be infected or that the wrong people have gotten my FTP password by key loggers. I scanned the PC with McAfee (provided by my ISP), PC Tools Spyware Doctor, Malware Anti-Malwarebytes, Spybot Search & Destroy, Hitman Pro, NAV32, but nothing was found, except a few cookies from webstats tools.

I downloaded all file from the webstite to a directory on my harddisk and used all those tools to scan those files. They were reported to be clean.
I read all the text files (.shtml, .pl, .php, etc.) for strange code which I have not written myself, I used WinMerge to compare the directory with the working directory on my PC, but no differences were found.

I'm running out of ideas, but the popups keep appearing with many people. The hosting provider says the server is clean and has no viruses.

Any ideas how to get rid of these nasty popups??

Regards, Jigal.

A:How to detect problem with possibly infected website/server?

I will contact the people that have experience in this area
Please be patient

3 more replies
Answer Match 41.16%

Hii
My PC has been infected by Backdoor.bot i come to know about it when i scanned via malware bytes logs.
And every browser redirects to paywebgames.com website.
After that i searched how to remove Backdoor.bot and come to know about a post on bleeping computer but there was clearly mentioned that the process of removal varies from machine machine hence decided to post a new Log
So i installed FRST.exe and Logs are pasted and attached
hoping for reply as soon as possible
Addition.txt is attached
 
FRST log is as below:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-09-2016
Ran by Chetan (administrator) on USER-PC (16-09-2016 12:42:58)
Running from C:\Users\Chetan\Downloads\Programs
Loaded Profiles: Chetan (Available Profiles: Chetan)
Platform: Windows 7 Ultimate (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\UsbFix\UsbFix.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(TeamViewer... Read more

More replies
Answer Match 41.16%

Hii
I have scanned via malware bytes first and found Backdoor.bot infected then searched for how to remove Backdoor.bot.
then come to know about post on bleepingcomputer but on that topic they said it varies from machine to machine so decided to post new thread and read guide for posting new thread as said there 
I have installed and scanned via  FRST.exe 
Addition.txt is Attached
Hoping for Reply ASAP
Thanks in Advance
FRST log is as follow:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-09-2016
Ran by Chetan (administrator) on USER-PC (16-09-2016 12:42:58)
Running from C:\Users\Chetan\Downloads\Programs
Loaded Profiles: Chetan (Available Profiles: Chetan)
Platform: Windows 7 Ultimate (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\UsbFix\UsbFix.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Mot... Read more

More replies
Answer Match 41.16%

Hii
My PC has been infected by Backdoor.bot i come to know about it when i scanned via malware bytes logs.
And every browser redirects to paywebgames.com website.
After that i searched how to remove Backdoor.bot and come to know about a post on bleeping computer but there was clearly mentioned that the process of removal varies from machine machine hence decided to post a new Log
So i installed FRST.exe and Logs are pasted and attached
hoping for reply as soon as possible
Addition.txt is attached
 
FRST log is as below:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-09-2016
Ran by Chetan (administrator) on USER-PC (16-09-2016 12:42:58)
Running from C:\Users\Chetan\Downloads\Programs
Loaded Profiles: Chetan (Available Profiles: Chetan)
Platform: Windows 7 Ultimate (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\UsbFix\UsbFix.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(TeamViewer... Read more

More replies
Answer Match 41.16%

Malwarebytes found a rootkit and other issues as shown in the log below:Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 6400Windows 5.1.2600 Service Pack 3Internet Explorer 7.0.5730.1319/04/2011 23:33:03mbam-log-2011-04-19 (23-33-03).txtScan type: Quick scanObjects scanned: 167688Time elapsed: 29 minute(s), 0 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 1Registry Data Items Infected: 6Folders Infected: 0Files Infected: 2Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Quarantined and deleted successfully.Registry Data Items Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\cel.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:�... Read more

A:Infected with rootkit and trojan - website hacked Think I'm clean now - not sure?

Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far. Upon completing the steps below another staff member will review your topic an do their best to resolve your issues. If you have already posted a DDS log, please do so again, as your situation may have changed. Use the 'Add Reply' and add the new log to this thread. Thanks and again sorry for the delay. We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scr DDS.pifDouble click on the DDS icon, allow it to run. A small box will open, with an explaination about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that... Read more

2 more replies
Answer Match 41.16%

About a week ago a computer that is on my network at work was infected horribly with spyware, we disconnected it from the network but I dont know if it was to late.

I connect with my laptop when I go to the office, and today was on twitter and viewing a image, and a box popped up that said your computer is infected, run a scan to find out how to clean, and the domain was something like smart-pc-scanner9.com - It kept saying infected, so I closed the x out and didnt do anything with it and am running all kinds of scans on my computer, but the problem is - I dont know if my computer is infected, the msgs that were coming up and the domain is the same as the one that was infected on our network, since my laptop is not old and i do a ton of work on it I need to make sure its okay. What can I do to make sure of this? Here is what Im doing so far:

Running full scan with Avast, nothing found so far

Running full scan with malwarebytes, no infections so far

Running windows defender, no infections.

I have a feeling something is there and my software isnt catching it - please advise what to do next. I found the domain on a malware url site that said its a infectious site that will infect your computer immediately.

Please help me!

I have windows vista
HP dv6-1245dx

A:Malware Website pop ups want to make sure computer isnt infected

I'm having the same problem, I feel there is still something hiding but all of my scans come up clean... can anyone help us out? Thanks!

2 more replies
Answer Match 41.16%

Hey guys,
I finally got a pop-up ive been wanting for a few months now. It is one of those fake virus scanning websites trying to run a fake scan (just a .gif picture) and it tells me to download their AV.
Ya let me get right to that! REALLY!
I want to download, not install to my main computer, but just download the installation files to transfer to my old sandbox comptuer. This will be my first attemt at this, and i just wanted peoples input on what you think of this?

Am i alright to download this? A second opinion never hurts. Cant know everything. Damn hard pill to swollow haha!

Thanks everyone,
Ben

A:Infected website, download fake AV for testing. Safe?

Well, if you're going to let it run its course to see what it does, make sure that the computer is completely isolated with ZERO and I mean ZERO information on it.

Also, keep in mind that not only can this sort of thing mess with your software, but in rare cases it can kill hardware if it's really horrid.

9 more replies
Answer Match 41.16%

Thank you ahead of time for any help concerning this problem. Several weeks ago I noticed that anytime I would click on a website from the google search results, the requested site would not appear and instead I would be directed to advertisements. This problem has increased and this morning when I open Internet Explorer this website comes up instead of my homepage: hxxp://flyingincognitosleep.com/cgi-bin/h.pl. Any help with this problem will be greatly appreciated.
MandyK

DDS.text attached:

DDS (Ver_10-12-12.02) - NTFSx86
Run by Tony Cornner at 9:39:12.21 on Mon 01/17/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.355 [GMT -6:00]

AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE... Read more

A:Infected - Google search returns ads instead of the correct website

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..Please download ComboFix by sUBs from HERE or HERE and save it to your Desktop.During the download, rename Combofix to Combo-Fix as follows:It is important you rename Combofix during the download, but not after.**NOTE: If you are using Firefox, make sure that your download settings are as follows:Tools->Options->Main tabSet to "Always ask me where to Save the files".After that, double-click and run Combo-Fix. Let it finish its job and post the log hereIf ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

5 more replies
Answer Match 41.16%

My wife was browsing a few months ago and while clicking through gossip websites she "click here to see the rest of the pics on the list" links and I think she infected the computer that way.  I usually do all the removal of my malware by following guides like the ones your website provides but this time I feel like I didn't remove the malware completely. I ran malwarebytes and I just want to make sure my computer is completely clean. I will be defragmenting tonight and running some of the procedures from your site in order to get the pc running smoothly.  See logs attached please.
 
Thank you in advance.
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.17054  BrowserJavaVersion: 10.60.2
Run by secondary at 22:06:53 on 2014-08-30
Microsoft Windows 8 Pro  6.2.9200.0.1252.1.1033.18.6058.4032 [GMT -7:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\WLANExt.exe
C:\WINDOWS\System32\spoolsv.exe
... Read more

A:Clicked on a website that prompted java update and I believe i was infected

hi tacotuesdays,
 
At a glance I dont recogonize any malware, but that dosnt mean its not there. Did Malwarebytes come up clean?  I see you have Windows Defender installed. Its not a antivirus application. Do you have a active/resident AV installed? Many good free ones are available.

3 more replies
Answer Match 41.16%

Malware pushers have managed to compromise a Kaspersky Lab website on Sunday and direct users looking to download the vendor's applications to scareware.

According to various reports, including on Kaspersky's own support forums, the compromise occurred on the USA download website.


When visitors attempted to download the company's security products they got redirected to an external page, which mimicked an antivirus scan and served a fake AV program.

Known as scareware or rogueware, these applications bombard users with bogus security alerts about fictitious infections on their computers, in an attempt to convince them to buy a useless license.

These programs are distributed through a variety of methods, including by infecting legitimate websites.

One can easily realize how being served via a legit antivirus vendor's site, would make such an application very credible and dangerous.

There is reason to believe that some people were infected as a result of the attack, which Kaspersky confirmed today for IT PRO.



http://news.softpedia.com/news/Hacke...e-161818.shtml

A:Hacked Kaspersky Website Infected Users with Scareware

old news

1 more replies
Answer Match 41.16%

I keep getting this Altnet thing coming up on my Spybot and AdAware. Here's my Hijack This log:

Logfile of HijackThis v1.97.3
Scan saved at 10:40:50 AM, on 12/18/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\lxamsp32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\pctspk.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\program files\qttask.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\Pro... Read more

A:Altnet is visiting me again

12 more replies
Answer Match 41.16%

I need some help--I believe my son 12 year old son is visiting inappropriate website while we are at work. At the end of the night I clean out the temporary internet folder to free up space on the computer and last night I was just scan the folder and found all kinds of porn websites!! So I clean it out and when I logged on this evening the sites he normally visits are there but so where other porn sites.

Tell if Im wrong but is it true that every website you visit is recorded in the temp internet folder? and so popups get space there and when those cookies automatically go there is the computer is just left on which is what he is trying to tell me.

So is there another way to find out a list of websites that have been visited.

I really need to get these questions asked.

Thanks
 

A:HELP-son maybe visiting XXX sites

15 more replies
Answer Match 41.16%

There is a rare problem in the Sims that seems only to affect my computer. The thread has 40-some views, but no replies, and I posted more than a week ago. Please help me!

Click on the text to go to the forum

Please help,
rothn
 

A:Nobody is visiting my forum

It means that no one has an answer! I know its unfortunate, but it does happen I am afraid
 

2 more replies
Answer Match 41.16%

Hi all

I'm not very good with computers, I can type, print use the internet.

But I recently have bought a new pc and I want to transfer some of the files from my old computer hard drive to my new computer

My old computer broke, something to do with the fan according to the man at the shop, but I was wondering if there is something that can allow me to link the hard drive on my old pc so I can access all the files that were saved on it?

Any help is appreciated

Thanks for your time and patience!
 

A:Newbie facing newbie problems

9 more replies
Answer Match 40.74%

Hi.
 
I run a Windows 8 Core i3 64-bit machine (Windows Experience Index is 5.6).
 
For a couple of weeks since I installed it, MalwareBytes keeps blocking malicious websites continuously. It is scary because even when the computer is idle and there's no internet activity, MalwareBytes shows messages of blocking access to malicious websites. I have no clue where this activity coming from. Please help! Am I infected? The computer's been running decently but I am still scared. Along with MalwareBytes, I use Windows Defender as my main antivirus.
 
Do let me know if any other information is needed.

A:MalwareBytes blocks malicious website when computer is idle. Am I infected?

Malwarebytes Anti-Malware Malicious Website Blocking (IP Protection) is part of the Protection Module in the Pro version and works after it is enabled. When attempting to go to a potential malicious website, Malwarebytes will block the attempt and provide an alert. Notification that an IP address has been blocked does not necessarily mean the computer is infected. Some legitimate programs on your computer (i.e. iTunes, Instant Messenger client, P2P programs, web browsers) have access to the Internet and that action can trigger an IP alert if it tried to access a malicious IP address. These types of events are stored in the "protection-log". Your firewall should be able to give you a list of such programs so you can confirm if they are legitimate.IP Protection is also designed to block incoming connections it determines to be malicious. Botnets and Zombie computers scour the net, randomly scanning a block of IP addresses, searching for vulnerable ports - commonly probed ports and make repeated attempts to access them. Hackers use "port scanning", a popular reconnaissance technique, to search for vulnerable computers with open ports using IP addresses or a group of random IP address ranges so they can break in and install malicious programs. Malwarebytes is doing its job by blocking this kind of traffic and alerting you about these intrusion attempts which it stores in the "protection-log".More information about IP Protection can be found in the Malwarebytes Anti-Malware Malici... Read more

17 more replies
Answer Match 40.74%

new sims 4 torrent most likely did it, other threads with same problems have fixlists that i dont have access too 
here are my FRST scan results
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by Joel (administrator) on ACER on 18-09-2014 09:45:18
Running from C:\Users\User\Desktop\FRST
Platform: Windows 8.1 (Update 1) (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
(ELAN Microelectronics Corp.) C:\Program Files\El... Read more

A:infected with game harbor virus, website that opens on startup

Hello puppenstein I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the sa... Read more

4 more replies
Answer Match 40.74%

My sister in law is in town and I hooked her up to our router. At home she uses timewarner roadrunner as her ISP. Her Outlook is not sending mail while connected through my wireless. Nothing should have changed in her outgoing mail provider, at least that I know of, so why would connecting to my wireless mean she gets a failure to send in outlook? Any thoughts?
 

A:relative visiting and using wireless

16 more replies
Answer Match 40.74%

Hi, thought I'd see if all is well on the folk's PC, since I'm not up close and personal with it like this often. For one thing I think the google toolbar entries are different than they are on other machines I have it on. (Mainly want to make sure nothing sinister is going on, but would also be interested in shutting off everything that can be. For example I did install Windows Messenger and enable Remote Assistance since we are going to try that when the need arises after I leave again, but assume I should figure out how to keep Windows Messenger from being on all the time. It's not enabled in msconfig or anything.)

Here's their log. We all thank you!

Logfile of HijackThis v1.99.1
Scan saved at 3:19:25 PM, on 9/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32... Read more

A:Mom & dad's HJT ok? Good kid checkin up while visiting! :)

P.S., I don't know if peop can tell when you've chosen about:blank as your IE start page on purpose, but I did. Although I wouldn't know how to tell if there was also a bad about:blank present. I did run Housecall, just a couple tribalfusion thingies found.
 

1 more replies
Answer Match 40.74%

The other day I was just following some links to a couple of sites, one was free6.com and the other nudeamateurhoes.com and now I have a weird icon on my taskbar. The icon itself says curse when moused over but has no way to exit the icon like the others on my task-bar.

Anyone every experience this problem and is it related to the sites or did I get it some other way.

Btw I did manage to find it and it in my programs folder and it is called curse.exe but when I try to delete it I am told I dont have access rights or something like that to delete this file.

Any help is greatly appreciated.

A:Problems after visiting sites!

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

1 more replies
Answer Match 40.74%

I have a smc router, and sometimes i need to change the ip address on my dmz zone to connect to xbox live games (or it takes forever to get into games). anyway, since yesterday i can't get into the devices webpage to change my settings, everytime i try it just keeps the "internet explorer cannot display webpage".
so im wondering if there is another way to change these settings? or why is it saying that? we had a storm yesterday so I figured maybe its down due to that, but i can't imagine it not being fixed as of yet.
thanks in advance.
 

A:is there a way to get into my router without visiting the webpage?

we had a storm yesterday so I figured maybe its down due to that,Click to expand...

It may have damaged the router
you could try resetting the router - there will be a reset button on the back, this will take it back to factory condition, however, that will mean resetting all the settings, and if it resets and still will not let you log into the router, then you will probably no longer have any internet access, as you can not set this up....

If you have the Setup CD that may have come with the router - you maybe able to access the settings via setup CD.
 

1 more replies
Answer Match 40.74%

I was looking at our internet history and there are several sites on there and it seems no one is claiming visiting them. I want to believe that no one has been on these sites but I don't see any other way for them to appear on our internet history without someone viewing the site? Any ideas on how these got on there? Any possible way at all other than viewing the site....please, please help me. My trust and my marriage is potentially on the line here. I am looking for answers and I cannot think of anything, other than the worst. Any viruses or sites that hack into your computer and upload this stuff to your history, I know I'm grasping but I need answers. Please any thoughts at all?
 

A:Is there ANY way something could appear on your internet history without visiting?

6 more replies
Answer Match 40.74%

My company has 2 offices that operate total independent of each other. Each has their own domain. I have a VP that is usually in office B. Part of the time he is in Office A. His computer is part of office B domain and when he is in office A needs to use those printers and data on office A servers. How do I get that to work. He has Windows 10 Pro on his laptop.
 

More replies
Answer Match 40.74%

  
Quote: Originally Posted by Casuaisxtynine


Really really random bsod's. help please! :<


This is a repost.. I'm sorry for this but I need help

A:BSOD - Visiting websites

Hi Casuaisxtynine.

Click on the button below ....



It will download the DM log collector. Right click on the application and run as administrator. It will generate a .zip file on your desktop. Upload the .zip.
Screenshots and Files - Upload and Post in Seven Forums

9 more replies
Answer Match 40.74%

after visiting the site wowhead suddenly found that my cpu had multiple viruses, i removed them with zone alarm but it did not fix the problem with the desktop screen which now has a &quot;warning&quot; about viruses and trojans and that i should go get them fixed. there is also a bubble that appears which says something like &quot;your computer has been infected click this bubble to sort problem&quot;. and it tries to open an anti virus web page real-av.org even if i don't click the bubble. here is my hyjack this log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:57:30 PM, on 6/12/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Norton Utilities\NPROTECT.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Speed Disk\nopdb.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\frmwrk32.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - H... Read more

More replies
Answer Match 40.74%

Hello all,
I am having a problem with all of the browsers on my computer directing to a spam search site when I try to visit certain websites.

I believe the problem started when I installed this software to help me switch audio output very easily:
http://www.sevenforums.com/customization/65079-anyway-use-hotkeys-switch-sound-output.html

I've done the following:
1) Run updated Malware bytes Anti Malware
2) Run TDSS Rootkit Remover Tool by Kaspersky.
3) Run Virus Remover Tool by Kaspersky.
4) Reset my cookies in Chrome.
5) Read the "Before posting a log" on this forum (the sticky post).
6) Updated my notification options as recommended.
I could not run GMER as I'm running Windows 7 64 bit.

I've attached my DDS/Attach/Hijack logs.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Nublard at 12:30:59 on 2011-11-19
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8187.6350 [GMT -5:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestr... Read more

A:Redirecting When Visiting Websites

Hi,

you mentioned running a number of tools in the beginning, did they all come back clean? I'd be in particular interested in the tdsskiller log.

regards myrti

12 more replies
Answer Match 40.74%

Lots of people on social media sites like using URL shorteners to link people to different sites. Only problem I have with this, is that I cannot see the destination. Is there anything out there that can allow me to test a links' identity before visiting it?

A:Test URLs before visiting them?

I use this site: http://longurl.org/expand

3 more replies
Answer Match 40.74%

Really really random bsod's. help please! :<

A:BSOD - Visiting websites.

Code:
BugCheck 116, {fffffa80046bb010, fffff88003bb045c, 0, 2}
This bugcheck indicates that an attempt to reset the display within the allocated time interval failed, hence the bugcheck.
This isn't a typical bugcheck in terms that this only happens when the graphics card doesn't respond either because of a bad driver or the GPU is faulty.


Code:
2: kd> KnL
# Child-SP RetAddr Call Site
00 fffff880`05a7a1c8 fffff880`0414b054 nt!KeBugCheckEx <-- The BSOD crash
01 fffff880`05a7a1d0 fffff880`0414ad5e dxgkrnl!TdrBugcheckOnTimeout+0xec <-- Instruction telling the system to crash if the graphics card doesn't respond.
02 fffff880`05a7a210 fffff880`0400ff13 dxgkrnl!TdrIsRecoveryRequired+0x1a2 <-- Telling the system to run a display recovery.
03 fffff880`05a7a240 fffff880`0403ded6 dxgmms1!VidSchiReportHwHang+0x40b <-- This reports the graphics card has hung.
04 fffff880`05a7a320 fffff880`04023ce9 dxgmms1!VidSchWaitForCompletionEvent+0x196
05 fffff880`05a7a360 fffff880`04026be7 dxgmms1!VIDMM_GLOBAL::xWaitForAllEngines+0x1e9
06 fffff880`05a7a460 fffff880`040252d8 dxgmms1!VIDMM_GLOBAL::SetupForBuildPagingBuffer+0xd7
07 fffff880`05a7a4a0 fffff880`0402522e dxgmms1!VIDMM_GLOBAL::UnmapVideoApertureSegmentInternal+0x34
08 fffff880`05a7a630 fffff880`0402e77e dxgmms1!VIDMM_GLOBAL::UnmapVideoApertureSegment+0x13e
09 fffff880`05a7a6a0 fffff880`0402e527 dxgmms1!VIDMM_APERTURE_SEGMENT::UnmapApertureRange+0x7a
0a fffff880`05a7a6f0 ff... Read more

8 more replies
Answer Match 40.74%

Hello wise ones,

I often have guests staying w/ me from around the world that I know little about other than intuition, what is on their profile and written references from other hosts. Through www.couchsurfing.com

I am very concerned letting them use my PC as they may download a virus or install a key logger. (Kapersky is installed and shows up under the guest identity on XP. But I think perhaps they could turn it off and bypass it?)

What would be the best way to allow them computer access?

1. Get an old PC for them to use? (if they are on my router can they access my other PC's personal information? If so how do I limit them from accessing my PC info?)

2. Install a software program like used at a Internet Cafe?

Any other ideas?

Kind Thanks!
 

A:Best PC Security with Visiting Guests?

8 more replies