Tech Problem Aggregator

Help! removing Packer.Malware.lightly.G

Q: Help! removing Packer.Malware.lightly.G

I did a full system scan with BitDefender internet Security 2010 and it found Packer.Malware.lightly.G. BitDefender says it cant dissinfect it or delete it. From what I've heard a packer protects its self. Is there any way to remove this virus like maybe usingcombofix?

P.S. I cannot open the folder where the virus is located. Oh and bitdefender says it has 2 infected objects under Packer.Malware.lightly.G

Please help!

Your reply is appreiciated. Thanks

More replies
Answer Match 63.84%

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Professional, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz, Intel64 Family 6 Model 42 Stepping 7
Processor Count: 4
RAM: 6050 Mb
Graphics Card: Intel(R) HD Graphics Family, -1262 Mb
Hard Drives: C: Total - 285143 MB, Free - 230440 MB;
Motherboard: Dell Inc., 0JGC48
Antivirus: Microsoft Security Essentials, Updated and Enabled

This is a friends computer on which I have remote control using Teamviewer 8. I ran malwarebytes which came up with a Trojan called "Malware.Packer.FFS" I quarantined it and then did a basic Google search for the malware. From first look, it appears to be a possibly nasty guy, but so far I've not found a straightforward way to positively get rid of it. I ran AdwCleaner before running malwarebytes (free version) which detected the malware. The AdwCleaner log file mentioned nothing about the Trojan by name.

The computer seems to be running OK, but I'm just trying to cover all the bases here. Any advice would be much appreciated.

EDIT: Typo in title of thread. Should be .FFS
 

More replies
Answer Match 63.84%

The other day I had my firefox screen taken over by antimalware-live-pro-scan.com. So I started searching. I use AVG free and my windows defender was off for some reason. When it took over my screen it freaked me out but I realized it was showing fake firuses before I clicked where it wanted me to. Since then I have been looking. around. Through Spybot search and destroy I have fixed a few things. However there is one that is odd.

When I scan with AVG it shows me a few files in a folder named Symnonav. They all start with ESUG and end with .exe. I think I have found the profile on this website
http://www.threatexpert.com/report.aspx?md5=db4810d002f00dd9568f85fcc891c8e9

a lot coincides and I am pretty sure that this is the problem. My computer has been running slow for a while but I am not sure that this is the reason for that. AVG doesn't give me an option to delete the files which is weird. it just says they are "runtime packed mew."

When I go to the "symnonav" folder on my C drive avg pulls up a warning on the files, but again, it doesn't give me a fix option.

Other odd things that might have to do with this. I am getting a couple of weird noises from my speakers every certain number of minutes. Almost a swiping noise. Makes me think of trash can or some sort of copy sound. not sure what it could be.

After I did the SpyBot search and destroy I am getting odd black windows when I start up my computer. They are blank. They look like the o... Read more

A:malware packer I think.

16 more replies
Answer Match 63.84%

Am just fed up from this malware.It showed up 2 days ago when my brother was using internet.There are several processes running in my task manager named win"xxx".exe,where xxx are the random alphabets.I used malwarebytes,performed a quick scan and it found this malware.packer.gen and another 3 registry data virus pum.disabled.securitycenter.The problem is malwarebytes quarantines them but after every restart they start coming up again and again.My pc working slower and many scripts not working properly and my downloaded antivirus installers are automatically removed.Am a new member here desperately need help.

A:Malware.packer.gen

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply.====================================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next t... Read more

3 more replies
Answer Match 63.84%

So i downloaded a game and it came with a infected dll (Malware.Packer.Gen), i wasnt sure if it executed on my pc so I tried combofix since i heard good things about it. Well, I had no idea that this program could so dangerous on inexperienced hands, i thought it was just virus removal program like MBAM, but I realized that it isnt and now I need your help to know if it deleted important files because in the log it shows many SysWow64 files. Besides, when combofix was running, i lost connection to the internet and sound, and after rebooting when i opened Waterfox it asked if i wanted that browser as default browser which i did many months ago so it deleted some config files too.

A:Need help! Malware.Packer.Gen

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.=== Besides, when combofix was running, i lost connection to the internet and sound, and after rebooting when i opened Waterfox it asked if i wanted that browser as default browser which i did many months ago so it deleted some config files too.This is all normal. Internet explorer is used while ComboFix if running.You have to reset it to the Browser of your choice.===Post the ComboFix log that was created.Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.Download DDS by sUBs from one of the following links, if you no longer have it available. Save it to your desktop.1: DDS.scr (Not recommended if you use Chrome to download this .scr file. Use the other options.)2: DDS.pif3: DDS.COMDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Please note: You may have to disable any script protection running if the scan fails to run.Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.===Third party programs if not up to date can be the cause of infiltration an infection.... Read more

2 more replies
Answer Match 63%

symptoms are slow start up and generally slow application start, pc was infected this past week on either march the 8th or march 9th when i was downloading various trainers for the game Dead space, each trainer i had tried i scanned with kaspersky before running the exe, kaspersky never found any problems, most of the trainers didnt work but i did find one that did work, so i used it, PC was fine taht night while playing, problems started after completing a pc restart the next day, right away on start up the pc was much slower, when i logged in, it took much longer to get past the login screen and into windows, it was actually stuck quite some time at the preparing desktop stage, then once into windows 7, my regular start up apps took much longer to start up fully, and also once everything finally did load, starting any app or firefox took much longer and also firefox behaved very glitchy when using it, screen would flash sometimes, pages would load much slower, and in the top of firefox it kept saying not responding sometimes, then it would go back to load a page, then say not responding again and so forthanother thing i have noticed,not sure if its cuz of the infection or just due to warmer temperatures outside but my gfx card has been running a lot warmer when pc is just at the desktop idle, normally id have temps around 75 degrees and now its always a steady 81 degrees when idlemy os is a custom Windows 7 64 bit nvidia edition by Rockers Team , and always has an up to dat... Read more

A:some kind of malware.packer

Hello and welcome to Bleeping Computer! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Fo... Read more

15 more replies
Answer Match 63%

Greetings to all,
My bitdefender antivirus detects packer.malware.nsanti.d but cannot delete it. could anyone help tell me what is this packer.malware.nsanti.d and to remove it.
Thanks in advance.
 

More replies
Answer Match 63%

hello, today malwarebytes found this malware. I deleted it but am curious if there may be other viruses hidden. I've had problems in the past where malwarebytes removes a virus then it shows up a couple days later. I'm hoping you guys can help me not have the same problem by doing a thorough scan.
Thank You

A:malware packer krunchy

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply.====================================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next t... Read more

10 more replies
Answer Match 63%

Hello,
 
Long story short my Comodo antivirus detected malware in C:\windows\options\setb.exe and then clicked clean and decided to run malwarebytes as a precaution. Malwarebytes found one malware called "Malware.packer.T"....I wanted to get some expert advice on how I can safely remove this malware without harming my PC. Oh btw, the operating system that I'm using is windows 8.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-07-2015
Ran by Daniel (administrator) on GRANT on 13-07-2015 10:34:55
Running from C:\Users\Daniel\Downloads
Loaded Profiles: Daniel (Available Profiles: Daniel)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser path: "C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe" -- "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Comodo) C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Comodo Se... Read more

A:First time here and need some help with Malware.packer.T.

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Nothing suspicious was found on your logs.Please run the Malwarebytes programs and post the log for my review.

7 more replies
Answer Match 63%

Hi,My free AVG picked up a trojan rooted in my application data / macromedia folder last night. Now after a few minutes to half an hour my netbook grinds to a half, slowly windows stop functioning then the mouse stops working.I have run MBAM, ATF and SAS as described in other posts. It seems MBAM picked up the malware packer / hijack.sound and quarantined it, but the problem still exists. Please find below my log files:-----------Mbam-----------Malwarebytes' Anti-Malware 1.42Database version: 3378Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.1870216/12/2009 22:54:07mbam-log-2009-12-16 (22-54-07).txtScan type: Quick ScanObjects scanned: 134332Time elapsed: 14 minute(s), 34 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 6Folders Infected: 0Files Infected: 1Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\aux1 (Hijack.Sound) -> Bad: (C:\DOCUME~1\EDNEW~1\APPLIC~1\MACROM~1\Common\cc0800241.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ... Read more

A:Malware Packer infection - XP

Just an update - I've restored my netbook to factory settings which involved formatting my hard drive. However, now both safari and firefox freeze after downloading more than 5mb, and my Page File usage gets quite high (almost 1gb) and CPU usage is almost always at 90%. Note this is after a fresh install of XP with only AVG, Firefox and Safari installed.

Can Malware exist across a reinstall of windows?

2 more replies
Answer Match 63%

I have been dealing with this problem for a long while, and have been asking for help from other forums but I haven't really been getting far in removing this. Now I haven't been receiving any replies to (http://www.techsupportforum.com/forums/f50/trojan-0access-685243.html) so I figure I ask for help from this forum.
This problem started a couple months ago, I noticed four instances of iexplore.exe running in the background process' with two of them sucking up exorbitant amounts of memory. then I noticed a few keys on my keyboard stopped functioning and some programs started failing to launch. After that I got a blue screen so I started looking for help. If you need any previous logs, they are all in the link above and I am willing to rescan for new logs.

A:malware.packer.gen infection

We cannot help you until the other topic is closed.Getting help from multiple helpers simultaneously is not recommended.You can wait for reply from Reid or contact one of moderators there and close the topic.Post here after the topic in TSF is closed or continue in other forum.

1 more replies
Answer Match 62.16%

In July I had couple other viruses found but were eliminated with no reoccurance. About 2 months later Malwarebytes found Malware.Packer on system. Did a search and discovered it was a common false positive. Disregarded finding and it didn't occur again. Over the last couple of weeks system has been having major issues from excessive hard drive usage, slow browser, constantly freezing, and high network usage when nothing is being done on internet. Tried to disable WiFi to stop network access and froze each time until I turned off radio via external switch. Tried numerous defrag runs and eliminated page file as it was seriously fragmented and not needed. Then modified startup programs and rebooted in Safe mode. Now System Protector finding Malware.Packer in registry. Both SuperAntiSpyware, Malewarebytes, and Norton are all negative. Looking for help to make sure system is now completely clean.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Flipper1515 at 2:32:40 on 2011-11-27
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3046.1101 [GMT -5:00]
.
AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: Norton Security Suite *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svc... Read more

A:Malware.Packer found different dates different AV

hi,

Your post is a few days old. If you still need help simply reply back.

10 more replies
Answer Match 62.16%

Hi,
 
Two days ago my laptop went dead.
I had been working at home all day, and had stopped for a while. When I came back, the laptop was off. I though it had "suspended". Pressed the button, and it made a strange beep (like the buffer beep). There was some disk activity, but the monitor wouldn't turn on, and so I switched the laptop off. And it never turned back on correctly again.
 
So this is what happens now:
 
Select Start Windows normally
Win 7 starts loading, but at the end of the "starting Windows logo" it appears the BSOD and restarts again. Over and over.
 
Select Startup Repair
It loads HP Recovery Manager.
System Restore - tried different restore points, but none works. Non specified error during system restore. (0x80070002)
Chkdsk Windows Partition - OK
Chkdsk Recovery Partition - OK
 
Select F8 (safe mode)
Every option makes BSOD
Stop BSOD reboot option - at the BSOD the Technical Information is:
*** STOP: 0x000000F4 (0x0000000000000003, 0xFFFFFA8008FF2B30, 0xFFFFFA8008FF2E10, 0xFFFFF80003B82470)
 
Booting with Hiren's Boot CD
The Antivirus behave strangely and mostly won't update or run.
Malwarebytes runs an detects the following


Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.10.27.04

Windows XP x86 NTFS
Internet Explorer 6.0.2800.5512
SYSTEM :: MiniXP [administrator]

2013-02-27 17:43:29
mbam-log-2013-02-27 (17-43-29).txt

Scan type: Quick sca... Read more

A:Malware.Packer.Gen / Win7 won't start / HELP

Please do the following:Download the appropriate version for your system of the Farbar Recovery Scan Tool and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options.To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand PromptSelect Command PromptIn the command window type in notepad and press Enter.The notepad opens. Under File menu select Open.Select "Computer" and find your flash drive letter and close the notepad.In the command window type e:\frst.exe (for x64 bit version type e:... Read more

20 more replies
Answer Match 62.16%

Hi All

I seem to have had these three malwares for a while and cannot remove them. Sophos sometimes quarantines them after a weekly scan - and looks as though it 'cleans up' all files and registry entries : but it doesnt'.
The Hijackthis files are below. Any help / guidance will be gratefully received.

Many thanks
Ian

DDS (Ver_09-03-16.01) - NTFSx86
Run by scottian at 18:31:12.12 on 05/04/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.526 [GMT 1:00]

AV: Sophos Anti-Virus *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program File... Read more

A:Malware MAL/Packer, EncPK-CL and Zbot-I

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructio... Read more

2 more replies
Answer Match 62.16%

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

A:Trojan.Downloader and Malware Packer

This topic has been closed. If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.Everyone else please begin a New Topic.

2 more replies
Answer Match 62.16%

I was in trouble for 4 days because:

I couldn't download. When i am trying to DL, the transfer rate is not consistent..let us say that its normal for the transfer rate not to be consistent but the thing is.. It always decreases till 2 figures causing the DL to stop, it doesn't seem to increase just what it should be. Downloading from any sites were the same result.

Cannot play online games(Dark-ro private server). It connect but once my character appears, it doesn't move at all or it was delayed reaction but most of the time it really doesn't move.

Right now, it starting to show the slow response whatever application i open even toolbar or any windows.. late reaction as well, apparently this is not really its performance before.

After Posting to other thread (same forum site), One of your agent helped me a lot through system configuration and browsing options but it didn't went well so he advice me to scan my pc using malwarebytes.
I scanned my pc by Malwarebytes and found out that i am infected by these viruses (Trojan.agent, malware.packer.gen) and by AVG i found (trojan horse, worm and xf/sic).

What those viruses can do with my PC and Do you think they are the cause of the said problems of my PC?????

A:Trojan.agent & Malware.packer.gen

Hello and welcome.Please post that MBAM log you have.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Next run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".From your regular user account..Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..DO NOT run yet.Open SUPER from icon and install and Update itUnder Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.Now reboot into Safe Mode: How to enter safe mode(XP)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode using the arrow keys. Then press enter on your ... Read more

6 more replies
Answer Match 61.74%

Okay, I'm running Windows XP, most recent service pack, etc.

So, I ran a search of with MBAM last week and found on my portable hard drive a Malware.Packer.Gen file. It was in a file folder belonging to an emulator I used in the past and had backed up last summer. Looking through the logs, it seemed like MBAM had found this before in the emulator when it was on my hard drive, but not before I had backed it up on my portable hard drive (I don't scan my portable hard drive as much as I should, I suspect, although I only ever use it with my computer as a back-up system). Since nothing else had shown up on my computer in the ensuing months from the first instance nor after running Norton, SuperAntiSpyware, and MBAM in safe mode to be sure, I chalked it up to a possible false positive as it seemed like Malware.Packer.Gen seems to be the false positive of choice for MBAM after I did some cursory searching of the internet.

I cleaned it and everything seemed to be fine, but then yesterday I was running my weekly Norton/SuperAntiSpyware/MBAM sweep of my computer (not at the same time) and MBAM found another Malware.Packer.Gen file on my portable hard drive, this time in the system restore folder. I cleaned it and ran Norton and MBAM again in safe mode and found nothing. Am I likely dealing with false positives or is something more sinister afoot here?

A:Repeated instances of Malware.Packer.Gen with MBAM

Oh, my portable hard drive is a SeaGate 500 gb, if that is relevant.

3 more replies
Answer Match 61.74%

Hey, Ive recently noticed that my computer has taken alot longer to boot up then usual, in addition to this, it seems like it has little mini freezes alot more often then it used to. Ive also noticed just a general slowness in opening programs and even just browsing through the web. So I was wondering if I had malware or a virus of sorts. After scanning my computer with Malwarebytes, it shows that two things were present, "Malware.Packer.Krunchy and PUP.Hacktool.Office.

Here are my logs:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_32
Run by Owner at 22:38:43 on 2012-06-24
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3956.1355 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:&#... Read more

A:Malware.Packer.Krunchy and general slowness

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/458253 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

15 more replies
Answer Match 60.9%

Hello - I've been having a problem with my windows XP service pack 3 system for almost a week now. It's been crashing constantly. First I was on a page that tried to get me to download some fake antivirus software - I closed firefox. Later that night I noticed that my hard drive was running continuously when I wasn't running any applications. Then the system crashed (twice) and I got an XP blue screen with the error message: DRIVER_IRQL_NOT_LESS_OR_EQUAL. This only came up twice. After that I tried running all of my antivirus/antimalware programs - AVG, Spybot SD, Malwarebytes. They kept coming up with nothing but Firefox always crashes after about 20 minutes (maximum), especially if I watch anything on Hulu. Finally I ran a panda active scan and it came up with 2 instances of something called "malware.packer" and supposedly cleaned them. The constant crashing continued. When this happens, the system hangs and I can't even ctrl/alt/del to close programs or restart, I have to do a hard restart. There doesn't seem to be anything funny in task manager.

I've run all of my scans in safemode, and most of the time they come up with nothing. ONE TIME malwarebytes came up with 2 instances of "malware.packer," and supposedly cleaned them, but this didn't fix anything.

I really don't think this is a hardware issue because I haven't added anything since the system was new and it has always been stable. Also, the onset of problems ... Read more

A:"malware.packer", constant crashes and other mysterious symptoms

Hello let's give 2 things a shot.MBAM is stronger in Normal mode so...Rerun MBAM (MalwareBytes) like this:Open MBAM in normal mode and click Update tab, select Check for Updates,when doneclick Scanner tab,select Quick scan and scan (normal mode).After scan click Remove Selected, Post new scan log and Reboot into normal mode.We Need to check for Rootkits with RootRepealDownload RootRepeal from the following location and save it to your desktop.Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorExtract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).Open on your desktop.Click the tab.Click the button.Check all seven boxes: Push OkCheck the box for your main system drive (Usually C:), and press Ok.Allow RootRepeal to run a scan of your system. This may take some time.Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

7 more replies
Answer Match 60.9%

hi my computer got infected on sept 26th, i ran many rootkit removal softwares, antivirus programs etc... but im not sure if its really cleaned.
 
The problem I am having is I am unable to interpret the results, i do continue to see items pop up on Rogue killer.
 
 
 
 
 
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 10.0.9200.16686  BrowserJavaVersion: 10.25.2
Run by nlam at 10:11:34 on 2013-10-02
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3242.239 [GMT -4:00]
.
AV: System Center 2012 Endpoint Protection *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: Trend Micro Client/Server Security Agent Antivirus *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: Trend Micro Client/Server Security Agent Anti-spyware *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: System Center 2012 Endpoint Protection *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Trend Micro Personal Firewall *Enabled* {50C2E989-60CF-0845-AFD3-290B7D301E79}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Program Files\IDT\WDM\STacSV.exe
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Windows\system32\conh... Read more

A:Trojan:Win32/Sirefef!cfg Zeroaccess and Malware.Packer.GPC maybe more.

Hello nickyl I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", ... Read more

20 more replies
Answer Match 60.9%

Ran a MBAM scan when I seemingly downloaded a dubious file. Result was a Malware.Packer.CV and Norton power eraser found a file in System 32 it was unable to delete.
 
The file it found was wqlhlnn.sys
 
Help is much appreciated at the earliest.
 
EDIT: I haven't launched the .exe file the malware was found in when it got detected.

A:Malware Packer and detection by Norton Power Eraser

Can you post the entire file location path?
 
Reason I ask is you can boot into safe mode and paste the entire file location into File Assassin it should delete it.
https://www.malwarebytes.org/fileassassin/

12 more replies
Answer Match 55.02%

Hello, I eagerly need your help. About two weeks ago i had limewire and mp3 rocket on my pc and was downloading movie for my son and got infected, and have been fighting ever since. I was infected with trojan.tracur, trojan.bho, and i saw something in the registry called MTA injector and it disappeared before i could delete it. This virus/spyware injects itself in processes and replicates itself. Even if i delete one file, it comes back, it alters my config settings, users, internet settings, my antivirus defintions, my firewall, and causes programs to shutdown on wont allow certain programs to load or update, it sends fake error messages too to make me stop what im running. Anyway i finally paid to have the pc cleaned and reformatted, but it seems like im still infected cause im seeing some of the same behavior and i ran malwarebytes antimalware and stopzilla and they both say im infected and quarantined the files, but it is still active. I dont know if i got reinfected when i installed the modem, printer, and router softwares back onto the pc or if its still in the memory or registry....please help me get to the root of this thing so i can have my computer back and not be worried about passwords and private info being stolen. thank you in advance. PLEASE HELP!!!!!!!!! Also i cant load a DDS log, my computer kept freezing and the scan did not finish in three minutes i waited 10-15 minutes three times. I have copied GMER and HIjackthis fi... Read more

A:hacker, packer,adware.bho, cognac, gen malware detectionNN,trojan tracur, trojan.bho

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

43 more replies
Answer Match 53.76%

I did better in terms of score on 293 one than 291, but I found it much harder. Wordings of questions are difficult like the rest, but the DNS and CA scenarios were very tough to figure out. Take your time on the questions. Make sure you know exactly what they are asking for and think it through. You will not pass unless you have experience with the product and have done a lot of prep work. Read the deployment guides for PKI and DNS before writing. Do not take it lightly. I used Microsoft training kit and ucertify product for preparing and i can say its good enough.
 

A:Don,t take it lightly.

Uhhh....
Huh??
 

2 more replies
Answer Match 52.5%

Hi all,

I have some questions about overclocking the i5, specifically a 2500k.

Firstly, i don't want to get a massive overclock, I'd like to keep my PC as quiet as possible.
Is there any point in adding just a few hundred mhz as it'll turbo upto 3.7 ghz anyway?

Will any overclock to the base frequency also add a corresponding increase to the turbo?

Is there any way to only increase the turbo limit but leave the base frquency at 3.3ghz?
 

A:Lightly OCing an i5. Is it worth it?

Most overclockers will just turn the turbo off, 3.7Ghz isn't much considering the 2500k can get to 4.5Ghz pretty easily.

If you are thinking of moderate OCing (or even if you're not OCing) then get a cheap aftermarket cooler, it will be quieter than the stock Intel cooler which is useless.
 

12 more replies
Answer Match 52.08%

Other than using View>Text Size, is there anything I can do that may cause the print to be darker? I know that my eyes are beginning to grow weaker but perhaps someone knows a trick for me to use or an answer. The light print seems to occur on most web pages and very bad on my ISP webmail account. My signature will tell you I am using WinXP Pro and SP2. If all pages were as clear and dark as the print I am seeing while typing this thread, I would not be asking for help. As always, TIA
 

A:Solved: Pages Appear To Be Too Lightly Printed

7 more replies
Answer Match 50.4%

Hello,

At my work, I use Now-Up-To-Date calender to keep my schedual. Different event types are color coded. Some are red, yellow, orange.

My printer (hp 4050) is a black and white printer. It has always printed all the different colors as solid black. I just reformatted my computer (XP-Pro) and reinstalled my NUTD calender, but when it prints, the yellow and orange entries are almost impossible to read.

Does anyone know what the setting is to get my printer to print it all the same shade black?
 

More replies
Answer Match 45.78%

I have a p4 3.0 asus p4p800 e deluxe i run windows xp pro... I ran Spysweeper System analyzer and i catch a MAL/Packer under viruses... How can i remove it? heres what HIJACK scansLogfile of Trend Micro HijackThis v2.0.2Scan saved at 11:30:35 PM, on 8/18/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\HPZipm12.exeC:\WINDOWS\system32\PnkBstrA.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Trend Micro\Internet Security\SfCtlCom.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Trend Micro\BM\TMBMSRV.exeC:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exeC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exeC:\Program Files ... Read more

A:Mal/packer

Hello dnmextremist and welcome at BleepingComputer,Sorry to have kept you waiting for so long, but the forums are really busy.Your log looks fine. If you still need help :1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Download RSIT by random/random and save it to your desktop.Double click on RSIT.exe to run it.Click Continue at the disclaimer screen.If it cannot locate TrendMicro's HijackThis, the tool will be downloaded, so please allow the download and accept the installation.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Greetings,Thunder

1 more replies
Answer Match 45.36%

sophos antivirus has detected a Mal/Packer and a Mal/Behav-056 and i cant delete them can any1 plz help ? the viruses arent doing anything that i have noticed but i dont know what it cud do in the future
 

A:I have a Mal/Packer which i cant delete

10 more replies
Answer Match 45.36%

I recently had CheckDisk malware, which I removed by deleting the registry keys and files that a website directed me to do (I have a number of websites in my history from my research and can't remember which one I finally acted on). At the same time, I started to get random Google redirects and audio ads playing from time to time. I deleted those registry keys and files as well, but, a few days later, the redirects have begun, if only intermittently. Obviously I missed something and would like some help figuring out how to clean my computer of this malware.

As instructed, I've attached the attach.txt and ark.txt logs. The DDS.txt log follows below.

Thanks so much!
DDS (Ver_10-11-10.01) - NTFSx86
Run by Owner at 12:51:11.03 on Tue 11/23/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.72 [GMT 0:00]

AV: Trend Micro AntiVirus *On-access scanning disabled* (Outdated) {7D2296BC-32CC-4519-917E-52E652474AF5}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Tr... Read more

A:Redirect malware after removing checkdisk malware

Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far. Upon completing the steps below another staff member will review your topic an do their best to resolve your issues. If you have already posted a DDS log, please do so again, as your situation may have changed. Use the 'Add Reply' and add the new log to this thread. Thanks and again sorry for the delay. We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scr DDS.pifDouble click on the DDS icon, allow it to run. A small box will open, with an explaination about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that... Read more

9 more replies
Answer Match 44.52%

hi,

I did a deep scan with bitdefender. it found the 5 viruses but could only list 3 and was not able to remove them. i cannot access the internet from that notebook any longer. the viruses are : Packer.FSG.A, Trojan.FatObFus.2.Generator and Divocodec.

I am at my wits end..... contacted Bitdefender sent them my log and they gonna get back to me in maybe 24 hours.

I apreciate any suggestions.

Thanks in advance

A:Bitdefender Finds Packer.fsg.a But Cannot Remove It

Try with Trojan Remover ?

4 more replies
Answer Match 44.52%

So I had been noticing that when I start up (login) my computer, the taskbar and desktop lags heavily for a good minute or so and sometimes froze. So I did a scan in safemode using Malewarebytes and found a Trojan.AutoIT.Gen and a Malware.Packer.Krunchy. After quarantining these two, my bootup runs must faster but it disabled Windows Desktop Manager (easily re-enabled). I am however, worried about what else it could have gotten to, so I'm posting HJT and DDS and computer info in hopes that someone might help me out.

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: AMD Phenom(tm) II X3 720 Processor, AMD64 Family 16 Model 4 Stepping 2
Processor Count: 3
RAM: 4094 Mb
Graphics Card: NVIDIA GeForce GTX 560, 1024 Mb
Hard Drives: C: Total - 953865 MB, Free - 460489 MB;
Motherboard: Gigabyte Technology Co., Ltd., GA-MA790X-UD4P
Antivirus: Panda Cloud Antivirus, Updated and Enabled

HJT LOG

Running processes:
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =... Read more

More replies
Answer Match 44.1%

It appears I have a boot sector virus. When I run Malwarebytes, I get the following results:

Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 6

Memory Processes Infected: x:\I386\System32\keybtray.exe (Malware.Packer.Gen) -> 1572 -> No action taken.

Memory Modules Infected: x:\I386\System32\wzcsvc.dll (Trojan.FakeAV) -> No action taken.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{3F4DACA4-160D-11D2-A8E9-00104B365C9F} (Malware.Packer.Gen) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{3F4DACA7-160D-11D2-A8E9-00104B365C9F} (Malware.Packer.Gen) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3F4DACA0-160D-11D2-A8E9-00104B365C9F} (Malware.Packer.Gen) -> No action taken.
HKEY_CLASSES_ROOT\VBScript.RegExp (Malware.Packer.Gen) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (PUM.Hijack.Help) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
x:\I386\System32\wzcsvc.dll (Trojan.FakeAV) -> No action taken.
x:\I386\System32\keybtray.exe (Malware.Packer.Gen) -> No action taken.
x:\I386... Read more

A:MawareBytes unable to remove Packer.Gen, Fake AV others

Maybe a wierd question but do you use keygens on your system ?

And can I see the whole log included the headers ?

Roelof

4 more replies
Answer Match 44.1%

My system is infected with some kind of malware that seems to be network aware or activated by the browser.  It runs numerous instances of the following processes; PresentationHost.exe, MSIExec, Cmd.exe, dllhost.exe, Ctfmon,exe, msdtc.exe, notepad.exe, softwarereportertool.exe and possibly others.  The browsers self open windows for ads and who knows what behind the main search window.  These popups also interfere with shutdown.  I have run nuerous virus scans.  Sophos detected Mal/Packer and stated it was cleared. Subsequent scans by Sophos and other programs detect nothing although the problem remains. I don't know if its revelant, but I noticed that these processes are mentioned in the feature control set of the registry.  Please assist.  Thanks.
 FRST.txt   39.2KB
  6 downloads
 Addition.txt   42.65KB
  3 downloadsScan result of Farbar Recovery Scan Tool (FRST) (x86) Version:20-12-2015Ran by Administrator (administrator) on YOUR-09DEDAFE33 (21-12-2015 17:10:06)Running from C:\Documents and Settings\Administrator\DesktopLoaded Profiles: Administrator (Available Profiles: 1 & Administrator)Platform: Microsoft Windows XP Service Pack 3 (X86) Language: English (United States)Internet Explorer Version 8 (Default browser: IE)Boot Mode: Safe Mode (with Networking)Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-... Read more

A:Mal/Packer Virus consumes cpu and opens popups

Greetings peaksmm and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.If you would allow me to call you by your first name I would prefer to do that.===================================================Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems... Read more

64 more replies
Answer Match 43.26%

This morning I got a trojan warning out of the blue, while browsing a webpage where local taxi companies were compiled. I am using Windows XP Service Pack 3, AVG antivirus and SpyBot Search and Destroy.

While AVG gave me the warning Spybot said that I needed to allow some system startup values I couldn't do anything however as Spybot froze and my computer started lagging a lot. I was forced to crtl-alt-del to end the spybot process and AVG wouldn't let me do anything else than Ignore the threat. I ran a full scan on AVG and in the end it said that the threats had been healed and asked me to do a system reboot. On startup however AVG still gave me the warning. Then I was able to remove 1 threat again. I'äm adding some pictures below. (Ignore the picture names... I panicked)

Also what happened is that suddenly all my rememberd passwords in facebook, my picture gallery and a couple of forums have been forgotten and I am logged off.

http://www2.picturepush.com/photo/a/2590130/1024/Myself/fun.bmp - location details
http://www4.picturepush.com/photo/a/2590272/1024/Myself/fun3.bmp - after startup

EDIT - Spybot is still bugging me about some startup registries, but I can't do anything since it freezes all the time. I might of managed to hit deny access once, but I couldn't check the remember decision box. I wasn't able to see the name of the registry since the box always goes grey-ish.

EDIT again - the startup entry spybot is bugging me about is C:... Read more

A:system32\drivers(dllcahce)\atapi.sys Trojan packer

7 more replies
Answer Match 43.26%

Yesterday, I installed some bad software, and began encountering blue screens with errors like "IRQ_NOT_LESS_THAN_OR_EQUAL" and "SYSTEM_SERVICE_EXCEPTION"I am pretty savvy, and do Help Desk assistance for my job, so I took this upon myself as a challenge. I started out by entering Safe Mode w/ Networking, updated Malwarebytes, and did a full scan on my drive. Once completed, I removed the items and restarted into Windows normally.I was still encountering the Blue Screens, so I decided that I needed to take this to the next level. I attempted to run DDS to see what was running, but every time DDS would nearly reach completion, it would blue screen. Next, I decided to run tdsskiller and it detected TDL4 rootkit was currently in use. Once removed and restarted, I no longer get blue screens, and no longer have any indications of an infection. I was finally able to run DDS and do not see anything that appears to be malicious, but I wanted to seek a second opinion and assistance with removing or viewing anything else that might have been missed or overlooked. I have included my MBAM log and DDS Log. -- DDS Log goes from here on -- UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH ITDDS (Ver_10-12-12.02)Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume1Install Date: 8/25/2009 1:29:42 PMSystem Uptime: 1/12/2011 7:49:16 AM (1 hours ago)Motherboard: ASUSTeK Computer INC. | | P5B-PremiumPro... Read more

A:Fake Alert / Packer / Downloader / TDL4 Assistance

Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for post... Read more

2 more replies
Answer Match 42.84%

my spy sweeper picked up these three viruses (MAL/PACKER, Troj/TDSS-N, and Mal/Autorun-A) they won't quarantine and i would really appreciate any help removing them, there's no affect on my machine that I've noticed but I figure that I'm better safe than sorry. Thank you in advance for any help... Here are my DDS log and attachment file:DDS (Ver_09-03-16.01) - NTFSx86 Run by Adam Markoutsis at 14:01:36.39 on Sun 03/29/2009Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.991.383 [GMT -5:00]AV: Spy Sweeper with AntiVirus *On-access scanning disabled* (Updated)============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\ehome\ehtray.exeC:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\HP\QuickPlay\QPService.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exeC:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exeC:\Program Files\Hp\HP Software Update ... Read more

A:MAL/PACKER, Troj/TDSS-N, and Mal/Autorun-A found by webroot spysweeper

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructio... Read more

2 more replies
Answer Match 42.42%

Hi,

If you need to make quickly UD Files , to all antivirus, sandbox and virtuals machines look this WebSite :

http://exestub.awardspace.com/

Thank you,

Have a good Day !
 

More replies
Answer Match 41.58%

This past Thursday I ran across a problem at a website, where some unwanted programs became part of my computer. In the taskbar, there was a red circle with a white X, which warned me of a problem and leading me to a website trying to trick me to downloading other bad programs. In an effort to fix the problem myself, and in hopes of providing the most timely information to you, I followed directions that were given to other folks with similar problems. I downloaded Combofix and the Windows XP Service Pack 2 program, turned off anti-spyware/anti-malware programs, and then dropped the Windows SP program into the Combofix program. As instructed, however, I have simply included the HijackThis log requested in this reply. The red symbol with white X is gone, but when I try to go to certain HijackThis forums via Google Search results, I am still redirected to other sites. Also, I still periodically get a Windows Security Alert stating: "To help protect your computer, Windows Firewall has detected activity of harmful software. Do you want to block this software from sending data over the Internet?Name: Trojan-Spy.Win32.KeyLogger.aaRisk Level: CriticalDescription: This Trojan has a keyboard logging function, which is intended to steal information from users of a range of on-line payment systems. . . [etc.]"So, it seems like there may still a problem. Please see the HijackThis log below. Thanks in advance for any advice you can provide.---------------------------------------... Read more

A:Need help removing malware.

Hello indigenouspupil,Apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so I can have a look at the current condition of your machine.Thanks and again sorry for the delay.A. Lets run RSIT. Download random's system information tool (RSIT) by random/random from here and save it to your desktop. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)B. Next, please run the Kaspersky Online ScannerIn Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon to open the browser and choose Run as Administrator. Click on SCAN NOW Click Accept. The program will then begin downloading the latest definition files. Once the files have been downloaded locate the Scan Settings and have it scan My Computer.
The scan will take a while, so be patient and let it finish.When the scan is done, in the Scan is complete window, any infection is displayed.There is no option to clean/disinfect, however, we need to analyze the information on the report.To obtain the report: Click on: Save Report As Next, in the Save as prompt, Save in area, select: Desktop. In the... Read more

2 more replies
Answer Match 41.58%

I am new to this website, and would like to ask for assistance in removing viruses/malware from my computer.

I am running Windows XP and using Explorer 6.0.

Please let me know if you can assist me.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:44:52 PM, on 11/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nv... Read more

A:Need help removing Malware

I guess that I need to post more information per the post guidelines of this forum.

Well, I can add that my computer is running super slow, and I get an error message in windows upon startup (can't remember it right now). I have used Norton AV and Vundo also consistently comes up as a virus in my system, although when I try to fix it, it asks me to unstall and reinstall NAV, so I think that is infected as well.

Can anyone please help me?
 

2 more replies
Answer Match 41.58%

The past few months my system has been acting funny. During gameplay, I'd get system lag spikes that would prevent me from doing anything. Everything seems much more sluggish and loads much more slowly... so far I've run CCleaner, Malwarebytes' and SuperAntiSpyware. No go.

Here's a log of Hijackthis, I'm not sure what to remove or if I need to remove anything. Anyone mind checking this out for me? I appreciate it! :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:08:20 PM, on 9/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Progr... Read more

A:Need help removing some malware :(

16 more replies
Answer Match 41.58%

Hello,

It all started when avast said that it detected the following:


Deckard's System Scanner v20071014.68
Run by Claudia Cueva on 2008-05-03 23:13:03
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as CC.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:14:56 PM, on 3/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Apps\CAMI EduSuite\LM\CAMI_LM.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Powe... Read more

A:Help removing VBS:Malware-gen

Log seems clean. If Kaspersky online scan also found nothing, you should be ok.

Is Avast still finding VBS:Malware-gen ? If so, where exactly? File name, full path, etc...

1 more replies
Answer Match 41.58%

Hi guys,



I am in trouble. Yesterday i downloaded a .exe file from a web-site and ran it after scanning with MSE (it didn't flag the file as dangerous)

As soon as i ran the file, the file got deleted itself and something suspicious happened (i think it downloaded something from the Internet or made some registry changes). After that my Security center and MSE got diasbled on its own. Now i am not able to start MSE and Security cen ter. My IE9 is also behaving strangely taking me to redirected sites sometimes on its own.



Here's is the report from VirusTotal of the file i downloaded :-

http://www.virustotal.com/file-scan/report.html?id=ea8482afd0faba0526580c3e288285e2fc9e3b5b41a521e47aaf315752492c26-1313242673



I ran MalwareBytes and Microsoft Safety scanner and Spybot but with no benefits. SpyBot detected some trojan registry entries which i deleted but problem still remains. Microsoft Safety scanner detected 1 threat which i removed but still no solution.

Also i downloaded G-Data trial version and installed it. Whenever i started IE9 it used to say run32.dll is showing suspicious behaviour and browser does have malware, but G-data didn't had a fix for it..Now i have uninstalled G-data



Please help me. I have not been able to use my PC since 2 days..



Thanks

Ankit

A:Help removing Malware from my PC

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform quick scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here.Be sure to restart the computer.The log c... Read more

1 more replies
Answer Match 41.58%

Hi all, i need a bit of help i beleive i have malware and or viruses on my pc here is my hijackthis log to get startedLogfile of Trend Micro HijackThis v2.0.2Scan saved at 5:26:47 PM, on 3/9/2010Platform: Windows Vista SP2 (WinNT 6.00.1906)MSIE: Internet Explorer v8.00 (8.00.6001.18882)Boot mode: NormalRunning processes:C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exeC:\Program Files (x86)\AVG\AVG9\avgtray.exeC:\Program Files (x86)\n52te\n52teHid.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exeC:\Program Files (x86)\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exeC:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explor... Read more

A:Help removing Malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

18 more replies
Answer Match 41.58%

Please help... some of my internet connections are being blocked (Mozilla, virus definition updates), I can't copy and paste files (paste option is greyed out when I right click), system is really slow to boot up. I've tried running all the virus checkers out there but this malware seems to prevent me from installing or running any online scans. Please see my HJT log below.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:15:06 PM, on 11/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protecti... Read more

A:Help removing Malware

Quote:




Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.





Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work: Please Read All Instructions Carefully
If you don't understand something, stop and ask! Don't keep going on.
Please do not run any other tools or scans whilst I am helping you
Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)
If you can do those few things, everything should go smoothly

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe
----------------------------------------------------------------------------------------

Please download DDS and save it to your desktop.Disable any script blocking protection
Double click dds.scr to run the tool.
When done, DDS.txt will open.
Click Yes at the next prompt for Optional Scan.
Save both reports to your desktop.
---------------------------------------------------

Please include the contents of the following in your next reply:

DDS.txt

Attach the following report to your post by clicking ... Read more

7 more replies
Answer Match 41.58%

here is the OTL log files they were too long so i attached them

A:malware removing

Hi again,Please go here and have a look how you can disable your security software.Download Combofix from any of the links below but rename it to before saving it to your desktop.Link 1Link 2--------------------------------------------------------------------Double click on the renamed Combofix.exe & follow the prompts.When finished, it will produce a report for you. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.This tool is not a toy and not for everyday use.ComboFix SHOULD NOT be used... Read more

17 more replies
Answer Match 41.58%

I am assuming malware after reading a bunch of posts. I have symptoms of pop ups with a debugger, which crashed my firefox so bad that I had to just remove firefox from computer. I am sure it came out of windows live messenger, as that is where the visual studio comes from. I also have been getting redirected on all google and search engine links.
I have norton antivirus full 360 version, it has detected nothing. I have used and cleaned with uniblue, but it has not found anyof this. my computer eventually after about 30-45 minutes freezes and I need to kill manually.

so.. I ran a hijack this and this is the file log. Please forgive me if I have not followed all procedures. I hope someone can help me,. thanks
( ps.. windows xp- now running IE8.. but want to reinstall my firefox)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:17:38 PM, on 6/13/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Program Files\Common Files\Real\Update_OB\realsc... Read more

A:need help removing malware

Hello and welcome to TSF.

HijackThis is no longer the preferred initial analysis tool in this forum.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

1 more replies
Answer Match 41.58%

Hi guys,

I am in trouble. Yesterday i downloaded a .exe file from a web-site and ran it after scanning with MSE (it didn't flag the file as dangerous)

As soon as i ran the file, the file got deleted itself and something suspicious happened (i think it downloaded something from the Internet or made some registry changes). After that my Security center and MSE got diasbled on its own. Now i am not able to start MSE and Security cen ter. My IE9 is also behaving strangely taking me to redirected sites sometimes on its own.

Here's is the report from VirusTotal of the file i downloaded :-

http://www.virustotal.com/file-scan/report.html?id=ea8482afd0faba0526580c3e288285e2fc9e3b5b41a521e47aaf315752492c26-1313242673

I ran MalwareBytes and Microsoft Safety scanner and Spybot but with no benefits. SpyBot detected some trojan registry entries which i deleted but problem still remains. Microsoft Safety scanner detected 1 threat which i removed but still no solution.

Also i downloaded G-Data trial version and installed it. Whenever i started IE9 it used to say run32.dll is showing suspicious behaviour and browser does have malware, but G-data didn't had a fix for it..Now i have uninstalled G-data

Please help me. I have not been able to use my PC since 2 days..

Logs are attached

Thanks

Ankit

A:Help removing Malware from my PC

Hello, and welcome to TSF.

I am currently reviewing your log. I will be back with a fix for your problem as soon as possible.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please be patient with me during this time.

3 more replies
Answer Match 41.58%

Hi all. I was definitely infected with Malware, as I was receiving the blue background saying "Warning:Spyware has infected your PC..." Also, I kept receiving the bubbles saying similar things. I tired to search online and couldn't even go to any sites that offered help because of something the malware was doing. Well, I went elsewhere and they walked me through some steps to take to clear up some of these problems. Right now, I don't have the blue background or the bubbles, but I'm not totally secure that things are fixed. I am hoping my posting my HJT log here, someone could tell me more.

Thanks,
Scott

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:39:48 PM, on 12/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\91c8f681-726d-4d5e-86f7-d32f8a175c43.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Document... Read more

More replies
Answer Match 41.58%

Hello, I'm trying to help my gf with her pc, she downloaded a bunch of things 2 weeks ago and some malware got into the pc. Some kind help would be appreciated.Edit: Moved topic from Windows 8 to the more appropriate forum. ~ Animal

A:Removing malware

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware (MBAM) to your desktop.NOTE. If you already have MBAM 2.0 installed scr... Read more

1 more replies
Answer Match 41.58%

A few months ago I had the trogent 32 virus with popups, I found the program "Wildtangent webdriver" on my computer and removed that program and the pops ups stopped. So I thought the virus was gone. Than a few weeks later my computer would start up to a black screen. I have a Hewlett packard computer so I did the recovery process and my computer started running fine. Than a couple weeks later it started taking 10 mins to start up the computer but nothing else was wrong. The other day I got an e-mail from my internet provider stating someone used my e-mail account to send out spam and that might be a sign of having a virus. So I followed your 5 First steps and did the active Scan and it found 3 spywares and 1 virus I attached the report, I also did the deckard system scanner and attached the extra.txt report and copied the main.txt report into this thread. If you could help me remove this virus and figure out why my computer takes 10 mins to start up I would appreciate the help.

Deckard's System Scanner v20071014.68
Run by HP_Administrator on 2008-02-17 12:07:34
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
67: 2008-02-17 18:08:29 UTC - RP85 - Deckard's System Scanner Restore Point
66: 2008-02-17 01:47:30 UTC - RP8... Read more

More replies
Answer Match 41.58%

I have a Dell Inspiron 1100 running WinXP which is infected with Trojan Virtuemonde,Rootkit.Agent, and probably more.
I can't post a HJT log because: I boot up, the screen finally appears with icons but before I can start a program, the icons disappear and only the background is there and nothing happens. Then the icons will reappear in 10 to 30 seconds and then disappear again. If I do get to click on an icon, the progran won't load and then it goes blank again. This process repeats continually.
I have tried a reinstall of XP, but it won't read the CD. Tried clicking on the icon for HijackThis and it wouldn't load.
I did get it to run Spy Doctor. It did identify the malware above, but would not remove it. Said there were 238 infections!

Is there any way to run a removal program using a flash drive or what approach should I take?

hgibbs
 

More replies
Answer Match 41.58%

Hi everyone,

Recently I have noticed that I have a virus which redirects searches to heavily advertised sites. Also, ads seem to pop up in the background once in awhile which cannot even be seen, just heard. I've pasted the necessary log below and attached the others. Any help would be appreciated, thank you very much!

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by bshneyde at 13:45:07.53 on Sat 04/23/2011
Internet Explorer: 8.0.6001.19048
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3060.1398 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalSer... Read more

A:Need help removing malware

Hi,

Please do the following

Refer to the ComboFix User's Guide
Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Place ComboFix.exe on your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
You can get help on disabling your protection programs here
Double click on ComboFix.exe & follow the prompts.
Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

---------------------------------------------------------------------------------------------
Ensure your AntiVirus and AntiSpyware applications are re-enabled.

---------------------------------------------------------------------------------------------

2 more replies
Answer Match 41.58%

Hello this is my first post so I apologize if I am posting in the wrong forum. I followed the directions by saving fixexe.reg and mbam to a cd from another comptuer and installed the programs in the infected computer. After installation I tried to run the program and scan for malware and a security warning says application cannot be executed. The file is infected and asks to activate the antivirus software. I cannot access any programs or files on my computer. I am at a loss. Any suggestions as to what to do know? Any help is greatly appreciated.

A:I need help removing malware

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

3 more replies
Answer Match 41.58%

Two months ago something installed on my computer, I don't remember downloading anything suspicious, that AVG started to detect several viruses every day. It no longer finds any viruses but then these four messages started to appear immediately afterwards every time I start the computer. I would appreciate any help to remove them, thanks!

RUNDLL
Error loading c:\windows\system 32\guzosayu.dll
The specified module could not be found.

\sokofosu.dll
\mezimigu.dll
\hoduvoto.dll

This is the hijackthis.log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:54:08 AM, on 7/28/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Logi... Read more

More replies
Answer Match 41.58%

Hello!

I have been infected by Antivirus System Pro....NASTY NASTY!! Before I found this forum, I have been following removal instructions offered by http://www.bleepingcomputer.com/viru...rus-system-pro. Here is what I have done so far:
- McAfee full scan (found nothing!)
- Manually deleted the offending file (knibsysguard.exe)
- Full scan with the MBAM software (it found and deleted trojans, etc.)
- Run McAfee Stinger program (found nothing)

My PC is running better but is still hosed in that it is extremely slow, I keep getting a BTTray error, my McAffee software keeps getting hijacked so that each time I power up I get messages that my computer is not fully protected and I have to "fix" the problem. I click on the fix button; it gets fixed and is good for a little while and then it happens all over again. Also, my wireless printer is sometimes recognized and when I can actully print something, the print goes into never neverland and may print sometime in the future just out of the blue.

I have followed your first steps instructions with one exception. When I double click on GMER.exe it runs automatically so I have saved the log from that run and included it. I have tried to run the scan as you instructed by unchecking the specific boxes and clicking scan. When I do this I get the blue screen of death! I've tried this twice...the first time the error was "kwlyqpow.sys Page_fault_In_NonPaged_Area" . The second error was "PFN_L... Read more

A:HELP with removing Malware

BUMP, please

10 more replies
Answer Match 41.58%

Hello,My laptop has been infected with malware for more than a month now. I have tried dozens of different programs and methods without success. My browser has been hijacked. When I do a search and click on the results, a new tab automatically opens and takes me to unrelated websites. Also, the search bar on yahoo looks distorted. The computer is constantly doing something in the background as it gets really warm and the fans are always on. Also, my USB cooler pad is not working anymore. I am unable to run Malwarebytes, or SpyBot, even in safe mode and even if I rename the files.Thanks for all of your help!Here is my RSIT and HJT report which I just ran:info.txt logfile of random's system information tool 1.06 2009-03-22 18:24:58======Uninstall list======-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL-->C:\WINDOWS\UNRecode.exe /UNINSTALL-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59... Read more

A:Need Help Removing Malware

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I may ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.Please download ComboFix from one of these locations:Link 1Link 2Link 3Important!You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Make sure that you save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow... Read more

30 more replies
Answer Match 41.58%

Hi. I was having a adware/malware issue that wasn't appearing to be malicious, just annoying. So I googled a few words related to the issue, browsed some forums, and ended up here. I was reading a thread that involved a guy having the exact same issue I had. He was given instructions by "Gringo" and I attempted to replicate these instructions. I ran ComboFix, and now am regretting doing so without simply posting my own thread first.

The adware issue was occaisionally getting redirected to ad sites as well as having this little in-browser pop-up on the bottom right hand corner of both IE and Firefox that would sometimes resemble an iPhone and would typically read "Recommended for You".

So I disabled AVG and ran combofix. Oddly, after temporarily disabling AVG, combofix claimed it was still active, but I ran it anyways... Bad choice maybe...

I haven't noticed the adware but the only site I've been to since running the program is this one so I have no idea if it remains. It wasn't constant, it only appeared 20% of the time and the redirects were rare. But now, all three of my browsers (IE, Firefox, and Chrome) as well as the simple my documents buton pinned on the taskbar say that they are tagged for deletion. I haven't tried any other programs... I only got here by finding iexplorer.exe (the 64bit version I think) manually and "running as administrator"...

I dun messed up, help?

Edit: I'm so frantic (this is finals week... Read more

A:I tried removing some malware on my own...

Hello and Welcome to Bleeping Computer!!Restart The Computer!!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking ba... Read more

22 more replies
Answer Match 41.58%

removed "white smoke" with malwarebytes anti-malware software but something is still wrong with my computer. it's slower than normal and the task bar keeps reformatting itself.computer began to behave strange with something running in the background. some formatting was changed; specifically the task bar. fake anti-virus warning windows were opened. malwarbytes' anti-malware flash scan was run resulting in over 800 infected files identified and removed. these files all had 'white smoke' included in the title. rebooted the computer. problems reoccured. ran a full scan with the anti-malware resulting in two more infected files identified and removed. these were 'trojan.fakealert' and 'malware.packer.gen'DDS (Ver_10-12-12.02) - NTFSx86 Run by Steve at 10:11:49.78 on Wed 01/12/2011Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1088 [GMT -6:00]AV: AVG Anti-Virus Business Edition *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\In... Read more

A:removing malware

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

16 more replies
Answer Match 41.58%

Hi,

I was somehow infected by malware that is restricting my use of wifi network. Whenever I try to connect to the internet using this feature I receive a message asking me to enter my comcast account number. I've called comcast and they insisted this isn't a feature of their system. I have another laptop that connects to the same network using wifi without any programs. Every broswer I try to use forces me to the comcast activation screen asking for the account number. I am able to connect to the internet using a wired connection and don't receive the message. I have noticed that I see a pitch fork on my wifi indicator window now. I've tried searching for a virus or malware that causes this with no luck. I have reformated my computer and the problem still exists. Help please!
DDS (Ver_10-11-03.01) - NTFS_AMD64
Run by IMXELITE at 17:14:47.97 on Wed 11/03/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4094.2830 [GMT -4:00]
============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Window... Read more

A:Need help removing Malware

Can you please close this topic I figured out the issue. It was a problem at the ISP level and it has been corrected.

2 more replies
Answer Match 41.58%

Hi,

I am having trouble with a popup in the newest Firefox browser. The popup is from a site called "sagipsul" and opens every time I go to a new website on the browser. Can someone please take a look at the HJT and tell me what I can do?? I have already run Ad-aware as well as Malwarebytes, but can't get rid it.

Thank you for your time.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:39, on 2008-12-28
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD\DVDLaunch... Read more

A:Please help removing malware

Hello and Welcome.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

1 more replies
Answer Match 41.58%

Problem:
Starting a few days ago, i believe my laptop has been infected with malware. every time i open internet explorer, another IE page comes up with some advertisement (sometimes related to a page i open). It also happens every time i go to another page on IE (say from yahoo to google, an IE ad page will pop up). The only time this doesn't work is when i use firefox, but i don't like using it much and also can't get youtube to work on it.

Log:
Logfile of random's system information tool 1.04 (written by random/random)
Run by USER at 2008-11-06 21:07:14
Microsoft Windows XP Professional Service Pack 2
System drive C: has 17 GB (66%) free of 26 GB
Total RAM: 2038 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:07:32 PM, on 11/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
C:\Program Files\Viewpoint\Common\ViewpointService.ex... Read more

A:Removing Malware

Bump please

11 more replies
Answer Match 41.58%

a bunch of irritating popups trying to get me to buy antivirus stuff..etc.
somebody Please help:
------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 3:51:10 PM, on 9/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\mnmsrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft S... Read more

A:Need help removing malware

Combined

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Next, please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

A text file will appear onscreen, with results from the c... Read more

3 more replies
Answer Match 41.58%

After my first (and very last!) time downloading some files from utorrentz on July 8th, I've experienced several problems. When booting up my Windows XP (Service Pack 3) I get the message, "Invalid Boot INI File. Booting from C:\Windows\." When trying to open my Quicken 2007, I get a message saying there is a problem and I should reinstal the software. The Quicken QDATA.qdf file seems to still be the right place (C:\Documents and Settings\John\My Documents\Quicken) but the software doesn't find it. When openning my Photoshop Elements 4.0, it won't find the catalog file. The My Catolog.psa file is still in the same place (C:\Program Files\Adobe\Photoshop Elements 4.0\shared_assets\database\odbc) but there are also odd looking files with a July 9th date in there -- My Catalog-undo.psa and My Catalog-undo.DataSourceName. The User Account photos of myself and my wife were replaced with the default Windows chess pieces.

Below I've pasted the DDS.txt file and attached the Attach.zip file.

DDS (Ver_09-06-26.01) - NTFSx86
Run by John at 11:59:25.96 on Sun 07/12/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1280 [GMT -4:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\windows\system32\svchost -k DcomLaun... Read more

A:Need Help Removing Malware?

BUMP, please.

1 more replies
Answer Match 41.58%

Hi, I have tried to remove all the malware that is on my computer. I have used Malwarebytes, spybot search and destroy and spysweeper. All programs were up todate on as the most recent release and the definitions were also up todate. All programs found viruses and malwares and removed them. My system currently says that no viruses or malwares are present, but I still can't view certain webpages like microsoft.com, trendmicro.com etc.. I also can't do any windows updates. Please help me to remove the malware that is still present, thank you for your time!!DDS.txt------------DDS (Ver_09-10-26.01) - NTFSx86 Run by Bran at 12:26:21.98 on Thu 10/29/2009Internet Explorer: 6.0.2900.5512Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.444 [GMT -8:00]AV: Webroot AntiVirus with AntiSpyware *On-access scanning disabled* (Outdated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}============== Running Processes ===============C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\CDBurnerXP\NMSAccessU.exeC:\Prog... Read more

A:help removing malware please

Hello,We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up.My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if youwould let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Then please post back here with the following: log.txt info.txtThanks

2 more replies
Answer Match 41.58%

Hello,

I am trying to clean a friend's computer which has several stubborn iritating programs hiding all over the system and in the registry.The computer is running Windows 7 and I am dealing with the infamous BearShare, iMesh and Frostwire programs. I did the standard remove programs in the add/remove programs manager, and BearShare still insists on remaining listed there. I ran a McAfee Antivirus scan, also used Malwarebytes and they both come saying the system is clean. This cannot be true because Internet searching on both Firefox and IE are continuing to be randomly redirected to crap sites. Based on some other research around the web, I went into the registry and searched and removed instances where I actually saw the words BearShare, iMesh, Frostwire. Unfortunately, I am sure there are remaining entries in the registry. Additionally, while searching around in there, I saw Limewire Ask.com toolbar (AskInstallerChecker and AskPartnerBrandingTool), MusicFrost and Freeze.com (I believe to be associated with FrostWire) and something called ShoptoWin (I'm thinking these can't be good either), but I didn't mess with everything. Like I said, I did the registry search and removed instances where I saw the actual words BearShare, iMesh and Frostwire. If this was a wrong move I can always do a system restore and put everything back. Thanks for any assistance and here's the log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:20:49 AM, on 1/19/2011
... Read more

A:Removing Malware

Please disregard this post. I am receiving assistance with this on another site. Thanks.

2 more replies
Answer Match 41.58%

I need help removing some malware that my spyware removal programs don't seem to be able to get rid of. Here is my hijackthis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:48:58 AM, on 8/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Sprint music manager\MEMonitor.exe
C:\Program Files\ALLTEL DSL Check-up Center\bin\mpbtn.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Google\Commo... Read more

A:help removing malware

update: I have downloaded AVG antivirus and ran a new hijackthis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:54:39 PM, on 8/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Sprint music manager\MEMonitor.exe
C:\Program Files\ALLTEL DSL Check-up Center\bin\mpbtn.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Google... Read more

3 more replies
Answer Match 41.58%

hi, i was wondering if anyone could help me with my computer. i was referred to this web site by my father but i am very unfamiliar with how it works. my computer takes forever to boot up and some times it operates quite slow once it has booted up. in many applications that require sound, the sound is choppy and really strange for brief moments. my computer didn't used to behave like this, so i was wondering if someone could walk me through what i have to do to remove any malware that may be causing my computer to behave so slow at times. any help would be greatly appreciated, thanks.
 

A:removing malware from my cpu

10 more replies
Answer Match 41.58%

Hi,

Random ad links are opening with Google search results / random website links in Chrome and Firefox.

Have tried various antivirus / malware tools with no success..

Attached are my FRST.txt and Additional.txt files, unsure what I need to change in my FRST.txt before I should run a fix.
thanks
Mark
 

A:Help removing Malware

Hello,

Is this work/business machine?
 

1 more replies
Answer Match 41.58%

I am having various problems with my computer and i know that i have a couple of different malware issues.

I ran Malwarebytes yesterday and it found and SAID it remove Trojan.Fake Alert. I don't think it found everything though, because i'm still having a lot of problems.

1. When I try to open the internet, Windows Installer pops up. If i cancel it, it comes back, if i end it with the task manager, It freezes the internet and then closes it.

2. Before i did the scan with Malwarebytes yesterday, it was running REALLY slow, but then after it speeded up a little bit, but now it's slower than ever.

3. Also, there are still processes that i don't recognize running and my cpu usage is at a constant 100%

Here is my Hijack log. I would greatly appreciate some help. Thanks!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:07:45 AM, on 6/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\K... Read more

A:Need Help Removing Malware

Hiya

Are you still having this problem? If so, can you post the contents of the log file for MBAM that you have already run.

Plus, do the following:

Download and scan with SUPERAntiSpyware Free for Home Users
Double-

click SUPERAntiSpyware.exe and use the default settings for installation.
An icon will be created on your desktop. Double-click that icon to launch the program.
If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates".

(If you encounter any problems while downloading the updates, manually download and unzip them from

here.)
Under "Configuration and Preferences", click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before

scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining.

Click the "Close" button to leave the control center screen.
Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
On the left, make sure you check C:\Fixed Drive.
On the right, under "Complete Scan", choose Perform Complete Scan.
Click "Next" to start the scan. Please be patient while it scans your computer.
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
Make sure everything has a c... Read more

1 more replies
Answer Match 41.58%

I was using u torrent for downloading and have removed it and all of the downloads associated with it. When i try to run my antivirus it runs for
two seconds and then says trojan and then the screen goes dark and i have to restart the computer which takes a long time to start up again. I'm running windows xp(sorry don't know what version i'm very new at computers) and have tried running in safe mode with my antivirus but it finds no problems. I have problems with surfing the net where almost every site that i try to visit is replaced by an ad or another search engine site. Here is the info that you guys need to tell me what to do to fix this problem. Thanks


DDS (Ver_09-05-14.01) - NTFSx86
Run by admin at 2:34:55.07 on Mon 06/22/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1007.581 [GMT -7:00]

AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

============== Running Processes ===============

F:\WINDOWS\system32\svchost -k DcomLaunch
F:\WINDOWS\system32\svchost -k rpcss
F:\WINDOWS\System32\svchost.exe -k netsvcs
F:\WINDOWS\system32\svchost.exe -k NetworkService
F:\WINDOWS\system32\svchost.exe -k LocalService
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
F:\WINDOWS\system32\svchost.exe -k LocalService
F:\Program Files\McAfee\Common Framework\... Read more

A:help with removing malware pop ups

Please visit this webpage for download links, and instructions for running combofix:

http://www.bleepingcomputer.com/comb...o-use-combofix

Note: Please rename combofix.exe to cfix.exe

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

1 more replies
Answer Match 41.58%

I have run Malwarebytes and CC Cleaner and cannot get this off my computer. Its Rogue. Antimalware Doctor . I have windows xp on ths computer and here is my log from malwarebytes. I don't know what else to do any help please????

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4155

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

3/26/2011 1:12:09 PM
mbam-log-2011-03-26 (13-12-09).txt

Scan type: Full scan (C:\|E:\|)
Objects scanned: 151863
Time elapsed: 31 minute(s), 47 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
C:\WINDOWS\Temp\Managee.exe (Trojan.Agent) -> Unloaded process successfully.
C:\Documents and Settings\Tammy\Local Settings\Temp\wvnn5bk4h.exe (Malware.Packer) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi... Read more

A:Need help removing malware

Hello and welcome. We need to do 2 things to get this off. 1. First run RKill2. Update and rerun MBAM.. yours is old.RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
If nothing happens or if the tool does not run, please let me know in your next replyDo not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.Rerun MBAM (MalwareBytes) like this:Open MBAM in normal mode and click Update tab, select Check for Updates,when doneclick Scanner tab,select Quick scan and scan (normal mode).After scan click Remove Selected, Post new scan log and Reboot into normal mode.Please ask any needed questions,post logs and Let us know how the P... Read more

3 more replies
Answer Match 41.58%

I keep getting popups when I search, programs not loading correctly, and my computer constantly freezes. I ran avg and malwarebytes but they did not solve it. It will not allow adaware, microsoft onecare safety scanner, or windows update to run. Please help me! Here are the logs I got when I ran the programs.

hijackthis.log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:24:20 AM, on 10/6/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
E:\Sync\FreeAgentService.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli... Read more

More replies
Answer Match 41.58%

hi, I have issues with the windows - no disc error. I already asked for help for that and got it. They said windows resurections wasn't clean. So i came here for help removing it

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:24:23 PM, on 4/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\zHotkey.exe
C:\Program Files\Common Files\AOL\1155139980\ee\AOLSoftware.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDe... Read more

A:need help removing malware

need help!
 

1 more replies
Answer Match 41.58%

Hello everyone, new to the forums, I would like help removing this annoying virus/malware.
 
It is the isearch fantastic games malware, I got it today, I tried many things and it doesnt seem to go away.
 
Things I have tried : 
 
AVG 2013 Free Edition [ Does not find anything at all ]
Malware Bytes Pro Version [ Found something, got it cleaned up, but it doesn't get rid of it]
Spyware Search and Destroy[ They do not find isearch or fantastic games]
 
Before posting I used the search function here and found 2 topics on this same malware, and I did follow the instructions there but it is still there, I tried everything in the following topic :http://www.bleepingcomputer.com/forums/t/488064/how-do-i-remove-isearchfantastigamescom465-browser-redirect-virus/
 
I tried going into the regedit and deleted 2 registries but still, everytime I open Chrome it is still there, IE i dont use it but its there too, the only one I was able to get it off is Firefox.
 
I would like to know,what else can I try to get rid of this annoying virus, any help is greatly appreciated and If more information is needed I will greatly provide it, I am sorry for being vague and not detailed enough but after 4 hours of trying to get rid of it I just want to post this so I can get the help I need to get rid of this virus. But if more info is needed to remove it, I will gladly provide it.
 
Thank you again for the help.
 
Mod Edit: Moved from MRLogs forum to Aii...no... Read more

A:Help Removing Malware!

Security Check
§  Download Security Check from here or here and save it to your Desktop.
§  Double-click on SecurityCheck.exe
§  Follow the on-screen instructions.
§  A Notepad document should open automatically called checkup.txt.
§  Please post the content of that document.
 
Farbar Service Scanner               
§  Download Farbar Service Scanner.
§  Run it on the computer.
§  Make sure the following options are checked:
o    Internet Services
o    Windows Firewall
o    System Restore
o    Security Center/Action Center
o    Windows Update
o    Windows Defender
o    Other Services
§  Press "Scan".
§  It will create a log (FSS.txt) in the same directory where you run the tool.
§  Please copy and paste the log to your reply.
 
MiniToolBox
§  Download MiniToolBox
§  Run it on the computer.
§  Checkmark following boxes:
§  Report IE Proxy Settings
§  Report FF Proxy Settings
§  List content of Hosts
§  List IP configuratio... Read more

6 more replies
Answer Match 41.58%

What exactly is wrong:
None of my anti spyware programs are being allowed to access the internet. My computer randomly shuts down without any prompt before it occurs...I'm at a lost. I've done everything requested in y'alls post. I'm just unable to get my thread posted in the correct message board. I would love to resolve this issue. Can y'all help? I would be in your debt!




DDS (Ver_09-02-01.01) - NTFSx86 MINIMAL
Run by Matt at 9:34:57.96 on Thu 02/12/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.959.694 [GMT -5:00]

AV: Norton Internet Security 2006 *On-access scanning enabled* (Outdated)
FW: Norton Internet Worm Protection *disabled*
FW: Norton Internet Security 2006 *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Matt\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchAssistan... Read more

A:Help removing Malware?

I know I should have waited for a tecnical response but I was kinda of in a bind, so I read a similar post from another person. I ran combo fix, I'm attaching the log from running it.

I accept full responsibility, I just need a little more help from here, because I still think I may have some more stuff on my PC. Thanks.

Matt

1 more replies
Answer Match 41.58%

I've been infected with URL Malware. Every time I open my browser, Avast notifies me that malware has been blocked. Every time I visit a page, Avast notifies me again. Please help, I'm not too good with computers so I don't know how to remove it >.<
 

A:Need help removing URL Malware

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the Report button and the report will open in Notepad.IMPORTANTIf you click the Clean button all items listed in the report will be removed.If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Check off the element(s) you wish to keep.Click on the Clean button follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).===I need to see the FRST.TXT log that was created when you executed the Farbar tool.Please post the content on you next reply for my review.

9 more replies
Answer Match 41.58%

HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:30:50 PM, on 4/22/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iex... Read more

A:Need help removing malware. Thanks.

Hi, Welcome to TSG!!
Run HJT again, Run as Administrator, and put a check in the following:

O1 - Hosts: ::1 localhost
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\SCHNEI~1\AppData\Local\Temp\urqNHWqP.dll,c
O4 - HKCU\..\Run: [609bdb1f] rundll32.exe "C:\Users\SCHNEI~1\AppData\Local\Temp\tawahugt.dll",b
O4 - HKCU\..\Run: [BM63a8e883] Rundll32.exe "C:\Users\SCHNEI~1\AppData\Local\Temp\tgqlsqcy.dll",s

Close all applications and browser windows before you click "fix checked".

Please download Malwarebytes Anti-Malware from Here or Here
Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform Quick Scan, then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy the entire report and paste it in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK... Read more

3 more replies
Answer Match 41.58%

This one is a doozy. It makes Firefox crash everytime I try to run it, and it either makes IE freeze up or pop-up then shut down immediately. Furthermore, it completely debilitated my SuperAntiSpyware program as well. The only way I am able to access the Internet now is because I am using Opera.

I tried a system restore, but it said that there was a disk error.


DDS (Ver_09-03-16.01) - NTFSx86
Run by Alex at 13:02:52.66 on Mon 05/04/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_12
Microsoft? Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2045.1050 [GMT -4:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicens... Read more

A:Need help removing malware

Hello and Welcome to TSF.

We need to see all 3 logs in order to help you.

------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new thread, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

------------------------------------------------------

1 more replies
Answer Match 41.58%

Hi
I think my computer might be infected with malware. I have extremely long files in my system32 folder that begin with BMXBkpCtrlState, BMXCtrlState, BMXState, BMXStateBkp, DVCState, DVCStateBkp and they all have a lot of 0's in their file names. I've tried deleting them but they keep coming back.

There's also a folder called autorec in C:\Windows\ and another folder inside that with the name [email protected] (my computer name and user name). The autorec is hidden and comes back after a while if I delete it.

Another suspicious thing is that on my firewall (I have Sysgate 5.6), I have incoming packets and outgoing packets all the time. I tried blocking them but some of them get through anyway.

Here's a pic:
http://members.optusnet.com.au/~mjarin/firewall.jpg

My svchost.exe and my Ntosknrl.exe uses my internet even though I'm not actively doing anything too. Also the Ntosknrl.exe pretty much change everytime I restart the computer, my firewall says this:

http://members.optusnet.com.au/~mjarin/nt.jpg

(I'm on a cable connection btw)

I tried scanning for viruses and spyware with avast! Antivirus and SuperAntiSpyware, but nothing comes up except a few tracking cookies!

Can someone plz help?
 

A:Need help removing one or more Malware

here's my Hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:05:13 PM, on 20/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\windows\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\windows\system32\ctfmon.exe
C:\windows\system32\spoolsv.exe
C:\windows\system32\shadow\ShadowService.exe
C:\windows\system32\wuauclt.exe
C:\Documents and Settings\Samaj\Desktop\HiJackThis.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emailcash.com.au/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.... Read more

3 more replies
Answer Match 41.58%

Good day.
I am trying to remove suspected malware from my computer.
Following the suggestion of a friend, I downloaded, installed, & ran ComboFix this evening, and the program created a log.

What should I do next?

More replies
Answer Match 41.58%

Disabled malware in Startup, however, when attempting to delete the from the registry, the files cannot be found as per the location in StartUp

Assistance appreciated

A:Removing malware

Download and install malwarebytes anti malware:

Malwarebytes

Run the full scan, and then upload the log.

Tom

11 more replies
Answer Match 41.58%

Hi!A PAV malware got installed on my computer yesterday. I already did a full scan with Norton and Malwarebytes Anti-Malware 1.37 and eliminate a few harmful files.I just ran HijackThis. Could someone please help me analyzing the resulting log below? I'd like to make sure all harmful files have been removed.Thanks so much!--------------------Running processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\HP\HP Software Update\hpwuSchd2.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Windows\System32\igfxpers.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Windows\ehome\ehtray.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exeC:\Windows\ehome\ehmsas.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explore... Read more

A:Help Removing PAV Malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 41.58%

How to remove Sue Mockridge PDF malware.
 

More replies
Answer Match 41.58%

Hi everyone.

I need your help removing some maleware.

Just this week I started getting the following symptoms:

-----------------------------------------------------------------

- Buffer Overrun Detected with the Microsoft C++

- Pop up message appears saying "microsoft visual c++ runtime library. Buffer overrun detected"

- DOS window that says c:\windows\system32\command.com

- Window that says 16 bit MS-DOS Subsystem - c:\windows\system32\command.com... also with the following...c\program~1\symantec\s32evnt1.dll. An instable virtual device driver failed dll initialization. Choose 'close' to terminate the application.

-----------------------------------------------------------------

I ran Spybot, Adware, Malewarebytes. Adware and Malewarebytes shows no issues. But Spybot can't seem to get rid of Virtumonde.dll. I've ran this 3 times and even after Spybot says it fixed the issue, it keeps showing up again.

-----------------------------------------------------------------

Here's a HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:18:15 AM, on 4/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\Expl... Read more

A:Need help removing malware...

Please... Any help would be appreciated.
 

1 more replies
Answer Match 41.58%

Hello!

So, recently I've encountered a problem with my laptop... Ever since I started it this morning, I kept on receiving Email Error Pop-Ups from Norton, and I suspected something to be wrong. After long hours of researching what to do, I ended up on the Norton Community Forum.

Before you read this, I'd like to advise you to read my thread at the Norton Community about my problem:
http://community.norton.com/t5/Norton-Internet-Security-Norton/Norton-Email-Error-Pop-ups-Won-t-Stop/m-p/889897#M228955
This contains more of a detailed report with what happened to me.

So I ran MalwareBytes Anti-Malware, and when it was completed, I had 12 hazardous objects... (http://imageshack.us/a/img194/3421/emailerror4.png). I then proceeded to restart my computer (as requested by my MalwareBytes Anti-Malware program), and after that I deleted all 12 of those objects.

Along with this I was given a log file from the MalwareBytes Anti-Malware scan (check it out at my thread at the Norton Community, its one my second post as an attachment, I really think it might help you identify a solution if you read it...). The log told me that some Trojan files were left behind... That's what I wanted help with here (what do I do with them).

Here is the DDS.txt file from the DDS Tool:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.7.2
Run by Joseph at 18:53:37 on 2013-01-12
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3... Read more

A:Need help Removing Malware

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top o... Read more

16 more replies
Answer Match 41.58%

Im not sure how, but I have a couple of viruses on my cpu. When I run Registry Mechanic and SuperAntispyware, they pick up the viruses and delete them. Later on when I run it again, there are more that are picked up and deleted. Can anyone help me.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:01: VIRUS ALERT!, on 10/8/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\TBPanel.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\WINDOWS\Twain_32\Samsung\CLX3170\Scan2Pc.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Documents and Settings\moe money\Local Settings\Application... Read more

A:Need help removing malware...

Hello and welcome to TSF
Download RSIT by random/random and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

===========
Logs Required
log.txt
info.txt

If there is no response to this post within 72hrs, this thread will be closed.

16 more replies
Answer Match 41.58%

well i oso having this problem...
adware doesnt cure it..i dunno y...

here is my hijack log...can someone help me...see which 1 shouldnt be there..thanks a lot

Logfile of HijackThis v1.97.7
Scan saved at 4:12:36 PM, on 6/29/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Efficient Networks\SpeedStream DSL\SPDSTRM.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\program files\altnet\points manager\points manager.exe
E:\Program Files\ICQLite\ICQLite.exe
C:\WINDOWS\system32\javaes.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
E:\PROGRA~1\Altnet\DOWNLO~1\ASM.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\mfcvw.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\applications\hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\eddjm.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://eddjm.dll/index.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://eddjm.dll/index.html#9667... Read more

A:Need Help Removing Malware

Do not run any scans or re-boot your machine yet!

Please download this tool called About Buster from:
http://www.atribune.org/downloads/AboutBuster.zip
Created by RubberDucky
Unzip it to your desktop but don't run it yet.

Now start Hijackthis and tick the boxes next to these items:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\eddjm.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://eddjm.dll/index.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://eddjm.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\eddjm.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://eddjm.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\eddjm.dll/sp.html#96676
O2 - BHO: (no name) - {13C08856-1AE8-AF1C-4339-768E4CAE67AE} - C:\WINDOWS\system32\mfcds.dll
O4 - HKLM\..\Run: [Microsoft Update] sscbqls.exe
O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [xkvqmbzfmgmu] C:\WINDOWS\System32\egggig.exe
O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
O4 - HKLM\..\Run: [javaes.exe] C:\WINDOWS\system32\javaes.exe
O4 ... Read more

2 more replies
Answer Match 41.58%

Can someone please tell me how to do the following? I am following the instructions but it doesn't tell me how to do the following "23.We now need to delete the C:\Windows\System32\Drivers\etc\HOSTS file." I don't know how to delete this. I am at the command prompt, but cant change directories to get to what it looks like, it stops at"\etc\"

A:Removing Malware

See if this is easierTo reset the hosts file automatically,go HERE click the button. Then just follow the promots in the Fix it wizard.ORClick Run in the File Download dialog box or save MicrosoftFixit50267.msi to your Desktop and double-click on it to run. Then just follow the promots in the Fix it wizard.

2 more replies
Answer Match 41.58%

Hi,

I have a Dell XPS M1210 running Windows XP Media Center Edition. Lately AVG has discovered these threat's on my computer:

Virus Name: Trojan horse Vundo.lY
Path To File: C:\Windows\System32\tdlcmd.dll

Virus Name: Win 32/Cryptor
Path To File: C:\windows\system32\config\systemprofile\local settings\temporary internet files\content.IE5\9L0VY9DZ\load-full[1].exe

also found these two viruses in the documents and settings\owner\application data folder:
Virus Name: Trojan horse Generic_c.TSW
Virus Name: Trojan horse Generic_c.TS

For now I left these files in virus vault hoping that I could seek some professional help before deleting any files.
 

A:Can Someone Please Help Me Removing This Malware?!?!

Please don't create multiple posts for the same problem.

Continue here:

http://forums.techguy.org/malware-r...82548-need-help-removing-system32-tdlcmd.html
 

1 more replies
Answer Match 41.58%

haha... I have the same results no matter what I use to "remove the hijacker virus or whatever it is" it still seems to be on my computer... I have uninstalled stuff I probably shouldn't have, also reverted back to previous dates and  my computer is a 2010 or 11 I can't recall just know it isn't very old to be having these sort of problems... I get a message that says the browser settings are trying to be changed (I am trying to change them to what I want) but it will let me do so until I start my computer up again... and it's right back to where it was before I changed it... ugh... I have used RKill and Rogue Killer, advanced system care 6 and 7 all IOBIT programs, and now I have an icon on my desktop that has my folders instead of my computer showing my folders... it's ridiculous to have to go through so many steps and still have problems...

A:Need Help Removing Malware

Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.* Double-click mbam-setup.exe and follow the prompts to install the program.* At the end, be sure a checkmark is placed next to Update Malwarebytes' Ant... Read more

1 more replies
Answer Match 41.58%

Hi, I've recently found out about Malware and found out that my comp is littered with it, I've tried using Adware but the malware stuff seems to always come back. I went on google and found a forum that directed me here, they told me to post the log of Hijackthis and you guys could help. I also get this home search thing, and I can't change the settings in the internet options. I would greatly appericate it if you guys could help me. Thanks!
Logfile of HijackThis v1.97.7
Scan saved at 2:37:15 AM, on 6/19/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\iecd.exe
C:\WINDOWS\ntig32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Advanced Browser\browser.exe
C:\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://thesearchmall.com/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\dnuub.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://dnuub.dll/index.htm... Read more

A:Need Help Removing Malware

16 more replies