Tech Problem Aggregator

Infected with "system diagnostic" malware?

Q: Infected with "system diagnostic" malware?

hey, a friend reccomended me this website after he tried to help me get rid of this problem himself, but everything he tried hasn't gotten rid of the issues.

last night i was on my machine (windows xp) and it threw a few warning boxes up, then it shut down. i turned it back on and all the icons on my desktop were gone, and one of those fake virus scanners started running, calling itself system diagnostic. it's also hidden everything in my program files (except if i download something new)

so i've tried all the usual fixes (according to friend) which was running rkill, then malware bytes and super anti spyware. both find errors and apparently remove them, but on system restart the problem still occurs. also when these programs say the virus is gone, the desktop icons and program files are still gone. something which i read will return after this virus is deleted.

help?

A: Infected with "system diagnostic" malware?

I'm having the exact same problem, here's my thread: http://www.bleepingcomputer.com/forums/topic384229.html

If you look at the C Drive you can see that the data is still there because of the size of it but you can't access it.

18 more replies
Answer Match 67.2%

We had this problem on my wife's computer running Windows XP and tried to remove it ourselves. First, I did properties of the icon on the desktop labeled "Hard Drive Diagnostics". I went to the location shown in the properties and tried to remove the 3 files and got a message couldn't delete, so I renamed them with the extension .old to no avail. We tried to use the Uninstall guide that was posted by Grinier on Dec. 6, 2010, but after running TDSSKiller, IExplore.exe, and then running Malwarebytes' Anti-Malware, Anti-Malware scanned and returned nothing found. We have also tried to revert to last known Windows download as suggested by another PC support person at my wife's work. I hope you can help us as nothing seems to help. We have 4 users setup on this PC by my wife and the original problem was on the "Jennifer" user. We used the "Jennifer2" user and at first it showed no sign of the malware, but the next day it showed up there as well. I am attaching the requested logs. If you need anything else just let me know. Thanks in advance for your help. Ed
DDS (Ver_10-12-05.01) - NTFSx86
Run by Jennifer2 at 10:33:41.25 on Tue 12/07/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.469 [GMT -6:00]

AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-... Read more

A:Infected with "Hard Drive Diagnostic" malware

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

3 more replies
Answer Match 51.66%

Hi there, after searching the internet for the solution to a problem i've been having I stumbled across this site and was hoping you guys could help me. My computer began by not starting up properly, it would go through Bios and then try to start windows, it would take ages and it would sit on a black screen with just the cursor on it. Eventually it would log on to windows but would say it had to restart because of three reasons:
1. It could not connect to the group policy client service.
2. The Dcom server process terminated unexpectedly.
3. The plug and play service terminated unexpectedly.

These problems did not neccessarily all appear all the time.

I've since re-installed Windows Vista Ultimate over my previous windows and then re-installed various programs such as Kaspersky 2009 and Ad-aware and Spy-bot in an attempt to delete whatever virus or malware might be causing this. It's worked after the 3rd try of doing this. Hence why I'm still a little worried.
Here's my log file, would someone please be able to look at it and see if there are any major problems. Much appreciated!!

Logfile of HijackThis v1.99.1
Scan saved at 14:42:22, on 30/08/2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security ... Read more

More replies
Answer Match 51.66%

Hi

Recently my system has occasionally behaved strange, eg my cursor "bounces" around the screen when I move my mouse and there is sometimes a big lag in it catching up to what I do. Perhaps sounds odd, but sometimes like I am not in control for a moment and then it comes back.

I also noticed that a couple of times my homepage in Firefox has been changed to a site I didn't select. I usually have my homepage set to ixquick.com

Any help or guidance you can give is much appreciated. Thanks
My system is:

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Professional, Service Pack 1, 64 bit
Processor: AMD Athlon(tm) II X4 620 Processor, AMD64 Family 16 Model 5 Stepping 2
Processor Count: 4
RAM: 3582 Mb
Graphics Card: ATI Radeon HD 4200, 512 Mb
Hard Drives: C: Total - 152514 MB, Free - 19599 MB; E: Total - 76316 MB, Free - 76213 MB; H: Total - 305242 MB, Free - 221891 MB;
Motherboard: Gigabyte Technology Co., Ltd., GA-MA785GT-UD3H
Antivirus: AVG Anti-Virus Free Edition 2012, Updated and Enabled
HijackThis Log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:21:10, on 10/03/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Users\Jim\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files (x86)\HP\Digital Imag... Read more

A:I think my system may be infected by malware

Bump
 

2 more replies
Answer Match 51.66%

Hi all,I have malware/spyware on my PC which i've tried my best to remove, but only with partial success.In IE, I occasionally get the pop up, your system may be infected etc, along with other pop-ups which I hastly close.Measure taken.Ran Adaware (found/healed issues)Ran Spybot (found/healed issues)Ran AVG anti-virus (found/healed a virus)Ran smitrem.exe from your tutorial (found and cleared two online programs that had appeard on the desktop as shortcuts, and on the start-bar of Windows).I think there maybe one or two registry settings that need to be cleaned and whilst I can identify many of the processes shown in the Hijackthis log, I'm not confident enough to play registry-kerplunk with the check boxes...Any help would be greatly appreciated.Hijackthis log file below:Best regards - Phil---------------------------------------------Logfile of HijackThis v1.99.1Scan saved at 09:54:20, on 01/10/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Ati2evx... Read more

A:Malware - "your System May Be Infected..." - Almost There...

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download ComboFix and save it to your desktop.Double click combofix.exe and follow the prompts.When it's done running it will produce a log for you. Please post that log in your next reply.Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

2 more replies
Answer Match 51.66%

My desktop (running XP) was infected with the System Fix virus since yesterday. The background turned black, the icons were hidden, and I kept getting the warnings about my computer being infected and the fake antivirus program running. I followed the steps on this site...

http://www.bleepingcomputer.com/virus-removal/remove-system-fix

I ran the RKill, TDSSKiller, Malwarebytes' Anti-Malware, Unhide.exe like the tutorial explained and everything seemed to be fine. However, when I restarted my computer, the System Fix virus popped back up, the background is black again, the icons are hidden, etc. so I believe that Malwarebytes must not have caught the virus. I tried running the program with a full scan twice, but I am still having the same problems. In fact, there is still a System Fix icon on my desktop and in my Start Menu. Here is my log from running the Malwarebytes' Anti-Malware...

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8209

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/21/2011 2:23:39 PM
mbam-log-2011-11-21 (14-23-39).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 343170
Time elapsed: 3 hour(s), 16 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infec... Read more

A:Infected with System Fix Malware

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

4 more replies
Answer Match 51.66%

I'm getting frequent ad-pop ups every 5 or 10 min while I'm online, Below is the HJT logs...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:57:03 AM, on 7/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\VPNremote for Windows XP\AvVpnService.exe
C:\WINDOWS\system32\enstart.exe
C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
C:\WINDOWS\system32\Hummingbird\Connectivity\7.00\Inetd\inetd32.exe
C:\WINDOWS\system32\QosServM.exe
C:\WINDOWS\system32\Hummingbird\Connectivity\7.00\Jconfig\jconfigdNT.exe
C:\WINDOWS\system32\Hummingbird\Connectivity\7.00\Jconfig\hjavaw.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Java\jre1.6.0_06\bin\javaw.exe
C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Network Associates\Common Fram... Read more

More replies
Answer Match 50.82%

I've been reading through a bunch of the posts and figured that the best way to start would be to run HJT and SmitFraudFix. Here are the log files for both of the scans. If anyone can help me from this point it would be much appreciated.

Thanks,
Vic
Logfile of HijackThis v1.99.1
Scan saved at 2:47:58 PM, on 1/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe
C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?rs=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.netspantv.com/2/427
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settin... Read more

A:Solved: System infected with Malware - need help

9 more replies
Answer Match 50.82%

MY SYSTEM IS ATTACKED BY PAK/-GENERIC.001 & .006 VIRUS/MALWARE. PLS. ADVISE HOW TO REMOVE THIS VIRUS.Edit: Moved topic to the more appropriate forum. ~ Animal

A:Malware Pak_generic.001 Infected The System

What program is advising you about the Trojan?
Did your scan provide a specific file name associated with this malware threat and where is it located (file path) at on your system? If your scan saved a log file, it should show exactly what and where the malware was found so post that instead.

3 more replies
Answer Match 50.82%
A:Infected with "System security" malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

3 more replies
Answer Match 50.82%

Hi, all. First, thank you for everything you do. I've come to this site a couple of times over the years and everyone has been incredibly helpful. I really appreciate it.

Now I come once again with a malware issue. I thought Spyware Doctor had gotten rid of all of Protection System, but it seems there are still residual traces wreaking havoc. I can hear different programs clicking on & off in the background, but nothing shows up in task manager. Spyware Doctor is finding a new Trojan or spyware about once an hour. Firefox Google Search doesn't seem to work and when I go to Google directly, I'm sometimes redirected to a different site & another Google tab opens up. When I reboot, I get half a dozen of memory errors.

I ran DDS, but GMER just would not run at all. I can download the zip file, but the program itself just won't initiate an install. I have the same issue with MalwareBytes--it seems something is preventing these programs from loading.

If you have any insight as to what is going on, I'd appreciate any sage advice you have to offer. Thank you.

DDS.txt:


DDS (Ver_09-06-26.01) - NTFSx86
Run by Brigid Fitch at 19:22:51.92 on Mon 07/13/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.313 [GMT -4:00]

AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: Protection System *On-access sc... Read more

A:Infected with Protection System malware

hi.

Let run your gmer in a different way. Follow the instructions below;

If you have the gmer.exe now, delete it please.

Redownload GMER from here:
http://www.gmer.net/files.php

Unzip it to the desktop.

---------------------------------
Open Notepad and copy/paste the contents in the code box below, into Notepad.

Code:
@copy /y gmer.exe gamer.exe
@Start gamer.exe -protect
Save this as kyrie.bat Choose to "Save type as - All Files"

It should look like this:

Place the batch next to gmer & double click kyrie.bat to launch it.

--------------------------------------------------------------------------

When the program opens and click on the Rootkit tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for 'Show All'.
Click on Scan.
Once done click on the [Save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop.
Attach that ARK.txt in your next reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Mark

19 more replies
Answer Match 50.82%

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by CHRIS at 21:23:06 on 2011-11-24
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1977.917 [GMT 3:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\Apple... Read more

A:Infected with system fix malicious malware

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

3 more replies
Answer Match 50.82%

i was infected with the System Check malware, and have cured the rootkit, but from what i've read i still need something to remove the virus. Per the other instructions I had, I renamed the files with .vir extensions, but my AVG doesn't find them in a scan, unfortunately. I also ran Unhide which has helped, even if not perfect. I'm assuming I need to run Combofix, which I don't dare do without help! Looking forward to getting this resolved - thank you!!!
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Jen and Paul at 11:37:23 on 2012-03-25
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3838.1177 [GMT -5:00]
.
AV: AVG Internet Security 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: PC Tools Spyware Doctor *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32 ... Read more

A:infected with System Check malware

Hello and Welcome to Bleeping Computer!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us1.Do not run any other tool untill instructed to do so!doing so will only at best cause you unneeded worry as it finds our backups and may even list our toolsand at worst can cause conficts with our tools and lead to unforseen things to happen2.Please Do not Attach logs or put in code boxes.besides the time it takes me to open the reports it makes it harder to find something if I need to go back to do more research and putting them in code boxes just makes them so hard to read3. After each step give me a little feedback It does not need to be long but just something so I know how things are going it can be something likeI am still getting redirectedThe computer is running as it shouldDon't put things like - it is the same as before or still the same this just makes me go back and look for you last feedback as to how things are4. read every post completely before doing anythingPay special attention to the Notes** I have put inThese are things I have found that happen allot and can be taken care of easily just by reading the Notes**Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Back... Read more

3 more replies
Answer Match 50.82%

Hackers, malware writers and attackers use a variety of methods, sophisticated techniques and malware vectors to spread their malicious programs. They rely heavily on social engineering in order to infect computers. Spam emails are used by attackers in an attempt to trick the user into opening the email and clicking on links within it or opening a malicious email attachment. Attackers have been known to use exploit packs in order to craft Web pages to exploit vulnerabilities in system and application software and spread the threat in drive-by downloads.Anatomy of a drive-by download web attackMalware Infection Vectors: Past, Present, and FutureHackers and malware writers come from different age groups, backgrounds, countries, education and skill levels...with varying motivations and intents. Most malware writers and cycber-criminals today treat it as a business venture for financial gain while "script kiddies" typically do it for the thrill and boosting a reputation as being a hacker among their peers. Below are a few articles which attempt to explain who these individuals are and why they do what they do.Who is Making All This Malware — and Why?Who creates malware and why?Who Writes Malicious Programs and WhyWhat goes through the minds of hackers?Why do people write viruses?Meet The Hackers Who Sell Spies The Tools To Crack Your PC (And Get Paid Six-Figure Fees)What Makes Johnny (and Janey) Write Viruses?Keep in mind that the severity of infection will vary from system... Read more

More replies
Answer Match 50.82%

I'm not sure what to do. I keep getting this yellow blinking icon in my system tray. It says "critical system error" etc. It's yellow and sometimes it's a yellow exclmation point other times it's a yellow triangle. If I click on it when it is an exclamation point then it takes me to a website that's selling virusburst. Ther other one takes me to yet another spyware/virus killer page. I downloaded HijackThis and I am pasting the log file below. Please help me get my sysytem back to normal. Thanks.

Logfile of HijackThis v1.99.1
Scan saved at 2:14:03 PM, on 11/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\PCCTLCOM.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\TMPROXY.EXE
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\TMPFW.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\EXPLORER.EXE
C:\Pr... Read more

A:Infected System - Malware Etc. Need Help Badly

Hi and welcome

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
 

1 more replies
Answer Match 50.82%

Hi there!
im just a newbie here,

just wanna ask of how can i restore my system back to normal after
virus .EXE infected my whole system , Notepad; Regedit; command prompt and many other
application are got infected by that virus or how do you call that a malwre?

ive scan my system using spyware doctor and did all the steps that ive red
in this forum, but it didnt solve my problem.

other problem is ive downloaded COMBOFIX.EXE from here
ive run it and after the Green Loading Interface it just stop
and not running anymore, i did it several times but it just
keep on stopping after it loads. i already downloaded a copies
of Combofix but still doesnt work

im using Windows 7 ultimate..
hoping for your responses.. =)

Best regards and many thanks

-GiL

A:Virus; Malware or etc. Infected my system

hello,

please help..
can anybody help me here..

lot of thanks...

2 more replies
Answer Match 50.82%

I was surfing the internet and all of a sudden this protection system prompt popped up. I thought it was a legitimate windows prompt and thus clicked on it. It seems to have installed itself into my computer and has shut off my legitimate anti virus software. The Protection System program slows down my computer and it sometimes makes my screen go black and pops up with a prompt asking me to download more anti virus software. Sometimes it gets really bad with the pop ups and it doesn't allow me to do anything. I tried to download malwarebytes in order to solve this problem. I installed it successfully however, the protection system doesn't allow me to run malwarebytes. Same goes for my McAfee AV. Both are installed and neither one is allowed to run. Hope you guys can help with this problem. Thanks

A:Infected with Protection System Malware

We have a self-help area for removing common malware. Please see the tutorial How to remove Protection SystemWhen done, click the Logs tab and copy/paste the contents of the new report in your next reply.Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

3 more replies
Answer Match 50.82%

I am running Windows XP Media Center 2005 on my Compac Presario SR1750NX with Norton Internet Security. Once my computer boots, there's a message on my desktop that says, " WARNING! YOU'RE IN DANGER! YOUR COMPUTER IS INFECTED WITH SPYWARE!" A system scan is then ran by Sustem Security and then wants me to pay for an update for the full version of System Security to remove all of the spyware, malware and trojans that were found on my system. ALL executable files on my system are infected! I am forced to use my second computer to find a way to get rid of System Security from my infected computer. Please HELP!!!!
 

A:Infected with System Security Malware

Hiya and welcome to Tech Support Guy

Are you still having this problem? If so, can you do the following:

Please download Malwarebytes' Anti-Malware from Here or

Here

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed

with the disinfection process,if asked to restart the computer,please do so immediatly.
Download and scan with SUPERAntiSpyware Free for Home Users
Double-

click SUPERAntiSpyware.exe and use the default settings for installation.
An icon will be created on your desktop. Double-click that icon to launch the program.
If asked to update the program definitions... Read more

1 more replies
Answer Match 50.82%

I am running XP SP3 64 bit on a desktop. Two days ago I discovered I was infected with System Check malware. Working from a laptop I used RKill, TDSS killer, then Malwarebytes Anti-Malware to clean and I re-ran until no objects were detected. I followed that up with running unhide.exe, and re-running Malwarebytes. Recently, Symantec antivirus quarantined bloodhound.MalPE. The preparation guide instructed me to include attachments however this option appears to be disabled for me. I have zipped logs for DDS, TTDS and Malwarebytes Anti-Malware available when/if you want them. Here is my DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_23
Run by Ken at 12:22:45 on 2012-01-23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1185 [GMT -5:00]
.
AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDM... Read more

A:Infected by System Check malware

I still have reason to believe I am infected, or at least my system is still not back to normal, and am asking for verification and follow-up actions. I took this long to add this reply because I feared being pushed to the back of the line. The edit above makes it look like there's no action anymore, please advise.

10 more replies
Answer Match 50.82%

Previously I had AVG installed, it detected win32 heur and some tanatos.h, tanatos.j viruses. Recently I removed AVG and installed Avast home edition. It detected win32.sality, win32.junkpoly, win32.trojan-gen,
win32.klone-BMO, VBS-malware-gen.

Though I haven't figured out exact symptoms in my PC, I think all my .exe application are infected. I get error message when trying to execute some utility programs, registry cleaners after few uses. Also I can't boot my PC in safemode.It says due to recent hardware software conflict. But I guess a malware caused it.

DDS (Ver_09-07-30.01) - NTFSx86
Run by Manoj at 8:39:26.82 on Tue 08/11/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2724 [GMT 5.75:45]

AV: avast! antivirus 4.8.1335 [VPS 090810-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\Manoj\LOCALS~1\Temp\winlicfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\... Read more

A:malware infected all .exe (even system processes)

Bump please

1 more replies
Answer Match 50.82%

I am definitely infected with the System Security malware. I am currently posting this topic through safe mode and conducted the scan through safemode so I hope that will be okay. In normal mode, I cannot open any important programs so I was not able to do anything through regular mode. I have already gone through the scanning with malwarebytes and have rebooted the computer and everything and nothing was changed after the reboot which is very frustrating. Hopefully someone can find what is going on through these logs.

A:Infected with System Security Malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.??If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine.??Please perform the following scan:Download DDS by sUBs from one of the following links.??Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool.??No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 50.82%

I don't have any recollection of how it happened, but my system appears to have been infected by quite a bit of Malware and Trojans that the spyware/anti-virus programs I usually use have had a lot of trouble removing. Lately, my system has been uncharacteristically slow and takes longer than usual to operate. I have tried System Restore multiple times, but each time it fails (infected restore points?) My system operates on Windows XP.

I've used SUPERAntiSpyware, Spyware Blaster, Spybot, and Adware ..... but the problems still persist. Some of the problems that commonly show up are programs such as Smitfraud-C, Virtumonde, and Win32.Agent.icb (to name a few off the top of my head ...) I've also been using aVast home edition as my anti-virus program, and ever since my system became infected, it identifies various rootkits on a seemingly daily basis which it then removes.

What is the best way to permanently cleanse my system of these problems?

Thanks in advance for your assistance!

A:System is infected with various Trojans, Malware

Some types of malware will disable MBAM and other security tools. If MBAM will not install, try renaming it.Before saving any of your security programs, rename them first. For example, before you save Malwarebytes', rename it to something like MBblah.exe and then click on Save and save it to your desktop. Same thing after you install it. Before running it, rename the main executable file first

Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.

If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run..Another work around is by not using the mouse to install it, Just use the arrow keys, tab, and enter keys. ~ Courtesy of boopmePlease download Malwarebytes Anti-Malware and save it to your desktop.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that... Read more

5 more replies
Answer Match 50.82%

Hello,

I had a pretty standard malware attack. Desktop background changed to image saying I was infected (attached). Some processes were set to run on startup, and a system tray icon of a red circle with a white "X" in it showed up. On startup, the malware would start and run a "system scan" looking for infections. Typically I would rightclick on the APP in the windows toolbar and close the application before it could scan too much. This would still leave the icon in the system tray, which would have a pop-up every few seconds telling me I was infected.

The malware disabled the taskmanager, which is extra annoying. I installed HJT and spybot search-and-destroy. I couldn't see anything obvious in the HJT scan, but the Spybot search took care of the problem.

Apparently, the malware (or possibly another user on this computer, but I doubt it) disabled the firewall, and the the malware was back in similar fashion. The Spybot search this time took care of the system tray icon and the application from running on startup, but the background is still locked so I would like to get rid of the rest of this problem.

Any information on this would be helpful. From what I can see, the C:\WINDOWS\system32\sdra64.exe file looks particularly suspicious, and I would normally start with getting rid of this, but if I can do it all in one clean with some help I would prefer this.

Thanks in advance!

joe
DDS (Ver_09-07-30.01) - NTFSx86
Run by ... Read more

A:Your System Is Infected! - Malware residuals

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..Please download ComboFix by sUBs from HERE or HERE and save it to your Desktop.During the download, rename Combofix to Combo-Fix as follows:It is important you rename Combofix during the download, but not after.**NOTE: If you are using Firefox, make sure that your download settings are as follows:Tools->Options->Main tabSet to "Always ask me where to Save the files".After that, double-click and run Combo-Fix. Let it finish its job and post the log hereIf ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

2 more replies
Answer Match 50.82%

Windows XP Professional. Autorun of 643D70A2.exe, iexplore.exe and other unknown files in system32 (sometimes) when start up windows. Keep recurring even though i've manually deleted it from system32 many times. Please help. Thanks

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\wai ying\Desktop\Autoruns\autoruns.exe
C:\WINDOWS\regedit.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\wai ying\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com.sg/
uSearch Bar = hxxp://www.google.com/ie
BHO: WebThunder Browser Helper: {00000aaa-a363-466e-bef5-9bb68697aa7f} - c:\program files\thunder netw... Read more

A:Infected System - Suspected Malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for p... Read more

20 more replies
Answer Match 50.82%

Hi people,

Please assist me in unboxing my systems potential threats.

My antivirus program (Avira Personal) noticed a trojan called TR/Crypt.XPACK.Gen and something called TR/Dialer.2866E41B

On second runthrough with Avira, everything is ok.

I have followed your forum rules with dds.scr and gmer, but since I am running Windows 7 RC (I know it is not final and therefore a security risk) dds.scr won't run and the program doesn't have any compatibility mode.

But gmer ran without a problem. I have attached the ark.txt as a zip file.

Thank you all in advance
Philip

A:May have infected system with trojan and malware

Hi guys,

Are you able to look into my problem?

3 more replies
Answer Match 50.4%

An icon named "Hard Drive Diagnostic" just showed up on my desktop and later that day I had pop ups about threats to my computer and missing hard drives appear so I restarted to safe mode and ran MBAM (after updating it). After removing infections I thought it would be done but after rebooting to normal mode the pop-ups showed back up. I re-ran MBAM but again it did not solve the problem.
DDS (Ver_10-12-05.01) - NTFSx86 NETWORK
Run by Miami Student at 20:46:14.39 on Mon 12/06/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.557 [GMT -5:00]

AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Miami Student\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = https://www.google.com/a/muohio.edu/ServiceLogin?service=mail&passive=true&... Read more

A:Hard Drive Diagnostic Malware

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

14 more replies
Answer Match 50.4%

My system has been acting up for the last month or so. The most typical symptom is the system crashing if I leave the computer idle for an hour. Most of the drivers will fail, eventually leading to a complete system halt and having to perform a hard reboot. I can't identify any one driver which is consistently the first one to crash. While I'm using the computer this problem does not, or rarely, arises.

I suspect a nasty trojan or some malware which is attacking my drivers. I need someone to have a closer look and point me in the right direction.

Other symptoms include being "logged out" of Windows XP (while I'm away from the computer), even though this is a feature I never use, or my Intel Pro/Set Wireless drivers will be activated even though I almost always use Windows to manage my wireless connections.

Steps I've taken:
- Virus scanned with Avira AntiVir Personal (safemode);
- Scanned with Malwarebytes' Anti-Malware (safemode);
- Scanned with Trend Micro Housecall (safemode);
- Scanned with F-Secure Online Virus Scanner;
- Reverted to a system restore point prior to receiving these errors.

- I've also performed all recommended steps: removed P2P programs; and attached required doc's etc. The only issue: is that I have a pre-installed Win XP SP3 that came with my Dell so I don't have an XP Boot CD. I've tried to make a back-up bootup DVD-ROM but whether it is reliable is another thing.


DDS (Ver_10-11-10.01) - NTFSx86
Run by Nick at 10:34:3... Read more

A:Diagnostic Assistance - Suspected Malware

I'm experiencing very similar problems as member Fcortes and have stolen his discription of the problems he's experiencing to make my own:

"When the condition starts (which is at random) text from buttons starts missing, random memory errors appear, message boxes come on with no text and black color on the header, tool tips appear with no text , the start button or menu has missing icons or text, when clicking an icon the program does not load or would give you a message like described above..."

18 more replies
Answer Match 50.4%

Caught rogue malware and was brought down hard. at least, but not sure if limited to System Antivirus malware. first killed the processes, eventually got Malwarebytes and AVG (both free versions) installed after changing the .exe filenames and the foldernames, and have run both repeatedly. also cleaned out MSConfig start up, for what that's worth, and downloaded and installed Super Anti Spyware (listed as Geylin in log to get it to run), combo fix, but have not run yet.

still seeing 2 or 3 things every time I run malwarebytes, so wanted to reach out to the experts. thanks in advance.
DDS (Ver_09-06-26.01) - NTFSx86
Run by Edward L at 0:04:45.85 on Tue 07/14/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.494.80 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\... Read more

A:infected with rogue malware - System Antivirus

Hello and welcome to Bleeping Computer.My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I wouldbe grateful if you would note the following: Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
Copy and paste all logs requested in you reply, Do not attach them unless asked too.
If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
If I do not hear back from you within 5 days of my last post, then this topic will be closed.Please download Malwarebytes' Anti-Malware from HereNote: If you already have Malwarebytes' Anti-Malware, just update then run it.Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan (the scan may take some time to finish, so please be patient).When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be p... Read more

13 more replies
Answer Match 50.4%

The system has somehow been infected by Malware defender 2009 and it automatically opens up a false window every few minutes to tell me that the system is infected and opens a window showing that a scan is running and thenfrces me to buy the software fro its site. I have a trail ersion of norton installed and it tells me that it blocks the virus from causing any harm to the system but is not able to stop the false Malware defender autoscan window from appearing agaian and again. Could you pls. help. Thanks.

DDS (Ver_09-03-16.01) - NTFSx86
Run by AK at 20:21:30.46 on 24/03/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1015.509 [GMT 0:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated)
FW: Norton Internet Security *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IDT\WDM\STacSV.exe
C:\WINDOWS\system32\userinit.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton Internet Security\Engine\16.0.... Read more

A:Malware defender 2009 has infected the system

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_Sca... Read more

2 more replies
Answer Match 50.4%

Hi,
My system has Windows XP professional, SP3. I am having problem using search engine like google with both browsers IE and Google Chrome. Once I boot the system it allows to use google properly but for the subsequent time if I try to look for something else then it redirects to some other random website. This happens more when if by chance I use the Back button in the browser. My system has the latest Norton Internet Security and thats sort of useless for this specific Malware. I am not sure why does Norton charge so much money if their softwares can't detect any malwares.

Anyways, I am sure my system is infected and not sure what to do. I followed the instructions given under "NEW INSTRUCTION- Read This Before Posting For Malware Removal Help".

The DDS text is as follows:


DDS (Ver_09-12-01.01) - NTFSx86
Run by Ajay at 19:41:54.70 on Thu 01/21/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3572.2574 [GMT -5:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\drivers\audio\r213367\stacsv.exe ... Read more

A:[SOLVED] Redirect Malware infected my system. Pls Help

Hi,
I am posting the log file thats been created after I execute ComboFix.exe

ComboFix 10-01-21.02 - Ajay 01/21/2010 22:05:50.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3572.3117 [GMT -5:00]
Running from: c:\documents and settings\Ajay\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Ajay\LOCALS~1\Temp\install_flash_player.exe
c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
c:\windows\EventSystem.log
c:\windows\jestertb.dll
c:\windows\system32\twain_32.dll

Infected copy of c:\windows\system32\drivers\iaStor.sys was found and disinfected
Restored copy from - Kitty ate it :p
.
((((((((((((((((((((((((( Files Created from 2009-12-22 to 2010-01-22 )))))))))))))))))))))))))))))))
.

2010-01-22 01:50 . 2009-12-09 22:46 2747440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100121.023\CCERASER.DLL
2010-01-22 01:50 . 2009-11-13 06:00 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100121.023\NAVENG.SYS
2010-0... Read more

5 more replies
Answer Match 50.4%

First, a huge thank you to anyone reading this post.

My computer is infected with malware showing itself as "System Restore". It's not quite the same, but looks pretty similar to the "System Recovery" malware, so I have been following the advice written here: http://www.bleepingcomputer.com/virus-removal/remove-system-recovery

One note - before I found that link, I cleaned my files, including temporary files where it looks like backups were stored there.

I've been able to get through all the steps until I get to TDSSKiller. I can download the program installer, but I cannot run it whether I rename it iexplore.exe or as anything followed by a .com extension. It just won't open. That's been common with a couple of the other programs, but they would run eventually.

I've attached the files requested here: http://www.bleepingcomputer.com/forums/topic34773.html

If you need additional information, please let me know.

Thank you!!!

A:Infected with "System Restore" Malware; Can't Run TDSSKiller

Hello and Welcome to the forums!My name is Gringo and I'll be glad to help you with your computer problems.Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger:Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appea... Read more

3 more replies
Answer Match 50.4%

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:50:20 PM, on 1/18/2010
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\McAfee.com\Agent\mcagent.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\WINDOWS\System32\smss32.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\WINDOWS\System32\ctfmon.exe
D:\Program Files\ewido anti-spyware 4.0\guard.exe
D:\Program Files\McAfee\SiteAdvisor\McSACore.exe
D:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
d:\program files\common files\mcafee\mna\mcnasvc.exe
d:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
D:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
D:\Program Files\McAfee\MPF\MPFSrv.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
D:\WINDOWS\System32\IS15.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - D:\Program Files\McAfee\... Read more

A:Trojan SPM/LX - Your System is Infected - Other Trojans/Malware

I am getting pop ups - i believe from many different malware - internet security 2010 - your system is infected - and trojan spm/lx - and i can't run smitfraudfix.cmd

please help!!
 

1 more replies
Answer Match 50.4%

I'm posting this from my laptop, because I can't stay on your site or anyother site with the pc that is infected. It keeps changing stating that "Internet Explorer Warning-visiting this web site may harm your computer" ETC. I been looking in the area for removing tilitymalware guides and have tried to download the Malwarebytes Anti-Malware to remove this thing that has hyjacked my pc. It won't let me down laod so I put it on a fash card and got it installed on the pc, but now it won't run on the pc. I've tried Spy-bot and others but nothing will open and run. I'm real close to doing a complete re-install of XP, but I really don't to. I looked in the System Configuration Utility and found " Id08.exe and Sysguard.exe " in the start up tab and removed the checks and rebooted. I'm some what computer smart, but obviously stupid. Could use some help with this. Also in my searching for help I've read that the Id08.exe is really nasty and could have compromised my banking and credit card sites. I disable my internet conection as soon as the hyjacking started and have not tried to get on any sensitive websites since. Oh my ZONE Alarm failed me once again as it was up and running when this started. I can't get a HJT log because it won't run either. Anything that can help me would be appreciated. I got the DDS Log to work.
DDS (Ver_09-05-14.01) - NTFSx86
Run by jbandt at 13:05:09.34 on Sun 06/21/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Editio... Read more

A:Infected with nasty Malware "Antivirus System Pro"

Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt.Please post the contents of that document.********* If MBAM will not install, please rename the installer mbam-setup.exe. Example: newtool.exeProceed installing the renamed installer of MBAM. If MBAM will not run, go to the program directory of MBAM (e.g. C:\Program FIles\Malwarebytes Antimalware\) then rename mbam.exe to newtool.exe, double click newtool.exe to proceed in running a quick scan. * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select "Perform Full Scan", then click Scan. * The scan may take some time to finish,so please be patient. * When the scan is complete, click OK, then Show Results to view the results. * Make sure that everything is checked, and click Remove Selected. * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. * Copy&Paste the entire MBAM report (even if it does not find anything) in your next reply Extra Note:If MBAM enc... Read more

48 more replies
Answer Match 50.4%

I am running Windows Vista Home Premium Service Pack 2 on a Compaq Presario F700 Notebook w/ 2 GB RAM.Several weeks ago, after launching a link on Facebook, I my laptop was taken over by Windows System Repair rootkit. I was able to reboot in safe mode and run Malwarebytes and get back control of my laptop but have been having continuous problems. Right after running malarebytes I started having Multiple Iexplore.exe processes running invisibly, causing audio clips of commercials, such as Slim Jim commercials and other random ads and a sports broadcast from 2010. Very wierd.I think I had other infections, prior to this one, that I was unaware of. At some point last year my Task manager was all but disabled, showing on the processes window. I also lost the function of my optical disk drive. And the Shockwave Flash plug-in began to regularly crash spontaneously (I have discovered I can recreate that event by ending the plug-in container process in Taskmanager.) At that time I was running IObit and Avira and thought I was protected.Since the Windows Vista Repair attack I have added Avast and run several completet scans, including boot scans. i have uncovered some infections but continue to have problems.I have runn CCleaner and Super Anti-Spyware.I run Mozilla Firefox 5.1 having recently upgraded from 3.6, thinking that might solve my problems. My current problem is IE spontaneously opening a hidden window with the ultimate effect of shutting down my sound. Restarting F... Read more

A:Became Infected with "Windows System Repair" Malware

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:***************************************************First, I need to know if you still need help! To tell me this, please click on http://www.bleepingcomputer.com/logreply/410696 and follow the instructions there. If you no longer need help, this is all you need to do. If you do need help please continue below.***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
Please do this even if you have prev... Read more

18 more replies
Answer Match 50.4%

Computer is infected w malware that creates multipe processes that slow the computer and makes opening programs extrememly slow.  The image name of the tasks are always:  rtjhqlpkkt.exe*32
 
 i tried virus removal tools but thewy dont work..  I believe this came in with an update to one of my browsers but i dont know which one  i have firefox, chrome and WIndows.. I THINKit came in w chrome, but again, Im not sure.  the computer has been infected for a long time, but i am finally sick of waiting....

A:infected w malware that affects system 32 files

Hello SadHenrysDad,my name is Jo and I will help you with your computer problems.Please follow these guidelines:Logs can take a while to research, so please be patient.Read and follow the instructions in the sequence they are posted.print or copy & save instructions.back up all your private data / important files on another (external) drive before using our tools.Do not install / uninstall any applications, unless otherwise instructed.Use only that tools you have been instructed to use.Copy and Paste the log files inside your post, unless otherwise instructed.Ask for clarification, if you have any questions. Stay with this topic til you get the all clean post.My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.***Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.Vista / Windows 7/8 users right-click and select Run As Administrator.A Notepad document should open automatically called checkup.txt; please post the contents of that document.***Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt
start
CreateRestorePoint:
CloseProcesses:
EmptyTemp:
DisableService: CouponPrinterServic... Read more

24 more replies
Answer Match 50.4%

I have a computer under my care that is acting strangely. The problem manifests itself in iexplorer.exe . The program is eating up TONS of memory sometime 80k, and shows up twice in the task manager when it is only running one instance of the program. It's IE8. I've run spybot search and destroy, AVG virus scan, and the Malicious Software removal tool, to no avail. i'm running Windows Xp professional Version 2002 SP 3. Confession: I did run combo-fix and it repaired an infection at C:\windows\system32\kernal32.dll .
____________________________________________________________________

More replies
Answer Match 50.4%

HiMy system was recently quite unstable (regular IE crash...) and in particular after windows started, a message box of 'www.1987324.com' was always popping up with a message in Italian. I could start IE (v 6.0.2800) but it always loaded this webpage 'www.1987324.com' first without me being able to change anything.I followed the different steps you indicated in the 'Preparation Guide for use before posting a HijackThis Log'. I had a few problems running Ad-Aware (had to run it in safe mode first...), but finally Ad-Aware, SpyBot and Housecall AV managed to remove many malware (however for some reasons some could not be deleted after the last scan by Housecall).Now the box of 'www.1987324.com' apparently disappeared and I've been able to change my homepage address.I'm running WinXP Pro SP1 and would like to move to SP2 now. Before I do it, could you please look into my HJT log and tell me if I have to take any actions ? Thanks in advancecould be important: I had tried to install SP2 1 week ago, but the installation was unsuccessful. Now it seems I'm running SP1 (e.g. when checking with winver), even though SP2 is still listed in my programs of the control panel - I've tried to uninstall SP2 (or any remaining files of it) following all steps from MS (article ID = 875350 on MS website), but it never worked out... I even tried to install KB888162 from MS (critical update to check which version I'm running), but the installation of this critical update failed! Now I'd like to ... Read more

A:Unstable System - Infected By 1987324.com (among Other Malware)

Definitely do not upgrade at this moment. You have quite a bit of malware on your system and updating to sp2 could cause a lot of instability on your computer.You may want to print out these instructions for reference, since you will have to restart your computer during the fix.Please download FixWareout from one of these sites:http://downloads.subratam.org/Fixwareout.exehttp://www.bleepingcomputer.com/files/lonny/Fixwareout.exeSave it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.Once the desktop loads a text file will open (report.txt), you can close it - the file has already been saved.Download haxfix.exeand save it to your desktop.Double click on haxfix.exe to install haxfix. (standard installation path is c:\program Files\haxfix)Checkmark "Create a desktop icon"Click "Next"When the installation is completed, make sure that the checkmark "Launch HaxFix" is placedClick "Finish"A red "dos window" (dos box) will open with options:1. Make logfile2. Run auto fix3. Run manual fixE. Exit HaxfixSelect option 1. Make logfile by typing 1 and then pressing EnterHaxfix will start scanning the computer. When it is finished a logfile will open: haxlog.txt > (c:\haxfix.txt)Copy the contents of... Read more

29 more replies
Answer Match 49.98%

Got infected with this virus, which looks and acts just like what is described in the Hard Drive Diagnostic Uninstall Guide. On starting up, it starts going through its thing, but when I ctrl-alt-delete, Task Manager button was greyed out! I got it back by booting in safe mode with command prompt and then deleting this from the registry: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTskMgr

Now I can ctrl-alt-delete and stop the popups that the malware displays, but then I am just stuck in a blank, black safe mode screen with no taskbar. I can pull up a command prompt, but no idea what to do with it. I can get back into the task manager, but nothing is running in applications, and the list of processes doesn't mean anything to me.

I'm ready to make a log, but not sure how to get the log-making files onto the computer.
Thanks in advance.

A:Infected with Windows Diagnostic Tool

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Please take note:If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available.If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply'... Read more

3 more replies
Answer Match 49.98%

Hello,
When i was first infected with the above virus i ran the Rkill which was successful. Based on the steps provided i than ran Malware removal program which required update. When performing the update it failed so i continued with the existing version and removed what it found. Based on the instructions i than restarted the laptop but the Hard Drive Diagnostic came back. Please help me to remove this virus. I'm attaching the DDS log below:

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Run by Komal Sharma at 17:10:10 on 2011-06-24
.
============== Running Processes ===============
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spools... Read more

A:Infected with Hard Drive Diagnostic

Hi, Welcome to Bleeping Computer.My name is Shannon and I will be working with you to remove the malware that is on your machine.I apologize for the delay in replying to your post, but this forum is extremely busy.Please Track this topic - On the top right on this tread, click on the Option button, and, in the drop-down list, click on 'Track this topic'. Under Subscription Information, click on 'Immediate Email Notification' and then click on the Proceed button at the bottom.Do Not make any changes on your own to the infected computer.Now, let's look more thoroughly at the infected computer -If you need to run RKill to get past the XP Diagnostic infection, do so.We need to see some information about what is happening in your machine. Please perform the following scan:We need to create an OTL Report -
Please download OTL from here:Main Mirror (If you are unable to download it, you might need to download it to flash drive using a clean computer and running it from the flash drive.)Save it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Change the "Extra Registry" option to "Use SafeList"Push the button.Two reports will open, copy and paste them into your reply:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedPlease note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disab... Read more

26 more replies
Answer Match 49.98%

Hey all!

So a few weeks ago i was infected with tigefeki.dll virus/malware whatever. Supposedly, Kaspersky found it and deleted it on startup. Now, Kaspersky 2010 as well as Mbam regularly find random malware/virus dll's and other files. When found, they are disposed of successfully. However, after several clean full (deep) scans from both softwares, my computer is still exhibiting worrying symptoms which include:

-Flickering screen when changing programs (as if the graphics card was frequently resetting)
-Pretty slow boot up
-Lagging program boots, especially immediately after startup (for instance, firefox takes like 3 minutes to boot up)
-Lagging PC game performance, even though i've overclocked my ATI Radeon graphics card
-Some commands result in forced restart, when the computer beeps and goes to the "memory dump prep" screen and prompts a reboot

Please note that none of this was happening before the tigefeki.dll virus as well as anything i have or haven't been infected with since.

I'm new here, so i really don't know what logs or information to post, but i'm willing to install programs and post whatever is needed to fix this.

Thanks a bunch in advance!

A:Malware/Virus Symptoms, but no proof? Diagnostic Help Please!

~~~~~~...~~~~~~~

BUMP.

5 more replies
Answer Match 49.98%

Hello,
Thank you in advance for your help and support! When loading web pages using IE, the pages are taking a very long time (ok, longer than normal) to load. This is quite frustrating as my wife sits right next to me with her computer and they load fine.... Please help my computer, it is jealous of my wifes computer. Here are the requested info:

HiJack Log
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:38:19 PM, on 1/20/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17093)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMServic... Read more

A:System infected with malware - internet running very slow

6 more replies
Answer Match 49.98%

Hi, I am in need of some help to get this mess off my computer. I clicked a link on Facebook and I believe that is responsible for this mess I am in. My computer runs very, very slow now. Sometimes I have to click on something three times before it will actually do something. When I scroll the page it is very jumpy and sometimes wont scroll at all. It also freezes up while typing and then will unfreeze and finish out what I typed (if that makes sense). I was using Avira and it has found nothing. I downloaded a trial version of Kaspersky and it has found nothing. I then downloaded Spy Sweeper and it found Trojan Download.Ruins and 29 other malware infections that it didnt name. BUT it would not remove then without paying $50. I later ran Trendmicro Housecall and it claimed to have removed it but my system is still whacky and acting the same way.

My OS is Windows Vista (SP1), I mainly run Firefox - currently I am running the free trial version of Kaspersy Anitvirus

Please help me get rid of this!!

A:Trojan Downloader and ohter malware have infected my system!

Welcome to BCSome types of malware will disable Malwarebytes Anti-Malware and other security tools. If MBAM will not install, try renaming it first.Right-click on the mbam-setup.exe file file and rename it to mysetup.exe.Double-click on mysetup.exe to start the installation.If that did not work, then try renaming and changing the file extension. click this link if you do not see the file extensionRight-click on the mbam-setup.exe file, rename it to mysetup and change the .exe extension to .scr, .com, .pif, or .bat.Then double-click on mysetup.scr (or whatever extension you renamed it) to begin installation.If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files.Right-click on mbam.exe, rename it to myscan.exe.Double-click on myscan.exe to launch the program.If that did not work, then try renaming and change the .exe extension in the same way as noted above.Double-click on myscan.scr (or whatever extension you renamed it) to launch the program.If using Windows Vista, refer to How to Change a File Extension in Windows Vista.Be sure to update MBAM through the program's interface (preferable method) or manually download the definition updates and just double-click on mbam-rules.exe to install. Then perform a Quick Scan in normal mode and check all items found for removal. Don't forgot to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. When done, click the Logs ta... Read more

11 more replies
Answer Match 49.98%

Hi, I have a system that is infected with (most likely) a rootkit. It will not allow any scanners or most antimalware programs to run. So far I have successfully run DDS and gotten a log, gmer but it did not specifically identify any threats, rkill (iexplore version) which finds and kills 2-3 process' but they get recreated instantly and process names change each time. Renaming other scanner's exe's does not work.

What will not run or gets killed shortly after starting: combofix, mbam, superantispyware, hitman pro, catchme, mbr.

Safe mode produces the same results, no obvious bad files created recently, pulling the hard drive and scanning on another pc with mbam, eset and most of the others above does not find any infected files.

Can you provide any further insight? Much appreciation in advance.

A:Infected system attacks anti-malware software

Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

1 more replies
Answer Match 49.98%

An alert window telling me my computer is unsecure and to download all sorts of viral antispyware programs. the reoccuring message is "Windows has detected an internet attack attempt... Somebody's trying to infect your PC with spyware or harmful viruses. Run full system scan now to protect your PC from internet attacks..."I ran all the spybot and ad aware things and it says that everything is clean. Therefore, I don't know what this problem is called. The first thing that happened was that I couldn't open my task manager. after I ran spybot, that fized that problem. Then my desktop background turned into a red background that had a hazard-like symbol on it. again, i fizxed this. But i'm still getting popups and errors and my Computer is running incredibly slowly.Please help.-TanjaHere is the log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:30:22 PM, on 12/30/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Progr... Read more

A:Infected With A Fake Malware/spyware Alert System.

Welcome to the BleepingComputer HijackThis Logs and Analysis forum tanjasofiaMy name is Richie and i'll be helping you to fix your problems.Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546You are well advised to remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present,then restart your pc:ViewpointViewpoint ManagerViewpoint Media PlayerYour version of Sun Java is out of date.Older versions have vulnerabilities that malware can use to infect your system.Please follow these steps to remove older versions of Sun Java,and then update.1. Download the latest version of Java Runtime Environment (JRE)2. Scroll down to where it says 'Java Runtime Environment (JRE) 6 update 3'.3. Click the "Download" button to the right.4. Check the box that says: "Accept License Agreement".5. The page will refresh.6. Click on the link to download 'Windows Offline Installation, Multi-language' and save to your desktop.7. Close any programs you may have running - especially your web browser.8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.10. Click the Change/... Read more

11 more replies
Answer Match 49.98%

Hello,

I posted another thread in this forum about my website being repeatedly hacked. I also mentioned that I couldn't run a scan with MalwareBytes' Anti-Malware, because the program would close just a few seconds after starting a scan.

The first reply to that thread was from a user suggesting that this might be a sign that my machine might be infected, and that I should run a scan with HijackThis! and post the log here. I decided to do what he/she recommended, so here it is:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:34:20 PM, on 11/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\hpppt.exe
C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\photo_id.exe
... Read more

A:Unable to run MalwareBytes' Anti-Malware, system infected?

16 more replies
Answer Match 49.98%

I saw someone with the same problem on this forum. I feel really stupid for falling for this, considering I feel I know my way around computers. Very humbling to say the least. I scanned everything like was asked but it didnt clean this problem out. Two icons on my desktop keep re appearing. Thanks so much for any help!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:33:55 AM, on 11/7/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Creative\ShareDLL\CtNotify.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exeC:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exeC:\Program Files\Creative\ShareDLL\MediaDet.exeC:\WINDOWS\system32\CTHELPER.EXEC:\Program Files\BroadJump\Client Foundation\... Read more

A:Infected With Malware...(yellow Triangle On System Tray)

Welcome to the BleepingComputer HijackThis Logs and Analysis forum startex777 My name is Richie and i'll be helping you to fix your problems.It appears you've no virus protection installed.Download\install one of the following freeware options from the choice below.Once installed update its definitions and then run a full system virus scan.AVG7 Free Edition Antivirus:http://free.grisoft.com/softw/70free/setup...ree_446a965.exeAvast! 4 Home Edition: http://files.avast.com/iavs4pro/setupeng.exeAvira AntiVir Personal Edition Classic http://www.free-av.com/With you having Service Pack 2 installed i'm presuming you're using the Windows Firewall.You may be behind a hardware firewall(router/NAT),but it would'nt hurt to install a third party software firewall to henhance protection.A word of warning regarding the Windows Firewall in Service Pack 2,it only filters INCOMING traffic. That means if malware happens to compromise your PC,it will be able to SEND OUT out your credit card data,and any other personal information.I suggest you install a more robust third party firewall that filters both INCOMING and OUTGOING traffic.Download\install one of the following freeware firewalls from below:Sygate Personal Firewall Free Edition:http://www.filehippo.com/download_sygate_personal_firewall/Zone Alarm Free:http://download.zonelabs.com/bin/free/1001..._737_000_en.exeComodo Personal Firewall:http://www.personalfirewall.comodo.com/Outpost Firewall Free:http://www.agnitum.com/pro... Read more

1 more replies
Answer Match 49.98%

Cannot download Defogger or DDS Tool as recommended by Bleepingcomputer. When I try to download these the "System Tool" in the lower right pops up with "file MinDM.exe is infected. Please activate your antivirus software."
Upon computer startup the desktop now has wallpaper saying "Warning! Your're in Danger!...etc."
Cannot run AVG.

A:Infected with fake spyware/malware SYSTEM TOOL

Hello, did you install IE7Pro?EDIT: I moved this to the Am I Infected forum as there is no DDS log.Please follow our Removal Guide here Remove System Tool and SystemTool .After reading how the malware is misleading you ...You will move to the Automated Removal InstructionsAfter you completed that, post your scan log here,let me know how things are.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

1 more replies
Answer Match 49.98%

Good Sunday Afternoon,

I am so happy to have stumbled upon this site as I was searching for alternative methods of contacting Super Anti Spyware Tech Support for help. Unfortunately, I am unable to contact their tech-support, nor can I access any type of updates. It appears that last weekend while spending time with my parents and having a cook out with them and my neighbors, my neighbors son who is 14 asked to check his myspace, which I did not mind, Later that evening I noticed three icons on my desktop nudetube, pornotube and youporn. Upon opening Safari I noticed that in my top favorites that a web site had been added entitled "big boob fiesta" (I think). After deleting the desk top icons and this web site and then restarting my computer I have had nothing but problems.

First I was unable to start my computer, as windows was starting up a blue screen would populate with some type of message but was only their for a second before the whole thing turned itself off and then started all over again. I then tried starting in Safe Mode and then Safe Mode with networking with the same conclusions. Finally I was able to start up using the last known good configuration but am and have been receiving numerous error messages. These include, but are not limited to due to the fact that I have not been writing all of them down, a RootKit.Win32.Agent.pp error message; Svchost.exe; Svchust.exe; Bravia.exe; alg.exe; explorer.exe; MCI Command handling window:explorer.exe; Co... Read more

A:Severely Infected System: Spyware/Trojan/Malware?

Hi and welcome to TSF.

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programmes, or run any other scanners or software, unless I specifically ask you to do so.




Combofix
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please read all the information carefully!

You MUST disable your AntiVirus and AntiSpyware applications - please read this thread as a guide. They may otherwise interfere with our tools and interrupt the cleansing process.

Please include the log C:\ComboFix.txt in your next rep... Read more

9 more replies
Answer Match 49.98%

Hi dear,
suddenly,my system infected by MALWARE,and i did all the recommended action given by the antivirus programm,but i found after that,i cant open hard dirve C & D,,,but i can use desktop and my documents,,
please help me to solve this problem as soon as possible.
thanks
regards
 

A:ITS URGENT,MY SYSTEM INFECTED BY MALWARE,,I CANT OPEN harddrives C & D

Please do not create multiple threads for the same problem! Read >>Posting help read first<< if you feel you are not getting help.

Closing duplicate thread, please continue here: http://forums.techguy.org/malware-removal-hijackthis-logs/717009-its-very-urgent-i-can.html
 

1 more replies
Answer Match 49.56%

Hello,
 
 first thing I hope I'am in the right area to post my problem, I have a problem with the system diagnostics report on my pc.  I have done all I know to do.  I ran a system report and health report and the error message says the security center has not recorded an anti-virus product.
 
Verify that an anti-virus product is installed and functioning, configure security center and anti virus status.
 
I have checked the anti virus on my pc and says is up to date and says in the security section that all is on and connected.
 
I don't know what else to do. I have tried to find a solution in windows website.
 
Thanks for reading
 
Gina :smash: 

A:system diagnostic

What OS are you running? (XP, ,Vista, 7...etc.)
What AV are you using? (Norton, McAfee, Avast...MSE, etc)
Is this something that has only recently started? If so, what is new or different on your system?
Have you scanned for malware or noticed any malware like activity on your system?

4 more replies
Answer Match 49.56%

I am looking for a "1 stop shop" program that will do a detailed scan of my entire system and locate any problems or opportunities and suggest how to correct them or what may be the cause of the error or slowdown. Freeware would be great, but I don't mind paying for it if it is worth the money.
Any suggestions?

Thanks
 

A:System diagnostic

take a look at this site ,pc pitstop. maybe it will do all you want.
http://pcpitstop.com/
 

2 more replies
Answer Match 49.56%

Hello,
My computer keeps showing a screen that says Hard Drive Diagnostic and makes my background black. It will not let me take it off or shut it down and keeps telling me all these kinds of errors such as "Boot Sector of the hard drive is damaged- Critical error". I have searched for hours and found no info on how to go about removing this. Any info would be greatly appreciated!

More replies
Answer Match 49.56%

Hi everyone! I've never posted on this site, so first of all I want to say hello and to thank you in advance for your help.My PC has become very slow and often freezes (even five-six times per minute). Avira detects some malware (TR/Dropper Gen...only, I'm afraid there is much more than this!), but it can't eliminate it. I have already started the pc in safe mode and performed an unsuccessful scan with Malwarebytes. No malware was found. Then I followed the steps suggested in the 'Preparation guide for use before using malware removal tools and requesting help'. Unfortunately DDS doesn't seem to work, and the gmer scan leads to the Blue Screen of Death! The only diagnostic tool which seems to work is Hijackthis, so I am posting the logfile in attachment. I really hope you give me some advice...Thank you!

A:Infected with TR/Dropper Gen & more - Diagnostic utilities don't work

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. Please take note: If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available. If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far. Upon completing the steps below another staff member will review your topic an do their best to resolve your issues. If you have already posted a DDS log, please do so again, as your situation may have changed. Use the 'Ad... Read more

3 more replies
Answer Match 49.56%

Hey folks, this forum has been a great help for me in the past usually by browsing self-helps, but this time I need some help. My computer was doing fine and I was browsing happily and updating my ipod to the new OS when I noticed the update was frozen on one particular spot. I assumed it was simply taking a while and I went to bed. When I woke up a few hours later it was still frozen so I tried to reboot my computer. This gave me nothing, as the computer would cyclically reboot itself just before the usual Windows screen pops up. Even attempts to boot in safe mode usually ended in this cycle of reboots. It's been two days now, and I finally managed to get it booted up and connected to the internet, though i'm kind of limping. Most of the 4-5 times I managed to boot up all desktop icons were gone, and was told there was nothing on my C drive. Another round of reboots gave me limited access through my quicklaunch bar to malwarebytes and iexplore. I've had 'similar' problems before with high-profile "Anti-Virus" malware, though in this circumstance there's nothing precisely 'visible' that's put a boot on my system. I managed to run RKill, though am unable to run Combofix as I can't get to the file and attempts to redownload it have failed. I'll post my HijackThis log below, and i'm sorry for making you read all this. I hope this is helpful, and thank you for your time.-Tayloredit-I've also been getting a ... Read more

A:Diagnostic needed, similar symptoms to a fake AV malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about y... Read more

2 more replies
Answer Match 49.56%

Long story short...my inlaws let their Norton expire and they continued to use the computer against my recommendation so...by the time i got the laptop it had the windows diagnostic malware. That seems to be gone thanks to assistance from this great team...but it still re-directs from search enginges. so here i am - uncle. it is a Thinkpad running XP with Norton360. I upgraded to SP3 and downloaded all security updates. I've also installed Firefox, & Malwarebytes. I've also tried Ad-aware, HitmanPro and Super-Antispyware. They have each found something and it has slowly improved. Hitman Pro indicates an issue with volsnap.sys but for some reason it is not getting replaced upon a re-boot (maybe that is not an issue at all - I'm not sure). Thank you in advance for your help.1 - Defogger run - cd emulators disabled - check2 - DDS log posted belowDDS (Ver_11-03-05.01) - NTFSx86 Run by Jim Hall at 11:40:49.29 on Mon 04/11/2011Internet Explorer: 7.0.5730.11Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2006.1018 [GMT -4:00]..============== Running Processes ===============.C:\WINDOWS\system32\ibmpmsvc.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEsvchost.exeC:\Program Files\ThinkPad&... Read more

A:Yet another windows diagnostic malware / google redirect victim

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

4 more replies
Answer Match 49.56%

my hijack log: plz help me
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:24:58 AM, on 10/2/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Smart PDF Converter Pro\SmartSoft PDF Printer Agent.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\sy... Read more

A:Infected by malware, system behaving erratically and antivirus disabled

i ll post it again
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:24:58 AM, on 10/2/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Smart PDF Converter Pro\SmartSoft PDF Printer Agent.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\c... Read more

11 more replies
Answer Match 49.56%

Logfile of HijackThis v1.99.1Scan saved at 10:50:53 PM, on 3/28/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\Program Files\CA\eTrust Antivirus\InoRpc.exeC:\Program Files\CA\eTrust Antivirus\InoRT.exeC:\Program Files\CA\eTrust Antivirus\InoTask.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Google\Gmail Notifier\gnotify.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Hewlett-Packard\HP Deskjet 9800 Series\Toolbox\HPWQTBX.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\iTunes\iTunesHelper.exeC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\Program Files\Java\jre1.5.0_03\bin\jusched.exeC:\Program Files&... Read more

A:Infected By Either Spyware Or Malware, Random Pop-ups And Major System Slow Down

Hello,* Download VirtumundoBegone, place it on your desktop. Doubleclick VirtumundoBeGone.exe to start the tool. Follow the instructions on the screen. Don't worry if you'll get a Blue screen with an error in it - this is normal.After reboot,* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present (some entries won't be present anymore):O2 - BHO: (no name) - {182B90A3-F372-438A-800C-6814B4DE417B} - C:\WINDOWS\system32\ssqoonk.dllO2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - C:\WINDOWS\system32\fbnuxwxq.dllO2 - BHO: (no name) - {5973D635-7A31-4A39-9A22-8161CA6BEC7C} - C:\WINDOWS\system32\vtsqo.dllO2 - BHO: (no name) - {F10472C6-59CD-4ECA-84A7-707F0D3323CC} - C:\WINDOWS\system32\vtsqo.dllO4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\hsuyeqge.dll",setvmO20 - Winlogon Notify: ssqoonk - C:\WINDOWS\SYSTEM32\ssqoonk.dllO20 - Winlogon Notify: urqqqqr - urqqqqr.dll (file missing)O20 - Winlogon Notify: vtsqo - C:\WINDOWS\system32\vtsqo.dll* Click on Fix Checked when finished and exit HijackThis.Make sure your Internet Explorer is closed when you click Fix Checked!Post the contents of the log VBG.TXT which present on your desktop together with a new HijackThislog in your next reply.

2 more replies
Answer Match 49.56%

Hi,

Our second computer, a Toshiba laptop, seems to have been infected by something bad. When I log into Windows XP, the desktop background is replaced with a blue background and a box that says, "YOUR SYSTEM IS INFECTED! System has been stopped due to a serious malfunction. Spyware activity has been detected. It is recommended to use spyware removal tool to prevent data loss. Do not run any application before all spyware removed." I tried running MBAM, but it would not let me. I can't get into my browser to download any tools. I have turned off the wireless adapter now because I read this could be a security threat. Any help would be greatly appreciated. I'm using another computer, so perhaps I can burn any tools that I will need to a cd to use on the laptop.

Thank you so much.

John

A:Virus/Malware INfection. Fake background saying, "YOUR SYSTEM IS INFECTED"

Do you have Malwarebytes?

11 more replies
Answer Match 49.56%

A few days ago my laptop (running Windows XP) was infected with the Personal Pro Shield malware. I tried to remove it according to instructions found on BleepingComputer and it appeared to have been removed. However, my laptop was still running slowly, freezing from time to time. Windows Explorer especially would freeze, and I had to forcibly shut down to use my laptop again. I used MalwareBytes to scan the laptop and thrice found lingering trojans, and thrice I cleaned them up. I also used ATF Cleaner to clean up any temp files. After many cleanings, reboots, etc. my Symantec Antivirus now appears disabled. I tried to enable it, to no avail; I tried to reinstall the Symantec driver, but Symantec remains disabled.

I have no access to a Windows install disc or boot CD. Is my laptop still infected? Hopefully I didn't worsen the situation with the scans, downloads, reboots, etc.

I followed all of the "First Steps" and have posted/attached the files. Note that when I ran GMER, I got an error message indicating LoadDriver( "C:\DOCUME~1\Student\LOCALS~1\-emp\fgtdapob.sys" ) error 0xC0000001: Cannot create a stable subkey under a volatile parent key and the only boxes that could be checked were Services, Registry, Files, and C:

DDS

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_26
Run by Student at 22:15:39 on 2011-09-07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.... Read more

A:Infected by malware, system behaving erratically and antivirus disabled

Hello

We will do our best to assist you. However, in order to do so, please follow all instructions provided in the sequence given. Do not install/re-install any programs or run any fixes or scanners that you have not been instructed to use. This may cause conflicts with the tools being used in the cleanup process.

If you have questions regarding any of the instructions or problems running any tools, please let us know.

You may wish to subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

-------------------------------------

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

A guide and tutorial on using ComboFix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
See this link for instructions on how to do this:
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Please include the C:\ComboFix.txt in your next reply for further review.



I would also like to see the last log report from MalwareBytes.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

19 more replies
Answer Match 49.56%

Hi,

I have been getting redirected to Happili when I use Google search occasionally on Firefox. Also, when I run full scans with anti malware programs, the computer shuts down without warning. The same thing happens when I run these programs in safe mode. I have tried spybot, superantispyware, lavasoft adaware, MBAM. Only superantispyware has found anything other than tracking cookies, svchost fake, but am unable to remove it after multiple tries. I have a hp laptop with Windows 7 x64.

Thanks for the help!
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Ethan at 8:40:16 on 2012-04-25
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3838.2372 [GMT -7:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32�... Read more

A:Infected with Happili, system shuts down sometimes when running anti malware

Hello and Welcome to Bleeping Computer!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE:... Read more

22 more replies
Answer Match 49.56%

Hi there, yesterday while surfing the net i noticed a red blinking icon on my taskbar.it was accompanied by messages such as "Registry Error","Disk Error".
I was caught off guard at first.....but the avg antivirus 2011 free edition then detected the malware win32/fake sysdef.
A program called Easy Scan was also detected by avg and moved to virus vault along with infected exe files from local\temp,roaming\temp,c:\programdata\
i immediately deleted all the files from my temporary folder and scanned c:\users folder.no new infected files were detected.
however when i restarted the machine another infected file was detected.i think avg is not being able to fully remove this malware.it would be really helpful if someone could tell me how to get rid of it.
i am also posting the log files of the dds script.


DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Arunangshu at 15:03:20.51 on 30-12-2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.91.1033.18.3950.2088 [GMT 5.5:30]

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost... Read more

A:win32/fake sysdef malware infected my win7 x64 system

Hi,

If help still needed post fresh dds logs, please.

2 more replies
Answer Match 49.56%

Computer infected. Noticed while uploading pictures to facebook via picasa. Screen went blank and said "This is Jim" Keeps shutting down. Rebotted in safe mode and scanned with Trend Micro. Found nothing. Ran Malwarebytes and found this file: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu)

 Have the log for that.
 
DDS Log below.
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 8.0.7601.17514  BrowserJavaVersion: 10.11.2
Run by User at 20:39:15 on 2013-02-18
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3836.2703 [GMT -6:00]
.
AV: Trend Micro AntiVirus *Enabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro AntiVirus *Enabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system... Read more

A:HKCU\SOFTWARE Malware Deleted. System infected Keeps shutting down

Hi and welcome to Bleeping Computer!    My name is Jeff and I would be more than happy to help you with your malware related problems.
 
 
Please download aswMBR to your desktop.
 
Double click the aswMBR icon to run it.
Click the Scan button to start scan.
If you are asked to update the Avast Virus database please allow it to do so.
When it finishes, press the save log button, save the logfile to your desktop and attach its contents in your next reply.
 

Click the image to enlarge it
 

AdwCleaner

Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
You will be prompted to restart your computer. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

13 more replies
Answer Match 49.56%

A little while ago, I decided to download Paint Tool Sai from a webpage. Unfortunately for me, the installer came loaded with a plethora of malware and browser hijackers. I have a few security programs in place and a number of scanners so I believed that I had gotten rid of most of the junk.
 
However, Microsoft Edge was noticeably slower. New to Windows 10, I didn't think anything of it and assumed that the program is bugged. But then when I was playing a game, Diablo 3, I was getting horrible frame rates on my high end machine (less than 1) even though my latency is fine. The program crashed and Windows told me it was out of memory. How can that be? I have 16 gigabytes of RAM. Microsoft Edge alone was using 14 gigabytes of Ram. I thought maybe it was the browser so I downloaded Chrome and installed it. Then I checked my default search engines and found something russian like... Yandex? Anyway, I found that as long as my browsers were open, they would use more and more memory until eventually my PC runs out and crashes... But only when a browser is open. This also of course, makes my internet run very slowly.
 
Frustratingly, I could not remove this search engine because my computer told me it was set by the administrator... And I'm the administrator. It took a little bit of work, but I managed to remove it, at least from my default search engines.
 
I believe it's gone, but my fear is that Yandex and other malware remains on my system (AdwCleaner seemed to re... Read more

More replies
Answer Match 49.56%

I, too, recently started seeing redirects from my google searches to www.happili.com. It seems to occur only when I run google searches from Internet Explorer. I (so far) haven't seen the issue when I run google searches from Firefox. I'm running Windows XP professional. eSet's quarantine logs indicate that it detected and supposedly removed a variant of Medfos.F trojan from my system yesterday. But the redirect occurred again today, so I believe there are remnants of the malware on my system. Would be very grateful for any guidance you can give me for removing it from my system.

Thanks!!

A:Another Happili redirect virus/malware infected system - how to remove?

Same computer?
http://www.bleepingcomputer.com/forums/topic168645.html/page__p__941045__fromsearch__1#entry941045

4 more replies
Answer Match 49.14%

Hey, does anyone know of any free system diagnostic tools that would help me find out if something on my computer isn't cooperating with another?
 

A:System Diagnostic Tool

8 more replies
Answer Match 49.14%

Is there a way to gauge a PC system's gaming ability?

Since video cards and add-on programs (Direct X, etc) are so fundamental to game play, if would be nice to have a utility that would give a yes or no on the question "Will this game work on my computer?"

Bottom line is I don't know if my PC is 3D, GL rendering or what anymore since video card evolution is non-stop. A utility program to scan the computer's capability would help.

3 year old PC:
Pentium 3 533mz Katmai
383 mb RDRAM
32mb Nvidia geForce 4X AGP Graphics Card
 

A:System Diagnostic Utility

That's actually built into Directx.

Go to Start, Run type in dxdiag and hit enter.

If that doesn't work, then do a search on your system for dxdiag and open it when you find it.
 

2 more replies
Answer Match 49.14%

Hi,

decided to run a system diagnostic on my Dell PC today - just because it had never been done on this particular PC. Received a msg telling me Microsoft .Net Framework 4 Full would be required in order to install the Dell Diag. We have the lesser version .Net Framework 4 Client Profile. Was about to install the full version over top of Client Profile when it occurred to me that perhaps there was a better System Diagnostic tool out there anyway.

In fact it looks like there are quite a few. So I am here for recommendations. Would prefer not to pay for one if possible but certainly don't want to be cheap since this is our primary PC. Or should I install the Full Version of .Net Framework 4 & stick with the Dell diag?

Perhaps a little more info:

I ran something called Free PC Health Scan on the Dell website which then called into play iolo System Mechanic & it found a number of issues. Two items removed from startup which I already knew about & was going to remove myself when was certain there would be no negative repercussion. But what concerns me:

1) are the over 100 registry entries it flagged - I do run CCleaner several times throughout the week to remove old/left over/invalid registry entries. But apparently iolo found around 104 that need to be removed? & yes I know we're not supposed to muck about with registry but have been letting Norton, McAfee & CCleaner do their thing for a number of years now & to my knowledge have not damaged... Read more

A:Dell System Diagnostic, or something else?

Dell used to have hardware diagnostics on the hard drive, accessed by F12 at power on? Have they stopped that?

However, all the "repair" programs such as System Mechanic and the one advertised on TV, etc that fix and speed up your PC and remove hundreds of registry entries are very suspect. Most techies compare them to "snake oil".

Ccleaner has a registry scanner program, if you really want to do that. Its the least intrusive.

9 more replies
Answer Match 49.14%

I have run a w7 home premium system diagnostic report which contains a couple of errors and warnings. I dont really understand what the errors mean or what to do about them.

Having looked at my event viewer I see many errors and warnings listed, again I dont know what these mean or if I need to do anything.

Is there anybody out there prepared to take a look at these for me and tell me if i need to do anything. If so please tell me how to save and post the info and I will gladly do so.

Thanx

A:System diagnostic report

What specific errors are you seen in the diagnostic report?

Regarding Event Viewer:

If I spent 10 minutes investigating each different error found in Event Viewer, I would never have time to eat or sleep. If you can't or won't ignore most of them, you are destined to have a full time job, working for EV.

I look at it maybe once a year and would never look there if my system was running well.

1 more replies
Answer Match 48.72%

My laptop screensaver had a Spyware warning asking me to click here and it kept taking me to:<http://windows-privacy-protection.com/?aid=444.471>The system tray kept popping up warnings, every now and then a red dialog box would do the same. I uninstalled Internet Explorer from System Components, but it still pops up now and then, but can't access anything from it. The message on my screen is no longer there because I uninstalled IE, but it said something to the effect of "Your computer is infected with Spyware, it's in danger, people are attempting to attack your computer" and then at the bottom, had a link to that windows privacy thing asking me to buy something. At the very end of this message, I've added a log from Malware's LOG (mbam)Deckard's System Scanner v20071014.68Run by Jigna on 2008-06-15 17:50:11Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 3 Restore Point(s) --3: 2008-06-16 00:50:23 UTC - RP174 - Deckard's System Scanner Restore Point2: 2008-06-15 22:56:18 UTC - RP173 - Installed STOPzilla. Available with Windows Installer version 1.2 and later.1: 2008-06-15 20:30:00 UTC - RP172 - Removed Symantec Client SecurityBacked up registry hives.Performed disk cleanup.-- HijackThis (run as Jigna.exe) --------------------------------------------... Read more

A:Malware / Virus Infected Laptop And Desktop Screensaver And System Tray

Welcome to the BleepingComputer Forums. Since it has been a few days, please post a new Deckard's System Scanner which includes the HijackThis log. Please see Preparation Guide for use before posting about your potential Malware problem Thank you for your patience.If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

2 more replies
Answer Match 48.72%

I am currently having problems using my web browsers in IE8, firefox and Google Chrome. When I try and use search engines such as google and yahoo, I'm redirected to some annoying and frustrating advertisment pages. Example, If I type www.myspace.com it takes me to the myspace login page(works fine). If I try and google in myspace or anything specific it takes me to the page of listings(as normal) but from there any link I click on directs me to one of many advertisements. Please help, I've tried avast, combo fix and MalwareBytes' Anti-Malware none seem to have fixed the problem. Have no problems with opera's web browser other than its a little bit slow.

DDS (Ver_10-12-12.02) - NTFSx86
Run by Owner at 2:01:18.00 on Sun 01/23/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.382.73 [GMT -6:00]

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: McAfee VirusScan *Enabled/Outdated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C: ... Read more

A:infected with trojan horse Win Patched- UE[TR] and Malware win32 system win logon

Please disregard this post. I followed prompts to blueskiddo's post as they had the same trojan and problem that I was experiencing. I reran combofix and have no problems now.. Meanwhile I'm unsure as on how to uninstall combofix.
I tried start>run uninstall / combofix and it acts as if it wants to rerun the program, is that normal? I kept all previous logs just in case. Thank you guys for all that you do and the help that you give. Much appreciated
Cannon

3 more replies
Answer Match 48.72%

My lapTop has infected with virus : Win32.SillyIM and Win32.Srimge!gen. Bootop time getting slower and cause system hang during bootup. Bwloe the log file from HijackThis. Please advise on how I can fix my system register of system configuration. !st time using the HijackThis. Scared to Fixed without any advise.Someone pls help & thanking you in advance for any valuable help.--Masita------< START LOG >------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 13:11:43, on 02-Nov-2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\Program Files\Common Files\Virtual Token\vtserver.exeC:\WINDOWS\system32\ibmpmsvc.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\WINDOWS\System32\... Read more

A:Laptop Infected With Virus/malware, Changed System Configuration / Registery

Hi Masita!

I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible. I'm in Hijackthis school and Teachers will check my posts.
Sorry that it took us so long to get back to you, but as you can see we're stumped withthe amout of logs.

Before we can start, please post a fresh hijackthis log back here.

1 more replies
Answer Match 48.3%

I ran the System Diagnostics Report that is generated in Computer Management under Performance--Data Collector Sets--System?System Diagnostics. Here is a screenshot summary of the results (the full System Diagnostic Report is 123 pages long).

My system appears to be running fairly smoothly so I was surprised by these results. No other programs were running during the test. The UEFI diagnostic shows no hardware problems and I doubt that all of the poor results are valid.

Someone at Microsoft said that incompatibility issue(s) might cause these results. However, they would give me no further insights and said I would have to pay to have them figure it out. In another forum, I was told that the results are just Windows internal reporting and to ignore them. However, this makes no sense.

There are two Abnormally Stopped System Services: Interactive Services Detection (UIODetect) and Windows Encryption Provider Host Service (WEPHOSTSVC). What should be the settings for these services?

Question: How can I determine what, if anything, is conflicting with the diagnostic test?

Question: Could the problem be a flaw in the diagnostics test itself, rather than any problems with my system?

Question: If there really are some issues, how can they be resolved?

I hope that someone can help me understand what to do with these results. I would be happy to share the full diagnostics report as well as the associated system performance report.

System Information
... Read more

More replies
Answer Match 48.3%

Need to download System diagnostic and benchmarking tools like sandra
Installed many times Sandra but its not opening after install, plz help
 

A:System diagnostic and benchmarking tools

plz someone reply
 

2 more replies
Answer Match 48.3%

Hi

When i run a system diagnostic scan the health report does not recognise
the anti-virus i have installed, but windows security centre does and is all ok.
Can anybody help please.

More replies
Answer Match 48.3%

Hi all!
 
I would like to learn using anti-malware diagnostic tools, primarily by reading one or more books on this subject. Therefore my question is; Is there one or more books regarding this subject, i.e. on learning malware diagnosis?
 
Or is the only way to learn; to enroll at the Malware Removal Training Program here at BC?
 
Thank you very much in advance!
 
Regards,
midimusicman79

A:How to learn using anti-malware diagnostic tools - read books or enroll?

Hi midimusicman79 I doubt there's any real "books" on the tools that are being used on the forums, since they are made by members of the community (FRST, OTL, ComboFix, etc.). However, some of them have public tutorials that can be used to learn how to read the logs and create fix-lists.FRST Tutorial: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/OTL Tutorial: http://www.geekstogo.com/forum/topic/277391-otl-tutorial-how-to-use-oldtimer-listit/Other tools (like ComboFix) have tutorials which are private and you need to be enrolled in a malware removal school to be able to access them. But for all of these tools, the recommendation is the same: you should go throught an approved malware removal training before using them by yourself since one wrong entry in a fix-list can cause a system to be unbootable. So the best way to learn how to read these logs, create fixes from them and learn how to remove malware is to follow a malware removal training, yes.

10 more replies
Answer Match 47.88%

Does someone know where I could download a System Diagnostic Utility For Windows XP Pro?

I'm haveing some problems with my pc, and I thought if that would help.
 

A:Solved: System Diagnostic Utility For Windows XP Pro

16 more replies
Answer Match 47.88%

Hi all ..

I just built my own pc 2 weeks ago.Everything is new :

OS Windows 7 Ultimate 32
CPU AMD x6 1090t
Motherboard ASUS M4A89GTD PRO
Memory BALASTIX 4 GB ddr3 1333mhz
Graphics Card onboard HD 4290
Sound Card onboard
Monitor(s) Displays DEll
PSU 650W
Hard Drives seagate 500gb

I have to say that i only encountered BSOD only when I run the ASUS diagnostic tool which initially whenever I run it i got this error (included two here)


signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7600.2.0.0.256.1
Locale ID: 2057

Additional information about the problem:
BCCode: 1000007f
BCP1: 00000008
BCP2: 8E7A5750
BCP3: 00000000
BCP4: 00000000
OS Version: 6_1_7600
Service Pack: 0_0
Product: 256_1

Files that help describe the problem:
C:\Windows\Minidump\103110-18860-01.dmp
C:\Users\scorp\AppData\Local\Temp\WER-36161-0.sysdata.xml

Read our privacy statement online:
Windows 7 Privacy Statement - Microsoft Windows

If the online privacy statement is not available, please read our privacy statement offline:
C:\Windows\system32\en-US\erofflps.txt

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7600.2.0.0.256.1
Locale ID: 2057

Additional information about the problem:
BCCode: 1000007f
BCP1: 00000008
BCP2: 8E76F750
BCP3: 00000000
BCP4: 00000000
OS Version: 6_1_7600
Service Pack: 0_0
Product: 256_1

Files that he... Read more

A:BSOD New system +ASus Diagnostic tool

  
Quote: Originally Posted by scorpion100


Hi all ..

I just built my own pc 2 weeks ago.Everything is new :

AMD x6 1090t ,Asus motherboard,memory balistix 4gb ddr3 ,650 PSU ,and seagate hard disk...

I have to say that i only encountered BSOD only when I run the ASUS diagnostic tool which initially whenever I run it i got this errorincluded two here)

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7600.2.0.0.256.1
Locale ID: 2057

Additional information about the problem:
BCCode: 1000007f
BCP1: 00000008
BCP2: 8E7A5750
BCP3: 00000000
BCP4: 00000000
OS Version: 6_1_7600
Service Pack: 0_0
Product: 256_1

Files that help describe the problem:
C:\Windows\Minidump\103110-18860-01.dmp
C:\Users\scorp\AppData\Local\Temp\WER-36161-0.sysdata.xml

Read our privacy statement online:
Windows 7 Privacy Statement - Microsoft Windows

If the online privacy statement is not available, please read our privacy statement offline:
C:\Windows\system32\en-US\erofflps.txt

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7600.2.0.0.256.1
Locale ID: 2057

Additional information about the problem:
BCCode: 1000007f
BCP1: 00000008
BCP2: 8E76F750
BCP3: 00000000
BCP4: 00000000
OS Version: 6_1_7600
Service Pack: 0_0
Product: 256_1

Files that help describe the problem:
C:\Windows\Minidump\103110-32463-01.dmp
C:\Users... Read more

4 more replies
Answer Match 47.88%

I was watching a movie on my laptop one minute and when I transfered a new dvd in. I get a blue screen that says "Critical system failure". Then the computer dies. When I started it back up, it says "Hard Disk Error" and when I run a diagnostic it tells me "No hard drive found". This laptop has been very well taken care off. Never dropped. Never had a problem. Kept out if reach for childeren. What is going on?This is the 2015 Dre with 1tb memory and 8g ram.

More replies
Answer Match 47.88%

Problem: Partition (C:) reports file system errors.

Recommendation: By default, Windows will correct the disk errors upon restarting the computer. You may wish to close running applications and restart the computer.

This section provides key operating system details including version, timing of last update, and more.

Feature Details
Operating System Microsoft Windows XP Home Edition
Patch Level Service Pack 3
Date Installed 10/20/2010
Country Code 1
OS System Language 1033
ANSI Code Page 1252
System Locale 0409
Internet Explorer Version 8.0.6001.18702
Windows Update Automatic
Path C:\WINDOWS\system32;
C:\WINDOWS;
C:\WINDOWS\System32\Wbem
OS User Language 1033
Latest Windows Hotfix Date 10/20/2010



it says that the error fixes itself when i restart my comp which i did a few times. i am puzzled at why this is showing up and worried it might fry my computer. my desktop gave me a black screen saying drive failure was imminent and my laptop is all i have left, and can not afford another one. so please tell me how i can solve this problem if i can. thank you!

A:norton 360 operating system diagnostic puzzle

Norton 360 is anti-virus/security software and your question has nothing to do with that, so why is that in the title? Am I missing something?

Hard Drive Failure is imminent message is usually from SMART and frequently it is correct meaning that the hardware of the hard drive is failing (not the software). That might also explain chronic hard drive errors that are "fixed" and then reoccur at reboot.

If the desktop only boots to black screen then how did you get the text of the error message (above)?

What happens when you turn the desktop on?

Is the laptop also broke? If so, start a separate thread for that, otherwise things will get VERY confusing.

4 more replies
Answer Match 47.88%

Hi,

I have a Toshiba a200 Satellite laptop running Windows 7 Ultimate 32 bit (which I recently installed as a fresh install to try and solve my problems). I have several problems, and I'm not sure if they are related or seperate to each other. Here they are:

Often, when I am away from the computer, even if it's only for a few minutes, when I come back it is frozen -- the screen looks normal, but the mouse won't move and the system won't respond to Ctrl + Alt + Delete. I have to hold down the power button until it goes black, and then reboot.
Often when I reboot, and almost always when I boot up for the first time of a morning, the computer fails to start -- it will get to a black screen and freeze forever, or it will freeze on the "Windows is Starting Up" screen, and I will have to hold down the power button again to shut it off. It will usually start after the second or third time.
Sometimes, firefox (and sometimes other programs too) stops responding for about 30 seconds, and then comes back fine. It's not that bad, but it seems a bit odd. This is just a minor annoyance -- the other two problems are more worrying.
I've attached a zipped folder containing the reports from the SF Diagnostic Tool.

I hope someone can help me. I'd be really grateful.

Thanks,

Matt


EDIT:
Not sure if this will help, but the system has frozen twice in the past few hours, and this error occured both times in the event viewer:

Session "Microsoft-Windows-Setup" stopp... Read more

A:System Freeze - SF Diagnostic Files attached

**** this I'm getting a Mac

1 more replies
Answer Match 47.46%

Hello all. I'm currently talking to you from Safe Mode in Windows 7 32 bit.

I've been running Windows 7 for quite some time now and I haven't run across any hiccups like with the previous versions of Windows... until now.
I recently bought a copy of Star Craft 2 from Gamestop. Doing this allows you to be in the beta program... so I figured "Oh, good stuff".

I tried to patch the program and I received an error during the patch process. To make a long story short, Blizzard informed me that I should run the Windows 7 memory diagnostic tool to make sure that my RAM wasn't at fault, using the extended test. I figured "Ok, no problem".

I ran the tool, selected "Save work and restart the system".

The tool loads up and starts to run with 1 pass with a "basic" check. I realized after about 10 minutes into the check that I could hit F10 and change the options. I hit F10, changed the test to Extended and hit continue. The screen refreshed VERY slowly with the updated changes, except the progress went from 10% complete to look like "_%" for every spot that could have a % at it.

I thought that was odd, so I hit the Exit button.

The system rebooted.

The system started to hang at the BIOS POST screen a little longer that it usually does... normally it only stays there about 2-3 seconds... it now stays there for around 10-15 seconds.

The Windows 7 logo starts to load and then freezes half way through loading graphic. The system han... Read more

A:Windows 7 Memory Diagnostic Tool Crashed My System

I don't know much but if it was that bad I know I would just make a fresh install of Windows, erasing the partition, making a new and cleaning it.

9 more replies
Answer Match 47.46%

Hello, 
Please Help me out for above issue facing frequently. 

More replies
Answer Match 47.46%

my hp advanced system diagnostic battery test report this msgFAILURE ID:0LPXKW-5QW860-QFPH5A-C0BW03PRODUCT ID: XX049AV#ABD











Solved!
View Solution.

A:my hp advanced system diagnostic battery test report this ms...

I think you can assume it was not sold with a new battery so needs one now. 

7 more replies
Answer Match 46.62%

I started experiencing issues on my computer today.  The first thing I noticed was that my power system tray icon was missing.  I looked to make sure that it was set to display and despite checking that was set to display, the icon was missing.  At this time, I was at a hotel and wasn't attempting to connect to the internet.  
 
When I got home this evening, my computer would not load a web page despite the fact that my connection icon stated that I was connected to my home wireless connection.  I troubleshot the problem and it states that "The Diagnostics Policy Service is not running." I performed a google search of how to start the policy service and it appears to be enabled.  At this point, I ran a system restore.  The system restore brought back my power system icon, but did not resolve the connectivity issue.  
 
Please help.  Also, just to save time - if I need to restart my computer in safe mode will you please explain how.  I attempted to do it and couldn't figure out how to get it to work in Windows 8.  I'd heard it was difficult and confirmed it tonight.  Thank you in advance for any advice.  

A:Windows 8 - Diagnostic Policy Service won't run, system tray icons disappearing

How to start Windows 8 in Safe Mode
 
 
For the connection try these...

Please click Start > Run, type inetcpl.cpl in the runbox and press enter.
Click the Connections tab and click the LAN settings option.
Verify if "Use a proxy..." is checked, if so, UNcheck it and click OK/OK to exit.
Now check if the internet is working again.

OR

Go to Start ... Run and type in cmd
A dos Window will appear.
Type in the dos window: netsh winsock reset
Click on the enter key.

Reboot your system to complete the process.
 
 
 
Scan the system.
 
Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
 
Download TDSSKiller and save it to your desktop.
Extract (unzip) its contents to your desktop.Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.It... Read more

1 more replies
Answer Match 45.78%

Either there is no anti-virus product installed or it is not recognised. This is on windows 7. A new pc only a few weeks old installed Norton 2010 internet security which is working ok. So I believe I am covered how do I configure security centre to recognise this?
 

A:diagnostic results say the security system is unable to identify an active anti virus

16 more replies
Answer Match 45.36%

After running the System Health Report from here;

System Health Report

......at the System Diagnostic Report, I get a warning advising that the scan failed to detect running anti-virus, anti-spyware etc. protection, here -

......and yet at Start>Control Panel>Security Centre, all protection requirements are shown as up and running, here -

......is there any way that I can get the scan to recognise the Security protection setup, and so include it in the System Diagnostic Report?

I've had no problems with viruses, malware or spyware. This is purely an administrative issue to try and get the System Diagnostic Report to give a true account of the system.

A:System Health [Diagnostic] Report doesn't recognise avast! anti-virus, as installed.

Same here. If it doesn't recognise Norton 360 I think its a glitch. If security centre is satisfied then all is fine, otherwise it would be complaining.

7 more replies
Answer Match 44.94%

A few days ago, the windows for "Vista Antivirus 2010" started popping up on my screen, and in my sleep deprived state, I had the genius idea of doing a system restore before anything else. No idea what lasting damage may have been done by it, but I suppose that'll show up in the logs.

At any rate, my machine's still mostly usable, just much slower, and with annoying pop-ups every time I open an application, which opens anywhere between one and twenty "av.exe" processes, usually all shutting down after I end one. I'm not the only one using this computer, so I couldn't tell you everything that's gone on in it, but I do know that until I uninstalled them for this, it had Bittorrent and Daemon Tools Lite.

I'm running Vista 32-bit on an HP machine. It wasn't shipped with an installation disc. All I actually have is a recovery disc I downloaded from Neosmart, that seems to work but I have no idea how to actually use it. Not sure what else there is to say, so heeeeeeeere's a DDS report! I noticed at the top it says some Norton features were enabled. I've tried disabling every feature and it invariably says this after scanning. Is this a problem? If it is, I'd guess it applies to the other logs aw well, but I don't know how to fix it short of uninstalling Norton.


DDS (Ver_09-12-01.01) - NTFSx86
Run by Owner at 10:51:35.94 on Sun 03/07/2010
Internet Explorer: 7.0.6000.16890 BrowserJavaVersion: 1.6.0_16
Microsoft? Windows Vista? Home Premium 6.0.6... Read more

A:System infected with "Vista Antivirus 2010" malware

Hello, and welcome to TSF.

I am currently reviewing your log. I will be back with a fix for your problem as soon as possible.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please be patient with me during this time.

7 more replies
Answer Match 44.94%

Thanks in advance to the BleepingComputer users for helping me and others with this malware/virus problem: On December 14, 2011, the System Fix Virus & Privacy Protection Virus hijacked and infected my system: WinXP (64-bit). They've caused my default web browser to change frequently (each time I reboot my PC). So I've been having trouble getting rid of all of this malware/viruses from my system, since I use Windows XP x64. The latest version(s) of ComboFix and TDSSKiller don't work on the 64-bit version of Windows XP, but they are compatible with other versions of Windows: 98, XP, VISTA, 2000, 2003, 2008 and Windows 7! The following programs were made for other operating systems, so I need a solution to these 3 problems (listed below)e: ComboFix.exe and TDSSKiller.exe are not compatible with my Windows XP 64-bit system. So how do I get rid of the malware/viruses from this computer without those apps that were made to get rid of the following problems on other Windows OS's?:1. System Fix Virus (reference: http://www.bleepingcomputer.com/forums/topic432547.html)2. Privacy Protection Virus (reference: http://www.bleepingcomputer.com/forums/topic432664.html)3. Google-Redirect Malware (reference: http://www.bleepingcomputer.com/forums/topic416561.html)

A:Infected WinXP 64-bit with "System Fix Virus" & "Privacy Protection Virus" (Malware)

That is coorect they will not.. If you need to remove malware stiil then please go here....Preparation Guide ,do steps 6 - 9.Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.If Gmer won't run,skip it and move on.Include a link back to this topic.Let me know if that went well.

1 more replies
Answer Match 44.94%

I need SAFE removal of malware "AV System Care Installer" Software from Locus Software? I'm not sure which downloads to trust when recommended. I saw rogue software will fix, but it didn't have a digital signature.

I tried to follow a past post on this topic, but it was specific to his log file.
Thank You! Your help getting rid of this is GREATLY appreciated!! My son infected our pc while playing games online. ~ S

Here's my HJT log file.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:00:51 PM, on 2/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.... Read more

More replies
Answer Match 44.94%

hi dear
my system is infected by malware and now my harddrives C & D is not opening,and u can find below the required information about this malware:
-File Name: C:\qa8sywva.cmd
-Malware Name: Win32:Auot Crypt[Crypt]
-Malware Type:Virus/Worm
-VPS Version:080531-0,
-Recommended Action:Move to Chest.
--------------------------------------------------------------------
THis is the 2nd malware:
-File Name:\System Volume Informaion\
-MALWARE TYPE:WIN32:Auto Crypt [Crypt]
-Malware Type:Virus\Worm.
-VPS Version:080531.
-Recommended Action:Move to Chest.
------------------------------------------------------------------------
PLease help as soon as possible
i'll be gratefull
 

A:My System Infected by Malware:Win32:Auto Crypt[Crypt]

Please do not create multiple threads for the same problem! Read >>Posting help read first<< if you feel you are not getting help.

Closing duplicate thread, please continue here: http://forums.techguy.org/malware-removal-hijackthis-logs/717009-its-very-urgent-i-can.html
 

1 more replies
Answer Match 43.68%

Hi TSF,

Recently been getting Microsoft Visual Basic pop-ups saying macros are disabled whenever I bootup my computer. It has finally shown itself in the form of a green screened popup saying: "Your system is infected. System has been stopped due to a serious malfunction. Spyware activity has been detected. It is recommended to use spyware removal tool to prevent data loss. Do not use the computer before all spyware removed."

Please advise, Thanks.
Urby

DDS (Ver_09-12-01.01) - NTFSx86
Run by pwu at 13:28:40.96 on Sat 02/13/2010
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.236 [GMT -5:00]

AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\QuickT... Read more

A:"Your system is infected" malware

Hello and welcome to TSF.

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
To disable Avira :

Please navigate to the system tray on the bottom right hand corner and look for an open white umbrella on red background (looks like this: )right click it-> untick the option AntiVir Guard enable.
You should now see a closed, white umbrella on a red background (looks like this: )

Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Re... Read more

19 more replies