Tech Problem Aggregator

Warning YAC.mx virus program (do never spelad this) pc = destroyed

Q: Warning YAC.mx virus program (do never spelad this) pc = destroyed

I had an slow pc so i downloaded and tested this program it look good and so on. And after installed it. I read company is blacklisted. And They r from hongkong. So now i have following problems after the uninstall.
1. Cant move drag move or paste icons on desktop also in c. I was thinking mybe i can do reboot save The files. But wont work. I see the copy option but not The paste option.
2. In safe mode i cant access The start menu. Its close to hidden.
3. The searh function from start dont work. Clicking nothing hapening.
4. I cant do system restore. It says system restore cant protect The computer... Restart pc etc. Every time even if restart.
5. Cant shut down pc. Not even if clicking on off Button on pc.
Never use YAC hongkong bleep! I dont know how to save My files They r very imported things. Why do peoplemake such bleep to people.
Anyone know how to save The files? Can i fix this?

A: Warning YAC.mx virus program (do never spelad this) pc = destroyed

Please download MiniToolBox, and save it to your desktop and run it, and checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

18 more replies
Answer Match 70.14%

Hi, I got a virus, what it does is open up a fake anti-virus program everytime i open my browser, even if i kill the process from task manager (tdr.exe) it will come back again. It will come back right away when i close my firefox then reopen it

I got a similar virus before, but i was able to fix it using task mananger and msconfig. But this time the virus somehow destroyed my msconfig, i tried to access it from run, and C:/window/system32, but it keep giving me error

Hope someone can help me on this

Thanks a lot

edit: seem like any .exe file will result in running the tdr.exe, not just my browser
edit: I managed to fix the msconfig problem by adding the path in regedit, seem like the virus deleted it. But then I opened msconfig and cant find anything weird in the startup tab.

edit: I realize that if I open .exe files with "Run as admin" the virus wont run, I hope this give more hint on how to fix the problem, thanks
*****************************************************************************************************************
HIJACKthis log file:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:32:23 PM, on 23/03/2011
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18565)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe
C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files (x86)... Read more

More replies
Answer Match 59.64%

I have a red circle with a white X in the system tray that I cannot remove. It has also changed my screen resolution to 800x600 and has removed the tabs from the display properties dialogue box.Here is a hijackthis log I just ran on my computer. I have also run AVG, malwarebytes, CSsreadder, ATF cleaner, combofix, smitfraudfix, bitdefender online scanner and Trend Micro Online scanner and nothing is removing this item. This Item is exactly in appearance to the Win32/FakeAlert.ADQ trojan, however none of the associated registry keys or removal tools seem to detect it or remove it.After working on this all day I found this file in my Process Explorer and stoped it and the file was removed from the system tray. yaSmtray.exe. The following listed items were able to remove Background and other items related to this trojan but the system tray icon. Please let me know if this is all that remains of this bug. the line in the Hijackthis log is as follows.O4 - HKLM\..\Run: [yaMAX\yaSmtray] C:\Program Files\Analog Devices\SoundMAX\yaSmtray.exeThis is an update. I was able to Search for the file yaSmtray.exe and delete it form the hard drive. I nuked it with PGP delete and it is now gone. I also had hijackthis fix the line above and rebooted the system. I rescanned the system with Hijack and the line item did not return. I then ran the following VBS script showalldisplaytabs-xp.vbs found at (hxxp://www.winhelponline.com/articles/38/1/Restore-missing-tabs-to-the-Display-properties-dialog.... Read more

A:Warning!! Media codec has been destroyed. Risk of losing all your audio video files high.

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.We need to create an OTListIt2 ReportPlease download OTListIt2 from hereSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the "Run Scan" button.The scan should take just a few minutes.Copy the log that opens up and paste it back here in your next reply.=============The next log will show us any hidden files that are present.Download GMER from here:Unzip it to the desktop.Open the program and click on the Rootkit tab.Make sure all the boxes on the right of the screen are checked, EXCEPT for ?Show All?.Click on Scan.When the scan has run click Copy and paste the results (if any) into this thread.

2 more replies
Answer Match 58.38%

I recently put norton anti-virus on one of my laptops. When i did this, it deleted almost all of the programs and related files. I did a system restore to a previous date and all the files are there now but windows installer keeps poping up with errors. When i try to open up a microsoft office program, it comes up with an Error 2761. How do I fix the problem? Should i avoid Norton all together? Thanks

A:Program Files Destroyed

What anti-virus were you using before? Was it completely uninstalled first.

Try uninstalling Norton and use the removal tool. Norton Removal Tool

After Norton has been removed try running SFC

Click Start > in the search field type cmd > right-click the program and select Run as administrator > in the command window type sfc /scannow

4 more replies
Answer Match 55.44%

Hi
i guess general discussion is the right place because it's not closely related to drivers

well i have installed Softperfect Ram Disk last version

i used revo uninstaller pro , to track this program

well during the installation i got a warning about the installation of the Softperfect Ram Disk driver

i let Softperfect Ram Disk installs its driver

i uninstall it , and reboot it

i remove manually files and registry keys related to Softperfect Ram then i reboot

now , i re-installed Softperfect Ram Disk , but i did not get any warnings

why? i have cleaned every files , registry , inf

can i reset this warning ?

thanks

More replies
Answer Match 55.44%

Hi
i guess general discussion is the right place because it's not closely related to drivers

well i have installed Softperfect Ram Disk last version

i used revo uninstaller pro , to track this program

well during the installation i got a warning about the installation of the Softperfect Ram Disk driver

i let Softperfect Ram Disk installs its driver

i uninstall it , and reboot it

i remove manually files and registry keys related to Softperfect Ram then i reboot

now , i re-installed Softperfect Ram Disk , but i did not get any warnings

why? i have cleaned every files , registry , inf

can i reset this warning ?

thanks

A:install program driver warning ,can i reset the warning?

hi
i guess i found something that can be helpful for other users
View or manage your certificates
https://technet.microsoft.com/en-us/.../cc754841.aspx

1 more replies
Answer Match 52.92%

i had to clean (write zeroes) my HD recently because of what i think was a virus. it corrupted the HD, and scandisk reported a bad sector in every file it scanned. im thinking it was a virus. are there virii that can do such stuff?
 

A:virus destroyed my HD!!!!!!

Yup. And worse.
 

3 more replies
Answer Match 52.92%

I will try to post as much information here as I can, although I don't know too many of the technical terms as I'm not much good with this sort of thing myself.

My computer has been bogged down for a long time, running extremely slow, and obviously covered in viruses, and I've run a number of different scans and regisry cleaners (Spybot, AVG and the like), mostly recommended by an ex-girlfriend of mine who was quite good with computers. Recently however, a few things have happened that even made her wonder what was going on.

The most noticeable few things that have happened are as follows:

- In the task manager I have roughly 20 Svchost processes that, when deleted, will immidiately come back. They take up a variance of CPU from 05 to 80 at various times depending on what I'm doing. At least one of them seems to stop the sound on my computer when closed, but i have no idea which one obviously.

- Suddenly, important things such as Cmd and Windows Restore, have become inaccessable (which is why I couldn't run the scans you asked me to). When clicked they give the error " Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item." This error is also given to files that used to work fine and are still installed and working, such as my Full Tilt Poker software.

- My explorer.exe also takes up a great deal of CPU for a long time during startup, usually if i end the process and... Read more

A:Destroyed by Virus

Hello Razzle,

At this point I recommend that you visit the security forum. Make sure that your

problem isn't malware related.

To get expert help with malware removal see the link below. Follow the steps

http://www.techsupportforum.com/secu...oval-help.html
After completing the steps you will be advised to post a log for one of

the experts to examine. Please use the link provided to post the log not

back here.

Be patient and it may take some time for someone to assist you as that

is a busy forum.

1 more replies
Answer Match 52.92%

OS got destroyed by virus. Got black screen. I deleted the main partition with the Fdisk to be shure I cleaned "everything" out before reloading a OS. I have used Win ME previously and like to load win2k pro. I got the original disk. But now it will not boot up. It tells me

CDBOOT: Cannot boot from CD - Code:5
The boot up is set in the order CD - HDD - Floppy .
Can I get any help here. I know I screwd up here. Do I have to repartition or something like that? I have no Idea!!!!!!!
Thank you for any help
 

A:OS destroyed by virus

I hate to state the obvious, but......Try resetting the boot order to HDD first.

Scorp.

[EDIT] ok, I didn't read the first post thru..lol
 

2 more replies
Answer Match 52.5%

Hi, recently I have got a virus sent through email disguised as a game, when I ran it, It brought up a few messages like "You got hacked" and destroyed my Zone Alarm, Internet Explorer, and now all of my .txt and .exe files are not recognised and I cannot think of a possible way to fix, so please send help here.
 

A:Virus Destroyed all .exe + .txt files and Need Help to Fix

16 more replies
Answer Match 52.5%

It said it removed it. I'm using norton trial version 2009. It didn't and it's hijacked most of my files. My desktop is gone and my icons. They do show up in safe mode. I'm not sure whats going on but it keeps finding the virus and saying it's removed it but my desktop is gone. my internet browser isn't working right. and I can't access many of the programs on web pages I used to be able to see. Please help. I am running windows xp. I also get the messages when the computer logs on that windows has closed userinit logon application.

A:virus infected and destroyed me

Try downloading Mbam. If you cannot try Safemode w/networking. You can also burn it to a CD or download to a thumb drive. If it will not run in normal mode, try running in Safemode-------------------------------The process of cleaning your computer may require you to temporarily disable some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" wi... Read more

4 more replies
Answer Match 52.08%

Virus attacked my computer(slowed everything down and unknown .exe started running in Windows task manager). I rebooted(mistake I know) and upon trying everything, XP won't load, it goes to a black screen before the Windows XP loading bar. All the Safe modes doesn't work, it freezes when trying to load some files. Last known configuration gets me to the loading bar but goes into blue screen fatal system error before getting to the log-in screen. I installed a fresh copy of XP which now works fine thus I now have 2 OS' which I can choose from. I ran ESET and Malwarebytes and have removed a number of trojans and infections. My original XP still doesn't work though. I'm very eager to get my old files back from 'my documents' from my old XP which I can't access now in my new OS.
 

More replies
Answer Match 52.08%

Hi, I'm writing this from a KNOPPIX Live CD as my computer cannot boot.
I have a triple boot system (7, vista, XP) and Windows 7 is my main OS. I was using it to surf the web only a few hours ago and suddenly my anti virus software which is Avast! (free) started popping windows about a program being blocked, I did not have enough time to read it but the title of the window was vid<something>.info , the "<something>" is the part I don't remember. Also, there was the name of the executable of the program and it was 4 letters, something like vwfv.exe , again I hadn't much time to look because after a few seconds a window popped up in the top left corner and immediately the screen went black for two seconds and then showed a BSOD but this was not a regular BSOD, it only had a few words in the top left part of the screen. I pressed the reset button and the computer passed POST but did not show the Windows 7 boot manager. There was no error message, only a blinking cursor in the top left corner.

I inserted the Win7 DVD and chose to repair windows. It said it found problems and restored the BCD and that the old BCD is backed up. I rebooted but nothing was changed - still only a blinking cursor. I booted the W7 DVD again and this time it let me to the advance repair options. I chose Command Prompt and verified that my files were still there - they are, so I believe the MBR and HDD data are OK it's just the boot process files that got sabotaged by the virus.
I ... Read more

A:Please help virus destroyed BCD - no error message

Using BOOTREC /FIXMBR got me my boot manager back. I logged on to XP and now downloading the trial version of NIS 2011 that I hope to use to get rid of the virus. Apparently, Avast! sucks.

If I'll manage to get my W7 working again I will come back and flag this as solved.

9 more replies
Answer Match 52.08%

Hello!
A day ago I stupidly opened an email which turned out to be spam. I opened an attachment which was supposed to be a bill. I had to unzip the file, it turned into an exel file which I opened. It disappeared right away. I realized that I had gotten a virus or something when I restarted my computer today.The screen when on and off, and finally turned into a message. It said to purchase a certain code for 100 Euro and type it in to remove the malware. I couldn't do anything to get rid of the message. I tried restarting a couple of times, and finally got back to my desktop without the message popping up. All my files, except pdf's, had been renamed into crazy names like "skdhdfjdk" and did not work. Images, videos, texts, simply everything.
Now I am hoping to find a way to save my laptop, and hopefully recover as much of the files as possible since I don't own a backup (stupid I know).
PLEASE someone help me. I don't know how I could finish my classes (I'm in summer school away from home, without my laptop). I would be forever grateful!!

This is my PC information:

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i3 CPU M 350 @ 2.27GHz, Intel64 Family 6 Model 37 Stepping 2
Processor Count: 4
RAM: 3766 Mb
Graphics Card: Intel(R) Graphics Media Accelerator HD, 1755 Mb
Hard Drives: C: Total - 463517 MB, Free - 234554 MB;
Motherboard: Acer,... Read more

A:Help: Virus changed and destroyed all files

16 more replies
Answer Match 52.08%

Hello and Welcome on board ,my Name is Machiavelli and I will assist you with your problem.If you booted into safe mode on your computer then print my instructions!I'm in the 'Malware Staff Team' and will provide you with advice:To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.Below are a few tips:Removing Malware is usually very difficult.We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!Please follow these instructionsIf you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!Please stay in contact with me until your problem is resolvedAs Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.Please don't run any other tools without consulting with me as this can complicate finding and removing all MalwareDon't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!Read my post completelyIf you don't do so, you may make mistakes that could result in your System crashing by your own ... Read more

A:Virus destroyed all of my .exe files (applications)

Hello Machiavelli thank you for replying here are the two logs. BTW I don't know why but my CPU Usage spikes to 100% my RAM is fine but my PC is running so slow.
 
FRST.txt:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by user (administrator) on BAUTISTA on 26-01-2015 03:15:26
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available profiles: user)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() D:\GAMES\ONLINE GAMES\Garena Plus\ggdllhost.exe
() C:\Program Files (x86)\Optimizer Pro\OptProCrash.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Users\user\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Avira Opera... Read more

16 more replies
Answer Match 52.08%

Hello there, my laptop is so screwed right now I can't even launch Mozilla Firefox or IE without it crashing within seconds.I am running Windows XP on a dell laptop.I'm going to list a few things that happens that could indicate which virus I have.As soon as I start up the computer a balloon comes up and says my computer might be at risk.Then a "security center alert" comes up thats asks me if I want to block this suspicious software called "WIN32.Zafi.B"When i try to go online I will load up IE and a message comes up before it takes me to my homepage."Insecure Internet activity. Threat of virus attack" "due to insecure Internet browsing your PC can easily get infected with viruses, worms and trojans without your knowledge, and that can lead to system shutdown, freezes and crashes. Also insecure Internet activity can result in revealing your personal information. To get full advanced real-time protection for PC and Internet activity, register your antivirus software" It gives me an option to continue browsing, but as soon as i click it the browser crashes. Same goes for Firefox.I have researched this some and It seems to be common thought that this is some kind of spyware that is trying to bait you into buying some phony anti virus program, but I can't get rid of it!!!!!!!!!!!!!I tried 3 different types of software to get rid of this thing, Super anti spyware free edition, Malwarebytes... Read more

A:> My Laptop is getting destroyed by spware/virus. HELP!

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed. Use the 'Add Reply' and add the new log to this thread. Also please explain your problem as fully as possible. Each little detail will help in getting your system cleaned up and functional again.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scans:Please update Malwarebytes' Anti-Malware and run a full scan and post the logs with the DDS log. * Download DDS by sUBs from one of the following links. Save it to your desktop. ... Read more

2 more replies
Answer Match 52.08%

Hello,

My computer was as fine as new, but some days back something happened to it and since then it does not let me play my favorite game DOTA on it. It lags and my processor fan makes sounds as if its an aeroplane >.>

Task manager is disabled, when I try to enable it, it comes for a second and disappears again. Its like the virus is very intelligent :O

I think its running several processes which is causing such nuisance. I have uploaded the logs.
Please help asap :'(
 

A:Super virus destroyed my computer :@

8 more replies
Answer Match 52.08%

Hello there, my laptop is so screwed right now I can't even launch Mozilla Firefox or IE without it crashing within seconds.

I am running Windows XP on a dell laptop.

I'm going to list a few things that happens that could indicate which virus I have.

As soon as I start up the computer a balloon comes up and says my computer might be at risk.
Then a "security center alert" comes up thats asks me if I want to block this suspicious software called "WIN32.Zafi.B"

When i try to go online I will load up IE and a message comes up before it takes me to my homepage.
"Insecure Internet activity. Threat of virus attack" "due to insecure Internet browsing your PC can easily get infected with viruses, worms and trojans without your knowledge, and that can lead to system shutdown, freezes and crashes. Also insecure Internet activity can result in revealing your personal information. To get full advanced real-time protection for PC and Internet activity, register your antivirus software" It gives me an option to continue browsing, but as soon as i click it the browser crashes. Same goes for Firefox.

I have researched this some and It seems to be common thought that this is some kind of spyware that is trying to bait you into buying some phony anti virus program, but I can't get rid of it!!!!!!!!!!!!!

I tried 3 different types of software to get rid of this thing, Super anti spyware ... Read more

A:My Laptop is getting destroyed by spware/virus. HELP!

If anybody has anything to help me out with I would really appreciate it, I don't know what else to do...

2 more replies
Answer Match 51.24%

Hi all. I recently got the window's recovery virus on my computer. I wasn't aware of this virus, so I ran the "recovery" program as requested. I then noticed that something didn't seem right, so I restarted the computer. When I restarted I simply had a black screen and no programs other than recycle bin on my desktop. I ran Malware Bytes and rKill and then a system restore on the machine. I now have all my functionality back, but whenever I start the computer it tells me that there is a problem with the HP Advisor program as it's running under the same account name already. Also, all my files are gone, and whenever I try to download a new file, the downloaded file disapears off my machine. I have to manually search for it and then drag it onto my desktop. All documents, music, pictures and other items are missing. Please help.

A:Windows Recovery Virus destroyed my computer

Hello netgame27,

No worries, we can get this back. Please follow the instructions in our pre-posting topic New Instructions - Read This Before Posting for Malware Removal Help and post the requested logs in your next reply.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.


Given the files disappear, try downloading from another computer to a flash drive. Connect your flash drive and run the tools from there.

1 more replies
Answer Match 51.24%

Hello friends on Internet.
I have Win7 and Zonealarm internet security Firewall and antivirus software. A few months ago I had a virus attach that slipped through the "net". This managed, before I removed it, to destroy a lot of file names and when I open these files with the original program (word, Acrobat, excel) were the names has been changed, it cannot read the file. A typical file name is like this: AxDTODvOUjoUoqtsXrsp. To change the name and type of file doesn't help. No registered previous versions either available.
Does anyone have a solution to recover these files. I have tried 2-3 different software that doesn't help at all.
I would appreciate help in this matter very much. I feel like
Best regards
Jon

More replies
Answer Match 50.82%

Hello TSG,

Recently I had a run-in with the SmitFraud virus that I was thankfully able to get rid of using SmitFraudFix.exe from bleepingcomputer.com. However, I still have some problems that are present. Anytime i try to open any file on my desktop, I get asked by Windows to choose the program I want to use to open this file. The loophole I found was to right-click and run as admin, but I would prefer not do to that until the end of time haha. The next problem I have is my computer is still running considerably slow, even though the virus is now gone, so i think some foul play is afoot. Something else I found while looking around is that some control panel apps will not work and I get an error saying that rundll32.exe is not found. I am stumped as far as a solution goes.

Here is my HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:26:40, on 6/27/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Xena toolbar - {2FF811E6-8925-4084-A649-C159955E67E8} - ... Read more

A:Solved: SmitFraud virus destroyed, rundll32 problems

6 more replies
Answer Match 46.62%

Hi

may i ask you why my legit windows 8.1 pro 64bit full updated doesn't warn me anymore when i run a program downloaded form the net ?

for example if i download a program like process hacker under w7 i have a window like this
under w8.1 i haven't it
and i have never changed any settings

thanks

A:why no warning when i run a program downloaded ?

Windows 8 uses the SmartScreen filter to perform an application reputation check, and it now does system wide (not just when downloading programs with Internet Explorer like it did before).






In Windows 7 when launching these downloaded applications, you get the following notification:


In Windows 8, SmartScreen will only notify you when you run an application that has not yet established a reputation and therefore is a higher risk:


The user experience for applications with an established reputation is simple and clean: you just click and run, removing the prompt you would have seen in Windows 7.




Source: Scroll down to "Microsoft SmartScreen for Internet Explorer and now for Windows too":
Protecting you from malware - Building Windows 8 - Site Home - MSDN Blogs

8 more replies
Answer Match 45.78%

Some of you may be aware of Stardock, they have various programs that can help change the look of your desktop, from icon packages, log-up screens, boot up screens, etc. You can change your Vista look to an older version of XP or another previous windows theme, or even a customized look. It seems like a lot of fun, but beware. I tried using a few of the programs to switch my boot and log-on screen looks, I had a not so friendly encounter with the blue screen of death after trying to reboot to view my changed stetting. The program corrupted one or more of my system files and rendered my windows unusable. I couldn't log into safe mode, do an image restore, I had no options. Had to start from scratch, format the partition and reinstall Vista. Lost everything, and I even still had that fatal system error pop up one time after reinstall, it hasn't come up since, but who knows if it's still lingering around.

More replies
Answer Match 45.78%

Running Windows XP - Service Pack 2.

I think it came from downloading some clipart from a foreign site two days ago. I woke up and a blue screen noted

"The application of DLL c:/windows/sytems32/fegufula.dll
Please check this against your installation diskette"

And now everytime a new program opens, I get (Notepad used an example):

Notepad.exe - Bad Image
The application of DLL c:/windows/sytems32/fegufula.dll
Please check this against your installation

And I click OK and everything runs fine but it's non-stop. It's annoying.

A nice Paypal donation will be given if you can help!


===================================

DDS (Ver_09-07-30.01) - NTFSx86
Run by XXXXXXXX XXXXXXXXXXXXXXXXX at 17:10:38.94 on 08/05/09
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3317.2105 [GMT -4:00]

AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
sv... Read more

A:BAD IMAGE Warning with Every New Program that Loads

You are operating your computer with multiple Anti Virus programs

McAfee
Spyware Doctor

Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Please remove one of them and keep only one.

-----------------

Please visit this webpage for download links, and instructions for running combofix:

http://www.bleepingcomputer.com/comb...o-use-combofix


* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

19 more replies
Answer Match 45.78%

We have two Win 7 Pro machines.  If a program is running when we shutdown the computer there is a warning that flashes on the screen but the screen stays up for FAR too short a time to do anything about it.  Fortunately we are both good about saving work and closing programs before shutting down.  Is there any way to adjust that warning to stay on the screen long enough to read it and take action in case we forget to save?

A:Program running warning at shutdown

How do you know that it's a warning...if you cannot read it?
 
FWIW:  IMO, it's not unusual for programs to be running when Windows attempts shutdown procedures.  Such normally have little impact on shutting down, IME.
 
Louis

6 more replies
Answer Match 45.36%

What can I do to fix this problem? It started happening after I did a scan of my computer using McAfee Total Protection Service and told it to clean and delete threats. Any time I open the internet, start a program, open a new window, or start the computer an error message pops up saying
"(Program Name) - Bad Image...the application or DLL C:\WINDOWS\System32\d3dramp32.dll is not a valid Windows image. Please check this against your installation diskette.

I used Ad-Aware, Ad-Watch, Spybot Search & Destroy, Registry Mechanic, and HiJackThis to try to resolve this issue and nothing has worked. I did a system scan and saved log file on HiJackThis and the results are as follows...

Logfile of HijackThis v1.99.1
Scan saved at 12:05:48 PM, on 1/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\dldfserv.e... Read more

A:HELP: Bad image error warning when I open a program

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

1 more replies
Answer Match 45.36%

My questions relate to when downloaded Windows Installer Packages <WIPname>.msp update files from my ISP have no verifiable signature certificates, and there is a Security Warning message window, but the CRCs and file sizes can be verified - is it advisable to proceed to try the installation? My security settings for IE are set to medium, and I run the latest TrendMicro PC-cillin anti-virus software, and turning PC-cillin off gets the same response - i.e. I don't think that running PC-cillin is causing this situation.

What happens is this:

When I choose Download and Install from my ISP start page toolbar function entitled "Check for Updates" with the downloaded files in the referenced ...\temp\win folder below, the following is displayed in a message window:

Security Warning

Do you want to install and run C:\Windows\...\temp\win\<WIPname>.msp
The publisher cannot be determined due to the problems below:

The object to be verified is unknown to the Trust Provider
More Info button indicates: Unsigned Program Download

This software does not have a certificate, so it might not be safe to install and run on your computer. A certificate contains information that a specific software program is genuine. This ensures that no other program can assume the identity of the original program. The software publisher has not obtained a certificate for this software from a recognized certificate issuer, so the authenticity of this software cannot be verified. G... Read more

A:Security Warning: Unsigned program download

okay depending on your answers to the following questions, my answer will either yes or no.

1) are you sure that you are downloading from the site you think you are at, or are you at a spoof site?

if you are sure that you're at the real site and not a spoof site (spoof site= fake version of a well-known and trusted website, designed to trick users into giving info to the fake version, cuz they think they're sending it to the trusted and well-known site, i.e. Yahoo or eBay), then proceed with caution.

if you aren't sure, then contact the company the site is for and ask if they are really the site you think they are. spoof sites probably won't get back with you but "real' sites will.

post back with anything else you think be helpful for us peoples to solve ur problem.
 

1 more replies
Answer Match 45.36%

Outlook from Office XP Pro fully updated, keeps giving me the warning:

A program is trying to access e-mail addresses you have stored in Outlook. Do you want to allow this?

...every time I use Outlook to send an email.

According to what i've seen on the web, there is no way around this security feature, but also seems like this warning should only pop up if another program is trying to access the address book, not when Outlook tries to access its own address book.

Does anyone else have this problem?
Is there a workaround?
 

A:Outlook warning: A program is trying to access e-mail

I found this little program - http://www.contextmagic.com/express-clickyes/ It`s not so much a solution,
more an alleviation of the symptoms.If you have a good Firewall/Anti- spyware/Virus regime the "security feature"
shouldn`t be needed,anyway.Malware writers would get round it easily enough.
 

3 more replies
Answer Match 45.36%

Hi, I recently had some fake antivirus popup appear on my computer. I immediately scanned my computer and removed some viruses, but after that i began to get these bad image popups. I didnt pay any attention to what the actual virus was called at the time.

The message has a heading "Program.exe - Bad Image".
And inside the popup it says "The application or DLL C:\...\73058kou.DLL is not a valid windows image. Please check against your installation diskette".

Just recently the popup has begun to come up twice every time i open any program.

Also, ive tried to run GMER, but it always ends up freezing midway through the scan.

Any help would be greatly appreciated.
DDS (Ver_10-12-12.02) - NTFSx86
Run by Administrator at 22:19:57.78 on Mon 14/02/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.2047.862 [GMT 11:00]

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Kaspersky PURE *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky PURE *Disabled*

============== Running Processes ===============

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\prog... Read more

A:Bad Image warning every time i open a program

Hi Go to start -> Run, copy and paste the following command and click OK:CMD /C Reg Query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows" >"%Userprofile%\Desktop\Log.txt"A Log.txt file will be created on your desktop. Post its contents in a reply.

14 more replies
Answer Match 45.36%

My Toshiba laptop battery (vista) keeps dying without any pop up warning whatsoever. I can assign a sound to remind me, but I usually have the volume turned down. I would prefer a pop up warning. My other Dell laptop has a pop up bubble that comes up at various stages of battery power. Is there some way to get this from Vista, or maybe independent software for this?
 

A:LOW laptop battery pop-up warning program needed

Copy the text in the following code block into Notepad.
Save it on the desktop as BatCheck.vbs. Be sure to change the Save as Type: box to All Files when saving.

Code:
[plain]strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\wmi")
Set colItems = objWMIService.ExecQuery("Select * From BatteryStatus Where Voltage > 0")
For Each objItem in colItems
If objItem.PowerOnline = True Then
Msgbox "Running On Battery" & vbCRLF & "Remaining capacity: " & objItem.RemainingCapacity, vbOkOnly + vbCritical + vbSystemModal
End If
Next
[/plain]
While connected to AC power with the battery fully charged, double click the file to run it.
It will display a popup saying you are running on battery, and a Remaining capacity number. I need the number when the battery is fully charged. Then I can modify this a bit so it will display percent remaining. Then we run the modified script as a scheduled task every 5-10 minutes, and only display the popup when the percentage drops below whatever number you want.
 

1 more replies
Answer Match 45.36%

From Privacy Software Corporation Security Advisory Sunday, February 16, 2003:
KAZAAKRYPTON TROJAN HORSE PROGRAM

SYNOPSIS:

KAZAAKRYPTON (and similar programs such as IGLOO KAZAA) are the beginning of a new trend in trojan horse backdoors which take advantage of people downloading "cracked" or "free" software, music, or pornography from Kazaa and Kazaa-like file sharing servers on the internet. KAZAAKRYPTON, IGLOO and a few others we have seen in the last few days all share a commonality. These backdoors depend on people downloading an executable file or archive of interest and then end up opening up a hidden backdoor server on their machine which then joins the file sharing networks, serving up more copies of the trojan among whatever files "innocent" users add to the "collection."

Analysis of these new trojans has determined that once initiated, they begin making multiple copies of themselves into a subfolder of the main "Windows" folder on the affected machines. The files produced tend towards 6 new copies of the original trojan per minute, rapidly filling up the hard disk of the victim with deliberately named filenames of differing size. The resizing of the copies and the filenames, often containing names shown above in order to entice downloading, makes it extremely difficult for a Kazaa or similar file sharing host to be able to determine which files are legitimate and which are backdoors. Because of the manner in w... Read more

A:Warning: Kazaakrypton trojan horse program

12 more replies
Answer Match 45.36%

Outlook from Office XP Pro fully updated, keeps giving me the warning:

A program is trying to access e-mail addresses you have stored in Outlook. Do you want to allow this?

...every time I use Outlook to send an email.

According to what i've seen on the web, there is no way around this security feature, but also seems like this warning should only pop up if another program is trying to access the address book, not when Outlook tries to access its own address book.

Does anyone else have this problem?
Is there a workaround?
 

A:Outlook warning: A program is trying to access e-mail

I found this little program - http://www.contextmagic.com/express-clickyes/ It`s not so much a solution,
more an alleviation of the symptoms.If you have a good Firewall/Anti- spyware/Virus regime the "security feature"
shouldn`t be needed,anyway.Malware writers would get round it easily enough.
 

3 more replies
Answer Match 44.94%

As the topic said keep getting those kind of not only popups, but tabs open showing those warnings as popups. I have ran a few tools that will show the details. I clean them as suggested but they still come back no matter how many times I run and clean them. Please help im tired of this and its the same detections,
 
 
This is an Eset Scan... Ran it again and deleted everything. 

 
C:\$Recycle.Bin\S-1-5-21-3140601738-1750167589-255515439-1000\$RLKRKWF.exe multiple threats
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\smci32.dll.vir a variant of Win32/SBWatchman.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\smci64.dll.vir a variant of Win64/SBWatchman.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\smi32.exe.vir a variant of Win32/SBWatchman.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\smi64.exe.vir a variant of MSIL/SBWatchman.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\smu.exe.vir a variant of Win64/SBWatchman.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\SMUninstall.exe.vir a variant of Win32/SpeedBit.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\Updater.exe.vir a variant of Win32/... Read more

A:Keep getting Warning popups about infected computer and to download a Program.

Anyone here? This is driving me nuts.!

8 more replies
Answer Match 44.52%

Hi,
I've been having serious problems regarding computer security recently as drug syndicates have gained access to my computer. Symantec Security check persistently reveals open ports although i've installed their personal firewall. At present I get an alert warning me that an unrecognised program is trying to connect to the internet using different programs, such as Internet Explorer or Java. The firewall suggests "block", but when I block, I don't get any connection to the net or site at all. When I say "permit" I get a further messages from the firewall saying that unrecognised modules are being used to connect. In one instance the unrecognised program was identified by the firewall as iexplore.exe (in Program Folder), but when I blocked it, the internet access was gone.
Are theses alerts a sign that something is wrong? When I did Symantec Antivirus download recently, there was a re-direct update included, which I downloaded as well. Since then I have been having problems. I looked through the list of internet enabled programs on my firewall and found that one of the Symantec update programs listed did not have a digital signature, no autoconfiguration data and was not identified as a Symantec program, although all the others were. I blocked this program from accessing the internet in the meantime.
Does anyone have similar problems? What assessment can experts give?
Regards,
Brigitte

More replies
Answer Match 43.68%

Hi! I keep getting an Internet Explorer Security warning box that says: "A website wants to open web content using this program on your computer." Beneath that message it reads: This program will open outside of protected mode. Protected mode helps protect your computer. If you do not trust this website, please do not open this program. Then, below that message it says Name: Adobe Flash Player; Publisher: Adobe Systems Incorporated. You can click "Allow" or "Don't Allow." I've been clicking "Don't Allow" because I think it may be a virus. This message pops up whenever I try to navigate to a different website - they are trusted sites such as Google or MSN. I'm just not sure how to get rid of it. I have run SuperAntiSpyware which found some threats then removed them, but I keep getting this message. I also ran Malwarebytes but that found nothing.

My computer is running really slow, and I keep getting this message. I followed the directions in the preparation guide and am posting and attaching my logs that Bleeping Computer recommended. Thanks for any help you can give me!
DDS (Ver_10-12-12.02) - NTFSx86
Run by Da Girls at 9:50:34.66 on Mon 03/07/2011
Internet Explorer: 8.0.6001.19019
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.1789.879 [GMT -6:00]

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* ... Read more

A:Internet Explorer Security warning box that says: "A website wants to open web content using this program on your computer...

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about y... Read more

2 more replies
Answer Match 43.68%

My husband's laptop has some sort of virus. We have McAfee Security Center on our laptops. He said that yesterday, he saw a warning on his computer that a major virus was discovered and it asked if he wanted the system to scan it. He also saw a few other little warnings on his screen and wasn't sure what to click on so he clicked on the link that asked if he wanted the scan to start and left the computer. The next morning, he went to shut down his computer to restart it, thinking the virus can removed the problem and he saw messages saying Q6.exe shutting down, then Q5.exe shutting down, Q4.exe, etc. etc.. He restarted, got to the screen where he clicks on the box to log on as himself and then it tries to go to the desktop but then shuts down again and then starts up and then, eventually his screensaver was replaced by a big rectangle with shapes inside of it like red squares with green or yellow rectangles in them and small green rectangles of various sizes. You can't get past it. Eventually the screen times out and he gets a screen that says "Welcome" and his name (like we would normally get if the computer goes to sleep when we're not using it). If he clicks on it the computer logs on and off. And then you get that big colored rectangle. Everytime you wait till the screen changes and it goes back to the welcome screen if you click on it, the system logs on and off.

I waited till the screen went into that sleep mode and clicked on "Turn off computer&quo... Read more

More replies
Answer Match 42%

I have an infection of a fake anti-virus program that is constantly creating pop-ups. It has placed Trojans (which McAfee/Malwarebytes intermittently cleans). It has blocked access to internet (I am currently able to access internet in safe-mode after running Malwarebytes). There is a program in my installed program list entitled ?aaa? by company ?bbb?, I am not able to uninstall this program.

I would greatly appreciate assistance with this problem as it is rather worrying. I will endeavour to keep my internet access open so I can be here when you are available to help me.
Thank-you to bleepingcomputer for the guidance in posting,
hchicken
DDS log:
DDS (Ver_10-12-12.02) - NTFSx86 NETWORK
Run by Owner at 23:36:28.88 on Fri 18/02/2011
Internet Explorer: 8.0.6001.19019
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.61.1033.18.3069.1599 [GMT 10.5:30]

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\Syste... Read more

A:infected Fake anti-virus program, program entitled ‘aaa’

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Please take note:If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available.If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply'... Read more

3 more replies
Answer Match 41.16%

You are invited and encouraged to read THIS THREAD. It may save headaches and problems down the road.
 

A:not exactly a virus - but WARNING...

Oops, I did not see/recognize the other thread on this topic when I posted this one. Sorry !!
 

1 more replies
Answer Match 41.16%

please loook at my log here it is. There is something called Security Tool Bar on my IE and its causing pop ups of virus detections and its telling me to download stuff but it keeps poping up a lot.

can you fix my problem please
Logfile of HijackThis v1.99.1
Scan saved at 8:54:16 AM, on 6/11/2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\GamingSquared\Gaming2\G2.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
C:\Program Files\DAP\DAP.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Web Technologies\wcs.exe
C:\Program Files\Web Technologies\wcm.exe
C:\Program Files\Web Technologies\iebtm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Web Technologies\iebtmm.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files... Read more

A:PLEASE HELP very very bad virus and warning pop ups!!!

Please update your version of Hijackthis:
Click here to download HJTInstall.exe

Save HJTInstall.exe to your desktop.
Doubleclick on the HJTInstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.

 

1 more replies
Answer Match 41.16%

Had a warning that I have a virus that has been moved to the virus vault. I have ran a Superspyware Blaster scan (that tells me I have no threats) and also an Adaware SE scan (also tells me I am clean) - so I don't understand?? I have ran a Hijackthis Log - posted below - from what I can tell there is an additional C:\WINDOWS\system32\svchost.exe file compared to a log that I ran a couple of weeks ago - when I had yet another virus.

Logfile of HijackThis v1.99.1
Scan saved at 10:30:19 PM, on 13/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\PRO... Read more

More replies
Answer Match 41.16%

Hello all, I just received this Virus warning from "F-Secure".

Klez.E Worm Activates Destructively Tomorrow

F-Secure is warning computer users that the Klez.E email worm will activate
destructively tomorrow, on 6th of month. Klez.E is among the ten most
common viruses wordwide.

Klez.E was originally found in January 2002. It has been getting steadily
more common over the last weeks and by now it has become one of the most
common viruses in USA, Europe and Asia.

Klez.E activates on every 6th of the month, but the activations in January
and February 2002 were causing relatively small damage. Situation is now
more serious.

Klez.E is a very complex virus. It sends itself via e-mail using a wide
variety of different messages, including messages which look like virus
warnings. Sometimes Klez fakes the e-mail sender, making it look like an
innocent bystander has been spreading the virus. Klez.E also fights against
various anti-virus products, trying to delete them.

In addition, the e-mail attachments sent by Klez can execute automatically
on some systems, causing infection by just reading or viewing an infected
e-mail message.

"Klez.E activation routine is destructive", comments Mikko Hypponen,
Manager of Anti-Virus Research at F-Secure. "It overwrites data files such
as Word DOC files, Excel XLS files, MP3 music files, website HTML contents
and ASCII text files. Even worse, it does this not only on the infected
machine but also in the local network. ... Read more

A:New Virus Warning!

http:[email protected]html
This is Symantec's site, and what it has to say about the virus.

Most important is http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-020.asp which is the link they provide that explains the vulnerablity your system may have. If you have this patch, then you should have no problems with this virus, as there will be no vulnerability for it to exploit.

From the site Tom provided, http://www.europe.f-secure.com/v-descs/klez_e.shtml gives very good info on the virus, what it does, what the mails look like as they arrive, and how to disinfect your system if you get it! The best info available is at the bottom of the second link, but here it is for those who hate clicking!
Detection of Klez.E worm is available in the updates published on 17th of January 2002.

Disinfection of Klez.E worm can be performed with the special tool that is available on our ftp site:

ftp://ftp.europe.f-secure.com/anti-virus/tools/kleztool.zip

Please read the KLEZTOOL.TXT file included in the ZIP archive before using the tool.
Click to expand...

Thanx Tom, for letting people know about this!
 

1 more replies
Answer Match 41.16%

Well first post howdy to everyone, Been an it tech for 20 years and know how to clean this virus but this laptop my buddy gave me has a screen that is cracked so i have to put my lcd monitor on it to get display, unfortunatly it only comes up with windows so i cant get into safe mode to fix it. Was wondering what i can do to get this off if i have enough time to type a dos cmd, or something. I hate to pull the drive and slave it in to my desktop or laptops as i dont want them infected with this pita virus to clean.
Would like any opinions on what i should try first or just tell this cat to buy a new lcd and ill put it in. They have several pcs in their house and they just use a large lcd to boot to so he didnt want to spend any cash on the lcd since they use it for kids homework etc etc. Regardless any advice, thanks.
BrianG

A:FBI warning virus

Is there an option on your BIOS to direct the display to the LCD?
Also you could try Hirens.

1 more replies
Answer Match 41.16%

Hi

I have PC cillin installed on about 3 desktops ,& on all this desktops I get this pop up message from PC cillin saying that the the file is infected ,the problem is I can not find the file on Location of file C:/windows/system32/fool0.dll
I have tried scanning the PC ,reformatting the PC,but the minute i attach the external hard drive the same virus comes back again ,TRend PC cillin finds this virus but can not delete it .
Please help
Virus name Cryp_Xed-6
Infected file :Fool0.dll
Location of file C:/windows/system32

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:45:54, on 19/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\PDF Complete\pdfsvc.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\System32\svchost.exe... Read more

A:Virus Warning

Hi,I used TRend Housecall & the virus was removed
 

1 more replies
Answer Match 41.16%

VIRUS WARNING

Hi, I am a complete novice at all this, so please bear with me My computer is coming up with a virus warning - but not all the time - after a while of this warning coming up my computer runs very slow and also when I get onto the internet and into say facebook - it will let me, but to do anything from there, like go to a game it just comes up with blank screens or sometimes saying internet explorer cant find this page. When this happens it will also let me into say hotmail, I can open some but not others and if I want to respond or delete some it wont let me. it also will not let me get into any banking or try to go to any other www. sites. After doing a virus scan last night this is the what I got - C:\windows\AutoKMS.exe\AutoKMS.exe - a variant of WIN32\HackKMS.B - unable to clean.

Please find attachments

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: AMD A6-3410MX APU with Radeon(tm) HD Graphics, AMD64 Family 18 Model 1 Stepping 0
Processor Count: 4
RAM: 7658 Mb
Graphics Card: AMD Radeon HD 6750M, 1024 Mb
Hard Drives: C: Total - 697790 MB, Free - 591289 MB; D: Total - 17309 MB, Free - 1895 MB;
Motherboard: Hewlett-Packard, 1807
Antivirus: ESET NOD32 Antivirus 5.0, Updated and Enabled
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:21:37 AM, on 13/02/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal... Read more

A:Virus Warning - what do I do

16 more replies
Answer Match 41.16%

Every time I turn on P.C. I get a warning of a virus of some sort,my emails wont open as they are blocked for some reason by the security and are either deleted or cannot be opened any help would be welcome
 

A:Virus warning

12 more replies
Answer Match 41.16%

Yesterday I idled on a gaming website while I went to get something from the kitchen. When I got back MSE popped up about unknown program or file (c:\users\leslie\scbqpspzfr) when I closed the pop up to run MSE and Malwarebytes and FBI warning popped up and I could get rid of it or see any icons on my desk top. I pulled my internet connect and restarted my computer, which seemed to start normally. I ran MSE and Malwarebytes which detected 3 trojans and removed them. I reconnected my internet, without restarting, and everything seemed fine. I re-ran MSE and Malwarebytes and nothing was detected.

Today, when I started my computer the same thing happened with the same results so I came here. I also noticed 2 new applications listed under c:\users\leslie\ and both were last modified yesterday.

scbqpspzfr.exe
yewrztreuatlqayutmnjlgzba.exe

-----------------------------

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.10.2
Run by Leslie at 18:37:04 on 2013-01-28
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4055.2622 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
... Read more

A:FBI Warning Virus

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top o... Read more

17 more replies
Answer Match 41.16%

You are invited and encouraged to read THIS THREAD. It could save headaches and problems down the road.
 

More replies
Answer Match 41.16%

Upon startup, my computer gets taken over by a screen that says my computer was taken over by the FBI and tries to extort money. I am able to get in if I reboot, and start another program before the FBI thing starts. If I push the power button, I then have the opportunity to cancel out of the shutdown, because the other program is running and the FBI warning goes away.

I run XP SP3.

There is a new shortcut in my startup file with the target of:
%systemroot%\system32\rundll32.exe C:\DOCUME~1\JAMESP~1\LOCALS~1\Temp\deo0_sar.exe,FQ10

I suspect this may have something to do with it.

Teenagers. Grrr. I appologize for being a repeat user.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.4.1
Run by James Peters at 19:29:53 on 2012-07-30
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://my.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\b... Read more

A:FBI warning virus

Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

One or more of the identified infections is a backdoor trojan/rootkit.

This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Please refer to Microsoft's Online Safety article for tips on creating a strong password.

Do not change passwords or do any transactions from the infected computer until it has been cleaned.

------------------------------------------------------

It is not our intent to repeatedly remove malware from the same member's machines. The intent of this free service performed by volunteers is to help remove malware from your machine, educate you on how it may have ha... Read more

12 more replies
Answer Match 41.16%

I received an email warning me that I may be infected with a virus. It tells me to search for a file on my c drive called jdbgmgr.exe with a grey teddy bear icon, delete it and empty my recycle bin immediately. Is it ok to do this, or is the warning a hoax and will deleting this file cause problems. I would appreciate your help. Thanks. Sue
 

A:virus warning

7 more replies
Answer Match 41.16%

I got a security warning from norton yesterday that this virus was on my computer, I was on a site (I'm new here to not sure if I'm allowed to name the site?) and didn't even click on anything yet when I saw a quick flash of something downloading and then the ducky b warning, mine also said it was unable to delete the file, I did a norton scan twice and nothing came up, I had deleted all my temp internet files, I don't know if that's why, is that really what fixes this, I'm so glad it's that easy I thought it would be so much more involved! someone suggested I update my java, but when I tried and I got the active x prompt I clicked on it but then I got a medium risk security warning that sun was trying to access the internet and that it was recommended I don't let them--if java is a respected program/site, why would I get that warning? also why did the virus get through in the first place if my norton subscription is active and I haven't let it lapse?? should I have another antivirus or spyware program and how do I know when they are safe?
 

A:virus warning

Sun needs to access the net while installing
it downloads a small installer first & then installs online

It didn't get through Norton

Norton blocked it
 

1 more replies
Answer Match 41.16%

Please note: This notice was real, but is now outdated - 2006I am presuming that I am posting this to the correct place. I received this this morning and passed for your info.Anyone-using Internet mail such as Yahoo, Hotmail, AOL and so on. This information arrived this morning, Direct from both Microsoft and Norton Please send it to everybody you know who has Access to the Internet. You may receive an apparently harmless e-mail titled 'Mail Server Report' If you open either file, a message will appear on your scree n saying: 'It is too late now, your life is no longer beautiful...'Subsequently you will LOSE EVERYTHING IN YOUR PC, And the person who sent it to you will gain access to your Name, e-mail and password. This is a new virus which started to circulate on Saturday afternoon. AOLhas already confirmed the severity, and the anti virus software's are not capable of destroying it.The virus has been created by a hacker who calls himself 'life owner'.PLEASE SEND A COPY OF THIS E-MAIL TO ALL YOUR FRIENDS, And ask them to PASS IT ON IMMEDIATELY!THIS HAS BEEN CONFIRMED BY SNOPES.Added outdated noticerigel = BC Moderator

A:Virus warning

http://www.hoax-slayer.com/life-is-beautiful-virus-hoax.html

2 more replies
Answer Match 41.16%

Hello,
When i open my IE it used to default to the 401 MPV warning page. I ran HijackThis and removed some stuff i saw in another post in this forum. It also made my backround wallpaper look like a Blue Screen Error, and when i try to change the background by right-clicking and the choosing properties, the background tab is no longer there. Here is my HJT log file, in normal mode(not safe). Any help would be great.

thanks!

Logfile of HijackThis v1.99.1
Scan saved at 4:02:42 PM, on 4/24/2005
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\S24EvMon.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\Ati2evxx.exe
C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
C:\WINNT\MS\SMS\CORE\BIN\CLISVCL.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Hummingbird\Connectivity\9.00\Exceed\HumDisplayServer.exe
C:\oracle\ora92\bin\omtsreco.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\WINNT\System32\RegSrvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\... Read more

A:401 MPV warning virus. Please help

16 more replies
Answer Match 41.16%

I just started to get a window warning me of possible virus threats to my pc. It's called " ANTIVIRUS 360, SYSTEM IN DANGER ". It list TROJAN and other viruses , asking me to scan , and having to register with them to get the software to correct the problems , I already have a good virus program with AVG. How do I get rid of this window that keeps popping up and won't go away ??
 

A:win xp virus warning

6 more replies
Answer Match 41.16%

i keep getting this avg resident shield warning about a virus trojan horse downloader istbat.3.oe

says its in the C:\system volume information\restore and a bunch of numbers that look like the registry numbers.

says to run avg to fix. well i have updated and ran the program and get nothing. went to the house call site and ran it through there and got nothing. could this be a virus that i have? or just a warning about one trying to get in?

any help?

Lori
 

A:virus warning avg

7 more replies
Answer Match 40.74%

Hi,
I some how got this program installed on my computer and ever since I have been getting popups, internet explorer doesn't work all the time, the computer is real slow. The program keeps popping up and want to run. There is no way to uninstall it. It really looks like a real program, but I didn't put it there.
Any help would be greatly appreciate.
Attached is my hijack this log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:47:45 PM, on 1/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\Mc... Read more

A:XP Antivirus program - is this a real program? I think I have a virus now.

7 more replies
Answer Match 40.74%

cant update the computer or run certain program or i cant update my antivirus program or malware program
need help thx

A:cant update virus program or malware program

Scroll down in the link below and follow the instructions for using MalwareBytes AntiMalware while in Safe Mode With Networking, Follow all directions below that for the other tools. The instructions are much the same for the type of malware we see here a lot. Let us know if malware is found. Your symptoms are typical of malware. Remove Smart HDD (Uninstall Guide)

1 more replies
Answer Match 40.74%

Snopes says this is REAL so be careful. I just read about it in an email. YOU ARE WARNED !!!!!

COMPUTER VIRUS WARNING
> The newest virus circulating is the "UPS
> Delivery Failure". You will receive an email from UPS
> Packet Service along with a packet number. NOTE: The word packet is mis-spelled on this line. It will say that they
> were un-able to deliver a package sent to you on such and such a date. It then asks you to print out the invoice copy attached.
DON'T TRY TO PRINT THIS. IT LAUNCHES THE VIRUS
Pass this warning on to all your PC operators at work
> and home. This virus has caused Millions of dollars in
> damage in the past few days.
 

A:A real virus warning

9 more replies
Answer Match 40.74%

I installed a virus infected file that Norton Antivirus picked up and deleted .The norton log showed that it was a VUNDO virus .I ran Fixvundo but the results said ther is no Vundo virus on my comp.
The problem I`m having is when I open certain a floders in windows explorer a Fake warning message pops up and basicaly says I should download Antispyware ( Click to download ). when I close out the warning Internet Explorer opens and norton worm protection blocks the site .
I tried running GMER.EXE but it causes my comp to reboot before it`s finished ,so I can`t include a log file here . but here what DDS picked up
Thanks for your help

DDS (Version 1.0) - NTFSx86
Run by Home at 4:14:24.04 on Tue 11/18/2008
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1279.894 [GMT -5:00]

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton SystemWorks\Nor... Read more

A:Fake virus warning

Hi and welcome to TSF.

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Combofix
Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up in... Read more

1 more replies
Answer Match 40.74%

This was passed along to me, and I am only forwarding it.

((QUOTE))

It has come to my attention that someone using ntlworld.com ISP is distributing the bugbear virus from Spybot-S&D Support <[email protected]> and signing the email as Patrick Kolla. The email is not addressed to anyone, so most likely any recipients are being BCCed (Blind Carbon Copy).

THIS EMAIL IS NOT FROM PATRICK KOLLA OR SPYBOT S&D. DON'T OPEN IT!

Below is the content of one such email in my posession. Given this, I cannot believe this to simply be some poor fool infected with the virus. At first glance, this seems to be a malicious attack, and we'll see what ntlworld has to say about one of their customers sending this out.

Normally I would bother sending a mailing about something like this. It happens to me, to Lavasoft, and to other companies all the time. This one looks convincing enough that I feel it necessary to warn everyone. Spread the word about this before people start getting infected.
Regards,

Mike Healan
http://www.spywareinfo.com/
 

A:SpyBot Virus Warning !!!

Thanks for the link.
 

2 more replies
Answer Match 40.74%

Hi,
 
I was browsing on the internet when this pop-up box appeared notifying me that I may have a virus and I needed to ring this number. Please help me remove the virus.
 
I had to restart my computer to remove the message.
 
 

A:WARNING! Your computer may have a virus

Hi & to Bleeping Computer Forums!My name is Jürgen and I will be assisting you with your Malware related problems. Before we move on, please read the following points carefully: My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.If I don't reply within 24 hours please PM me!Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.Step 1Please run a FRST scan. This will help us diagnose your problem.Please download Farbar Recovery... Read more

2 more replies
Answer Match 40.74%

My nephew is IMing me about a virus he thinks a friend has. Shaky details as it were:

He thinks that the OS is 98, didnt say SE or not . . .

I asked if the problem might be mechanical, ya know . . . runs for a while then restarts . . . not really

I advised to go to housecall to do a virus scan, but . . .

this has happened about 5 times in the last hour, no time for a scan or a download of Hijack This? younguns!

Here's the kicker, he says the friend gets a warning that the computer will restart in 60 seconds.
any ideas?
 

A:virus w/warning of restart?

Sounds like the Blaster Worm, which would mean the OS is 2000 or XP.
 

3 more replies
Answer Match 40.74%

Recieved this--forwarded--Warning does not even name the virus or provide reference/link. It says your machine will be destroyed- -WOW!!!

However because of the virus panic many will heed this.

This was originally in large red letters

Very Urgent!!!!!!!...

PASS THIS ON TO ANYONE YOU HAVE AN E-MAIL ADDRESS FOR.

If you receive an email titled: "It Takes Guts to Say Jesus"
DO NOT OPEN IT. It will erase everything on your hard drive.
This information was announced yesterday morning from IBM; AOL states that this is a very dangerous virus, much worse than
"Melissa," and that there is NO Remedy for it at this time.
Some very sick individual has succeeded in using the reformat function from Norton Utilities ! causing it to completely erase all documents on the hard drive.
It has been designed to work with Netscape Navigator and Microsoft Internet Explorer.
It destroys Macintosh and IBM compatible computers.

This is a new, very malicious virus and not many people know about it. Pass this warning along to EVERYONE in your address book ! and ple! ase share it with all your online friends ASAP so that this threat may be stopped.

Please practice cautionary measures and tell anyone that may have access to your computer. Forward this warning to everyone that you know that might access the Internet.

More replies
Answer Match 40.74%

I went to a webpage that someone emailed me (actually emailed me; it wasn't a hacked account), and got a virus that wouldn't allow me to open any applications, replaced my background with a screen that had a message (Warning! You?re in Danger! etc...), and kept bringing up windows telling me to buy bogus anti-spyware programs. I ran malwarebytes in safe mode with command prompt. So far, I've run it 5 times. The first 2 times and the 4th time, it found infected files and removed them. I can now run programs and the background screen message went away. I ran ClamWin and it found a file that malwarebytes didn't, but I'm not sure what to do with it. I suspect that there's still some virus lingering on my system, but I'm not sure how to do a more comprehensive search. I'm running Windows XP. Could someone please help me purge my computer? Thanks!

A:How to get rid of "Warning! Your’re in Danger!" virus entirely?

What was detected?

5 more replies
Answer Match 40.74%

I myself was careful enough not to open these after being sent them by three people on my contacts, but many others weren't so lucky. If possible, could a mod post this as sticky?

A worm spreading via MSN Messenger is turning infected Windows PCs into zombie drones. The Bropia-F worm spreads by offering "sexy image files" to IM contacts of infected users.

Instead of racy documents, users who accept and open infected files get a comical photo of a roasted chicken with a bikini tan line. In the background, Bropia-F installs a variant of the infamous Agobot (AKA Pahtbot or Rbot) worm, opening a backdoor on infected systems. The bot can then be used to collect system information, log keystrokes and relay spam.

"Many corporations have been blocking use of instant messenger programs for employee productivity reasons, and now may have good cause to do so for security reasons as well," said Joe Hartmann, senior virus researcher at anti-virus firm Trend Micro. "With the popularity of instant messengers, it may be the home users who are most at risk - this kind of worm uses humour to make people forget that they are being infected and backdoors are being opened into their systems."

Bropia-F arrives in a file about 184 KB in size. It tries to spread to other MSN Messenger users by sending a copy of itself under one of these filenames: bedroom-thongs.pif, hot.pif, lmao.pif, lol.scr, naked_drunk.pif, new_webcam.pif, rofl.pif, underware. pif and web... Read more

A:WARNING: New MSN Messenger Virus

More info:

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_FATSO.A

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_KELVIR.B
 

1 more replies
Answer Match 40.74%

I also have the FBI Warning virus and am locked out. The computer won't allow me to start in any of the Safe mode options. I have tried repeatedly, but each time it goes to blue screen and starts over - like groundhog day. Can you help me? Thanks.

I have Malwarebytes installed but the prgram didn't block it. I also have Rkill on a USB drive that was provided when I had the Windows Security virus.

A:FBI Warning Virus Lockout

Hi Trucker1, I'd like you to try the AVG Rescue Disc. You will need a CD or USB drive to run the tool from. You will use it to boot into the Rescue Disc, instead of Windows, to remove the virus. For a guide on how to use the Rescue Disc, please see here: http://www.avg.com/us-en/226386If you have the choice to delete or rename any files, please chose rename.Hopefully, once you have run a scan and renamed any files found, you should be able to boot back into Windows normally. If this is the case, then please do the following: We need to create an OTL ReportPlease download OTL from hereSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedCasey

2 more replies
Answer Match 40.74%

okay, so i get my laptop from my brother who was borrowing it and i see in the start menu that there is a little icon that flashes from a blue and white question mark into the red circle with one line symbol. when highlighted it says Critical System Error!. i click on it and it pops up a page for me to download some antimalware or something. idk what's going on so i'm doing an ewido scan and i did a hijackthis log. please help.

Logfile of HijackThis v1.99.1
Scan saved at 10:37:56 PM, on 9/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MPVIDEOCODEC\isamonitor.exe
C:\Program Files\MPVIDEOCODEC\pmsngr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MPVIDEOCODEC\pmmon.exe
C:\Program Files\MPVIDEOCODEC\isamini.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICC... Read more

A:Solved: virus warning help

i think i posted this screenshot correctly. check attachment.
 

3 more replies
Answer Match 40.74%

My Trend Micro Internet Security came out with this message -
"Virus Found - APPMGMTS.DLL
TROJ DLOADER..PFE
Unable to quarantine the file.
Please delete the file if you do not need it."
Is it safe to delete this file. Hope someone can enlighten me.
Thanks in advance for all help.
 

A:Virus Warning {Moved here...still needs help}

Download and Run HijackThis
Download HJTInstall.exe to your Desktop.

Doubleclick HJTInstall.exe to install it.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Copy/Paste the log to your next reply please.
Don't use the Analyse This button, its findings are dangerous if misinterpreted.
Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
 

2 more replies
Answer Match 40.74%

http://www.theregister.co.uk/content/56/33628.html
 

A:new SOBER virus warning

Thanks for the heads up!
 

2 more replies
Answer Match 40.74%

Hi, I hope im going about this in the correct location of the forum. I am getting a virus warning from Avast that says  HTTP://blackfightinfo/333livereader_1482753320. It is URL:Mal2
I have done a virus scan with Avast and it finds nothing. I have done a scan with Malwarebyts  and that also found nothing. Scanned and cleaned everything found with
superantispyware. But on every restart of the computer i get the warning. I did a hijackthis scan and hope im posting the results in the proper place. I thank you all in
advance for any help you can give.
 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:19:31 PM, on 3/2/2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17496)
Boot mode: Normal
Running processes:
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Users\Gjob\Desktop\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page ... Read more

A:Virus warning with every restart

Wanted to update this with the fact that it is attached to the svchost.exe. At computer start Avast gives a warning and shows a few different HTTP://websites with the warning.  Also says  URL:Mal2

19 more replies
Answer Match 40.74%

Avg keeps warning me of a trojan in a directory that i cant find first of all, and then when i do a v-scan complete after, it doesnt even find it again.

Anyone else ever had this problem with avg free?
 

A:AVG virus warning thing.

8 more replies
Answer Match 40.74%

Hello,
There are two 'System Warning' signs that pop up. The first says, "Keep your computer safe from viruses and malicious programs that can slow down or break your system." The second says, "Spyware protection disabled. Your personal data is at high risk of being stolen and misused." I have found a post on your website that explains exactly what is happening to my computer:

http://www.bleepingcomputer.com/forums/topic416111.html

I can't run regedit, task manager, etc. It will either not open, or open for a split second. I have ran MBAM, and everytime it says it has found something such as trojans, but I can quaranteen and remove them, start another scan and it will find more. I have tried to run SuperAntiSpyware as well. Both programs I have ran several times. The SAS interface does not look the same as when I first downloaded, so I figured the virus may have penetrated it, and went ahead and uninstalled it. At this point I have read what you recommended the person in the post above and tried to expedite it; i first ran the Defogger, it said it was successful, but it did not ask to reboot. I'm having problems with the DDS program. I run it and the black screen appears, it then disappears and nothing else happens. The log from the GMER is attached below.
 ark.log   3.63KB
  3 downloads

I stopped at this point to see what expertise and recommendations you have for me to do. Thank You for your help!&... Read more

A:System Warning pop-up virus

Hello liquiphyde, Welcome to Bleeping Computer.
My name is fireman4it and I will be helping you with your Malware problem.

Please take note of some guidelines for this fix:
Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.We will need a little more information first before we clean this up.1. 1. Please download OTL from one of the following mirrors: This is THE Mirror
2. Save it to your desktop.
3. Double click on the icon on your desktop.
4. Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
n... Read more

27 more replies
Answer Match 40.74%

One of my users with a fairly new Dell running Windows 7 professional encountered a fake virus warning. Even though he closed the popup window without any further action, several things began to happen:

1) The peer-to-peer network failed to connect to the computer involved.
2) Windows firewall was not operational and would not start when requested to in the Control Panel.
3) Trend Micro Titanium 2011 did not find malware, but Windows Defender and Malwarebytes did. After Defender and Malwarebytes ran, problems 1 and 2 still existed.
4) Malwarebytes kept complaining that it was blocking communication between the computer and several outside IP addresses.
5) Downloaded and ran combofix. It took well over an hour to run. I have attached the log (ComboFix_1.txt) from that run.
6) After we rebooted, everything worked again.
7) Ran Malwarebytes again. This time it found one item: POP.bitminer. Had it quarantine and remove the offending file.
8} Ran combofix again. The log from that run is also attached {ComboFix.txt).

Everything seems to be OK, but I'd appreciate it if someone with ComboFix experience would look over the attached logs and tell me if there is more we need to do to avoid having these symptoms reappear.

A:Fake Virus Warning

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Your ComboFix log is clean.I suggest you delete these two folders.c:\users\WP\AppData\Roaming\LNyxA1uvSoFpGaJc:\users\WP\AppData\Roaming\duvD2obF4m5Q6E8===Third party programs if not up to date can be the cause infiltration of an infection.Please run this security check for my review.Download Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.===Please post the log for my review.

2 more replies
Answer Match 40.74%

I recieved this email today and thought it best to warn everyone. I have edited the forwarding email addresses, it is genuine. I'd rather be safe than sorry.
Subject: FW: Extremely Important - NO JOKE!

During the next several weeks be VERY cautious about opening or
launching any e-mails that refer to the World Trade Center or 9/11 in
any way, regardless of who sent it. PLEASE FORWARD TO ALL YOUR FRIENDS
AND FAMILY. FOR THOSE WHO DON'T KNOW, "WTC" STANDS FOR THE WORLD TRADE
CENTER. REALLY DANGEROUS BECAUSE PEOPLE WILL OPEN IT RIGHT AWAY,
THINKING ! ITS A STORY RELATING TO 9/11!

BIGGGG TROUBLE !!!! DO NOT OPEN "WTC Survivor" It is a virus that will
erase your whole "C" drive.. It will come to you in the form of an
E-Mail from a familiar person. I repeat, a friend sent it to me, but
called and warned me before I opened it. He was not so lucky and now he
can't even start his computer!

Forward this to everyone in your address book. I would rather receive
this 25 times than not at all. So, if you receive an email called "WTC
Survivor", do not open it. Delete it right away! This virus removes all
dynamic link libraries (all files) from your computer.

PLEASE FORWARD THIS MESSAGE
_____

No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.362 / Virus Database: 267.13.11/191 - Release Date:
02/12/05
 

A:Serious email virus warning

This is a hoax, it's always a good idea to check such things out on Google before you react.

http://www.symantec.com/avcenter/venc/data/wtc.survivor.hoax.html
http://www.snopes.com/computer/virus/wtcsurvivor.asp
 

2 more replies
Answer Match 40.74%

I recently went to a website and my NOD32 came up with a Iframe.b.gen warning.
I immediately did a full scan on my computer and found nothing, but it would put my mind at rest if someone could have a look at my log files.

I ran gmer but the text files came up blank

.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Darren at 21:13:27.69 on 24/03/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.6135.4461 [GMT 0:00]
.
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ESET\ESET NOD32 Antivirus... Read more

A:Iframe.B.gen virus warning

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

I'm not seeing anything in your logs. We'll do an online scanner to check for remnants shortly.

------------------------------------------------------

Advanced SystemCare

We do not recommend the use of registry cleaners. Our colleague miekiemoes has an excellent writeup here

We suggest uninstalling them via Programs and Features in your Control Panel.

------------------------------------------------------

Please uninstall the following via Start->(or Computer)->Control Panel->Programs->Programs and Features if it still exists:

Coupon Printer for Windows<<Please read here

If you decide to uninstall it, also delete the following Folder if it still exists:

C:\Program Files\Coupons

------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

In 64-bit Windows Vista/Win7, you must open the 64-bit IE browser.

Navigate to C:\Program Files (x86)\Internet E... Read more

2 more replies
Answer Match 40.74%

Hello

Just to say that I received the Bugbear virus this morning. The subject of the message was "Christopher J. Reeves". NAV caught and quarantined it, so I didn't read the body of the message.

T2

p.s. I run my mail through Mail Washer and was dubious about the message when I saw it there.
 

More replies
Answer Match 40.74%

i need a HijackThis link and help its really annoying and its slowing down my computer

A:please help i got a windows warning for a virus

Hello and welcome to TSF.

Apologies for the long delay in response. We have a large number of HijackThis logs to handle and it?s taking us longer to catch up. If you haven?t received help elsewhere already and still require assistance please follow the instructions in IMPORTANT - Read This Before Posting A Log and post the required logs.

1 more replies
Answer Match 40.74%

I know these are ALMOST Always Hoaxes But this one I want someone elses opinion on
This email version gets to the point without checking with a web site like the previous FBI alert. jc

Hi All,

I checked with Norton Anti-Virus, and they are gearing up for this virus!

I checked snopes.com, this morning ( 2/04/2008 ) and it is for real!!

Get this E-mail message sent around to your contacts ASAP.

PLEASE FORWARD THIS WARNING AMONG FRIENDS, FAMILY AND CONTACTS!

You should be alert during the next few days. Do not open any message with an attachment entitled "POSTCARD," regardless of who sent it to you. It is a virus which opens A POSTCARD IMAGE, which 'burns' the whole hard disc C of your computer. This virus will be received from someone who has your e-mail address in his/her contact list. This is the reason why you need to send this e-mail

to all your contacts. It is better to receive this message 25 times than to receive the virus and open it.

If you receive a mail called” POSTCARD," even though sent to you by a friend, do not open it.! This includes all cards, too. Shut down your computer immediately.

This is the worst virus announced by CNN. It has been classified by Microsoft as the most destructive virus ever. This virus was discovered by McAfee yesterday, and there is no repair yet for this kind of virus. This virus simply destroys the Zero Sector of the Hard Disc, where the vital information is kept.

COPY THIS E-MAIL, AND... Read more

A:POSTCARD Virus Warning

I searched on the Mcafee site for POSTCARD and came up with 2 entries, one from 2001 and one from 2005. Maybe the threat described in the email was real, some time ago.
 

2 more replies
Answer Match 40.74%

Hello, this virus appeared about a few days ago on this machine which displays a message saying that my computer has been blocked due to malicious use and intent basically. It continues on to give me an option to unblock it by paying $300. I identified this as malware right away, however, because this malware was able to actually block my computer I am assuming it has embedded itself into my registry. A place which I don't enter without professional help. I was wondering if you guys could first point me to where I could begin learning how to get rid of these types problems from my registry. If you see my history this isn't my first time with problems. I know how to prevent virus and malware attacks, unfortunately, I don't have the time to go around teaching my relatives. They come to me when they need their computers cleaned. I would love to learn how to use combofix or any of the other tools on my own. If anyone could help me that would be great, thank you.

A:[SOLVED] FBI Warning Virus!

I am unable to download dds from your link. is there an alternative way of obtaining it?

3 more replies
Answer Match 40.74%

Well, I got home from work and my wife got a virus on the computer somehow, shes not sure how, though I know it was a program pretending to be an antivirus software, and it was called Antivir. I was unable to use Internet Explorer at all, so I restarted in Safe Mode and downloaded spybot search and destroy. It found quite a bit and I removed it all, I removed the Antivir program from my startup, and I turned off system restore to try and keep it from restoring back to try and remove it permanently. I ran another search with spybot seach and destroy after restarting, and it did not find anything. However, there is still something on my computer, and I can not use Internet Explorer at all. If I go to Google and type in something to search, this shows up in the address bar:http://www.google.com/#warningThen it just stays on Google page? Also, if I type in a different website in the address bar a warning comes up and tells me the site I am visiting may contain malicious software etc...and says continue unprotected or Get Security software. So, any help would be great. Thanks.Edit: Moved topic from XP to the more appropriate forum. ~ Animal

A:Virus-#Warning in address bar

try running malwarebytes, and also try reinstalling internet explorer. I know its a nuisance but the virus may have deleted registry files, and a anti virus only removes anti virus software it doesnt put good software back, so I would recomend reinstalling IE8 if you can.

3 more replies
Answer Match 40.74%

I first posted about this here: http://www.bleepingcomputer.com/forums/topic386813.html/page__gopid__2180713. I don't know if this is related, but I'm still getting a message telling me that auto-updates are turned off, but I know I have them turned on. And when I open windows security center, it tells me that the firewall is turned off, even though it's turned on. Also note that the schemaSpy program referenced in ark.txt is not spyware; it's for mapping databases. Thanks!

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Aimee Sunshine-Hill at 12:18:43.42 on Thu 03/24/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.1433 [GMT -7:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32&... Read more

A:"Warning! Your’re in Danger!" virus

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about y... Read more

2 more replies
Answer Match 40.74%

so im have problems heres my log please help

Logfile of HijackThis v1.99.1
Scan saved at 3:55:53 PM, on 6/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\LeapFrogMessenger\LeapFrogMessenger.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Nikon\NkView4\NkVwMon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C... Read more

A:hijakers and virus warning pop up

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted.

Please read this post completely before begining. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.


* * * * * * ADDITIONAL DOWNLOADS * * * * * * * * * * * * * *


Please download SmitfraudFix
Extract the content (a folder named SmitfraudFix) to your Desktop.

Download Dr.Web CureIt & save it on desktop. We shall be using it later

Download & install - CleanUp.exe (not recommended for WinXP64)

'UNPLUG'/DISCONNECT your computer from the Internet when you have finished downloading.
It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.


* * * * * * PURGING TEMP FOLDERS * * * * * * * * * * * * * * *


Run Cleanup! using the following configuration:

1. Click Options...
2. Set the slider initially to Standard CleanUp!
3. Uncheck the following:Delete Newsgroup cache
Delete Newsgroup Subscriptions
Delete Cookies
4. Click OK
5. Press the CleanUp! button to start the program.

* CleanUp! will not create any backups!!


* * * * * * RESTART WINDOWS IN SAFE MODE * * * * * * * * * *


1. Restart your computer
2. After hea... Read more

1 more replies
Answer Match 40.74%

I have loads of pop-ups which say "Security Warning: application cannot be executed. the file wuaclt.exe is infected. do you want to activate your antivirus software now?
and a thing comes up that is scanning my computer

ive tried several things including malwarebytes anti-malware, ccleaner but nothing has worked!

this is the hijack log: (please help!!!!!)
Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16915)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Documents and Settings\Administrat&#65533;r\Mina dokument\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = L&#65533;nkar

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Windows Live inloggningshj&#65533;lpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll

O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [SoundMAX] C:\Program\Analog Devices\SoundMAX\Smax4.exe /tray

O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe... Read more

A:Security Warning Virus

I ran Malwarebytes Anti Malware and CCleaner and Superanti Spyware and eventually it calmed down (don't know exactly which one did the trick)
However, I have an expired Trojan Remover that only scans but can't remove anything and it keeps picking up two 'restrictive windows explorer policies' : one that disables digital signature checks on downloaded files and one that allows files with invalid signatures to run without prompting

here is my most recent hijack log, have i got rid of it?
Logfile of HijackThis v1.99.1
Scan saved at 09:08:04, on 01/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program\AVG\AVG8\avgwdsvc.exe
C:\Program\Bonjour\mDNSResponder.exe
C:\Program\WIDCOMM\Bluetooth-programvara\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program\AVG\AVG8\avgemc.exe
C:\Program\AVG\AVG8\avgrsx.exe
C:\Program\AVG\AVG8\avgnsx.exe
C:\Program\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\mqtgsvc.e... Read more

1 more replies
Answer Match 40.74%

Just got this in a e-mail from Message Labs.


General

The details of the new virus are as follows:

Virus name: W32/Sadhound.A
Number of copies seen so far: 2,704
Date first Captured: 25th Jan 2003
Origin of first intercepted copy: Netherlands
Number of countries seen active: 1
Most active countries: Netherlands

Technical Details

On 25th January 2003, MessageLabs intercepted the first copies of a new virus called W32/Sadhound.A. To date, all of the copies that we have thus far stopped all originated from the same IP address in the Netherlands. Therefore, at this time, we are unsure as to whether this is a seeding of a trojan, broken malware, or a mass-mailer.

Initial analysis suggests this is a dropper-program, depositing a mass-mailer with a backdoor and a mIRC component; however, this has yet to be confirmed.

From the copies that MessageLabs have intercepted, the email may be composed as follows:

Subject:

I Miss You

The email body contains the following text:

I Miss You…

Attachment file names include:

Bloods.jpg (11,507) – a picture of a sad-looking bloodhound,
hence the name

bgg.jpg (2,680) – a background image

Missingyou.htm .pf.htm – or Missingyou.pif (11,296) since the name
and filename are different in the MIME header.

Detection

Skeptic™ detected W32/Sadhound.A heuristically.Click to expand...
 

A:New Virus Warning: W32/Sadhound.A

bump
 

2 more replies
Answer Match 40.74%

Hi there.

My computer was infected with that website redirecting virus a while ago. NeonFx was a hero and walked me through the process of removing it and ensuring future safety.

Now, my parents computer seems to have the same virus, or a version of it. Since all of the steps are custom for each computer, I can't just follow what I did for mine and get theirs fixed.

Does anybody want to waste some of their good Saturday time to lead me? Thanks much. Cheers.
 

A:Fake Virus Warning

16 more replies
Answer Match 40.74%

Hi,

AVG is warning me that I have the fakealert virus and it is inaccessible and can't be removed. I have all the logs requested and attach.txt attached. Thanks a bunch for your help!

Ellyanah

Hijackthis
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:54:05 PM, on 15/10/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\LandO\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Micro... Read more

More replies
Answer Match 40.74%

Hello. When I turned on my computer this morning all I could see was a huge text saying that my computer is locked by the NSA. It says also something about prism and that it was locked "due to suspicion of illegal content downloading and distribution".
It wants me to pay a fine so that I can use it again.
Is this true, it seam like a virus to me, because I don't live in the United States.
How can I remove this and use my computer again?
 

A:Is this a virus? (NSA/PRISM warning)

Nevermind I solved it.
I found some removal guides. If anyone is interested here is where I followed the steps from:
http://www.xp-vista.com/spyware-removal/prism-virus-removal-guide
http://www.bleepingcomputer.com/virus-removal/remove-your-computer-has-been-locked-ransomware

Basically what I had to do was to Start my computer in safe mode and from the cmd to open a browser, from where i had to go to this address http://www.malwarebytes.org and to download the antimalware tool.
Once I was able to access my PC normally I also installed anothe antivirus program, just to be sure.
 

1 more replies
Answer Match 40.74%

Hi, over the last couple of days, AVG Free Edition ha been warning about being infected with a Trojan Virus.

I select "Heal" the Trojan, and the heal is successful, but around 30mins or so later, it'll pop up again.

Please help if you can.

I've attached my log.

Thanks.

More replies
Answer Match 40.74%

Well i had thought i finished cleaning my computer of viruses and trojons. but just today my sister was on her laptop and she got a virus pop-up from avg i doubt its anything she did cause all she basically does is myspace and e-mail... anyways here goes an HJt log

Logfile of HijackThis v1.99.1
Scan saved at 2:09:39 PM, on 08/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\CallWave\IAM.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\WinZip\WZQKPI... Read more

A:Solved: Virus Warning-HJT Log

16 more replies
Answer Match 40.74%

Please can someone take alook at the hijack this log below, I have got all kinds of shortcuts appearing on my desktop plus a black screen with a box that says Warning Your In Danger! I have tried to get rid by searching the web and following some of the instructions, but it will not go away. Heres the log:

Logfile of HijackThis v1.98.2
Scan saved at 00:55:17, on 05/12/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\twink64.exe
C:\Program Files\Windows AdControl\WinAdCtl.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows AdControl\WinAdAlt.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Inter... Read more

A:Warning your in Danger! ??? Virus

16 more replies
Answer Match 40.74%

Loading up WoW, I recieved a trojan virus warning. While trying to find a scanner to find and remove this virus, explorer keeps crashing out on me.

Please help. My buddy told me to use HijackThis and post it here:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 9:56:30 PM, on 4/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\kmw_run.exe
C:\Program Files\ACNielsen\Homescan... Read more

A:Trojan virus warning.. Please help

11 more replies
Answer Match 40.74%

Please help - need to remove the infection in my computer

Security Update and Internet explorer are not functioning

This is the page

http://awarninglist.com/

and
http://antivirusgolden.com/?aid=1338
I keep getting pop-ups and warnings

Please Help
 

A:SECURITY Warning IE and AVG virus - Pop - Ups

6 more replies