Tech Problem Aggregator

Infected with Protection System Malware

Q: Infected with Protection System Malware

I was surfing the internet and all of a sudden this protection system prompt popped up. I thought it was a legitimate windows prompt and thus clicked on it. It seems to have installed itself into my computer and has shut off my legitimate anti virus software. The Protection System program slows down my computer and it sometimes makes my screen go black and pops up with a prompt asking me to download more anti virus software. Sometimes it gets really bad with the pop ups and it doesn't allow me to do anything. I tried to download malwarebytes in order to solve this problem. I installed it successfully however, the protection system doesn't allow me to run malwarebytes. Same goes for my McAfee AV. Both are installed and neither one is allowed to run. Hope you guys can help with this problem. Thanks

A: Infected with Protection System Malware

We have a self-help area for removing common malware. Please see the tutorial How to remove Protection SystemWhen done, click the Logs tab and copy/paste the contents of the new report in your next reply.Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

3 more replies
Answer Match 77.28%

Hi, all. First, thank you for everything you do. I've come to this site a couple of times over the years and everyone has been incredibly helpful. I really appreciate it.

Now I come once again with a malware issue. I thought Spyware Doctor had gotten rid of all of Protection System, but it seems there are still residual traces wreaking havoc. I can hear different programs clicking on & off in the background, but nothing shows up in task manager. Spyware Doctor is finding a new Trojan or spyware about once an hour. Firefox Google Search doesn't seem to work and when I go to Google directly, I'm sometimes redirected to a different site & another Google tab opens up. When I reboot, I get half a dozen of memory errors.

I ran DDS, but GMER just would not run at all. I can download the zip file, but the program itself just won't initiate an install. I have the same issue with MalwareBytes--it seems something is preventing these programs from loading.

If you have any insight as to what is going on, I'd appreciate any sage advice you have to offer. Thank you.

DDS.txt:


DDS (Ver_09-06-26.01) - NTFSx86
Run by Brigid Fitch at 19:22:51.92 on Mon 07/13/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.313 [GMT -4:00]

AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: Protection System *On-access sc... Read more

A:Infected with Protection System malware

hi.

Let run your gmer in a different way. Follow the instructions below;

If you have the gmer.exe now, delete it please.

Redownload GMER from here:
http://www.gmer.net/files.php

Unzip it to the desktop.

---------------------------------
Open Notepad and copy/paste the contents in the code box below, into Notepad.

Code:
@copy /y gmer.exe gamer.exe
@Start gamer.exe -protect
Save this as kyrie.bat Choose to "Save type as - All Files"

It should look like this:

Place the batch next to gmer & double click kyrie.bat to launch it.

--------------------------------------------------------------------------

When the program opens and click on the Rootkit tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for 'Show All'.
Click on Scan.
Once done click on the [Save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop.
Attach that ARK.txt in your next reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Mark

19 more replies
Answer Match 68.04%

Thanks in advance to the BleepingComputer users for helping me and others with this malware/virus problem: On December 14, 2011, the System Fix Virus & Privacy Protection Virus hijacked and infected my system: WinXP (64-bit). They've caused my default web browser to change frequently (each time I reboot my PC). So I've been having trouble getting rid of all of this malware/viruses from my system, since I use Windows XP x64. The latest version(s) of ComboFix and TDSSKiller don't work on the 64-bit version of Windows XP, but they are compatible with other versions of Windows: 98, XP, VISTA, 2000, 2003, 2008 and Windows 7! The following programs were made for other operating systems, so I need a solution to these 3 problems (listed below)e: ComboFix.exe and TDSSKiller.exe are not compatible with my Windows XP 64-bit system. So how do I get rid of the malware/viruses from this computer without those apps that were made to get rid of the following problems on other Windows OS's?:1. System Fix Virus (reference: http://www.bleepingcomputer.com/forums/topic432547.html)2. Privacy Protection Virus (reference: http://www.bleepingcomputer.com/forums/topic432664.html)3. Google-Redirect Malware (reference: http://www.bleepingcomputer.com/forums/topic416561.html)

A:Infected WinXP 64-bit with "System Fix Virus" & "Privacy Protection Virus" (Malware)

That is coorect they will not.. If you need to remove malware stiil then please go here....Preparation Guide ,do steps 6 - 9.Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.If Gmer won't run,skip it and move on.Include a link back to this topic.Let me know if that went well.

1 more replies
Answer Match 62.16%

I have a Dell Dimension 8200 with XP, SP2 with AVG, A-Squared, Spybot Avast, Kapersky and Comodo with DSL connection. I noticed my computer it was unusually slow lately even with only (1) program running. I realized part of the problem is that I only have 256MB of RAM which I'm upgrading but I thought perhaps I might have infected with a virus or malware. So I posted my problem to http://groups.google.com/group/microsoft.p...5f61e71c36c6947after going through a series of steps to identify the problem suggested by one of the membersI now suspect that I'm infected with the following:O3 - Toolbar: (no name) - {a2595f37-48d0-46a1-9b51-478591a97764} - (no file) "ProtectionBar, rogue 'security software', related to the notorious PS_Guard/SpywareQuake/WinAntivirus foistware and detected as a variant of the FakeAle aka Zlob or Puper trojan." Here is my Hijackthis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:50:40 AM, on 1/15/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC... Read more

A:Infected With 'protection Bar' Malware

The problem has been resolved using SUPERAntispware.

2 more replies
Answer Match 62.16%

Hi all,

My PC is is/was infected by "Best Malware Protection". I've run Malwarebytes Anti malware and Combofix which seems to gotten rid of the annoying pop-ups - and to all intents and purposes has fixed the problem. I manually removed via HiJackthis's delete on reboot feature the hosts file that was permanently locked.

However when I now run Combofix it still tells me that a real time scanner is active - and tells me it is called Best Malware protection - asks me to disable this before continuing.

I cant seem to disable and am hoping someone can explain what i need to do to remove/disable. Besides this, computer seems to be running fine again.

Thanks everyone,
Mark

A:Infected by Best Malware protection

Sorry - neglected to say am running XP Service Pack 3
Mark

4 more replies
Answer Match 61.74%

Hi there, yesterday my pc caught a bug, possibly several. It appears to be infected with x2 pieces of spyware, namely Security Sphere 2012 and AV Protection online. I have followed your very comprehensive instructions in how to remove but no matter what i do, these infections will not allow me to run any anti virus software from either malwarebytes, spybot, kapersky or avg. I have tried using tdss root killer and although it identifies x2 threats it asks me to reboot and when i do, we return to the normal fake security scan screens exactly as detailed in your forum as well as google redirects and slow running. The only small success i have had is using your rkill exe which stops the flashing screens and enables me to use the internet. I do hope you can help, i hate troubling you and can normally sort these things our myself with your instructions. Please find attached the requested .txt logs, the GMER exe will not run for me, it terminates as soon as i open it! Thanks in advance, Richard.

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Richard Deane at 14:26:55 on 2011-10-23
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3292.2656 [GMT 1:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\747063... Read more

A:infected with Av Protection Online malware

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

3 more replies
Answer Match 61.74%

Hi , i just got infected with malware protection 2008. Please help me get rid of it, following is my DSS logDeckard's System Scanner v20071014.68Run by acer on 2008-06-08 20:38:11Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 2 Restore Point(s) --2: 2008-06-09 00:38:20 UTC - RP5 - Deckard's System Scanner Restore Point1: 2008-06-09 00:08:14 UTC - RP4 - System CheckpointBacked up registry hives.Performed disk cleanup.-- HijackThis (run as acer.exe) ------------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 20:41:18, on 6/8/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\WINDOWS\system32\PnkBstrA.exeC:\WINDOWS\system32\svchost.exeC:\WIND... Read more

A:Infected With Malware Protection 2008

Hello Sukrit01 and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is complete... Read more

7 more replies
Answer Match 61.74%

I have been infected by the "Software Protection" malware.

When I login, I get that popup and I cannot kick off any other program.

I went into "SafeMode with Networking" to run DSS, however the program just gets stuck and does not popup any log files (the dos screen does come up and it does run with the hashes but no log files are produced), which is why I did not post any DSS logs. I also went into "SafeMode" and same thing happened.

I was however able to run GMER and log file is posted.

A:Infected by "Software Protection" malware

Welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please download OTL from... Read more

32 more replies
Answer Match 61.74%

My computer was infected with Personal Protection malware and it could not be completely removed by my anti-malware software, CA California Associates Security Suite. The technician at CA informed me that a root kit was on my machine and advised me to run ComboFix after he noticed some entries in the GMER log with filenames including the characters atapi...for example atapi.sys. He said he could not run the third party software combofix for me, so I followed the instructions and ran it. While running combofix it stated that a root kit was detected and then rebooted my machine and continued the scan. I have attached the resulting log.txt file. I then ran GMER again and did not appear to have the atapi files anymore, but was informed in a pop up window "WARNING!!! GMER has found system modifications caused by ROOTKIT activity. The combofix instructions stated that I should post the logs at one of these forums.I then proceeded to follow the instructions, Preparation Guide For Use Before Using Malware removal Tools and Requesting Help, although I already ran combofix as advised by the CA technician. I would like someone to look at the logs I created after running combofix and let me know what else needs to be done to clean this computer. Thank you very muchDDS (Ver_10-03-17.01) - NTFSx86 Run by The Love's at 14:54:38.20 on Sat 07/03/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Professional 5.1.2600.3.1252.1.... Read more

A:Was? Infected with Personal Protection malware

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you let... Read more

10 more replies
Answer Match 61.74%

Running Win XP Home Edition Version 2002 SP3. Something called STOPzilla was saying DrgToDsk.exe is infected with W32/Blaster.worm. Was able to remove STOPzilla, as well as the Roxio programs, including Drag to Disk. Updated logs attached and dss.txt pasted below were run after removing these programs via Control Panel Add/Remove Programs. Now there is something called Spyware Protection that is claiming multiple infections. Note updated gmer run did not find anything so ark.txt is empty.


.
DDS (Ver_2011-08-26.01) - NTFSx86 MINIMAL
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Run by Administrator at 20:57:10 on 2011-09-04
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1793 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080430
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc7... Read more

A:Malware - infected with Spyware Protection

Hi tamaru, was there any reason you ran our tools in Safe Mode? If you're able, please re-run DDS in Normal Mode and repost DDS.txt.

GMER will usually produce a log, even if no malware is found. Please try running GMER again using the following instructions, if you get a blank ark.txt again please let me know and we will try a different scanner.

Download GMER Rootkit Scanner from here and Save it to your Desktop. Double-click gmer.exe to run it. If asked to allow gmer.sys driver to load, please consent.
First, gmer will run a short, initial scan.
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.



Click the image to enlarge it


In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and attach it to your next reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

------------------------------------------------------

19 more replies
Answer Match 61.74%

Hello All,

Yesterday I my laptop got infected with the Security Protection Malware.

I attempted to follow the uninstall guide posted by Grinler with no luck.

My issue is that nothing seems to work.

Rkill, TDSSkiller and any anti-malware/anti-viral software I have tried will not scan, will not open, or will shut down once it starts scanning.

After the initial part where it was trying to get me to purchase the fake software, that has not reoccured, however I have been getting a couple of redirects and there is an odd process running in task manager. (2643737432:2814667618.exe) that I cannot terminate.

Any help would be appreciated.

Thanks,

A:I think Im infected.... Security Protection Malware but cannot get rid of it

With the information you have provided I believe you will need help from the malware removal team. Please make sure that you read the information about getting started first.Then start a new thread HERE and include or required logs.Including a link to this thread will be helpful. Good luck and be patient. Help is on the way!

3 more replies
Answer Match 60.9%

Any time i am on the computer, i keep getting pop-ups saying that i have been infected with 25 viruses. most of the time it says the trojan virus. it also tells me that it is infecting my contacts on my email. it would not let me get on the internet at first. it said the http. is invalid. my zone alarm was asking me to accept or deny lots of addresses as the pop-ups were occuring, i just kept on denying them access. i talked to people on livechat with zonealarm and that is how i got to start this. i was told that malware protection is not good for the computer. they told me this is how i can remove it and the viruses. thanks!
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Jillian at 16:25:50.82 on Fri 03/25/2011
Internet Explorer: 8.0.6001.19019
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.2036.887 [GMT -5:00]
.
AV: ZoneAlarm Antivirus *Enabled/Updated* {E9467272-859A-F159-FA9E-55E7E32D7A25}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Anti-Spyware *Enabled/Updated* {52279396-A3A0-FED7-C02E-6E9598AA3098}
FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\... Read more

A:infected with trojan viruses from malware protection

Hello and welcome. Please follow these guidelines while we work on your PC:Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean! Please do not run any scans or install/uninstall any applications without being directed to do so.Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed. Download Combofix from either of the links below, and save it to your desktop. Link 1Link 2**Note: It is important that it is saved directly to your desktop**--------------------------------------------------------------------IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link--------------------------------------------------------------------Double click on ComboFix.exe & follow the prompts. If you have trouble, stop and post back. Do not try to repeatedly run comboFix!When finished, it will produce a report for you..Please include the following in your next post:ComboFix log

30 more replies
Answer Match 60.9%

I picked up the "Personal Protection" malware program two days ago.I used Malware Byte to remove the problem, but since then my computer has been running very very slowly, particularly on startup (it takes about 15 min. to boot up) and when shifting tasks such as starting a new program, or shifting from one program to another.

Any help would be much appreciated.

Steve

A:Infected with "Personal Protection" malware/Ransom where

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/427149 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

21 more replies
Answer Match 60.9%

Started having trouble booting system and had to use the XP cd. However, now it will start normally without the cd.Was getting popup windows that appeard to be the Data Protection malware that you show. Ran AVG and was able to clean some files. It identifies atapi.sys as infected, but won't clean because it is "whitelisted". Have run Malwarebytes, and it has identified malware, but when you click "Show Results", the program terminates. Also have been unable to start in Safe Mode. Performed steps in your Preparation Guide. Ran Defogger & DDS. Tried to run GMER twice, but both times the system locked up when it completed. Message said rootkit discovered, but I couldn't save ark.txt file. Don't know if it means anything, but I saw several references to "PRAGMAinixrxerci".I have used your website for before to solve problems, but have never had one serious enough to use the forum. I would appreciate any help you can offer.Thanks.DDS (Ver_10-03-17.01) - NTFSx86 Run by Doug at 11:27:53.45 on Thu 05/20/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.186 [GMT -4:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}AV: McAfee VirusScan *On-access scanning enabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}============== Running Processes =========... Read more

A:Data Protection malware - atapi.sys infected?

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens. Somethings to remember while we are working together.1.Please do not run any other tool untill instructed to do so!2.Please reply to this thread, do not start another!3.Please tell me about any problems that have occurred during the fix.4.Please tell me of any other symptoms you may be having as these can help also.5.Please try as much as possible not to run anything while executing a fix.If you follow these instructions, everything should go smoothly.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Gmer is the best but can be hard to get a log lets try this and see what we get.Scan With RKUnHookerPlease Download Rootkit Unhooker Save it to your desktop.Now double-click on RKUnhookerLE.exe to run it.Click the Report tab, then click Scan.Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.Wait till the scanner has finished and then click File, Save Report.Save the report somewhere where you can find it. Click Close.Copy the entire contents of the report and paste it in a reply here.Gringo

9 more replies
Answer Match 60.9%

My computer was infected with malware protection malware bundled with google redirects. I followed the removal guide and was able to remove malware protection using Malwarebytes in safe mode with networking. However I couldn't remove google redirecting malware. TDSSKiller.exe, which I changed the name, won't run when I double click it. One day later, the malware protection came back again.

Thank you very much!
.
DDS (Ver_2011-06-01.06) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Run by AUS17 at 12:31:56 on 2011-06-01
Microsoft Windows XP Professional 5.1.2600.3.936.86.1033.18.2046.1336 [GMT -4:00]
.
AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\ArcSoft ... Read more

A:Infected with google redirects and malware protection

Hello dawnriver and welcome to BC.

Sorry about the delay, do you still need help?

18 more replies
Answer Match 60.9%

I believe I have been infected with XP Antivirus Protection virus/spyware/malware.

I have downloaded and ran HijackThis and here is my log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:38:17 PM, on 3/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\RioMSC.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Intel\Intel Applicat... Read more

A:Infected with XMP Antivirus Protection malware/spyware - Help please

11 more replies
Answer Match 60.48%

Pretty much any form of antivirus/antispyware programs that are installed have stopped working (IE: malwarebytes, spybot, HiJack This, and Panda) and wheni click some of them it says, "Application cannot be executed. The file is infected. The file is infected. Please activate your antivirus software."

Task manager also does not seem to work and gives the above error message. I also get some popups related to Protection System.

The DDS program/logger didn't work and also gave the above error; however, I was able to get a RootRepeal log and have attached it.

Thanks for your time.

A:very bad "Protection System" Malware

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.Please download and run Win32kDiag: Download Win32kDiag from any of the following locations and save it to your Desktop. Download Win32kDiag (Win32kDiag.exe) - #1 Download Win32kDiag (Win32kDiag.exe) - #2 Download Win32kDiag (Win32kDiag.exe) - #3 Double-click Win32kDiag.exe to run Win32kDiag and let it finish. When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program. Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.Download and run a batch file (peek.bat): Download peek.bat from the download link below and save it to your Desktop.Download peek.bat Double-click peek.bat to run it.A black Command Prompt window will appear shortly: the program is running. Once it is finished, copy and paste the entire contents of the Log.txt file it creates as a reply to this post.==========Please post the following logs in your next reply:* Win32kDiag.txt* Log.txt

27 more replies
Answer Match 60.48%

I have this annoying system protection malware and also maybe, I don't know for sure one that keeps redirecting me everywhere else. I have already used 3 different programs spybot and windows malware remover. I also used combofix and I already have the Log ready. I'm pretty technical savy so I hope that helps you. ComboFix 11-07-17.03 - jessie 07/17/2011 15:20:48.1.2 - x86Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3317.2098 [GMT -7:00]Running from: c:\users\jessie\Desktop\ComboFix.exeSP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\programdata\defender.exe..((((((((((((((((((((((((( Files Created from 2011-06-17 to 2011-07-17 )))))))))))))))))))))))))))))))..2011-07-17 22:50 . 2011-07-17 22:52 -------- d-----w- c:\users\jessie\AppData\Local\temp2011-07-17 22:50 . 2011-07-17 22:50 -------- d-----w- c:\users\Default\AppData\Local\temp2011-07-17 22:50 . 2011-07-17 22:50 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp2011-07-17 22:16 . 2011-07-17 22:16 -------- d-----w- c:\windows\system32\MpEngineStore2011-07-16 20:50 . 2011-06-20 15:57 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates&#... Read more

A:Malware system protection one

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

3 more replies
Answer Match 60.48%

Here is my log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:44:04 PM, on 6/30/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exec:\Program Files\Common Files\Symantec Shared\ccProxy.exec:\Program Files\Common Files\Symantec Shared\ccSetMgr.exec:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exec:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\HPZipm12.exec:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\ehome\ehtray.exeC:\Program Files\Java\jre1.5.0\bin\jusched.exeC:\windows\system\hps... Read more

A:Protection System Malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 60.48%

Hi,

Our laptop running xp was infected with the "smart anti-malware protection" virus. I tried to restart in safe mode, but am not able to start in any of the safe modes. The screen will briefly go blue, then go back to "acer" startup. This makes a constant loop, never actully booting up This computer does have a recovery console installed from a previous infection, but I do not know enough to use it. Any help would be appreciated.

A:Infected with Smart Anti-Malware Protection, now not able to boot

Hi,

how did you try to start into safe mode? Did you do so through MSConfig or by selecting safe mode in the advanced boot menu on boot?

regards myrti

16 more replies
Answer Match 60.06%

I have a many pop ups that say Security Center Alert Do you want to block suspicious software? Name: Virus.Win32.Hala.a, Net-Worm.Win32.Mytob.t; Protection System Network Security Alert, Network attack rejected!, and continuous pop ups asking me to activate Protection System antivirus software. The pop ups start whenever I turn my computer on. I do not even open a browser. Here is my DSS.txt log
DDS (Ver_09-07-30.01) - NTFSx86
Run by abc at 18:04:05.71 on Thu 08/27/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.225 [GMT -7:00]

AV: Protection System *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\Iexplore.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Java\jre6\bin&... Read more

A:Infected w/ Protection System and I can't get rid of it

Hi, waxeddental Welcome.Please read and follow all these instructions very carefully. Please download Malwarebytes' Anti-Malware from Here.Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.=====================================================================Please download ComboFix from Here or Here to your Desktop.**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**If you are using Firef... Read more

20 more replies
Answer Match 60.06%

I have been on your site all day trying various ways to remove Protection System. Is there anyone who can help?! It's driving me crazy!!

A:Infected With "Protection System"

Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The... Read more

1 more replies
Answer Match 60.06%

Hello-
I am trying to fix a friends' laptop that appears to have been infected with Protection System malware. PC Info: Dell Vostro 1500, Windows XP Home, SP2.

At the moment, I cannot seem to get the laptop to access the internet, whether itís because of the virus or because it is not set up to access my cable modem. I have left it disconnected from our network to avoid any cross infections with my good pc. Can I download programs to a USB stick using the good pc, and transfer them to the sick pcís desktop- if you donít see a problem with this method, then Iíd prefer to continue using it.

When I try to install Malware Bytes from the .exe on the desktop, the install procedure seems to begin, then disappears completely from view, and doesnít even appear in Task Manager.

HijackThis seems to install ok from the desktop, but when I try to run the program, I can see it begin to list programs, but the after less than 2 seconds it, too closes and disappears.

Other issues: Restarting/Shut Down gets stuck and I have to hold down the power button to shut off.

Would greatly appreciate any help you can give.
 

More replies
Answer Match 60.06%

Hello Experts,I have win 7 and installed Microsoft Security Essential (MSE) with latest updates. System Progressive Protection (Malware) showed up and hijacked my computer. My windows firewall is ON. I am wondering, how does this malware come into my system and changed folders/registry. How did MSE allow to make such changes? As I googled, there are suggestion to install additional antivirus software. Is it necessary to go in that direction? Thanks in advance.

A:System Progressive Protection - Malware

Welcome RIMD... Please follow our guide System Progressive Protection Removal Guide Post the log and tell us how it isThe log is automatically saved and can be viewed by clicking the Logs tab.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.

1 more replies
Answer Match 60.06%

I think my laptop is infected by the System progressive protection malware. Whenever I turn on the laptop, window will hange at the booting stage without reaching to the desktop page.

To reach to the desktop page successfully, I need to boot window in safe mode and select start window normally option. Once window is at the desktop page, program name "system progressive protection" will do the scanning automatically and listed out several infected files on my laptop. All the programs that I try to execute are prohibited by this malware.

I am very grateful for your help to solve this problem. I have done the HijackThis, DDS, and GMER scanning. Please see below log files. Thank you.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:06:49 PM, on 12/28/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\Explorer.exe
C:\Windows\system32\ctfmon.exe
C:\Users\... Read more

A:System Progressive Protection malware

16 more replies
Answer Match 59.64%

hi,am looking for some help with removing something nasty which has infected my lap top.After downloading a file my computer came up with the digital protection screens stating my computer was being hacked and offering a removal program at discounr etc.i went through the malwarebytes removal method but this doesnt appear to have worked.my antivirus is AVG 9 and that show it is supposedly protecting my computer as it has all boxes ticked as working. Once i switch my computer on i'm met with a screen for windows defender saying it needs switching on but i think this may well have been part of the malware. in the icon bar at the bottom the red shields appear with messages about infections however the grammer and spelling is poor on these leading me to believe again its malware.I've also had the porn shortcut icons appear on my desktop as well.i'd be very grateful for any hep with this problem. DDS (Ver_10-03-17.01) - NTFSx86 Run by Administrator at 16:33:15.12 on 29/04/2010Internet Explorer: 8.0.6001.18904Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.44.1033.18.2037.845 [GMT 1:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}AV: Digital Protection *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== ... Read more

A:infected with malware/trojan/virus prob (Digital protection?)

Hello and welcome to Bleeping Computer. *Please Subscribe to this Thread to get immediate notification of replies. See HERE*It is important not to make any further changes or run any other tools/updates unless instructed to. This may hinder the cleaning process of your machine.*Please be patient, all Bleeping Computer helpers are volunteers and have lives outside this forum.*You must reply within 5 days otherwise this topic will be closed.+++++++++++++++++++++One or more of the identified infections is a Rootkit/backdoor trojan.This allows hackers to remotely control your computer, steal critical system information and download and execute files.I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:How Do I Handle Possible Identify Theft, Internet Fraud and CC Fra... Read more

24 more replies
Answer Match 59.64%

I am infected with what I believe to be is the Protection System virus/malware. It looks almost identical to Windows Security Center and I get about 3 or 4 different "alerts" from it wanting me to enable protection or install now. It also put a few porn icons on my desktop and will install itself on its own every once in awhile after I delete it. When it installs it tries to delete all my antivirus software. So I tried deleting it and running McAfee last night but neither worked so I ended up doing a system recovery (I think the virus deleted, or blocked, my restore points as well as the partitioned space on my hard drive for restores/recovery but I was able to perform it from the start up screen with F10) but I still have the darn thing on my computer.

It has taken me all day to find out info on this thing because it also blocks any programs or websites that have anything to do with getting rid of it. It even blocks it in safe mode. But finally thanks to a guide I read on this site I was able to run Malwarebytes by changing the name in its program files folder.

I ran a quick scan in safe mode and thought I had gotten rid of it since it found and quarantined 22 items but after the restart it was still there. Then nothing shows up when I run a full scan.

*Edit* I ran a full scan in safe mode and it found 22 items again but the same thing happened, I deleted/quarantined them then the protection system was still there after the restart.

I am getting very sick of... Read more

A:Infected with ~~~Protection System~~~ Windows XP MCE

Update* I ended up wiping my hard drive clean and re-installing Windows. That was a nasty virus and was really stressing me out having that thing on there. Sorry for taking things into my own hands after I requested help on here and thanks to anyone who viewed this thread.

2 more replies
Answer Match 59.64%

Hello,

This is the first time I have experienced anything like this. I am lost!!

System:

Microsoft Windows XP -Media Center Edition
Version 2002
Service Pack 3

Dell Inspirion l6400 (supposed to be E1505)
Genuine Intel® CPU
T2300 @ 1.66 GHz (this is all very suspect to me)
1.66 GHz, 504 MB of RAM

Have McAfee AV running, constantly updating. I also allow Windows to download updates and then I choose when to install them.
I was current at the time of this event.
Symptoms:

Started with a click on link on a Myspace page.
Computer "locked up"
Upon hard boot, after displaying Windows Starting Screen, Screen went black
Pop up window: "services.exe - Bad Image" followed by: "The application or DLL C:\WINDOWS\System32\rukohayo.dll is not a valid Windows image. Please check this against your installation diskette."
clicking the "x" in the upper right brings up another; "lsass.exe - Bad Image"

This continues for ~35 windows all with different ".exe" names but the same message.

After clicking through the first 2 I get t the Windows Logon Screen - I close 2 more then I can enter my password
Then after 30+ more my desktop appears.

Attempted:
Run McAfee scan: stopped after short run and will no longer launch
downloaded Hijackthis.exe: ran the Scan and Save Log : appeared to run log file disappears - can no longer run
downloaded Malwarebytes.exe: wouldn't run
Went to Add Rem... Read more

A:I believe my laptop is infected - Protection System?

Install RootRepealClick here - Official Rootrepeal Site, and download RootRepeal.zip. I recommend downloading to your desktop. Fatdcuk at Malwarebytes posted a comprehensive tutorial - Self Help guide can be found here if needed.: Malwarebytes Removal and Self Help Guides.Click RootRepeal.exe to open the scanner. Click the Report tab, now click on Scan. A Window will open asking what to include in the scan. Check the following items: DriversProcessesSSDTStealth ObjectsHidden ServicesClick OKScan your C Drive (Or your current system drive) and click OK. The scan will begin. This my take a moment, so please be patient. When the scan completes, click Save Report. Name the log RootRepeal.txt and save it to your Documents folder - (Default folder). Paste the log into your next reply.Please note: If Rootrepeal fails to run, try this step: Click Settings - Options. Set the Disk Access slider to High

5 more replies
Answer Match 59.64%

my computer was infected by Rogue "System Progressive Protection"
but it was protected by my NOD32 antivirus.
therefore some of it left on my computer eg. it's icon and some file without extension
on my C:\Documents and Settings\All Users\Application Data\(random number)

i am not sure that my computer is slower than before or not!!

i attached hijack this log file along with my post..
please help me to check is my computer still in good condition or not??...
Many thanks in advance
===============================================================================
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:22:37, on 3/11/2555
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Lenovo\Bluetooth Software\... Read more

A:infected with System Progressive Protection

Hi jackoff

I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible.

White Warrior

6 more replies
Answer Match 59.64%

Well, I use avast, it detected it and deleted it, but..... I just saw that each time I type google.com in IE, Firefox the there is a message that says

ATTENTION!
Your PC is Infected!
You can loose all your Secure data from bank details to
e-mail or social network password:

Please activate System Protection 2012 to
REMOVE Infection from your PC.

So I thought it was internet explorer, but my firefox was the same, it looks like someone has changed the view of my google.com, but when I type Google, it works fine.

When I open the internet explorer or firefox and see the source of the page it says this.

<table width="100%" height="750" border="0">
<tr>
<td width="100%" align="center" valign="middle">
<div class="main"><div class="main2"><div class="main3">
<div class="top">Items Detected</div>
<div class="header"><img src="images/logo.jpg" class="logo" />ATTENTION!</div>
<div class="fcontent">Your PC is Infected!</div>
<div class="content">
You can loose all your Secure data from bank details to <br />
e-mail or social network password:
<br />
<br />
Please activate <font color="#FF0000">System Protection 2012</font> to<br />
REMOVE Infection from you... Read more

A:Infected with System Protection 2012

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and
Quote:




Having problems with spyware and pop-ups? First Steps




a link at the top of each page.

Please follow our pre-posting process outlined below. Use a USB flash drive to download and transfer the tools to the affected machine, if necessary. You might like to run the Flash_Disinfector.exe on the clean machine and the flash drive first to protect against any possible transfer of infection via USB.


NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

1 more replies
Answer Match 59.64%

My husband's computer is once again infected. We know it's definitely got the fake 'virus' programs Protection System and Antivirus Pro, but there may be more. I have tried using the removal guides for both of the above, however we can't get MalwareBytes to run. After a lot of praying, we were able to run the DDS program, however I've only been able to run the Rootkit Reveal in SafeMode, so I'm not sure if the results will be valid.

Any help will be appreciated if it will keep my husband from throwing his laptop out the window.

Here are the logs:

-----------------------------------

DDS (Ver_09-07-30.01) - NTFSx86
Run by Ray at 20:44:07.39 on Wed 08/19/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.593 [GMT -4:00]

AV: Protection System *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS&#... Read more

A:Infected - Antivirus Pro & Protection System

Hi, lexibelle Welcome.Please download the Win32kDiag.exe tool from any of the following locations and save it to your desktop:http://rootrepeal.psikotick.com/Win32kDiag.exehttp://download.bleepingcomputer.com/rootr.../Win32kDiag.exehttp://ad13.geekstogo.com/Win32kDiag.exeOnce downloaded, double-click on the program and let it finish. When it states Finished! Press any key to exit..., you can press any key on your keyboard to close the program. On your desktop should now be a file called Win32kDiag.txt.. Post its contents in a reply,

8 more replies
Answer Match 59.22%

Hi, all. First, thank you for everything you do. I've come to this site a couple of times over the years and your advice has been incredibly helpful. I really appreciate it.
Now I have my own problem with a malware issue. My computer has become disabled. It boots to the desktop, but I cannot access anything with my mouse, and when I place the cursor in the taskbar, the hourglass icon appears. Sometimes the Protection System window would appear trying to tell me about some fake virus problems and to do an install.
I was able to delete any mention of Protection System from the registry through safe mode with command prompt, then regedit. That removed the Protection System screen from startup, but I still can't run any scans to send to you for review. Nothing works! I have to unplug the machine to turn it off!
Is there any other way to access scan programs to get this fixed?
I am running Windows XP with I believe Service Pack 3.

A:Protection System malware wreaking havoc

Bump, please!

Please help! I am still having trouble with this nasty malware one week later.

1 more replies
Answer Match 59.22%

Laptop just got hit with this. Window opens stating its Malware Protection and starts running a scan, when I try to run or do anything else I get a pop up window saying app cant start infected with W32/Blaster.worm please activate malware protection. Also shows a sheild in the tray. Help me please.

More replies
Answer Match 59.22%

Hey All,

I have the System Progressive protection Malware Issue.

I have shut down the main portion of this malware and I'm just waiting on the additional cleanup.

Thanks,
Cnon

A:I have the System Progressive protection Malware Issue

I'm clean now, would it be ok the link the guide I used?

Cnon

8 more replies
Answer Match 59.22%

It showed up on my computer as 3 programs - Error Cleaner/Privacy Protector/Spyware & Malware Protection - which have caused a full screen program (as shown in picture - appears to turn my desktop red but is closable by finding the x in the corner) and popups warning me my computer is at risk and that I should download their antivirus/spyware/malware products. I have tried using BitDefender, AVG, Stinger, Ad-Aware, Norton, Spyware Doctor and Spybot Search & Destroy. At times a scan has seemingly gotten rid of the problem but on restart of the computer the problem returns (or sometimes on the second restart). Please help me get rid of this. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:54:59 PM, on 9/1/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\Program... Read more

A:Infected By Error Cleaner/privacy Protector/spyware & Malware Protection

Please. Anyone that can help me out on this?

29 more replies
Answer Match 59.22%

Hello folks! I don't mean to be a newb causing a stir, but I've contracted a virus that won't go away and a search led me to this forum as a likely source of a solution.What's wrong: I was prompted to download a video codec update and was fooled into accepting. Initially the virus presented itself as a desktop hijacker as well as installing Privacy Protector, Error Cleaner, and Spyware&malware Protection icons on my desktop, shooting up annoying pop-ups, and switching between programs at random when I have more than one window open. After I took measures against it, the desktop spread went away, but a new, unnerving symptom has arisen: the computer plays sound clips every so often, completely unprompted and unfamiliar prior to the infection. (The other symptoms, aside from the desktop spread, still remain.)What I've done so far: I've run SmitFraudFix and Eusing Registry Cleaner, in addition to a scan by my own Symantec AntiVirus Corporate Edition. I've also tightened up my Windows firewall settings to limit background access to the internet. Once I got here, I downloaded and ran HJT, and the log will be at the end of this post. Thanks in advance for helping me out!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:40:36 AM, on 2/25/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\W... Read more

A:Infected By: "privacy Protector, Error Cleaner, Spyware&malware Protection"

Hi, Wellcome to Bleeping Computer Forums!You might want to save this page on your favorites, so you can find it again when you return.Please take note of the following:I will be handling your log and helping you, please do not make any system changes yet. The process is not instant. Please continue to review my answers until I tell you that your computer is clean. Be patience.The fixes are specific to your problem and should only be used for this issue on this machineIf there's anything that you don't understand, please ask your question(s) before proceeding with the fixes.Please reply to this thread. Do not start a new topic.Please give me some time to look over your log and I will get back to you as soon as possible.

10 more replies
Answer Match 58.8%

Please help me out. I have a virus. Every time I turn my computer on I get a message saying some error has occurred and giving me the option to "terminate" or "debug". Then I get pop ups advertising/telling me to download "protection system" software and saying my computer is infected. I also get pop up fake security alerts. Also, when I do a google search and try to click on a link it redirects me to fake ad web sites. I ran hijack this and malwarbytes antimalware.. I don't know if this is important or not but at first I couldn't even get malwarebytes to open. I had to go into program files and rename the file to get it to open so I could run the quick scan. UPDATE: I think this thing is really smart.. I was away from my computer for maybe 5 mins. and wasn't around to close the pop ups from the virus and "protection system" downloaded onto my computer and sent me a message saying "are you sure you want to uninstall malwarebytes anti-malware and all of its components?" It's trying to get rid of my anti-malware! Someone please help.. I want this thing gone.Here are my logs:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:59:33 PM, on 9/2/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS ... Read more

A:Please Help-- Computer infected with "protection system" virus

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until ... Read more

2 more replies
Answer Match 58.8%

Hi. I have been getting help from rigel over in the "Am I Infected?" forum, Topic referenced is here: http://www.bleepingcomputer.com/forums/t/243208/trouble-getting-ride-of-protection-system/ ~ OB but he has suggested I post over here, as they were unable to totally remove it with the tools available to them. The link to the thread is . I have taken no actions not detailed in the thread since it started, and I have been using Safari solely as a browser, since the one time I tried using IE to install Eset, it unleashed its bucketload of porn.DDS log:DDS (Ver_09-06-26.01) - NTFSx86 Run by jnymd at 20:30:36.75 on Wed 07/29/2009Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.479.170 [GMT -8:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}AV: Protection System *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exesvchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\PROGRA~1\COMMON~1\mc... Read more

A:Infected with Protection System and TDSS Variant

Hello Lonegungirl,I need for you to go offline completely and disable ALL your protective programs after you download ComboFix, but before you run it. Sometimes those programs interfere with it, and we don't want that! If McAfee still gives you problems then you may have to temporarily uninstall it. This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.1. Download this file - combofix.exe http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe 2. Double click combofix.exe & follow the prompts.3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.Note:Do not mouseclick combofix's window while it's running. That may cause it to stall.Please do this:1. Download HijackThis? here:http://www.trendsecure.com/portal/en-US/th.../hijackthis.php2. Click 'Do a System Scan and Save log'.The HJT log will open in notepad.Thanks,tea

18 more replies
Answer Match 58.8%

The System Fix Virus & Privacy Protection Virus hijacked and infected my system: WinXP (64-bit). They've caused my default web browser to change frequently (each time I reboot my PC). So I've been having trouble getting rid of all of this malware/viruses from my system, since I use Windows XP x64.

ComboFix.exe and TDSSKiller.exe are not compatible with my Windows XP 64-bit system. So how do I get rid of the malware/viruses from this computer without those apps that were made to get rid of the following problems on other Windows OS's?:

The latest version(s) of ComboFix and TDSSKiller don't work on the 64-bit version of Windows XP, but they are compatible with other versions of Windows: 98, XP, VISTA, 2000, 2003, 2008 and Windows 7!

1. System Fix Virus (the first virus that affected my Windows system, 2 days ago.)
2. Privacy Protection Virus (behaves almost exactly like the aforementioned virus)
3. Google-Redirect Malware (redirects all my searches to this site: 63.209.69.107)

Thanks in advance to ANY users for helping me and others with this malware/virus problem: I understand and read the previous pinned-thread about the revelant malware/virus issue that Windows-users solved with the programs I've been unable to install on my system. The aforementioned malware/viruses began to infect my PC on December 14, 2011 (since that day, I haven't found a single anti-virus program that can detect the Google-redirect malware/virus on my system).
&nbs... Read more

More replies
Answer Match 58.38%

I went to start my netbook today and both of these issues were loaded onto my computer. I tried malwarebytes and just about every other free anti-malware program out there and it will not let me even run the programs. I ran a dds report, but the computer would not let me run the rootrepeal portion.

DDS (Ver_09-07-30.01) - NTFSx86 NETWORK
Run by Mobile 1 at 16:08:01.50 on Mon 08/31/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.661 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscsvc32.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Documents and Settings\Mobile 1\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.g... Read more

A:computer infected with both protection system and pc antispyware 2010

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 58.38%

Hello,My computer seems to be infected by Windows Police Pro and Protection System. I was able to install Malwarebytes but only by renaming the installer. I am not able to run Malwarebytes', though, even after renaming it. These malware are preventing me from running most programs such as anti-virus software and firefox. Whenever I try to run a program, such as MBAM, a command prompt window pops up for 1 second with the heading "C:\\Windows\System32\desote.exe". I did some searching and found that this is linked to the Windows Police Pro virus.Here is my HijackThis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:10:10 PM, on 9/3/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\system32\brsvc01a.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\brss01a.exeC:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrc... Read more

A:Computer infected by Windows Police Pro and Protection System

Update: Well, since I couldn't run MBAM, I uninstalled it then reinstalled it and used the option to start it when installation was finished. It started up, and I was able to fully scan. MBAM detected a bunch of malware and removed them. I rebooted my computer, as stated by MBAM, which deleted some more malware and now my computer seems back to normal. Here's my MBAM log for you guys to review in case some more steps should be taken.

Malwarebytes' Anti-Malware 1.40
Database version: 2738
Windows 5.1.2600 Service Pack 3

9/3/2009 10:51:56 PM
mbam-log-2009-09-03 (22-51-56).txt

Scan type: Full Scan (C:\|)
Objects scanned: 253363
Time elapsed: 1 hour(s), 31 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 9
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 5
Files Infected: 68

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Program Files\Protection System\coreext.dll (Rogue.ProtectionSystem) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{506n5j14-c3ux-5rr7-l566-0opw4cv875jx} (Generic.Bot.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{76dc0b63-1533-4ba9-8be8-d59eb676fa02} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentV... Read more

3 more replies
Answer Match 57.54%

Hi I have had the Security System Protection Control Panel popup where it prompts me to go download an anti-spyware program come up a few times. Also my computer starts running at 100% randomly and I get random popups. Here is my HijackThis log. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:05:25 PM, on 4/28/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exec:\PROGRA~1\mcafee.com\vso\mcvsrte.exeC:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\svchost.exec:\PROGRA~1\mcafee.com\vso\mcshield.exeC:\Documents and Settings\All Users\Application Data\uhenotij\urubulmh.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\iTunes\iTunesHelper.exeC:\WINDOWS\system... Read more

A:Infected With Security System Protection Control Panel, Among Other Things

this is kaspersky
KASPERSKY ONLINE SCANNER REPORT
Monday, April 28, 2008 8:05:56 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 29/04/2008
Kaspersky Anti-Virus database records: 729653
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target Critical Areas
C:\WINDOWS
C:\DOCUME~1\WEICHE~1\LOCALS~1\Temp\
Scan Statistics
Total number of scanned objects 12558
Number of viruses found 12
Number of infected objects 15
Number of suspicious objects 0
Duration of the scan process 00:14:23

Infected Object Name Virus Name Last Action
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Installer\{cde98ea8-b2f8-45e1-8fb5-ef3f345d6f40}\zip.dll Infected: Trojan-Dropper.Win32.Agent.qfy skipped
C:\WINDOWS\npqtsrak.exe Infected: Trojan.Win32.Vapsup.eet skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\AWTTUUSP.DLL.del Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb... Read more

19 more replies
Answer Match 57.54%

Hi, as you can see by my Topic title, I am ready to tear my hair out trying to get this computer back to normal so any help would be GREATLY appriciated. My computer seems to be infected with a rogue anti-virus called Protection System, and it causes fake Windows Security Alerts to pop up every so often with claims that my computer is infected. Most forums I go to tell me that people who have this Malware can't search for help on Google, this is true in my case to a certain degree. Before EVERY link on Google I clicked made a pop up coming up, leading to some AD website called windowsupdate.com or something like that, but now it doesnt do that, but some websites are blocked and I find ways around them. On top of that after a couple of hours or so depending on the time, a system shutdown will start to countdown. Now most times I can avert this by simply clicking cancel whenever the task manager pop ups start occuring telling me to End Now and stuff, but sometimes it goes through. Also sometimes i'll get a process called IEXPLORE.EXE which I know isn't the REAL iexplore.exe because 1 it's UPPER CASE and 2 I use Opera, and the IEXPLORE.EXE will play random audio clips of commercials and scenes and stuff like that and I have to end the processes from the Task Manager. Also I have weird processes like: wscsvc32.exe, g106p.exe, freddy41.exe etc etc. I downloaded Malwarebytes but I had to save it and run it from my external hard drive because if i save it on my normal hard drive it ... Read more

A:HELP!! PROTECTION SYSTEM ROGUE ANTI-VIRUS MALWARE MAKING ME INSANE!!!

Also here is my Malwarebytes LOG as well:Malwarebytes' Anti-Malware 1.38Database version: 2297Windows 5.1.2600 Service Pack 26/26/2009 3:15:19 AMmbam-log-2009-06-26 (03-15-19).txtScan type: Quick ScanObjects scanned: 116506Time elapsed: 14 minute(s), 27 second(s)Memory Processes Infected: 3Memory Modules Infected: 0Registry Keys Infected: 11Registry Values Infected: 8Registry Data Items Infected: 0Folders Infected: 5Files Infected: 43Memory Processes Infected:C:\WINDOWS\freddy47.exe (Worm.KoobFace) -> Unloaded process successfully.C:\WINDOWS\system32\reader_s.exe (Trojan.Agent) -> Unloaded process successfully.C:\Documents and Settings\Compaq_Owner\reader_s.exe (Trojan.Agent) -> Unloaded process successfully.Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_CLASSES_ROOT\CLSID\{b2c7b2a1-00f3-42bd-f434-00aaba2c8952} (Trojan.Ertfor) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b2c7b2a1-00f3-42bd-f434-00aaba2c8952} (Trojan.Ertfor) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b2c7b2a1-00f3-42bd-f434-00aaba2c8952} (Trojan.Ertfor) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall&... Read more

3 more replies
Answer Match 56.7%

First of all - thank you for your dedication to people like me!
I followed the removal instructions but then has a black screen when restarting my computer. Computer woks in safe mode.
I have done a Windows startup repair but it cannot be completed, I get the message that unspecified changes to system configuration might have caused the problem. Error code 0x490.
Also get Boot/BCD failed.
I have restored the computer and can work on it in normal mode. I still see the little lock of the Malware on my taskbar.
I have also purchased Advanced System Care to assist but I get no joy...
It seems like removal of the Malware also removes some system registry files but I am no expert.

Please, please help me!

A:Uninstall of System Progressive Protection Malware creates registery files problems

Please do the following:Please download DDS from either of these linksLINK 1 LINK 2and save it to your desktop.Disable any script blocking protection Double click dds to run the tool. When done, two DDS.txt's will open. Save both reports to your desktop.---------------------------------------------------Please include the contents of the following in your next reply:DDS.txtAttach.txt. NEXTPlease download aswMBR to your desktop.Double click the aswMBR.exe icon to run itWhen asked if you want to download Avast's virus definitions please select Yes.Click the Scan button to start the scanOn completion of the scan, click the save log button, save it to your desktop and post it in your next reply.You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well

40 more replies
Answer Match 55.02%

A new variant of the ACCDFISA Protection Center ransomware has been released called Malware Protection. The malware developers target Windows servers and appear to hack them in order to install the software. Once the Malware Protection ransomware is installed, it will lock you out of computer and create password-protected RAR archives out of your data that you can no longer access unless you pay a $300 ransom.

When installed, the Malware Protection ransomware will scan your computer for all files using certain file extensions and will use the command line RAR program to turn them into a password protected RAR archive. These files will be renamed with the .aes extension and are supposed encrypted with the AES encryption. You will then be prompted to pay a ransom in order to get the decryption key to restore your files. The decryption key starts with aes987156 and then the password for the RAR files is appended to it. The decrypt.exe program will read through the list of encrypted files and extract them to the proper location using the RAR password. In the past version of this malware, there have been some cases reported that the decrypt process actually deleted the files, so once you have the RAR password it is suggested that you use a manual method restore the files. A manual method using a batch file can be found in the How to remove and decrypt the ACCDFISA Protection Program guide.

The files that this infection installs can be found in the following locations:


... Read more

A:New ACCDFISA Protection Center ransomware called Malware Protection

Hello,

Thanks for all the tips. We have had a number of clients affected with both variants. All these clients had kaspersky installed! Does anyone know the source of these infections? Is it via email/web/RDP or manual?

Thanks
Nihar

more replies
Answer Match 53.34%

  I am a bit unsure of difference between malware protection and anti-virus protection. I have Norton nis which is great for stopping Trojans. I have a company that works on my computer if I have a problem. They wanted me to put in a anti malware program. I have been having problems with computer lately, so I let them do this, could this cause a problem, because I know that you are not supposed to run 2 anti-virus programs?
          Anyone?

A:Difference between malware protection and virus protection

Anti-virus and anti-malware programs each perform different tasks as it relates to computer security and threat detection. Essentially, they look for and remove different types of malicious threats. In simplistic terms, an anti-virus program will focus on viruses, worms, Trojans, rootkis and bots while anti-malware programs generally tend to focus more on spyware, adware and PUPS (potentially unwanted programs)?. However, there can be some overlap in functionality and detection features depending on the program's scanning engine, how the vendor defines a specific threat and what Naming Standards are used. Some vendors also add a modifier or additional information after the name that further describes what type of malware it is.The Difference Between Antivirus and Anti-MalwareAntivirus and Antispyware Software: What's The Difference?What Is the Difference Between Antivirus & Antispyware?Use Anti-Virus and Anti-Spyware SoftwareTo fully understand the difference between Anti-virus and Anti-spyware (anti-malware) programs, you need to understand the difference between the various types of malware. Please read the Glossary of Malware Related Terms.

6 more replies
Answer Match 52.5%

My system, XP Ser Pk 3, was infected by malware called "System Progressive Protection". I understand that this malware belongs to the Winwebsec family of rogue security products. It blocks its victims from accessing any other application on an infected machine. It would only allow access to IE, presumeably for paying the fee to clear it.
Unfortunately I contracted for a one-time-fix to be carried out by MYTECHGURUS. At their request I booted into Safe+Network mode and then watched as the downloaded a single anti-malware prog, MalwareBytes, and ran that. They then unloaded my installed Microsoft Security Essentials, which would not respond, re-installed it, updated it, and ran a Quick scan. They then declared my computer to be ok!!

Shortly afterwards I discovered that Security Essentials will not update. The pop-up says:
"Virus and Spyware definitions update failed.
Check Internet and Network connections and try again.
Error code: 0x80070424"
Other computers on the home wireless network Update without a problem and prior to this issue there was not a problem on this box.

The only way that I can update Essentials is by uninstalling and reinstalling. It will then update but following that update the error message recurs on the next attempt.

Also when I attempt to check if Windows Firewall is on by Run Firewall.cpl I get the message:
"Due to an unidentified problem, Windows cannot display Firewall settings"

I no longer trust the machine and would... Read more

A:After effects of malware "System Progressive Protection"?

16 more replies
Answer Match 51.66%

My desktop (running XP) was infected with the System Fix virus since yesterday. The background turned black, the icons were hidden, and I kept getting the warnings about my computer being infected and the fake antivirus program running. I followed the steps on this site...

http://www.bleepingcomputer.com/virus-removal/remove-system-fix

I ran the RKill, TDSSKiller, Malwarebytes' Anti-Malware, Unhide.exe like the tutorial explained and everything seemed to be fine. However, when I restarted my computer, the System Fix virus popped back up, the background is black again, the icons are hidden, etc. so I believe that Malwarebytes must not have caught the virus. I tried running the program with a full scan twice, but I am still having the same problems. In fact, there is still a System Fix icon on my desktop and in my Start Menu. Here is my log from running the Malwarebytes' Anti-Malware...

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8209

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/21/2011 2:23:39 PM
mbam-log-2011-11-21 (14-23-39).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 343170
Time elapsed: 3 hour(s), 16 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infec... Read more

A:Infected with System Fix Malware

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

4 more replies
Answer Match 51.66%

Hi all,I have malware/spyware on my PC which i've tried my best to remove, but only with partial success.In IE, I occasionally get the pop up, your system may be infected etc, along with other pop-ups which I hastly close.Measure taken.Ran Adaware (found/healed issues)Ran Spybot (found/healed issues)Ran AVG anti-virus (found/healed a virus)Ran smitrem.exe from your tutorial (found and cleared two online programs that had appeard on the desktop as shortcuts, and on the start-bar of Windows).I think there maybe one or two registry settings that need to be cleaned and whilst I can identify many of the processes shown in the Hijackthis log, I'm not confident enough to play registry-kerplunk with the check boxes...Any help would be greatly appreciated.Hijackthis log file below:Best regards - Phil---------------------------------------------Logfile of HijackThis v1.99.1Scan saved at 09:54:20, on 01/10/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Ati2evx... Read more

A:Malware - "your System May Be Infected..." - Almost There...

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download ComboFix and save it to your desktop.Double click combofix.exe and follow the prompts.When it's done running it will produce a log for you. Please post that log in your next reply.Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

2 more replies
Answer Match 51.66%

I'm getting frequent ad-pop ups every 5 or 10 min while I'm online, Below is the HJT logs...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:57:03 AM, on 7/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\VPNremote for Windows XP\AvVpnService.exe
C:\WINDOWS\system32\enstart.exe
C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
C:\WINDOWS\system32\Hummingbird\Connectivity\7.00\Inetd\inetd32.exe
C:\WINDOWS\system32\QosServM.exe
C:\WINDOWS\system32\Hummingbird\Connectivity\7.00\Jconfig\jconfigdNT.exe
C:\WINDOWS\system32\Hummingbird\Connectivity\7.00\Jconfig\hjavaw.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Java\jre1.6.0_06\bin\javaw.exe
C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Network Associates\Common Fram... Read more

More replies
Answer Match 51.66%

Hi

Recently my system has occasionally behaved strange, eg my cursor "bounces" around the screen when I move my mouse and there is sometimes a big lag in it catching up to what I do. Perhaps sounds odd, but sometimes like I am not in control for a moment and then it comes back.

I also noticed that a couple of times my homepage in Firefox has been changed to a site I didn't select. I usually have my homepage set to ixquick.com

Any help or guidance you can give is much appreciated. Thanks
My system is:

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Professional, Service Pack 1, 64 bit
Processor: AMD Athlon(tm) II X4 620 Processor, AMD64 Family 16 Model 5 Stepping 2
Processor Count: 4
RAM: 3582 Mb
Graphics Card: ATI Radeon HD 4200, 512 Mb
Hard Drives: C: Total - 152514 MB, Free - 19599 MB; E: Total - 76316 MB, Free - 76213 MB; H: Total - 305242 MB, Free - 221891 MB;
Motherboard: Gigabyte Technology Co., Ltd., GA-MA785GT-UD3H
Antivirus: AVG Anti-Virus Free Edition 2012, Updated and Enabled
HijackThis Log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:21:10, on 10/03/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Users\Jim\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files (x86)\HP\Digital Imag... Read more

A:I think my system may be infected by malware

Bump
 

2 more replies
Answer Match 51.66%

Hi there, after searching the internet for the solution to a problem i've been having I stumbled across this site and was hoping you guys could help me. My computer began by not starting up properly, it would go through Bios and then try to start windows, it would take ages and it would sit on a black screen with just the cursor on it. Eventually it would log on to windows but would say it had to restart because of three reasons:
1. It could not connect to the group policy client service.
2. The Dcom server process terminated unexpectedly.
3. The plug and play service terminated unexpectedly.

These problems did not neccessarily all appear all the time.

I've since re-installed Windows Vista Ultimate over my previous windows and then re-installed various programs such as Kaspersky 2009 and Ad-aware and Spy-bot in an attempt to delete whatever virus or malware might be causing this. It's worked after the 3rd try of doing this. Hence why I'm still a little worried.
Here's my log file, would someone please be able to look at it and see if there are any major problems. Much appreciated!!

Logfile of HijackThis v1.99.1
Scan saved at 14:42:22, on 30/08/2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security ... Read more

More replies
Answer Match 50.82%

Hi there!
im just a newbie here,

just wanna ask of how can i restore my system back to normal after
virus .EXE infected my whole system , Notepad; Regedit; command prompt and many other
application are got infected by that virus or how do you call that a malwre?

ive scan my system using spyware doctor and did all the steps that ive red
in this forum, but it didnt solve my problem.

other problem is ive downloaded COMBOFIX.EXE from here
ive run it and after the Green Loading Interface it just stop
and not running anymore, i did it several times but it just
keep on stopping after it loads. i already downloaded a copies
of Combofix but still doesnt work

im using Windows 7 ultimate..
hoping for your responses.. =)

Best regards and many thanks

-GiL

A:Virus; Malware or etc. Infected my system

hello,

please help..
can anybody help me here..

lot of thanks...

2 more replies
Answer Match 50.82%

I'm not sure what to do. I keep getting this yellow blinking icon in my system tray. It says "critical system error" etc. It's yellow and sometimes it's a yellow exclmation point other times it's a yellow triangle. If I click on it when it is an exclamation point then it takes me to a website that's selling virusburst. Ther other one takes me to yet another spyware/virus killer page. I downloaded HijackThis and I am pasting the log file below. Please help me get my sysytem back to normal. Thanks.

Logfile of HijackThis v1.99.1
Scan saved at 2:14:03 PM, on 11/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\PCCTLCOM.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\TMPROXY.EXE
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\TMPFW.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\EXPLORER.EXE
C:\Pr... Read more

A:Infected System - Malware Etc. Need Help Badly

Hi and welcome

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
 

1 more replies
Answer Match 50.82%

Hi people,

Please assist me in unboxing my systems potential threats.

My antivirus program (Avira Personal) noticed a trojan called TR/Crypt.XPACK.Gen and something called TR/Dialer.2866E41B

On second runthrough with Avira, everything is ok.

I have followed your forum rules with dds.scr and gmer, but since I am running Windows 7 RC (I know it is not final and therefore a security risk) dds.scr won't run and the program doesn't have any compatibility mode.

But gmer ran without a problem. I have attached the ark.txt as a zip file.

Thank you all in advance
Philip

A:May have infected system with trojan and malware

Hi guys,

Are you able to look into my problem?

3 more replies
Answer Match 50.82%

Windows XP Professional. Autorun of 643D70A2.exe, iexplore.exe and other unknown files in system32 (sometimes) when start up windows. Keep recurring even though i've manually deleted it from system32 many times. Please help. Thanks

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\wai ying\Desktop\Autoruns\autoruns.exe
C:\WINDOWS\regedit.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\wai ying\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com.sg/
uSearch Bar = hxxp://www.google.com/ie
BHO: WebThunder Browser Helper: {00000aaa-a363-466e-bef5-9bb68697aa7f} - c:\program files\thunder netw... Read more

A:Infected System - Suspected Malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for p... Read more

20 more replies
Answer Match 50.82%
A:Infected with "System security" malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

3 more replies
Answer Match 50.82%

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by CHRIS at 21:23:06 on 2011-11-24
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1977.917 [GMT 3:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\Apple... Read more

A:Infected with system fix malicious malware

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

3 more replies
Answer Match 50.82%

I don't have any recollection of how it happened, but my system appears to have been infected by quite a bit of Malware and Trojans that the spyware/anti-virus programs I usually use have had a lot of trouble removing. Lately, my system has been uncharacteristically slow and takes longer than usual to operate. I have tried System Restore multiple times, but each time it fails (infected restore points?) My system operates on Windows XP.

I've used SUPERAntiSpyware, Spyware Blaster, Spybot, and Adware ..... but the problems still persist. Some of the problems that commonly show up are programs such as Smitfraud-C, Virtumonde, and Win32.Agent.icb (to name a few off the top of my head ...) I've also been using aVast home edition as my anti-virus program, and ever since my system became infected, it identifies various rootkits on a seemingly daily basis which it then removes.

What is the best way to permanently cleanse my system of these problems?

Thanks in advance for your assistance!

A:System is infected with various Trojans, Malware

Some types of malware will disable MBAM and other security tools. If MBAM will not install, try renaming it.Before saving any of your security programs, rename them first. For example, before you save Malwarebytes', rename it to something like MBblah.exe and then click on Save and save it to your desktop. Same thing after you install it. Before running it, rename the main executable file first

Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.

If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run..Another work around is by not using the mouse to install it, Just use the arrow keys, tab, and enter keys. ~ Courtesy of boopmePlease download Malwarebytes Anti-Malware and save it to your desktop.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that... Read more

5 more replies
Answer Match 50.82%

i was infected with the System Check malware, and have cured the rootkit, but from what i've read i still need something to remove the virus. Per the other instructions I had, I renamed the files with .vir extensions, but my AVG doesn't find them in a scan, unfortunately. I also ran Unhide which has helped, even if not perfect. I'm assuming I need to run Combofix, which I don't dare do without help! Looking forward to getting this resolved - thank you!!!
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Jen and Paul at 11:37:23 on 2012-03-25
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3838.1177 [GMT -5:00]
.
AV: AVG Internet Security 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: PC Tools Spyware Doctor *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32 ... Read more

A:infected with System Check malware

Hello and Welcome to Bleeping Computer!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us1.Do not run any other tool untill instructed to do so!doing so will only at best cause you unneeded worry as it finds our backups and may even list our toolsand at worst can cause conficts with our tools and lead to unforseen things to happen2.Please Do not Attach logs or put in code boxes.besides the time it takes me to open the reports it makes it harder to find something if I need to go back to do more research and putting them in code boxes just makes them so hard to read3. After each step give me a little feedback It does not need to be long but just something so I know how things are going it can be something likeI am still getting redirectedThe computer is running as it shouldDon't put things like - it is the same as before or still the same this just makes me go back and look for you last feedback as to how things are4. read every post completely before doing anythingPay special attention to the Notes** I have put inThese are things I have found that happen allot and can be taken care of easily just by reading the Notes**Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Back... Read more

3 more replies
Answer Match 50.82%

hey, a friend reccomended me this website after he tried to help me get rid of this problem himself, but everything he tried hasn't gotten rid of the issues.

last night i was on my machine (windows xp) and it threw a few warning boxes up, then it shut down. i turned it back on and all the icons on my desktop were gone, and one of those fake virus scanners started running, calling itself system diagnostic. it's also hidden everything in my program files (except if i download something new)

so i've tried all the usual fixes (according to friend) which was running rkill, then malware bytes and super anti spyware. both find errors and apparently remove them, but on system restart the problem still occurs. also when these programs say the virus is gone, the desktop icons and program files are still gone. something which i read will return after this virus is deleted.

help?

A:Infected with "system diagnostic" malware?

I'm having the exact same problem, here's my thread: http://www.bleepingcomputer.com/forums/topic384229.html

If you look at the C Drive you can see that the data is still there because of the size of it but you can't access it.

18 more replies
Answer Match 50.82%

I am running XP SP3 64 bit on a desktop. Two days ago I discovered I was infected with System Check malware. Working from a laptop I used RKill, TDSS killer, then Malwarebytes Anti-Malware to clean and I re-ran until no objects were detected. I followed that up with running unhide.exe, and re-running Malwarebytes. Recently, Symantec antivirus quarantined bloodhound.MalPE. The preparation guide instructed me to include attachments however this option appears to be disabled for me. I have zipped logs for DDS, TTDS and Malwarebytes Anti-Malware available when/if you want them. Here is my DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_23
Run by Ken at 12:22:45 on 2012-01-23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1185 [GMT -5:00]
.
AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDM... Read more

A:Infected by System Check malware

I still have reason to believe I am infected, or at least my system is still not back to normal, and am asking for verification and follow-up actions. I took this long to add this reply because I feared being pushed to the back of the line. The edit above makes it look like there's no action anymore, please advise.

10 more replies
Answer Match 50.82%

Hello,

I had a pretty standard malware attack. Desktop background changed to image saying I was infected (attached). Some processes were set to run on startup, and a system tray icon of a red circle with a white "X" in it showed up. On startup, the malware would start and run a "system scan" looking for infections. Typically I would rightclick on the APP in the windows toolbar and close the application before it could scan too much. This would still leave the icon in the system tray, which would have a pop-up every few seconds telling me I was infected.

The malware disabled the taskmanager, which is extra annoying. I installed HJT and spybot search-and-destroy. I couldn't see anything obvious in the HJT scan, but the Spybot search took care of the problem.

Apparently, the malware (or possibly another user on this computer, but I doubt it) disabled the firewall, and the the malware was back in similar fashion. The Spybot search this time took care of the system tray icon and the application from running on startup, but the background is still locked so I would like to get rid of the rest of this problem.

Any information on this would be helpful. From what I can see, the C:\WINDOWS\system32\sdra64.exe file looks particularly suspicious, and I would normally start with getting rid of this, but if I can do it all in one clean with some help I would prefer this.

Thanks in advance!

joe
DDS (Ver_09-07-30.01) - NTFSx86
Run by ... Read more

A:Your System Is Infected! - Malware residuals

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..Please download ComboFix by sUBs from HERE or HERE and save it to your Desktop.During the download, rename Combofix to Combo-Fix as follows:It is important you rename Combofix during the download, but not after.**NOTE: If you are using Firefox, make sure that your download settings are as follows:Tools->Options->Main tabSet to "Always ask me where to Save the files".After that, double-click and run Combo-Fix. Let it finish its job and post the log hereIf ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

2 more replies
Answer Match 50.82%

Previously I had AVG installed, it detected win32 heur and some tanatos.h, tanatos.j viruses. Recently I removed AVG and installed Avast home edition. It detected win32.sality, win32.junkpoly, win32.trojan-gen,
win32.klone-BMO, VBS-malware-gen.

Though I haven't figured out exact symptoms in my PC, I think all my .exe application are infected. I get error message when trying to execute some utility programs, registry cleaners after few uses. Also I can't boot my PC in safemode.It says due to recent hardware software conflict. But I guess a malware caused it.

DDS (Ver_09-07-30.01) - NTFSx86
Run by Manoj at 8:39:26.82 on Tue 08/11/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2724 [GMT 5.75:45]

AV: avast! antivirus 4.8.1335 [VPS 090810-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\Manoj\LOCALS~1\Temp\winlicfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\... Read more

A:malware infected all .exe (even system processes)

Bump please

1 more replies
Answer Match 50.82%

I am definitely infected with the System Security malware. I am currently posting this topic through safe mode and conducted the scan through safemode so I hope that will be okay. In normal mode, I cannot open any important programs so I was not able to do anything through regular mode. I have already gone through the scanning with malwarebytes and have rebooted the computer and everything and nothing was changed after the reboot which is very frustrating. Hopefully someone can find what is going on through these logs.

A:Infected with System Security Malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.??If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine.??Please perform the following scan:Download DDS by sUBs from one of the following links.??Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool.??No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 50.82%

I've been reading through a bunch of the posts and figured that the best way to start would be to run HJT and SmitFraudFix. Here are the log files for both of the scans. If anyone can help me from this point it would be much appreciated.

Thanks,
Vic
Logfile of HijackThis v1.99.1
Scan saved at 2:47:58 PM, on 1/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe
C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?rs=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.netspantv.com/2/427
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settin... Read more

A:Solved: System infected with Malware - need help

9 more replies
Answer Match 50.82%

MY SYSTEM IS ATTACKED BY PAK/-GENERIC.001 & .006 VIRUS/MALWARE. PLS. ADVISE HOW TO REMOVE THIS VIRUS.Edit: Moved topic to the more appropriate forum. ~ Animal

A:Malware Pak_generic.001 Infected The System

What program is advising you about the Trojan?
Did your scan provide a specific file name associated with this malware threat and where is it located (file path) at on your system? If your scan saved a log file, it should show exactly what and where the malware was found so post that instead.

3 more replies
Answer Match 50.82%

I am running Windows XP Media Center 2005 on my Compac Presario SR1750NX with Norton Internet Security. Once my computer boots, there's a message on my desktop that says, " WARNING! YOU'RE IN DANGER! YOUR COMPUTER IS INFECTED WITH SPYWARE!" A system scan is then ran by Sustem Security and then wants me to pay for an update for the full version of System Security to remove all of the spyware, malware and trojans that were found on my system. ALL executable files on my system are infected! I am forced to use my second computer to find a way to get rid of System Security from my infected computer. Please HELP!!!!
 

A:Infected with System Security Malware

Hiya and welcome to Tech Support Guy

Are you still having this problem? If so, can you do the following:

Please download Malwarebytes' Anti-Malware from Here or

Here

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed

with the disinfection process,if asked to restart the computer,please do so immediatly.
Download and scan with SUPERAntiSpyware Free for Home Users
Double-

click SUPERAntiSpyware.exe and use the default settings for installation.
An icon will be created on your desktop. Double-click that icon to launch the program.
If asked to update the program definitions... Read more

1 more replies
Answer Match 50.82%

Hackers, malware writers and attackers use a variety of methods, sophisticated techniques and malware vectors to spread their malicious programs. They rely heavily on social engineering in order to infect computers. Spam emails are used by attackers in an attempt to trick the user into opening the email and clicking on links within it or opening a malicious email attachment. Attackers have been known to use exploit packs in order to craft Web pages to exploit vulnerabilities in system and application software and spread the threat in drive-by downloads.Anatomy of a drive-by download web attackMalware Infection Vectors: Past, Present, and FutureHackers and malware writers come from different age groups, backgrounds, countries, education and skill levels...with varying motivations and intents. Most malware writers and cycber-criminals today treat it as a business venture for financial gain while "script kiddies" typically do it for the thrill and boosting a reputation as being a hacker among their peers. Below are a few articles which attempt to explain who these individuals are and why they do what they do.Who is Making All This Malware — and Why?Who creates malware and why?Who Writes Malicious Programs and WhyWhat goes through the minds of hackers?Why do people write viruses?Meet The Hackers Who Sell Spies The Tools To Crack Your PC (And Get Paid Six-Figure Fees)What Makes Johnny (and Janey) Write Viruses?Keep in mind that the severity of infection will vary from system... Read more

More replies
Answer Match 50.4%

Computer is infected w malware that creates multipe processes that slow the computer and makes opening programs extrememly slow.  The image name of the tasks are always:  rtjhqlpkkt.exe*32
 
 i tried virus removal tools but thewy dont work..  I believe this came in with an update to one of my browsers but i dont know which one  i have firefox, chrome and WIndows.. I THINKit came in w chrome, but again, Im not sure.  the computer has been infected for a long time, but i am finally sick of waiting....

A:infected w malware that affects system 32 files

Hello SadHenrysDad,my name is Jo and I will help you with your computer problems.Please follow these guidelines:Logs can take a while to research, so please be patient.Read and follow the instructions in the sequence they are posted.print or copy & save instructions.back up all your private data / important files on another (external) drive before using our tools.Do not install / uninstall any applications, unless otherwise instructed.Use only that tools you have been instructed to use.Copy and Paste the log files inside your post, unless otherwise instructed.Ask for clarification, if you have any questions. Stay with this topic til you get the all clean post.My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.***Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.Vista / Windows 7/8 users right-click and select Run As Administrator.A Notepad document should open automatically called checkup.txt; please post the contents of that document.***Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt
start
CreateRestorePoint:
CloseProcesses:
EmptyTemp:
DisableService: CouponPrinterServic... Read more

24 more replies
Answer Match 50.4%

The system has somehow been infected by Malware defender 2009 and it automatically opens up a false window every few minutes to tell me that the system is infected and opens a window showing that a scan is running and thenfrces me to buy the software fro its site. I have a trail ersion of norton installed and it tells me that it blocks the virus from causing any harm to the system but is not able to stop the false Malware defender autoscan window from appearing agaian and again. Could you pls. help. Thanks.

DDS (Ver_09-03-16.01) - NTFSx86
Run by AK at 20:21:30.46 on 24/03/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1015.509 [GMT 0:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated)
FW: Norton Internet Security *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IDT\WDM\STacSV.exe
C:\WINDOWS\system32\userinit.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton Internet Security\Engine\16.0.... Read more

A:Malware defender 2009 has infected the system

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_Sca... Read more

2 more replies
Answer Match 50.4%

HiMy system was recently quite unstable (regular IE crash...) and in particular after windows started, a message box of 'www.1987324.com' was always popping up with a message in Italian. I could start IE (v 6.0.2800) but it always loaded this webpage 'www.1987324.com' first without me being able to change anything.I followed the different steps you indicated in the 'Preparation Guide for use before posting a HijackThis Log'. I had a few problems running Ad-Aware (had to run it in safe mode first...), but finally Ad-Aware, SpyBot and Housecall AV managed to remove many malware (however for some reasons some could not be deleted after the last scan by Housecall).Now the box of 'www.1987324.com' apparently disappeared and I've been able to change my homepage address.I'm running WinXP Pro SP1 and would like to move to SP2 now. Before I do it, could you please look into my HJT log and tell me if I have to take any actions ? Thanks in advancecould be important: I had tried to install SP2 1 week ago, but the installation was unsuccessful. Now it seems I'm running SP1 (e.g. when checking with winver), even though SP2 is still listed in my programs of the control panel - I've tried to uninstall SP2 (or any remaining files of it) following all steps from MS (article ID = 875350 on MS website), but it never worked out... I even tried to install KB888162 from MS (critical update to check which version I'm running), but the installation of this critical update failed! Now I'd like to ... Read more

A:Unstable System - Infected By 1987324.com (among Other Malware)

Definitely do not upgrade at this moment. You have quite a bit of malware on your system and updating to sp2 could cause a lot of instability on your computer.You may want to print out these instructions for reference, since you will have to restart your computer during the fix.Please download FixWareout from one of these sites:http://downloads.subratam.org/Fixwareout.exehttp://www.bleepingcomputer.com/files/lonny/Fixwareout.exeSave it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.Once the desktop loads a text file will open (report.txt), you can close it - the file has already been saved.Download haxfix.exeand save it to your desktop.Double click on haxfix.exe to install haxfix. (standard installation path is c:\program Files\haxfix)Checkmark "Create a desktop icon"Click "Next"When the installation is completed, make sure that the checkmark "Launch HaxFix" is placedClick "Finish"A red "dos window" (dos box) will open with options:1. Make logfile2. Run auto fix3. Run manual fixE. Exit HaxfixSelect option 1. Make logfile by typing 1 and then pressing EnterHaxfix will start scanning the computer. When it is finished a logfile will open: haxlog.txt > (c:\haxfix.txt)Copy the contents of... Read more

29 more replies
Answer Match 50.4%

I have a computer under my care that is acting strangely. The problem manifests itself in iexplorer.exe . The program is eating up TONS of memory sometime 80k, and shows up twice in the task manager when it is only running one instance of the program. It's IE8. I've run spybot search and destroy, AVG virus scan, and the Malicious Software removal tool, to no avail. i'm running Windows Xp professional Version 2002 SP 3. Confession: I did run combo-fix and it repaired an infection at C:\windows\system32\kernal32.dll .
____________________________________________________________________

More replies
Answer Match 50.4%

Caught rogue malware and was brought down hard. at least, but not sure if limited to System Antivirus malware. first killed the processes, eventually got Malwarebytes and AVG (both free versions) installed after changing the .exe filenames and the foldernames, and have run both repeatedly. also cleaned out MSConfig start up, for what that's worth, and downloaded and installed Super Anti Spyware (listed as Geylin in log to get it to run), combo fix, but have not run yet.

still seeing 2 or 3 things every time I run malwarebytes, so wanted to reach out to the experts. thanks in advance.
DDS (Ver_09-06-26.01) - NTFSx86
Run by Edward L at 0:04:45.85 on Tue 07/14/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.494.80 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\... Read more

A:infected with rogue malware - System Antivirus

Hello and welcome to Bleeping Computer.My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I wouldbe grateful if you would note the following: Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
Copy and paste all logs requested in you reply, Do not attach them unless asked too.
If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
If I do not hear back from you within 5 days of my last post, then this topic will be closed.Please download Malwarebytes' Anti-Malware from HereNote: If you already have Malwarebytes' Anti-Malware, just update then run it.Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan (the scan may take some time to finish, so please be patient).When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be p... Read more

13 more replies
Answer Match 50.4%

Hi,
My system has Windows XP professional, SP3. I am having problem using search engine like google with both browsers IE and Google Chrome. Once I boot the system it allows to use google properly but for the subsequent time if I try to look for something else then it redirects to some other random website. This happens more when if by chance I use the Back button in the browser. My system has the latest Norton Internet Security and thats sort of useless for this specific Malware. I am not sure why does Norton charge so much money if their softwares can't detect any malwares.

Anyways, I am sure my system is infected and not sure what to do. I followed the instructions given under "NEW INSTRUCTION- Read This Before Posting For Malware Removal Help".

The DDS text is as follows:


DDS (Ver_09-12-01.01) - NTFSx86
Run by Ajay at 19:41:54.70 on Thu 01/21/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3572.2574 [GMT -5:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\drivers\audio\r213367\stacsv.exe ... Read more

A:[SOLVED] Redirect Malware infected my system. Pls Help

Hi,
I am posting the log file thats been created after I execute ComboFix.exe

ComboFix 10-01-21.02 - Ajay 01/21/2010 22:05:50.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3572.3117 [GMT -5:00]
Running from: c:\documents and settings\Ajay\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Ajay\LOCALS~1\Temp\install_flash_player.exe
c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
c:\windows\EventSystem.log
c:\windows\jestertb.dll
c:\windows\system32\twain_32.dll

Infected copy of c:\windows\system32\drivers\iaStor.sys was found and disinfected
Restored copy from - Kitty ate it :p
.
((((((((((((((((((((((((( Files Created from 2009-12-22 to 2010-01-22 )))))))))))))))))))))))))))))))
.

2010-01-22 01:50 . 2009-12-09 22:46 2747440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100121.023\CCERASER.DLL
2010-01-22 01:50 . 2009-11-13 06:00 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100121.023\NAVENG.SYS
2010-0... Read more

5 more replies
Answer Match 50.4%

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:50:20 PM, on 1/18/2010
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\McAfee.com\Agent\mcagent.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\WINDOWS\System32\smss32.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\WINDOWS\System32\ctfmon.exe
D:\Program Files\ewido anti-spyware 4.0\guard.exe
D:\Program Files\McAfee\SiteAdvisor\McSACore.exe
D:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
d:\program files\common files\mcafee\mna\mcnasvc.exe
d:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
D:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
D:\Program Files\McAfee\MPF\MPFSrv.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
D:\WINDOWS\System32\IS15.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - D:\Program Files\McAfee\... Read more

A:Trojan SPM/LX - Your System is Infected - Other Trojans/Malware

I am getting pop ups - i believe from many different malware - internet security 2010 - your system is infected - and trojan spm/lx - and i can't run smitfraudfix.cmd

please help!!
 

1 more replies
Answer Match 50.4%

First, a huge thank you to anyone reading this post.

My computer is infected with malware showing itself as "System Restore". It's not quite the same, but looks pretty similar to the "System Recovery" malware, so I have been following the advice written here: http://www.bleepingcomputer.com/virus-removal/remove-system-recovery

One note - before I found that link, I cleaned my files, including temporary files where it looks like backups were stored there.

I've been able to get through all the steps until I get to TDSSKiller. I can download the program installer, but I cannot run it whether I rename it iexplore.exe or as anything followed by a .com extension. It just won't open. That's been common with a couple of the other programs, but they would run eventually.

I've attached the files requested here: http://www.bleepingcomputer.com/forums/topic34773.html

If you need additional information, please let me know.

Thank you!!!

A:Infected with "System Restore" Malware; Can't Run TDSSKiller

Hello and Welcome to the forums!My name is Gringo and I'll be glad to help you with your computer problems.Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger:Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appea... Read more

3 more replies
Answer Match 50.4%

I'm posting this from my laptop, because I can't stay on your site or anyother site with the pc that is infected. It keeps changing stating that "Internet Explorer Warning-visiting this web site may harm your computer" ETC. I been looking in the area for removing tilitymalware guides and have tried to download the Malwarebytes Anti-Malware to remove this thing that has hyjacked my pc. It won't let me down laod so I put it on a fash card and got it installed on the pc, but now it won't run on the pc. I've tried Spy-bot and others but nothing will open and run. I'm real close to doing a complete re-install of XP, but I really don't to. I looked in the System Configuration Utility and found " Id08.exe and Sysguard.exe " in the start up tab and removed the checks and rebooted. I'm some what computer smart, but obviously stupid. Could use some help with this. Also in my searching for help I've read that the Id08.exe is really nasty and could have compromised my banking and credit card sites. I disable my internet conection as soon as the hyjacking started and have not tried to get on any sensitive websites since. Oh my ZONE Alarm failed me once again as it was up and running when this started. I can't get a HJT log because it won't run either. Anything that can help me would be appreciated. I got the DDS Log to work.
DDS (Ver_09-05-14.01) - NTFSx86
Run by jbandt at 13:05:09.34 on Sun 06/21/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Editio... Read more

A:Infected with nasty Malware "Antivirus System Pro"

Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt.Please post the contents of that document.********* If MBAM will not install, please rename the installer mbam-setup.exe. Example: newtool.exeProceed installing the renamed installer of MBAM. If MBAM will not run, go to the program directory of MBAM (e.g. C:\Program FIles\Malwarebytes Antimalware\) then rename mbam.exe to newtool.exe, double click newtool.exe to proceed in running a quick scan. * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select "Perform Full Scan", then click Scan. * The scan may take some time to finish,so please be patient. * When the scan is complete, click OK, then Show Results to view the results. * Make sure that everything is checked, and click Remove Selected. * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. * Copy&Paste the entire MBAM report (even if it does not find anything) in your next reply Extra Note:If MBAM enc... Read more

48 more replies
Answer Match 50.4%

I am running Windows Vista Home Premium Service Pack 2 on a Compaq Presario F700 Notebook w/ 2 GB RAM.Several weeks ago, after launching a link on Facebook, I my laptop was taken over by Windows System Repair rootkit. I was able to reboot in safe mode and run Malwarebytes and get back control of my laptop but have been having continuous problems. Right after running malarebytes I started having Multiple Iexplore.exe processes running invisibly, causing audio clips of commercials, such as Slim Jim commercials and other random ads and a sports broadcast from 2010. Very wierd.I think I had other infections, prior to this one, that I was unaware of. At some point last year my Task manager was all but disabled, showing on the processes window. I also lost the function of my optical disk drive. And the Shockwave Flash plug-in began to regularly crash spontaneously (I have discovered I can recreate that event by ending the plug-in container process in Taskmanager.) At that time I was running IObit and Avira and thought I was protected.Since the Windows Vista Repair attack I have added Avast and run several completet scans, including boot scans. i have uncovered some infections but continue to have problems.I have runn CCleaner and Super Anti-Spyware.I run Mozilla Firefox 5.1 having recently upgraded from 3.6, thinking that might solve my problems. My current problem is IE spontaneously opening a hidden window with the ultimate effect of shutting down my sound. Restarting F... Read more

A:Became Infected with "Windows System Repair" Malware

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:***************************************************First, I need to know if you still need help! To tell me this, please click on http://www.bleepingcomputer.com/logreply/410696 and follow the instructions there. If you no longer need help, this is all you need to do. If you do need help please continue below.***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
Please do this even if you have prev... Read more

18 more replies
Answer Match 49.98%

An alert window telling me my computer is unsecure and to download all sorts of viral antispyware programs. the reoccuring message is "Windows has detected an internet attack attempt... Somebody's trying to infect your PC with spyware or harmful viruses. Run full system scan now to protect your PC from internet attacks..."I ran all the spybot and ad aware things and it says that everything is clean. Therefore, I don't know what this problem is called. The first thing that happened was that I couldn't open my task manager. after I ran spybot, that fized that problem. Then my desktop background turned into a red background that had a hazard-like symbol on it. again, i fizxed this. But i'm still getting popups and errors and my Computer is running incredibly slowly.Please help.-TanjaHere is the log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:30:22 PM, on 12/30/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Progr... Read more

A:Infected With A Fake Malware/spyware Alert System.

Welcome to the BleepingComputer HijackThis Logs and Analysis forum tanjasofiaMy name is Richie and i'll be helping you to fix your problems.Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546You are well advised to remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present,then restart your pc:ViewpointViewpoint ManagerViewpoint Media PlayerYour version of Sun Java is out of date.Older versions have vulnerabilities that malware can use to infect your system.Please follow these steps to remove older versions of Sun Java,and then update.1. Download the latest version of Java Runtime Environment (JRE)2. Scroll down to where it says 'Java Runtime Environment (JRE) 6 update 3'.3. Click the "Download" button to the right.4. Check the box that says: "Accept License Agreement".5. The page will refresh.6. Click on the link to download 'Windows Offline Installation, Multi-language' and save to your desktop.7. Close any programs you may have running - especially your web browser.8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.10. Click the Change/... Read more

11 more replies
Answer Match 49.98%

Hello,

I posted another thread in this forum about my website being repeatedly hacked. I also mentioned that I couldn't run a scan with MalwareBytes' Anti-Malware, because the program would close just a few seconds after starting a scan.

The first reply to that thread was from a user suggesting that this might be a sign that my machine might be infected, and that I should run a scan with HijackThis! and post the log here. I decided to do what he/she recommended, so here it is:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:34:20 PM, on 11/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\hpppt.exe
C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\photo_id.exe
... Read more

A:Unable to run MalwareBytes' Anti-Malware, system infected?

16 more replies
Answer Match 49.98%

Hello,
Thank you in advance for your help and support! When loading web pages using IE, the pages are taking a very long time (ok, longer than normal) to load. This is quite frustrating as my wife sits right next to me with her computer and they load fine.... Please help my computer, it is jealous of my wifes computer. Here are the requested info:

HiJack Log
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:38:19 PM, on 1/20/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17093)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMServic... Read more

A:System infected with malware - internet running very slow

6 more replies
Answer Match 49.98%

Hi dear,
suddenly,my system infected by MALWARE,and i did all the recommended action given by the antivirus programm,but i found after that,i cant open hard dirve C & D,,,but i can use desktop and my documents,,
please help me to solve this problem as soon as possible.
thanks
regards
 

A:ITS URGENT,MY SYSTEM INFECTED BY MALWARE,,I CANT OPEN harddrives C & D

Please do not create multiple threads for the same problem! Read >>Posting help read first<< if you feel you are not getting help.

Closing duplicate thread, please continue here: http://forums.techguy.org/malware-removal-hijackthis-logs/717009-its-very-urgent-i-can.html
 

1 more replies
Answer Match 49.98%

Good Sunday Afternoon,

I am so happy to have stumbled upon this site as I was searching for alternative methods of contacting Super Anti Spyware Tech Support for help. Unfortunately, I am unable to contact their tech-support, nor can I access any type of updates. It appears that last weekend while spending time with my parents and having a cook out with them and my neighbors, my neighbors son who is 14 asked to check his myspace, which I did not mind, Later that evening I noticed three icons on my desktop nudetube, pornotube and youporn. Upon opening Safari I noticed that in my top favorites that a web site had been added entitled "big boob fiesta" (I think). After deleting the desk top icons and this web site and then restarting my computer I have had nothing but problems.

First I was unable to start my computer, as windows was starting up a blue screen would populate with some type of message but was only their for a second before the whole thing turned itself off and then started all over again. I then tried starting in Safe Mode and then Safe Mode with networking with the same conclusions. Finally I was able to start up using the last known good configuration but am and have been receiving numerous error messages. These include, but are not limited to due to the fact that I have not been writing all of them down, a RootKit.Win32.Agent.pp error message; Svchost.exe; Svchust.exe; Bravia.exe; alg.exe; explorer.exe; MCI Command handling window:explorer.exe; Co... Read more

A:Severely Infected System: Spyware/Trojan/Malware?

Hi and welcome to TSF.

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programmes, or run any other scanners or software, unless I specifically ask you to do so.




Combofix
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please read all the information carefully!

You MUST disable your AntiVirus and AntiSpyware applications - please read this thread as a guide. They may otherwise interfere with our tools and interrupt the cleansing process.

Please include the log C:\ComboFix.txt in your next rep... Read more

9 more replies
Answer Match 49.98%

Hi, I have a system that is infected with (most likely) a rootkit. It will not allow any scanners or most antimalware programs to run. So far I have successfully run DDS and gotten a log, gmer but it did not specifically identify any threats, rkill (iexplore version) which finds and kills 2-3 process' but they get recreated instantly and process names change each time. Renaming other scanner's exe's does not work.

What will not run or gets killed shortly after starting: combofix, mbam, superantispyware, hitman pro, catchme, mbr.

Safe mode produces the same results, no obvious bad files created recently, pulling the hard drive and scanning on another pc with mbam, eset and most of the others above does not find any infected files.

Can you provide any further insight? Much appreciation in advance.

A:Infected system attacks anti-malware software

Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

1 more replies
Answer Match 49.98%

I saw someone with the same problem on this forum. I feel really stupid for falling for this, considering I feel I know my way around computers. Very humbling to say the least. I scanned everything like was asked but it didnt clean this problem out. Two icons on my desktop keep re appearing. Thanks so much for any help!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:33:55 AM, on 11/7/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Creative\ShareDLL\CtNotify.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exeC:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exeC:\Program Files\Creative\ShareDLL\MediaDet.exeC:\WINDOWS\system32\CTHELPER.EXEC:\Program Files\BroadJump\Client Foundation\... Read more

A:Infected With Malware...(yellow Triangle On System Tray)

Welcome to the BleepingComputer HijackThis Logs and Analysis forum startex777 My name is Richie and i'll be helping you to fix your problems.It appears you've no virus protection installed.Download\install one of the following freeware options from the choice below.Once installed update its definitions and then run a full system virus scan.AVG7 Free Edition Antivirus:http://free.grisoft.com/softw/70free/setup...ree_446a965.exeAvast! 4 Home Edition: http://files.avast.com/iavs4pro/setupeng.exeAvira AntiVir Personal Edition Classic http://www.free-av.com/With you having Service Pack 2 installed i'm presuming you're using the Windows Firewall.You may be behind a hardware firewall(router/NAT),but it would'nt hurt to install a third party software firewall to henhance protection.A word of warning regarding the Windows Firewall in Service Pack 2,it only filters INCOMING traffic. That means if malware happens to compromise your PC,it will be able to SEND OUT out your credit card data,and any other personal information.I suggest you install a more robust third party firewall that filters both INCOMING and OUTGOING traffic.Download\install one of the following freeware firewalls from below:Sygate Personal Firewall Free Edition:http://www.filehippo.com/download_sygate_personal_firewall/Zone Alarm Free:http://download.zonelabs.com/bin/free/1001..._737_000_en.exeComodo Personal Firewall:http://www.personalfirewall.comodo.com/Outpost Firewall Free:http://www.agnitum.com/pro... Read more

1 more replies
Answer Match 49.98%

Hi, I am in need of some help to get this mess off my computer. I clicked a link on Facebook and I believe that is responsible for this mess I am in. My computer runs very, very slow now. Sometimes I have to click on something three times before it will actually do something. When I scroll the page it is very jumpy and sometimes wont scroll at all. It also freezes up while typing and then will unfreeze and finish out what I typed (if that makes sense). I was using Avira and it has found nothing. I downloaded a trial version of Kaspersky and it has found nothing. I then downloaded Spy Sweeper and it found Trojan Download.Ruins and 29 other malware infections that it didnt name. BUT it would not remove then without paying $50. I later ran Trendmicro Housecall and it claimed to have removed it but my system is still whacky and acting the same way.

My OS is Windows Vista (SP1), I mainly run Firefox - currently I am running the free trial version of Kaspersy Anitvirus

Please help me get rid of this!!

A:Trojan Downloader and ohter malware have infected my system!

Welcome to BCSome types of malware will disable Malwarebytes Anti-Malware and other security tools. If MBAM will not install, try renaming it first.Right-click on the mbam-setup.exe file file and rename it to mysetup.exe.Double-click on mysetup.exe to start the installation.If that did not work, then try renaming and changing the file extension. click this link if you do not see the file extensionRight-click on the mbam-setup.exe file, rename it to mysetup and change the .exe extension to .scr, .com, .pif, or .bat.Then double-click on mysetup.scr (or whatever extension you renamed it) to begin installation.If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files.Right-click on mbam.exe, rename it to myscan.exe.Double-click on myscan.exe to launch the program.If that did not work, then try renaming and change the .exe extension in the same way as noted above.Double-click on myscan.scr (or whatever extension you renamed it) to launch the program.If using Windows Vista, refer to How to Change a File Extension in Windows Vista.Be sure to update MBAM through the program's interface (preferable method) or manually download the definition updates and just double-click on mbam-rules.exe to install. Then perform a Quick Scan in normal mode and check all items found for removal. Don't forgot to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. When done, click the Logs ta... Read more

11 more replies
Answer Match 49.98%

Cannot download Defogger or DDS Tool as recommended by Bleepingcomputer. When I try to download these the "System Tool" in the lower right pops up with "file MinDM.exe is infected. Please activate your antivirus software."
Upon computer startup the desktop now has wallpaper saying "Warning! Your're in Danger!...etc."
Cannot run AVG.

A:Infected with fake spyware/malware SYSTEM TOOL

Hello, did you install IE7Pro?EDIT: I moved this to the Am I Infected forum as there is no DDS log.Please follow our Removal Guide here Remove System Tool and SystemTool .After reading how the malware is misleading you ...You will move to the Automated Removal InstructionsAfter you completed that, post your scan log here,let me know how things are.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

1 more replies
Answer Match 49.98%

Privacy Protector, Error Cleaner and Spyware&Malware protection, it pops up a message saying my computer is infected and keeps opening internet windows even when i change the homepage away from the site it wants to go to. it is really slowing my laptop down, and when u attemp to close the pop ups or delete the desktop icons, it frezzes the laptop and the only way to resolve it is to restart but it just comes back no matter what, norton will not pick it up either. it is causing my laptop start up and loading time to be epic and is making it unusable, this topic has been fixed before by RichieUK on: http://www.bleepingcomputer.com/forums/t/105116/privacy-protector-error-cleaner-spyware-malware-protection/ i have the exact same thing. should i just follow those steps or wait for specific advice for my system? Logfile of Trend Micro HijackThis v2.0.2Scan saved at 00:00:05, on 03/09/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\S... Read more

A:Malware, Privacy Protector, Error Cleaner And Spyware&malware Protection

Hello,* Download Combofix to your desktop.Doubleclick combofix.exeFollow the prompts.Don't click on the window while the fix is running, because that will cause your system to hang.When finished and after reboot (in case it asks to reboot), combofix will open again to gather the necessary information for the log. This may take a bit. When done, Combofix will close and a log should open, combofix.txt. Post the contents of this log in your next reply together with a new hijackthislog.Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.

27 more replies
Answer Match 49.56%

This showed up when i started up my computer last night (I'm running XP). My desktop background changed to red with biohazard type logo, windows keep popping up trying to sell me protection, etc. when it first showed up some of my desktop icons dispeared and i couldn't get into my c drive, but that seems to have stopped for the moment.I've run my Kasperskys Antivirus, which says it can't delete it, disinfects it, but doesn't seem to change anything.I've also used System Mechanic 5, Spybot Search and Destroy, Smitfraudfix (i saw this suggested to someone else veiwing another forum- and it seems to work and everything looks good for 5 minutes, but then low and behold it comes right back) plus RegClean, RegistryFix, Tracks Eraser Pro, BugDoctor- to try and clean stuff out- some things seem to get rid of it, but then it returns. I've been looking it up on google to see what other people did, and trying these things, but obviously this strategy hasn't worked. its just given me a headache.I'm out of my depth. I really need help! Thankyou in advance for your wisdom.Here are my dss reports:Deckard's System Scanner v20071014.68Run by Aqua Dragon on 2008-06-08 11:54:45Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --5: 2008-06-08 15:54:53 UTC - RP230 - Deck... Read more

A:I Have An Error Cleaner, Privacy Protector, Spyware And Malware Protection Problem (virus? Malware? Trojan?)

Hi,Please uninstall the following programs since they are known to cause more damage than anything else:RegistryFix v6.2Bug Doctor 3.0.3.8Reboot afterwards.After reboot, * Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixThis includes installing the Windows XP Recovery Console in case you have not installed it yet.Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

2 more replies
Answer Match 49.56%

A few days ago my laptop (running Windows XP) was infected with the Personal Pro Shield malware. I tried to remove it according to instructions found on BleepingComputer and it appeared to have been removed. However, my laptop was still running slowly, freezing from time to time. Windows Explorer especially would freeze, and I had to forcibly shut down to use my laptop again. I used MalwareBytes to scan the laptop and thrice found lingering trojans, and thrice I cleaned them up. I also used ATF Cleaner to clean up any temp files. After many cleanings, reboots, etc. my Symantec Antivirus now appears disabled. I tried to enable it, to no avail; I tried to reinstall the Symantec driver, but Symantec remains disabled.

I have no access to a Windows install disc or boot CD. Is my laptop still infected? Hopefully I didn't worsen the situation with the scans, downloads, reboots, etc.

I followed all of the "First Steps" and have posted/attached the files. Note that when I ran GMER, I got an error message indicating LoadDriver( "C:\DOCUME~1\Student\LOCALS~1\-emp\fgtdapob.sys" ) error 0xC0000001: Cannot create a stable subkey under a volatile parent key and the only boxes that could be checked were Services, Registry, Files, and C:

DDS

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_26
Run by Student at 22:15:39 on 2011-09-07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.... Read more

A:Infected by malware, system behaving erratically and antivirus disabled

Hello

We will do our best to assist you. However, in order to do so, please follow all instructions provided in the sequence given. Do not install/re-install any programs or run any fixes or scanners that you have not been instructed to use. This may cause conflicts with the tools being used in the cleanup process.

If you have questions regarding any of the instructions or problems running any tools, please let us know.

You may wish to subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

-------------------------------------

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

A guide and tutorial on using ComboFix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
See this link for instructions on how to do this:
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Please include the C:\ComboFix.txt in your next reply for further review.



I would also like to see the last log report from MalwareBytes.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

19 more replies