Tech Problem Aggregator

Safe to have infected PC online - But not in Workgroup?

Q: Safe to have infected PC online - But not in Workgroup?

- On a small Peer-to-Peer network...
- One PC is infected
- Setup is: Cable Modem connected to small Linksys Router connected to a few PC's

1 - Is it a concern that the malware could spread to other PC's in the small Workgroup?
2 - If so will this fix it while still allowing the infected PC net access...
.. turn off all clean PC's
.. remove the infected PC from the Workgroup
.. turn on the clean PC's
This way the infected PC is not in the Peer-To-Peer Workgroup but it is still sharing the same router...

Right now I'm turning off (or disconnecting) all clean PC's from the network before turning on the infected PC. This is a problem for other users.

Thanks for any help.

A: Safe to have infected PC online - But not in Workgroup?

Are the clean PCs fully patched and are there no Windows accounts on those clean PCs with weak passwords?

3 more replies
Answer Match 56.28%

Hello, folks!
 
I come to you with quite a problem.
 
My internet doesn't work, but only so far as browsers go.
 
I am on an HP Pavilion laptop running Windows 7. In Normal Mode, I am able to swiftly and easily use things like Skype and even Steam; video games that go online or have an online component also seem to work, and can patch themselves or download updates. However, I absolutely cannot use any of my browsers. I have three of them installed: IE, Chrome and Firefox, and when I try to use any of them I get the same error.
 
My main browser is Chrome, and when I attempt to navigate to a page, the browser hangs for a little while and then displays the error, "This webpage is not available."
 
Sometimes I will see this error flash in the page for a split second before my default 'start' page (which really isn't a website) turns up.
 
All of the browsers lag. Chrome in particular says 'Loading...' for some time before it even loads the start page.
 
However, in Safe Mode, all of my internet functionality is present and flawless. My browsers open speedily and connect to the internet in seconds without any problems.
 
 
I am not on my home network; I am on a Verizon network at my cousins' house. Obviously the issue is not with the network, and believe me, I checked and checked and checked again to be sure of that, but I did not start having this problem until I got here and tried to log on. Initially, when I did so, I had the ... Read more

More replies
Answer Match 55.44%

I'm having issues with getting my XBox360 and my Airport Express online at the same time. I am going through a comcast-issued Therayon router into a Linksys 5-port Workgroup Switch. Like told by the box, i am running my modem into the uplink port, the airport express from the fourth port and the XBox 360 from the third. Plase help!
 

More replies
Answer Match 47.88%

i have a lot of viruses and a few trojans and keyloggers, at least thats what it said on the free scan. I dont know if i still have these but if i did would it be safe to buy online or will my credit card be at risk of stolen info. and possible stolen money. I know that the website i going to buy from is safe. buy im not sure if its safe to buy from my computer. Can any one give me info on this.

A:safe to buy online?

I would not risk it if you know the machine is currently infected. In fact, if you know there are keyloggers, I would be sure to get to a known clean machine, and change any online passwords, and check any financial accounts.

You can read this: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

If you want help cleaning the machine...

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic if needed. I currently have as many open topics as I can effectively handle; this will have you back in queue with the proper logs so an available helper would be able to assist.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

1 more replies
Answer Match 47.04%

Title is self-explanatory, I think.
 
As always, any help appreciated.

A:Everything I need to know about safe online banking

How safe do you want to be?Personally I boot my computer with a live Linux CD to log onto my bank account, but some people think that's over-the-top.

22 more replies
Answer Match 47.04%

A few weeks ago a friend of mine visited an adult website that he had not been on before . My computer immediatly reported virus attacks and when we tried to get online we were redirected to a site that wanted us to purchase antiviral software, that was called Antivirus System Pro. I knew that was just part of the virus, but I could not get around it. Even when the browser was not open, the internet would open to Porno.org/Porno.com as well as a ****** add. After downloading several free antivirus packages, the pop-ups stopped, and I was not being directed to purchase Antivirus System Pro anymore. However it appears now that I cannot get online at all now . It says there is something wrong with my internet connection. I am able to access the internet, and thus post this, in the safe mode only. Here are the requested scans. Please let me know what to do.

Also note - my computer programming was installed at my work - where I just got laid off from..so I do NOT have access to a Windows Install disc, or a Boot CD.




DDS TEXT

DDS (Ver_09-12-01.01) - NTFSx86 NETWORK
Run by Administrator at 1:07:13.57 on Wed 12/16/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.382.170 [GMT -5:00]

AV: eTrust ITM *On-access scanning enabled* (Outdated) {33EA71EA-56CF-40B5-A06B-BD3A27397C44}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\syst... Read more

A:I can only get online in the 'safe mode'

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please copy this page to Notepad and Save it to your Desktop in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Please download ComboFix and Save it to your Desktop.

**Note: It is important that it is saved directly to... Read more

19 more replies
Answer Match 47.04%

I'd like to personally hear from you guys if running an online bitdefender8 virus scan is safe. I mean is it really all that stuff they say it is?

I'm not exactly a guy that's easy to convince. the bitdefender website talks a lot of talk about their online scanner. so, how about it? is it safe to do so?

PS: i'm on my laptop. the OS is vista home premium. I've got norton internet security 2007 preinstalled. but I don't trust norton and I plan on removing it. But I'd like to try this online scanner of bitdefender, just to make sure norton didn't miss anything.
 

A:Safe online scan?

16 more replies
Answer Match 47.04%

tell me how safe is it to buying online using credit card. does it depend on the seller ?. (ex/ ebay, amason, sony)
 

A:how safe - BUYING ONLINE

8 more replies
Answer Match 47.04%

Recently I've been strongly debating whether or not to try getting into some form of online work from home. After several weeks of research I've narrowed it down to 2 options that I'd be the most capable of. 1, being an online chat agent/sales rep for Needle or 2, a freelance writer/editor for website blogs. So now has come the time that I'd like all your opinions regarding the security of these choices. A few questions I'll list below although I'd greatly appreciate any form of input.

I'll understand if these questions might be impossible to answer, but I've gotta ask anyway. If I were capable of getting a real-life job I'd not even bother with this, but for these next few months online work is my only option to stop going downhill. At the same time, if either of these 2 options does have security risks that would be impossible to deal with too. Since if my only current PC does become inoperable, there is absolutely no way I can ever get another for years.

1: If I were to become an online chat agent, assisting visitors to lets say Reebok. Is it possible for a hacker claiming to be a shopper, infiltrate my system or in any way compromise my security via Reebok's sales chat interface?

2: How likely is it that I'd become infected from any sort of blog writing/editing job? I apologize for this question being so vast but I really don't know how else to word it.

More replies
Answer Match 47.04%

good day,
what programs should be running in the background while i'm online to keep my computer safe?aside from an anti virus of course,thanks!
 

A:keep computer safe while online

Free spyware tools:

Ad-Aware SE: http://www.majorgeeks.com/download506.html

SpyBot S&D: http://www.majorgeeks.com/download2471.html

Micro$oft Anti Spyware BETA:
http://www.microsoft.com/athome/security/spyware/software/default.mspx
(For Windows 2000 and XP only)

Spyware Blaster: http://www.javacoolsoftware.com/spywareblaster.html

Free firewalls:

Zone Alarm: http://www.zonelabs.com/store/content/catalog/products/sku_list_za.jsp?lid=dbtopnav_zass

Sygate: http://smb.sygate.com/products/spf_standard.htm

How to tighten your computer's security:
http://forums.techguy.org/t208517.html
 

1 more replies
Answer Match 47.04%

I only can get online in safe mode , when in normal mode i cant get online and it tells me that there is nothing wrong with my internet connection , i cant fiqure out what todo ive ran malware anti malware , spybot nothing seems to help pleased advise
thank you

A:only can get online in safe mode

Uninstall your antivirus and check

2 more replies
Answer Match 47.04%

Logfile of HijackThis v1.99.1
Scan saved at 12:10:23 PM, on 5/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Administrator.MIPC\Local Settings\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0... Read more

A:Can only get online in Safe Mode Please Help!

im also getting various pop-ups especially CiD pop-ups

1 more replies
Answer Match 47.04%

Is it possible? Can Safe Mode be tweaked for internet access? If so please do tell how.
 

A:Online In Safe Mode?

J0sh said:

Is it possible? Can Safe Mode be tweaked for internet access? If so please do tell how.Click to expand...

there should be Safe Mode with Networking when you try to boot choosing safemodes. to enable it, go to Start->run, type "msconfig" and when the window opens, choose the tab labelled BOOT.ini, check the button for SAFE, and the box for networking.

next time you boot, be careful. booting this way will cause you to perma-safemode-with-networking boot. PLEASE CONSULT WITH ANOTHER PROFESSIONAL to get out of this boot mode. it appears my age has crept up with me. i forget how to get out.
 

2 more replies
Answer Match 46.62%

I am only able to get online in safe mode. I can ping out. I have tried flushing and renewing the dns but that has not helped. I am running xp home edition on a dimension 5000. It previously had AOL installed and was working fine but I did not want to use AOL and uninstalled it and tried to instal my own broadband provider (SKY). Any advice most welcome this had been driving me had for three days!!!!
 

A:Solved: I can only get online in safe mode - help

16 more replies
Answer Match 46.62%

Ok, my apology for wanting to post this question, which may be considered inappropriate for many different reasons - and yes, an apology by itself does not imply it's okay (or not) to watch movies online, certainly not justify any crime I might have committed -.
But I am simply interested in/worried about cybersecurity.
Sony's cyberattack resulted in many of their movies inadvertently released online. One secruity expert was quoted saying (paraphrased here) - it's NOT SAFE to watch those movies online, as the longer you stay on one particular website, the more danger your computer will be exposed to.
To a computer user like me who knows nothing technical about security, this begs the question - is it unsafe to watch movies online despite the security setting (firewall, real-time anti-virus, real-time anti-malware etc). (dpes watching movies online mean running some video streaming program (in javascript?????) in the background of the internet browser ? ).
 
 
Any insight to share will be greatly appreciated.

A:is it safe to watch movies online?

So this question can go a couple ways. Watching movies via a legal source is perfectly safe (e.g Netflix, Hulu, Amazon Prime etc.). These sites have good security (Amazon probably has some of the best) and you really don't have to worry much about it. The way the movies are transmitted and viewed can be attacked, like the Microsoft Silverlight that Netflix uses could have a security hole that won't be fixed til you update it on your end (as long as Microsoft fixed the issue). So as far legal sources go, its perfectly safe to watch movies and TV shows online.
 
Now if you are talking means that aren't so legal, where people have uploaded them on sketchy sites and you are viewing them. Yeah those aren't so safe. They like to put viruses right in the code of the website, or they like to automatically download something without you even saying you wanted to. So no, that method is not safe.
 
I am curious, do you know where you read that article with the security expert? I would like to take a gander at it. I am assuming he/she saying its not safe to watch them online is meaning the not so legal ways.

11 more replies
Answer Match 46.62%

Hello. I recently had the problem of not being able to get online unless in safe mode and have been trying to find a cure. I ran the network diagnostics thing and in the "Winsock Status" part it said "error attempting to validate the winsock base providers. A reset is needed".

It said to call XP support but I have just uninstalled Sygate Personal firewall and now I'm able to surf the net again.

Does anyone know what happened and why Sygate was the problem? Thank you.

A:Online only in safe mode question

The firewall was more than likely blocking a connection to the internet to 'protect' you.

1 more replies
Answer Match 46.62%

Are online surveys were you get paid for answering surveys safe? How would they get the money to pay you anyway? How do they work?

A:Are Online Surveys for Money Safe?

 
If it sounds too good to be true...

2 more replies
Answer Match 46.2%

my brother's computer is having a problem.
all the other computers in our house are just fine and connect normally, but his does not.
in normal mode, it cannot acquire an ip address, but shows that we have a connection to our network
inn safe mode, his ip is normal and we can access the internet
i'm not the smartest with computers, so i need some help, please
 

A:help! can only connect online in safe mode with networking

6 more replies
Answer Match 46.2%

........Edit........
Deleted the content of this post
Refer to ... http://forums.techguy.org/showthread.php?postid=1115014#post1115014
 

A:Is your computer safe from online hacks and viruses? R U Sure?

I was advised to get an A/V (im using avg)
also advised me to get a good firewall(i have zonealarm)

steve gibsons site www.grc.com is better and more reliable i think.
 

2 more replies
Answer Match 46.2%

Windows XP log. I want to see if there are any virus to make it unsafe to purchase with this computer. Earliar I did a adware scan and found a few malaware and spywares.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:04:49 PM, on 7/11/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\AntiVir PersonalEdition Classic\sched.exeC:\Program Files\AntiVir PersonalEdition Classic\avguard.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Java\jre1.6.0_05\bin\jusched.exeC:\Program Files\AntiVir PersonalEdition Classic\avgnt.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program... Read more

A:Is My Computer Safe To Purchase Stuff Online?

Hello mrkool899,

I apologise for the delay, the forum is too busy.

If you still need help, post a new HijackThis log.

2 more replies
Answer Match 46.2%

Is Facecrooks or Scamadviser safe online websites that we can use for receiving answers to questions about security warnings or hoaxes?

A:Is Facecrooks and Scamadviser online websites safe to use?

I feel with names like that for their respective websites... I'd be inclined to steer clear? Certainly a google trawl I did for Scamadviser produces a lot that warns "against" it...Facecrooks seems equally suspect...I'd be much inclined to "pass them by"...

2 more replies
Answer Match 46.2%

Hi There,

Sorry this is a stupid question...

I've just installed Online Armor firewall, (which showed me my hosts file had been completely corrupted...fixed that) but just want to confirm the internet connections shown (2) are legitimate if I can. Are they both supposed to be there?

Guess the hosts thing spooked me.
Thanks Much!

Screenshot from Online Armor Attached.

PS. I don't even know if this is 'private data' or not, pls let me know if it is and I should remove it - thanks you!
 

A:Solved: Please Tell Me If This Gateway is Safe? (Online Armor)

9 more replies
Answer Match 45.78%

Keep yourself safe online with these 5 free cyber security courses
Does ever the thought of your personal details lying unsafe online cross your mind? Have you ever thought of how to keep your personal data secure online? At some point of time, these questions do cross everyone?s mind at one point or the other.

With hacking and data breaches on the rise, internet and information safety is hugely important. As our lives increasingly depend on digital services, the need to protect our information from being maliciously disrupted or misused is really important.

For instance, if your credentials are stolen, there is very little you can do to stop their resale and reuse. However, there are plenty of free online resources designed to teach you about basic information security techniques that can keep yourself safe from criminals who could use them against you. Even though your credentials may be stolen, you can definitely lessen the potential damage that is causes.
In this article, we bring to a list of 5 free cyber and information security courses that you can take, right away to enhance your awareness of your online surroundings. Each course is designed for self-learning MOOCs (Massively Open Online Courses), and come with active communities and lecturers you can direct questions towards.

FutureLean: Introduction to Cyber Security; Our lives depend on online services. Gain essential cyber security knowledge and skills, to help protect your digital life.
FutureLearn: Cyber ... Read more

A:5 Free Cyber Security Courses That Will Keep You Safe Online

Great post this! I intend to pursue a career in cyber security!
 

1 more replies
Answer Match 45.78%

Hi, I have the problem of satisfying my son's ever increasing gaming needs while maintaining safety of the pc

I hang in mostly in the Securty forum here...and do not play these type of games...and know absolutely squat about the places to play that are good.

The pc is up to date, DirectX and good drivers..there is no problem playing games at all in fact I have to pry the kid out of his chair sometimes. I do see a lot of folks posting for help with hijacks and stuff every day, and a lot of them show heavy game site usage....kdx is one I see a lot, and the kid has been hanging out there and GameSpyArcade...and now we have the GameZone thing down in the taskbar.
Anyone who could advise me about the good places for him to be I would appreciate it greatly. Son is 22 so the action games are not a problem. I just don't want to have to be cleaning up after him all the time.

Pc is fairly well protected and all, as much as I can be.

It's running 98SE behind a router with cable service.
Thanks all.
 

A:action online safe gaming site needed...

8 more replies
Answer Match 45.78%

i have a laptop that has the Blue Screen due to possibly a virus/trojan. is there a way i can use a free online virus scanner via Safe Mode w/ Networking? if so, how?
 

A:possible to run free online virus scan via safe mode?

Boot to Safe Mode with Networking and try it...
 

3 more replies
Answer Match 45.78%

So I have been using Eset smart security on my laptop and Kaspersky on my PC. However now when my Eset is expiring in two weeks i figured out well my Laptop never really got a virus in 2 years except some malicious site warnings which even google chrome blocked...so I thought I might resort to free security suites...like avast or comodo internet security?
Any suggestions on what software or combination of softwares I could use to protect my Laptop?
I'm running windows 10 x64 if it helps..
 

A:How to stay safe online using Free security software?

SamX said:





So I have been using Eset smart security on my laptop and Kaspersky on my PC. However now when my Eset is expiring in two weeks i figured out well my Laptop never really got a virus in 2 years except some malicious site warnings which even google chrome blocked...so I thought I might resort to free security suites...like avast or comodo internet security?
Any suggestions on what software or combination of softwares I could use to protect my Laptop?
I'm running windows 10 x64 if it helps..Click to expand...

You can use both Avast Free and Comodo Firewall (which is free) together.
 

12 more replies
Answer Match 45.78%

SUbject: Windows XP View Workgroup does not show entire workgroup

Hello everyone,

I currently have what I hear is a very common problem, but no one seems to be able to give me a common answer.

First for my config.

I currently have 9 PCs running on my LAN (I am a full time telecommuter, and my wife is part time, as well as having a full time student at home)

Physical Config

4 PCs with WINXP Pro 2 Desktop 2 Laptops
3 PCs with WIN2000 1 Desktop 1 Laptop
2 PCs with WIN98se 1 Desktop 1 Laptop

3 Laptops connected via Wireless LAN
5 Desktops connected via Wired LAN
1 Broadband Router with HUB (Broadband Internet connection via Wireless Radio)
1 HUB
1 Wireless Access Point
1 Wireless Print Server

(all configurable components are set to the same workgroup name)

Now for the problem:

On the WINXP Pro PCs only the XP and 2000 machines are displayed on the "View Workgroup" section of XP. On all the other machines, the entire workgroup is properly displayed, including the Wireless Print Server. Problem is present wether I am running my VPN client or not. Now for the weird part. Sometimes but not all the time, I will see one of the 98 machines or 2 or what ever)

I have been told this is a security feature of XP interacting with the network and can sometimes be corrected via the shutdown and or restart of the internal firewall (depending if its running or not)

Can anyone suggest a fix for this problem. Also, is there a replacement for the veiw workgroup that works all t... Read more

A:XP Workgroup View does not show entire workgroup

11 more replies
Answer Match 45.36%

Is it safe to use Defensewall in built browser for online banking/shopping/
 

A:Is it safe to use Defensewall in built browser for online banking/shopping/

it has an built-in browser? screenshot please
 

7 more replies
Answer Match 45.36%

Cyberattacks are on the rise and they range from phishing and scams on social media to high-profile assaults against companies. For the average consumer, knowing where to turn and how to keep your digital identity safe can be a minefield of solutions. But what do you truly need to know? In a recent Google research paper, security professionals were asked what the top five ways to stay safe online are, and these are the tips they offered.Top 5 security practices in staying safe online: From the expertsSimple and easy, yet often forgotten practices by a lot of users. These 5 practices only should be able to keep a user out of quite a lot of trouble when it comes to online account security.

More replies
Answer Match 44.94%

history:
--in 7/10 avast! free av had detected & quarantined following 2 viruses (JS: Pdfka-AFJ [Expl]; & HTML: Downloader-F [Trj]
--on 2/2/11 i downloaded norton internet security 2011 & it immediately found & quarantined following 6 trojan horses listed as high risk found on c drive in appdata files:
1. phone.class
2. myname.class
3. emailer.class
4. is.class
5. phonebook.class
6. familie.class

what do i need to do now to fix any problems with accessing online bill payment, etc. can the fixes all be done using norton internet security?

is it sufficient to just change log on passwords to these accounts? or does more need to be done like getting account numbers changed, or other?

is it even safe to go online into these accounts now that 6 trojan horses were found & quarantined---if these were found, are there more problems waiting?

A:6 trojan horses quarantined: is it safe to return to online bill paying?

This is an unofficial response and the advice is mine, not that of bleepingcomputer.com or it's representatives...I would change all the passwords and account numbers, if you think any of your accounts have been compromised.Is it a hassle? = yes.Is it inconvenient? = yes again.Is it time consuming? = of course it is, but...If someone steals your identity and or ruins your credit, it could take you months or even years to get it all straightened out again. (Talk about time consuming and inconvenient)I think that this is a clear case of "better to have it and not need it, than to need it and not have it."I would err on the side of caution, every time.Just my opinion,ATGUNWAT

11 more replies
Answer Match 42.84%

Correct me if i am wrong. I have tried the Housecall virus scan online. And i had a following window come up:

head: 'Trjan' (yes, trjan, not trojan)'system cleaner'
body: A Virus has been found! REG_SEEKER.C

The only problem is - it came up BEFORE the scan has even started!! And there is NO reg_seeker.c on my computer!!!

After that i had some more problems in addition to the ones i already had. (I wrote about them in windows 98, ME forum - please HELP)

If i go there second time, the window doesn't come up. However,
if i restore registry and go there again, the same window comes up!!!! It could have been my computer, but why does it only happen when i do their scan? I tried 3 times, just to make sure - does it every time.

Is it just me or they got a problem? I have e-mailed them, no response (of course)?
 

A:Housecall Online...Infected!!!!????

8 more replies
Answer Match 42.84%

Have not been able to secure an online virus scan since October; Can't run Spybot Search & Destroy... Will lock System up; loosing RAM at anytime: receiving mini dumps: Stinger is inconclusive... no results Not sure what is in system: There is a backdoor trojan but nothing descriptive: has diverted web requests, Office applications are delayed on certain request, not able to multitask: DON'T KNOW WHAT ELSE TO DO!Shut down gives win453 error: end task requiredHere is a Hijack This Log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:01:20 PM, on 12/15/2007Platform: Windows 2000 SP4 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Boot mode: NormalRunning processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\WINNT\system32\spoolsv.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINNT\System32\svchost.exeC:\WINNT\system32\regsvc.exeC:\WINNT\system32\MSTask.exeC:\WINNT\system32\stisvc.exeC:\WINNT\System32\WBEM\WinMgmt.exeC:\WINNT\system32\svchost.exeC:\WINNT\Explorer.EXEC:\Program Files\Java\jre1.6.0_03\bin\jusched.exeC:\Program Files\DefenderPro\TSAntiSpy.exeC:\Program Files\... Read more

A:Infected, Not Able To Use Online Scans

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you.
I apologize for the delay getting to your log, the helpers here are very busy.

If you still need help, please post a fresh Hijackthis log, in this thread, so I can help you with your malware problems.
If you have resolved this issue please let us know.

2 more replies
Answer Match 42.84%

Hi,
Yesterday I had an awful virus, spyware etc attack. After cleaning everything I could find, and running a few tools and scanners, my computer comes up clean. I've also run an antivirus scan which came up clean. However, when I use an online scanner, such as kaspersky or panda, it keeps finding many infected files. Are they just better tools? Could it be that all the tools I've used have missed these files? I should mention that I no longer have any "symptoms", like popups, browser takeovers or anything else. How do I know if I'm still infected?
I've used ad-aware, s&d, cccleaner, ewido and a couple of others, and ez antivirus.
Thanks in advance.
 

A:Online scanners tell me I'm infected, but all others don't

16 more replies
Answer Match 42.84%

Mod Edit: moved to appropriate forum for DDS logs ~~ boopmeI posted a few weeks ago about getting scammed on the internet by ReImage company who "sold" me some computer repairs and an RealTime protection program for $499.  They never did the work and I have made the proper attempts to report them and get my money back from the credit card company but now I think I am infected with viruses and malware.  My computer is running really slow and freezing up and just not working correctly.  I would be sooooo grateful if someone can help me with this! I went to the instruction forums and saw that I must run some logs and post them here...so...here is the DDS log I ran: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.9600.17420  BrowserJavaVersion: 11.25.2Run by Sharon at 19:45:50 on 2014-12-26Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.5962.4410 [GMT -6:00].AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSc:\Program Files\Microsoft Security Client\MsMpEng.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.e... Read more

A:I was scammed online and now I think I am infected!

I am so sorry!  I thought I was in the right place!

17 more replies
Answer Match 42.84%

I have ran Malwarebytes' Anti-Malware and Adaware and it was not able to remove it. It removed close to 27 viruses off my computer, yet a few keep coming back. Now all my antiviruses are being blocked, I can't search. I tried the online guide posted here, but it did not help me in my case. Any help would be appreciated. Thanks!

A:Infected with Guard online

With the information you have provided I believe you will need help from the malware removal team. Please make sure that you read the information about getting started first.Then start a new thread HERE and include or required logs.Including a link to this thread will be helpful. Good luck and be patient. Help is on the way!

2 more replies
Answer Match 42.84%

My computer is affected with AV guard online. It keeps directing every time a web page is opened and will not let any kind of malware removal program run. It swiftly closes all malware removal programs for eg(Malware anti-byte's antimalware). I ran it but it suddenly crashed. I am currently in windows safe-mode and it didnt let me run malware anti-byte's antimalware of even GMER. The instruction in bleeping computer was to run GMER and provide ark.txt file but when I ran GMER.exe it suddenly crashed. I am not sure how to get rid of this AV guard online.

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702
Run by Administrator at 19:03:24 on 2011-10-21
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.502.330 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\2030404000:1602157190.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
.
============== Pseudo HJT Report ===============
.
mSearchAssistant = hxxp://www.google.com/ie
BHO: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\4.6\iobitToolbarIE.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:... Read more

A:Infected with AV guard online

Hi,Please do the following:Download ComboFix from one of the following locations:Link 1 Link 2 VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here Double click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\C... Read more

18 more replies
Answer Match 42.84%

I was infected by what appeared to be the new version of AV Gauad Online and after going through the clean up process I still can't access the internet and some files, everytime i open ie it doesn't load. Each time I run the malwarebytes software it seems to pick something new up almost every other time. I ran the tdsskiller and each time it found nothing out of the ordinary. I went even further and have the dds logs that will be pasted below but one issue i had with the gmer program where it wouldn't let me check certain box fields as they were shaded out but i ran the scan anyway and it showed no modifcations to the pc,so i couldn't make an ark.txt file, not sure what to do at this point and hopefully someone can help, any help would be greatly appreciated.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by danny at 3:56:08 on 2011-10-20
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2940.1726 [GMT -4:00]
.
AV: Kaspersky PURE *Enabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky PURE *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
FW: Kaspersky PURE *Enabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows... Read more

A:Infected with Guard online

just ran the gmer program again and 2 things came up, i've just attached the txt file.

7 more replies
Answer Match 42.84%

Tried to remove with self help. TDSSKiller was unable to clean the TDSS infection. It identified infections but did not say cure. Also could not run gmer. Tried 2 times both times run for a little while then displayed blue screen and shut down. tried a third time to try to get details on blue screen, now system tells me "windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item. Tried to post this earlier, not sure it went thru. Could not find it on the forum, my apologies if the is a duplicate.

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.19120
Run by alex at 12:47:39 on 2011-10-08
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3070.1440 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\3667791524:1542545701.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\svchost.exe -... Read more

A:infected with AV Guard Online

Your logs indicate that a ZeroAccess infection is present on your computer:Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Please download DummyCreator.zip and unzip it.Run the tool.Copy and paste the following into the edit box:

C:\WINDOWS\3667791524
Press Create button and post the content of the Result.txt.

Important: Restart the computer.===Please download AntiZeroAccess by Webroot to your DesktopDouble-click antizeroaccess.exe to run the program.NOTE: If running Vista or Windows 7, make sure to Right-click on it and select Run as an Administrator.
At the black window, type y and then press Enter.Once AntiZeroAccess has finished scanning, a report AntiZeroAccess_Log.txt will be created in the same location as the program.Please post the contents of the report in your next reply, and let me know how your system is running now. :thumbup:

2 more replies
Answer Match 42%

I haven't had any concerns till just recently after receiving 3 separate emails with no name or address on them in MS Office Outlook. When received, I deleted them without opening and added them to the block senders list. Out of curiosity I decided to try running a Kaspersky Online scan (maybe this was a mistake?) and it tells me I have one "Suspicious: Trojan-Spy.HTML.Fraud.gen" and four "Infected: not-a-virus:PSWTool.Win32.RAS.a" all in Outlook pst. Other then the lexmark printer giving me the usual grief of not scanning more than 1 or 2 pictures before freezing and an occasional "not being able to log off" my user account after the scanner freezes I really haven't noticed any problems. Can anyone help with these items listed from the Kaspersky scan?

A:Kaspersky Online Scanner says i'm infected

Hello.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2IMPORTANT!!! - when you save the file, rename it to something random, such as bubbles.exe This must be done before beginning the download!MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan... Read more

8 more replies
Answer Match 42%

anybody see this? all i know is c:\program files\common files\symantec shared\spbbc is running at 360,000+ of memory usage. never saw that kind of memory hog before. my guess is one of the two below have "hijacked" spbbc.exe. task manager won't let me kill the process. saying access is denied. anybody with advice on how to handle?

Ths was generated from symantec online scan:

Virus Status: Infected!
Your computer is infected with at least one known threat.

C:\Program Files\i3p2hvk6\b73fgckb.DLL is infected with Adware.ClearSearch

C:\Documents and Settings\Masters\Application Data\Online Casino.exe is infected with CasinoOnNet

More replies
Answer Match 42%

Just put this computer online yesterday and this morning I checked it out and it had 1 virus and around 7 security issues allready. I locked it down with Spybot, SpywareBlaster, Antivirus and it is behind a router with a hardware firewall. Also runnin Windows XP Pro SP2 and it's firewall. But that didn't stop it from gettin hacked somehow.

The spyware was Isearch and some kinda media somthin or other as well as a few others.

I just cant believe it got infected so fast.

Anyway it took me about a 1/2 hour to clean and we'll see how long it lasts this time.

Isearch should get sued .. There's no excuse for that garbage.
 

A:Online 1 Day and Major Infected Allready

7 more replies
Answer Match 42%
A:Infected with Online Protection Tool

see post#3

5 more replies
Answer Match 42%

Hi there, yesterday my pc caught a bug, possibly several. It appears to be infected with x2 pieces of spyware, namely Security Sphere 2012 and AV Protection online. I have followed your very comprehensive instructions in how to remove but no matter what i do, these infections will not allow me to run any anti virus software from either malwarebytes, spybot, kapersky or avg. I have tried using tdss root killer and although it identifies x2 threats it asks me to reboot and when i do, we return to the normal fake security scan screens exactly as detailed in your forum as well as google redirects and slow running. The only small success i have had is using your rkill exe which stops the flashing screens and enables me to use the internet. I do hope you can help, i hate troubling you and can normally sort these things our myself with your instructions. Please find attached the requested .txt logs, the GMER exe will not run for me, it terminates as soon as i open it! Thanks in advance, Richard.

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Richard Deane at 14:26:55 on 2011-10-23
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3292.2656 [GMT 1:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\747063... Read more

A:infected with Av Protection Online malware

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

3 more replies
Answer Match 42%

hi

I'm doing a panda online scan and it has until now found 29 infected files.. How will i then be able to fix them?

I'll post the complete number of infected files after the scan finishes, but meanwhile, what will i have to do then to remove or fix the infected files? and should i be worried?

Thanks in advance

A:Help, infected files on online scan!

Hello -

Panda finds a lot of cookies sometimes, which can make the scan seem worse than it is. We wouldn't know without seeing the log.
If it finds any malware it can disinfect, the Disinfect button will be enabled. Click on Disinfect
Please ignore the offer to buy the program. Click on Export To

Export the log and save it to your desktop.
Please attach the contents of that log to your reply.

Add that to your post with the logs we really want to see when posting for help here, please.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

1 more replies
Answer Match 42%

When browsing the internet I encounter the following fake popup that appears to be a Windows Internet Security message: The title of the message is "Your Browser is under Threat of Infection Windows Requires Permission to Install Online Protection Tool. I have not installed the program in the fake popup. Another poster is encountering the same problem. He has a screen shot of the popup at http://www.bleepingcomputer.com/forums/t/305177/online-protection-tool/.I use Norton 360 and the computer has been protected by it. A norton 360 scan does not reveal any infections. It appears to be automatically updating.I have run Super Anti-Spyware but it found nothing. I was not able, however, to obtain an update to the program. When I attempted to I received the message: "There was an error trying to retrieve definitions. Make sure your firewall is not blocking Super Anti-Spyware from accessing the Internet."I also ran Malabytes scan. It found nothing. Again, however, I was not able to obtain updated definitions. I received error code: 732 (12007, 0).Before I came to this forum I did run a combofix scan and I can post this log. The log did include the following message: "c:\windows\System32\FirewallSettings.exe . . . is infected!!"I have run a DDS scan. The logs are copied or attached below. I was not able to run a gmer scan. On two occasions while attempting run GMER, I got a blue screen stating that windows was shutting down to prevent damage to the system. On anot... Read more

A:Infected with online protection tool

A little update. I created a new network on my wireless router and reset it to factory defaults. Since this was done, I have not seen the online protection tool popup. I don't know whether this entirely fixed the problem, but it seems to have eliminated one symptom

5 more replies
Answer Match 42%

-----Photos in this topic were sized to MAX Width of 600 for respect to BleepingComputer. If that's still too large feel free to change to URL instead of IMG or tell me to do so and I'll do.-----Preparation Guide For Use Before Posting A Hijackthis Log, Instructions for receiving help in cleaning your computerCOMPLETE----- NOTE ----- I've come to a few conclusions and assumptions after reading a ton of related trojan issues all over the net. If I'm wrong in any of these please point it out to me so that I can learn.I believe I have a trojan that has hidden itself and replicates. Probably in my System Volume Information folder (which I have no access to)--Folder options thru "Control Panel" or within a folder will not give me permission to view hidden files/folders or to view system files. I check/uncheck the options and hit Apply and exit out, and go right back in and it's set back to all files hidden. This happens no matter logged in as Administrator or Frank (Both users are set as an admin) or whether I'm in Windows mode or Safe Mode.--I get "Denied Access" reports when checking/unchecking startup files in msconfig although it seems to work for the next startup.--.inf files were deleted from each hard drive's main directory using MSDOS (c:/ d:/ etc) that were causing "What program would you like to use" messages on the hard drives themselves thru MyComputer (although not thru "Explore")--IE was transferring data when I woke c... Read more

A:Infected w/several Trojan "PSW Online Games"

Hello FrankCastleArizonaWelcome to BleepingComputer ========================Download ComboFix from one of these locations:Link 1Link 2Link 3* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

13 more replies
Answer Match 41.58%

hello,i need help removing this trojan horse from my computer.thanks! Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:41:39 PM, on 3/27/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\PROGRA~1\Iomega\System32\AppServices.exeC:\WINDOWS\system32\slserv.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\WgaTray.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\VM303_STI.EXEC:\Program Files\Yahoo!\Search Protection... Read more

A:Infected With Trojan Horse Psw. Online Games 2

Please... please help me remove this trojan. i would really appreciate it if someone would reply.

7 more replies
Answer Match 41.58%

Hi guys!

I thought trojan horses were a thing of the past...silly me. Think I picked it up from a torrent.

At the moment, all I've noticed is that it hijacks my browser when I click on a google search link.

In any case, here is the DDS report:

DDS (Ver_09-11-29.01) - NTFSx86
Run by John at 23:28:56.29 on Sat 11/28/2009
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3062.2054 [GMT -5:00]
============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\A... Read more

A:Infected w/ Trojan Horse PSW Online Games

GMER found this rootkit modification:

\systemroot\system32\drivers\H8SRTtperwfptmr.sys

not sure what to do, only option is to dump it, but i don't know what that's about.

i appreciate the hard work you guys do, so i want to know if it's bad form to post to another forum after waiting 5 days (honest question, no passive-aggressive b.s. intended ;-)

thanks in advance,

john

3 more replies
Answer Match 41.58%

My browsers are infected by these two hijackers and no matter what I do, I can't seem to remove them. They randomly open new tabs and also redirect my google searches to other websites. Any help with removing them will be greatly appreciated.
Thanks in advance!
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-11-2016
Ran by Sudhanva (administrator) on DESKTOP-63VCPNI (07-11-2016 18:31:25)
Running from C:\Users\Sudhanva\Downloads
Loaded Profiles: Sudhanva (Available Profiles: Sudhanva & Administrator)
Platform: Windows 10 Enterprise (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Kingsoft Corporation) C:\Program Files (x86)\cmcm\Clean Master\cmcore.exe
() C:\Program Files\MySQL\MySQL Server 5.7\bin\mysqld.exe
(@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe
(LULU Software) C:\Program Files (x86)\Soda PDF 5\HelperService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Serv... Read more

More replies
Answer Match 41.58%

I have tried the online fix suggestions such as re-starting in safe mode, downloading MalwareBytes, and then running a scan. However, it doesn't allow me to run a scan - it aborts before completion, then on attempt to rescan says file cannot run due to lack of permission. I have also tried Emsisoft Malware scan, but it won't let it complete a scan, either. I am attaching the requested DDS text files. I am also attaching the GMER log as best as I can provide. These are the GMER results that were generated when launching GMER the first time. However, after unchecking the required boxes to be unchecked and then running a scan, the malware shuts the GMER down before it completes the scan. It aborts and then I get the "Blue Screen of Death" followed by auto re-boot. Using other tools to search for rootkits also result in the malware aborting before the scan is complete. I also get the (BSOD) when I try to kill a Guard Online malware process in Windows task manager.

Thank you in advance for your help.

A:Infected with Guard Online & TDSS redirecting

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Please download DummyCreator.zip and unzip it.Run the tool.Copy and paste the following into the edit box:

C:\Windows\3698817051
Press Create button and post the content of the Result.txt.

Important: Restart the computer.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is... Read more

30 more replies
Answer Match 41.58%

My browsers are infected by these two hijackers and no matter what I do, I can't seem to remove them. They randomly open new tabs and also redirect my google searches to other websites. Any help with removing them will be greatly appreciated.
Thanks in advance!
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-11-2016
Ran by Sudhanva (administrator) on DESKTOP-63VCPNI (07-11-2016 18:31:25)
Running from C:\Users\Sudhanva\Downloads
Loaded Profiles: Sudhanva (Available Profiles: Sudhanva & Administrator)
Platform: Windows 10 Enterprise (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Kingsoft Corporation) C:\Program Files (x86)\cmcm\Clean Master\cmcore.exe
() C:\Program Files\MySQL\MySQL Server 5.7\bin\mysqld.exe
(@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe
(LULU Software) C:\Program Files (x86)\Soda PDF 5\HelperService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Serv... Read more

More replies
Answer Match 41.58%

My computer has been quite sluggish and seems to hang after loading, especially if I try to open any webpages...I get no transmission of date. I ran a virus scan and it detected a Trojan Horse (trojan horse psw.onlinegames4.pgn) but I am unable to remove it. I have followed the instructions on the preparation guide and included the relevant info below.

Thanks in advance for any assistance you can offer!


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_35
Run by Starbug at 7:38:16 on 2012-09-15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1098 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Logitec... Read more

A:Infected with Trojan horse PSW Online Games

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the ... Read more

16 more replies
Answer Match 41.58%

Well, a year back sality was into my system for the first time. It took me almost 2 weeks to get rid of it and the infected files as well... but this time, the scenario is different. I've got around 200GB of Data which includes a lot of executable files, which most probably got infected by Sality as well.

I removed most of Sality + many infected files using AVG Sality Remover, Kaspersky SalityKiller, Malwarebytes and avast! Boot Scan. The virus is inactive right now, but it still makes me feel as if its hiding somewhere on my system. I want to get rid of it, completely! Another thing I want gone, is the infected files themselves. Like, I had ComboFix on my desktop, it got corrupt as well but no anti-virus/anti-rootkit detects it as malicious. But the size of the ComboFix file has gone down to 26kb & avast auto-sandboxes it saying 'avast! is analyzing a suspicious program - We did not find enough evidence to identify the file as malware, however, you should use extreme caution when accessing it.' So, I'm a bit happy with the help from avast - other's didn't even care about it being executed. ;)

Virustotal Scan here :
https://www.virustotal.com/file/a50704a7ec0450172afed15995afa097e82f663ac5219f87edbf6d8248cb0f6c/analysis/

Anubis Scan here :
http://anubis.iseclab.org/?action=result&task_id=1a334af46058a3b4459f7ce3d7081c9ac&format=html

This is what mostly happened to all my executable files, all decreased to size below 1 ... Read more

A:Got infected by my biggest enemy online : Sality

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===This is the only suspicious process found on your OTL log.Did your run this process and know what it it?C:\Documents and Settings\PC\My Documents\Downloads\80cm1856.exeIf not please scan it at Jotti and post the results.===This is my speech on SalityI'm afraid I have very bad news. Win32/Sality is a dangerous polymorphic file infector which infects .exe, .scr files, creates a peer-to-peer (P2P) botnet that compromises your computer, downloads more malicious files to your computer, steals sensitive system information/passwords and sends it back to the attacker. -- Note: As with most malware infections, the threat name may be different depending on the anti-virus or anti-malware program which detected it. Each security vendor uses their own naming conventions to identify various types of malware.Understanding virus namesThreat aliases for W32/Win32/Sality - link 1Threat aliases for W32/Win32/Sality - link 2With this particular infection, the safest solution and only sure way to remove it effectively is to reformat and reinstall the OS. Why? As an entry-point obscuring (EPO) polymorphic file infector, the virus gains control of the host body by overwriting the file with complex and encrypted code instructions. The goal of the complex cod... Read more

2 more replies
Answer Match 41.58%

My browsers are infected by these two hijackers and no matter what I do, I can't seem to remove them. They randomly open new tabs and also redirect my google searches to other websites. Any help with removing them will be greatly appreciated.
Thanks in advance!
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-11-2016
Ran by Sudhanva (administrator) on DESKTOP-63VCPNI (07-11-2016 18:31:25)
Running from C:\Users\Sudhanva\Downloads
Loaded Profiles: Sudhanva (Available Profiles: Sudhanva & Administrator)
Platform: Windows 10 Enterprise (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Kingsoft Corporation) C:\Program Files (x86)\cmcm\Clean Master\cmcore.exe
() C:\Program Files\MySQL\MySQL Server 5.7\bin\mysqld.exe
(@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe
(LULU Software) C:\Program Files (x86)\Soda PDF 5\HelperService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Serv... Read more

More replies
Answer Match 41.58%

I'm infected with www.antivirus-online-scan8.com
It's a random pop up that redirects me to a spoof page of the my computer folder, telling me that I'm infected and need to preform a download at www.antivirus-online-scan8.com
Please help. It seems to have really slowed down my PC.
DDS (Ver_09-07-30.01) - NTFSx86
Run by Owner at 21:51:36.73 on Thu 09/17/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.766.247 [GMT -5:00]

AV: Norton AntiVirus *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy�... Read more

A:INFECTED WITH HTTP://ANTIVIRUS-ONLINE-SCAN8.COM

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

10 more replies
Answer Match 41.58%

I ran symantec's online virus scan and it found a trojan. Here is the report:

76945 files scanned, 2 file(s) infected on your disk drives.


No viruses were detected in memory.

Your computer is free of known threats. Virus Detection does not check compressed files.

Your computer appears safe for now. For real-time protection from viruses, hackers and privacy threats, upgrade to Norton Internet Security?.

No viruses were detected in memory.

The scan was cancelled before finishing. To restart the scan, click here.

Your computer is free of known threats. Virus Detection does not check compressed files.

Your computer appears safe for now. For real-time protection from viruses, hackers and privacy threats, upgrade to Norton Internet Security?.

Search for the name of the threat(s) listed below on the Symantec Security Response site for removal information.

Warning! The scan detected a virus that is active in your computer's memory.
The scan ended to prevent further infection.

You should shut down your computer immediately and restart it with an antivirus rescue disk or similar tool.

No viruses were detected in memory.

Your computer is infected with at least one known virus or Trojan horse.

Search for the name of the threat(s) listed below on the Symantec Security Response site for removal information.


C:\Documents and Settings\Guest\Local Settings\Temp\laf1C.tmp is infected with Trojan.Secup
C:\Documents and Settin... Read more

A:Symantec online virus scan says that I'm infected.

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

Those files in Temp are possible indicators of a zlob infection, as is one of the ActiveX controls installed on your machine.

---------------------------------------------------------------------------------------------

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, pl... Read more

3 more replies
Answer Match 41.58%

Hello!

My DD told me that there was some kind of virus alert on our computer. I took a look and it looks like those pop ups when you go to a "bad" site and a window pops up that says YOUR COMPUTER IS INFECTED, click to run scan now. I couldn't quite get from her what she did when the window popped up but is causing all types of errors on computer. Couldn't run virus scan, it was saying wacult.exe was infected, couldn't open task manager. Everytime I tried to do something it said that file was infected and click to scan now. I said no to all of these.

Same thing happened on reboot, but I did notice that if I could start my virus scan (McAfee) quick it would run. I also noticed a vlxgsysguard.exe that was in startup and task manager. I disabled through msconfig and also ended process through task manager.

I don't know if this is that problem but I did see that this file was added today at 3:10. Seems like this is the problem, but Hey, I'm no expert and that is why I am here!

Hope you can help me fix this so I don't have to ground my DD for LIFE!

A:Infected by online scanner? vlxgsysguard.exe I think is problem.

Try downloading rkill to your desktop from one of the following links. Double click the file and a black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully. If it does not work, then download the next file and try again.try this one http://download.bleepingcomputer.com/grinler/rkill.pifor this http://download.bleepingcomputer.com/grinler/rkill.scror this http://download.bleepingcomputer.com/grinler/rkill.exeor this http://download.bleepingcomputer.com/grinler/rkill.comMalwarebytesNow, download Malwarebytes from http://malwarebytes.org/ update it and run a full scan. Remove any infections found and post the results in your next reply.

5 more replies
Answer Match 41.58%

I Followed the directions already posted, however certain process and actions are still being blocked, leading me to believe the virus' registry items are still hanging around. In particular my Anti virus/spyware Program is still inaccessible Receiving an endpoint error when a new scan is started, and all shields are forced off and I'm unable to turn any on. Following is the results of the programs I was directed to.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Cerutrist at 5:20:14 on 2011-10-09
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2814.1835 [GMT -7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\atieclxx.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\afwServ.exe
C:\windows\S... Read more

A:Infected with Online Guard, Blocking programs

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/422614 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

2 more replies
Answer Match 41.58%

hi

i think my computer may still be infected. Started with antivirus and other pop ups... immediately went into safe mode with networking and downloaded malware anti malware. It quarantined and took out several things, which I have a list of if you need. Since then, am no longer able to connect to any online games. I do have AVG on my computer, ran it normally says all is fine, as does the malware tool. I can access email and internet fine so far. I have a hijack list, which I have not touched as well if you need. I tried to restore to an earlier date, system rebooted then said it could not allow restore... please help

A:am i still infected unable to connect to any online games

just to update unable to get to internet using ie, only able to on firefox thus fire... also the antivirus popped up again couldnt run malware antibytes in normal mode ran it in safe mode and it took out one thing, ran avast which took out a few as well, but still no change(

after more researching, i can as i can use firefox, apparently all the mmorpg games i play go through ie, which is disabled, no more pop ups, just to let you know avg wasnt updating, so that is why i uninstalled, and installed avast, which cleaned up a few more things... am still very worried though as cannot access anything online that connects through internet explorer.. i hope you can respond soon(i do have both malware and hijack logs

1 more replies
Answer Match 41.58%

I've been infected by this trojan (Win32/PSW.OnLine Games.NMP and Win32/PSW.OnLine Games. NMY )but it can not be deleted or cleaned by nod32. What it did only to quarantine. What can i do to remove this trojan from my laptop? Thank you for your help.This is my hijacklog.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 06:16, on 3/9/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\RTHDCPL.EXEC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\PROGRA~1\LAUNCH~1\LManager.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\Google\Google Talk\googletalk.exeC:\Program Files\ESET\ESET Smart Security\egui.exeC:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exeC:\WINDOWS\system32\igfxsrvc... Read more

A:infected by Win32/PSW.OnLine Games.NMP Trojan

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructio... Read more

2 more replies
Answer Match 41.58%

Last night/this morning, I did a scan with Kaspersky on-line which found "two viruses and 5 infected files." All files, apparently, were locked. They were not running.I did other scans:AVG AntiSpyware 7.5 CleanSpyBot: CleanAd-Aware SE Plus: CleanZoneAlarm Privacy Suite: CleanSuperAntiSpyware Free: CleanTrend Micro HouseCall: CleaneTrust Antivirus Web Scanner: Cleanhttp://safety.live.com/site/en-us/default.htm: CleanI attempted to do a Panda Scan, but the scanning page won't stay open. It flashes closed almost immediately.I have pasted in the Kaspersky log below. I replaced my name in the log with my BC user name, and I edited the portion with my computer ID, which I have highlighted in green. I have highlighted the infected files with blue. Otherwise, it is exactly as produced.Are these false positives, or for real? How do I get rid of them? Might there be other bits hiding elsewhere? I could, if necessary, uninstall the two infected programs and reinstall them - I have the serial numbers I received at purchase. One last note: When I did a Kaspersky On-line scan back in August or September, it didn't find anything and I had Cyberscrub Privacy Suite then, and I believe I had also installed Essential NetTools by that time which are the programs that have the infected files.Orange Blossom Sunday, October 15, 2006 1:41:59 AMOperating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)Kaspersky Online Scanner version: 5.0.83.0Kaspers... Read more

A:Kaspersky Online Found 5 Infected Files

Update:

I've gotten the Panda Online scan to work. My Ad-Watch settings were blocking it. Panda came out clean.

A2 anti-malware free updated yesterday came out clean: normal mode
---------------------
I've searched for Win32.agent, but cannot find it on my computer. I've searched in program files in the specific programs that Kaspersky has identified as infected, but nothing jumps out at me. Looking at properties of a couple of the files fingered by Kaspersky doesn't show recent modifications, so I'm clueless here. Should I upload the suspect files to JottiScan?

Google searching the two infection names suggests that these are real bad news. As a safety precaution, I haven't opened or run either of the two infected programs in the hope that if I don't the infection won't spread.

I don't think there is anything strange happening on my computer, so I think - perhaps - I got a partial infection, but I don't know. I'd really like to know how to get rid of the infection - if indeed there is one - and be sure it is gone.
--------
I started to run the F-Secure Online scan last night, but I fell asleep and so I will have to start that one over as my dial-up connection disconnected while I was asleep.
-----------
I have rebooted into safe mode, used ATF cleaner by Attribune to clear out all temp files etc. and started a scan with Spybot in safe mode before I left home this morning. That is where things are at the moment. I'm... Read more

14 more replies
Answer Match 41.16%

While game playing MW3 online.  After shutting down computer. Restarted computer next day would not boot up... Used F8 key on reboot... ( Repair your computer appeared)  Selected repair and computer restarted, Logged on now( Cannot) log on internet .Window opens then shuts down. Programs will not run tried to use command prompt to run sfc / scannow  Index box appears ( Stating do you want to make changes to hard drive to allow program to run) Cmd.exe publisher unknown ? Opened up C: drive noticed locks on folders tried to use device manager same index box appears asking to make changes to hard drive publisher unknown.....Cannot Install updates error code 80244019

A:Infected computer Playing online game? windows 7

Greetings Erndog and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.If you would allow me to call you by your first name I would prefer to do that.===================================================Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems ... Read more

0 more replies
Answer Match 41.16%

Hi. I've been have problems with Google redirecting for months, but I ran multiple scans and nothing came up. Today I got the Guard Online virus/spam. I tried to use the self-help guide "Remove AV Guard Online" (I was told it works for Guard Online, too). It linked me to the "How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller" guide. At step #6, TDSSKiller could not cure my computer so I skipped and didn't run MalwareBytes' Anti-Malware. I then started the "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help" guide but when I tried to scan GMER the "Blue Screen of Death" showed up and my computer restarted. I tried it twice more to write down what it said but it only stayed for about three seconds and I wasn't sure what I was supposed to write. I did all the self-help guides in safe mode and used a flash drive to download the files because Guard Online blocked everything.
P. S. I haven't been able to turn on my Automatic Updates for a while. When I follow the instructions and get to Automatic Updates from the Control Panel, the buttons are gray and un-clickable. Plus, my Internet Explorer has been saying "Diagnostic Connection Problem" so I can't use it. I don't know if this is relevant but if you can fix this too I would appreciate it Here is the DDS log:
.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702 B... Read more

A:Infected with TDSS, Guard Online, and Google keeps redirecting

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Please download DummyCreator.zip and unzip it.Run the tool.Copy and paste the following into the edit box:

C:\WINDOWS\3203397148
Press Create button and post the content of the Result.txt.

Important: Restart the computer.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is... Read more

12 more replies
Answer Match 41.16%

My Firefox browser seems to be infected by a hijacker. As soon as I open Firefox, it begins to run a scan to supposedly remove an infection - the reference is private-online-scan.com. I am able to close the browser, which then prompts an information box to pop up telling me that my computer is infected, and that i should run a scan. Instead of pressing OK, I have just closed the window. I am able to use Internet Explorer ok.
DDS (Ver_09-05-14.01) - NTFSx86
Run by LoriSchwartz at 9:35:10.07 on Sun 06/21/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.375 [GMT -7:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Outdated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
svchost.exe
svchost.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:&#... Read more

A:Infected with private-online-scan.com browser hijacker

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 41.16%

Hi all I ran Ad Aware, SpyBot-Search&Destroy, CCleaner and HiJack ThisSpyBot and Ad Aware found a couple of things but nothing major. Even so both Online and Offline games continue to speedup then slowwww down then speed up again. Any help and I would be most greatful.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:38:52 PM, on 2/8/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Documents and Settings\All Users.WINDOWS\Application Data\Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4157887751\TalkAn... Read more

A:Am I Infected? My Offline and Online Games Slow then Speed up

anyone have any thoughts on this one?

2 more replies
Answer Match 41.16%

How to get rid of them?

My machine runs very slow at times. CPU use is up to 100% according to TASK MANAGER.

KASPERSKY ONLINE SCANNER 7 REPORT
Friday, September 12, 2008
Operating System: Microsoft Windows 2000 Professional Service Pack 4 (build 2195)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, September 12, 2008 15:58:41
Records in database: 1218378
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
A:\
C:\
D:\
E:\
Scan statistics
Files scanned 32350
Threat name 8
Infected objects 10
Suspicious objects 0
Duration of the scan 01:52:29

File name Threat name Threats count
C:\RECYCLER\S-1-5-21-796845957-1343024091-839522115-1000\Dc17\MSX.cpl Infected: not-a-virus:FraudTool.Win32.MSAntivirus.ac 1
C:\RECYCLER\S-1-5-21-796845957-1343024091-839522115-1000\Dc17\MSx.exe Infected: not-a-virus:FraudTool.Win32.MSAntivirus.ac 1
C:\RECYCLER\S-1-5-21-796845957-1343024091-839522115-1000\Dc18\a.exe Infected: Trojan-Downloader.Win32.Zlob.yie 1
C:\RECYCLER\S-1-5-21-796845957-1343024091-839522115-1000\Dc18\b.exe Infected: Trojan.Win32.Small.xve 1
C:\RECYCLER\S-1-5-21-796845957-1343024091-839522115-1000\Dc18\c.exe Infected: Trojan-Downloader.Win32.Zlob.yih 1
C:\RECYCLER\S-1-5-21-796845957-1343024091-839522115-1000\Dc18\d.exe Infe... Read more

A:Kaspersky Online Scan Found Infected Files

Hello and welcome,let;s run this MBAM scan...Please download Malwarebytes Anti-Malware and save it to your desktop.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen, click on the Show Results button to see a list o... Read more

7 more replies
Answer Match 41.16%

Hi,

I have tried to follow the AV Guard Online Guide to remove the Guard Online Malware. The LAN settings did not have the proxy setting clicked and I tried running TDSS and nothing malicious is found. Once I run Malwarebytes the scan stops after 30 seconds and closes the program. My anti virus program keeps turning off and asking me to fix the status. Once I change the status it will require me to restart my computer. Please help! See below for the DDS log and the attach.txt attachment. I have 64 bit windows so I did not attach the ark.txt file.

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.19120
Run by Home at 20:52:29 on 2011-10-10
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3066.2373 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32 ... Read more

A:Infected with Guard Online and Google Redirect - Tried the Guide

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Please download DummyCreator.zip and unzip it.Run the tool.Copy and paste the following into the edit box:

C:\Windows\3951070527
Press Create button and post the content of the Result.txt.

Important: Restart the computer.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is... Read more

9 more replies
Answer Match 41.16%

I would like to figure out why the video is so jerky running in normal mode.
Is there a way to find out?

Also the sound system does not start in safe mode.

A:safe mode online video works excellent, normal mode awful, unwatchable

Troubleshoot Application Conflicts by Performing a Clean Startup

Don't forget to do step three after troubleshooting. Is it running fine in clean startup?

9 more replies
Answer Match 40.74%

I am working on a computer now that is failing to get online in normal mode. It can get online in safe mode.

I have run and updated adware, ran hijack this, ran Spybot SD, and ran Stinger. Mutliple times for all and now everything checks out like it should. I also deleted several folders that were spy/ad ware. Everything is functioning as it should.

I have also run the msconfig in normal mode to eliminate unnecessary startup items in normal mode and between the normal and safe mode w/ networking, all the processes match up. I have gotten it down to 17 processes in normal mode. Was originally at 75+. Both are now the same in safe mode w/ networking as well as normal mode, 16 running processes.

I have run ipconfig and pulled a valid network address. I have also done a /release and /renew, gotten the same IP, and cannot get online in normal mode.

TCP/IP settings in IE is correct. I have also gone under the Advanced section of IE tools and restored default. No go. I have also deleted the 1394 connection, restarted and it was auto-added to the computer and is functioning properly. Same for the network adapter.

Can anyone give me some ideas on what else I could check to try and get online? I have also downloaded and installed Firefox with no positive results.

Everything within the Device Manager is functioning properly. The system is XP Home SP1. I am thinking about upgrading to SP2, but really dont want to do that as I doubt it will help.

Also, I have run the WinSock XP fix... Read more

A:Can only get online in Safe mode w/ networking, not normal mode

10 more replies
Answer Match 40.32%

I started trying to remove this virus after getting the fake virus alert messages described in Bleepingcomputer's removal guide. I've been able to take just about all of the steps posted here:

http://www.bleepingcomputer.com/virus-removal/remove-guard-online

That includes being able to run TDSSKiller and RKill. However, once I run Malwarebytes' Anti-Malware as the last step of the process, it runs for about 10 seconds and then closes down. When I try to restart, I receive the message "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item." This all occurs when I am running Windows XP in Safe Mode. Thank you in advance for your help, and please let me know if you need any more information.

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 7.0.5730.13
Run by Jack Pittenger at 10:16:18 on 2011-10-08
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2599 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\3770994136:657603359.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documen... Read more

A:Infected with Guard Online Virus, cannot start Malwarebytes' Anti-Malware

Finally figured it out, but I am not sure how to close the original topic. Thanks!

2 more replies
Answer Match 40.32%

Hey Removal Gurus!
 
A few days ago my computer, which was "protected" by McAfee, started running poorly, sounded like it was launching, and all that jazz.
 
When McAfee didn't find anything, I removed it, and ran MBAM.  MBAM hit on two different things, in two different logs.  The first was for PUP.Optional.OpenCandy.  After quarentining that, I ran the scan again, and it hit upon PUP.Optional.Spigot.A.  I quarantined that as well. I then deleted both programs.
 
Since then, I have been running MBAM.  Still not convinced that everything was ok,  I ran the ESET Online Scanner.
 
ESET found Win32/Toolbar.Widgi.E in two places.  Specifically:
 
C:\Program Files (x86)\IObit\Smart Defrag 2\smartdefrag3-free.exe    Win32/Toolbar.Widgi.E
C:\Program Files (x86)\IObit\Smart Defrag 3\SDUpgrate.exe    Win32/Toolbar.Widgi.E
 
Obviously, I am not doing something right with my removal process.  Any help would be greatly appreciated.  Thanks in advance.
 
p.s.  I still have my MBAM logs.
 
p.p.s  Per the instructions (which i should have read earlier) attached please find the DDS information.
 
____________________________________________________________________________________
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17126  BrowserJavaVersion: 10.60.2
Run by Kendra at 1:33:50 on 2014-06-24
Microsoft Windows 7 Home Premium&... Read more

A:ESET Online Scanner Result -- Infected with Win32/Toolbar.Widgi.E

Please disregard.

6 more replies
Answer Match 40.32%

A few days back the virtunmonde worm got into my system. I have spyware doctor running on my pc and it immediately detected the worm. I ran a scan and deleted the infections but I was still bombarded with pop-ups about anti virus software and online poker.Next, i downloaded the virtunmonde fixer/removal tool and ran it. It detected 4 instances of the worm within dll files and removed them. I then an AVG anti virus AND lavasoft adaware.However i am STILL recieving these popups. Everytime i run spyware it detects a single infection Its strange because spyware doctor used to alert me specifically about the virtunmode worm but ever since i ran the removal tool those alerts have stopped. Yet i still get the same popups i did when spyware doctor detected the worm.Im extremely desperate now since nothing seems to be working.I have posted the hijackhis log below. Please advise me on what I should do next. I GREATLY appreciate any help. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 19:14:49, on 12/08/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\sv... Read more

A:Infected With Winfixer/virtunonde (popups Of Antivrus Software And Online Poker)

By the way, that infection which keeps on replicating itself everytime i scan with spydoctor is titled "Dialer.Instant_Access".

8 more replies
Answer Match 40.32%

Hey, I hope that I am not being a nuisance to anyone. I recently discovered a fraudulent charge on my credit card. I found ample info online on how the company is a scam, but I don't know the charge occurred. I am wondering if there is anything on my laptop that is is some sort of attack/infection which allowed this company to find my credit card number.I have ESET NOD32, MBAM (not purchased,) MBAR, Hitma Pro (not purchased,) AdwCleaner and JRT. JRT, MBAR, MBAM and ESET NOD32 scans/runs have found nothing. I am going to run Hitman Pro shortly in an attempt to find anything. AdwCleaner found some things, but I don't think that they are harmful. I have attached the AdwCleaner, MBAM, and MBAR logs. Please let me know if I should post any of the other logs.Any help to check and determine if there are any infections/attacks/etc. on my laptop would be tremendously appreciated. Thank you very much in advance.DDS (Ver_2012-11-20.01) - NTFS_AMD64Internet Explorer: 9.0.8112.16555Run by El Diego at 16:42:52 on 2014-07-05Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4062.2657 [GMT -4:00].AV: ESET NOD32 Antivirus 7.0 *Enabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: ESET NOD32 Antivirus 7.0 *Enabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Win... Read more

A:Laptop possibly infected; credit card scam (unsure if it was done online)

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===--RogueKiller--Download & SAVE to your Desktop For 32bit system or For 64bit system Quit all programs that you may have started.Please disconnect any USB or external drives from the computer before you run this scan!For Vista or Windows 7, right-click and select "Run as Administrator to start"For Windows XP, double-click to start.Wait until Prescan has finished ...Then Click on "Scan" buttonWait until the Status box shows "Scan Finished"click on "delete"Wait until the Status box shows "Deleting Finished"Click on "Report" and copy/paste the content of the Notepad into your next reply.The log should be found in RKreport[1].txt on your DesktopExit/Close RogueKiller+=======Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the Report button and the report will open in Notepad.IMPORTANTIf you click the Clean button all items listed in the report will be removed.If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the proc... Read more

9 more replies
Answer Match 40.32%

Was reading email and a pop up for Norton came up. I tried to close it, but there was no way to do it. When I closed the browser window there was an icon for norton on the desktop and a listing for it in the control panel -programs list. When I tried to remove it the message said it couldn't be removed until it was finished being changed. I then tried to run a virus scan, a virus was found, but the scan would never complete. Now my Charter Security Suite (F Secure) is uninstalled even though I did not do anything to Charter to result in that. I even tried to restore the system to a few days ago but nothing has helped. Here is my hijackthis log, please help me figure this out. Thank you
 

A:Computer infected...Virus protection disabled, ability to get online spotty

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:34:15 PM, on 8/28/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Charter Security Suite\Common\FSM32.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US... Read more

2 more replies
Answer Match 40.32%

Hi,
 
I recently was infected by .scr virus from csgolounge, where a user posted a link to a knife "screenshot". I then clicked on the link assuming it was safe and it downloaded a .scr & ran it. It then started to control my mouse and attempted to access my gmail accounts for steam, to trade off my skins. Luckily my gmail was protected and stopped the person (russian ofc) from accessing my account. It did however get my passwords (quickly changed) and managed to send a trade offer to another account. However I had steam email confirmation security so nothing was taken. Here are the steps I took:
 
1. Deleted the .scr file
2. Changed passwords
3. Restarted (was still active, moving my mouse, typing etc.)
5. Turned my computer off, turned off my internet connection.
6. Restarted (without internet), no sign of it being active.
7. Ran antivirus (windows defender, full scan, didn't find anything)
9. Did a system restore
 
Even after these steps I'm still unsure whether i'm totally safe. It had a keylogger so i don't want to type any passwords etc. I don't know if it has infected any registry stuff or whether it is still present (defender didn't find anything).
 
Can anybody help me?
 
BTW I live in Australia (UTC/GMT +9:30), so I might be quite late with replies (1am here atm) etc. 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:26-08-2015
Ran by Kyle (administrator) on BELLABOO (27-08-2015 23:57:36)
Running from C:\Users\Ky... Read more

A:Infected with .scr & not sure if safe :(

Double post, sorry.

1 more replies
Answer Match 39.9%

A few days back the virtunmonde worm got into my system. I have spyware doctor running on my pc and it immediately detected the worm. I ran a scan and deleted the infections but I was still bombarded with pop-ups about anti virus software and online poker.
Next, i downloaded the virtunmonde fixer/removal tool and ran it. It detected 4 instances of the worm within dll files and removed them. I then ran AVG anti virus AND lavasoft adaware.
However i am STILL recieving these popups. Everytime i run spyware it detects a single infection ("Dialer.Instant_Access"). Its strange because spyware doctor used to alert me specifically about the virtunmode worm but ever since i ran the removal tool those alerts have stopped. Yet i still get the same popups i did when spyware doctor detected the worm.
Im extremely desperate now since nothing seems to be working.

I have posted the hijackhis log below. Please advise me on what I should do next. I GREATLY appreciate any help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:14:49, on 12/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\A... Read more

A:Infected virtunmonde type trojan (popups Of Antivrus Software And Online Poker)

13 more replies
Answer Match 39.9%

Hi, whenever I open any sort of custom browser like Steam, I get popups and redirected to random sites. These popups are extremely annoying as they prevent me from browsing the steam store or playing games such as Halo Online as it uses its own browser.
 

More replies
Answer Match 39.9%

My computer has been only allowing me to go online in safe mode. I need to go on in normal mode in order to access certain files, etc. I've been on the phone for 5 days with "experts" in India (phonesupport) and still cannot go online in normal mode. Any suggestions?
Thank you very much, Lois

A:Cannot Go Online in Normal Mode only in Safe Mode

Lois
Set your computer to set in clean boot mode
Troubleshoot Application Conflicts by Performing a Clean Startup
If you are able to boot, you will be able to discover the cause of your problem, by putting the services back one at a time to find out the cause of the problem

1 more replies
Answer Match 39.9%

Safe Transactions with Infected PCs (2 web pages).

This is an interesting technology making its way to market. It is launching to 6 million customers of an undisclosed online broker in the near future.

The method is that it uses a rootkit to burrow into your OS - Windows only for now on IE and Firefox browsers, but they are working on Linux, Mac and Safari browser versions.

I am not sure that they can guarantee that their rootkit burrows deeper than any malware based rootkit (in order to provide the deepest protection as they seem to make in their claim).

On my WinXP Pro SP2 I used a free anti-keylogger that drilled into the system ahead of everything else (services) so that it was the first to execute before any system services. If they could do it - my assertion is that the malware authors can also - and the anti-keylogger was so proficient that I remember one member did not like it being so low-level and uninstalled it - but, it did its job very well.

The way I confirmed that the anti-keylogger was first to execute was a tool from Microsoft Technet SysInternals toolset here that listed the order of execution at boot time of system services.

As with any software, try it at your own risk - and if you do - please post your review in this thread.

-- Tom
 

A:Safe Transactions with Infected PCs

If my PC was infected, I wouldn't even risk it. I'd be using extremely personal details and I'd only enter them on a PC I know is clean.
 

1 more replies
Answer Match 39.9%

I've got a gig fixing a friend of a friend's laptop. It essentially won't boot. The laptop itself is like, God probably like 10 years old! Most likely has some form of virus or malware on it. (I'm ashamed to say my friends think they either "don't need AV," or "I can't afford [free] AV." )

Anyway, I was thinking to hot swap the hd into my rig, and scan it.
I'm running:
-full Webroot Internet Security Suite
-full Norton 360
-free Avast!
-free Avira

Obviously I won't be trying to boot from this drive until everything says it's ok. I did this last week without even thinking twice, with a different definitely-known-to-be-infected drive, and no real-time shields picked up anything. But really, how safe is this? Is it even possible for anything to try to start messing with me?

A:Hot-swapping infected hd: Is it safe?

FWIW: you might want to use one of those small <$20 external USB drive connectors that support the laptops drive and then run malware bytes and your AV against it.

I have done this and cleaned up drives without a lot of aggrivation.

rich

4 more replies
Answer Match 39.48%

I have an infection in my DropBox.
I am hoping i disconnected before it got to my local box, but cannot tell because, I logged off/shutdown the system.
Windows 7, booting up, trying to go into Safe Mode, with networking.
As soon as it comes up, I try to log in (Still disconnected from the network, and it reboots the system.
Is this something new, or maybe unrelated?

A:Lucky Infected and No Safe Mode now?

Welcome to BC...
 
This is the second time this week that someone has posted not being able to boot into safe mode. Please
start a new topic in the Malware Removal forum and let the pros see if it is a new malware or just a coincidence.
 
Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.
If you cannot complete a step, then skip it and continue with the next.
In Step 6 there are instructions for downloading and running FRST which will create two logs.
When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs...start the new topic anyway. Explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.
After doing this, please reply back in this thread with a link to the new topic so we can close this one.
 
DO NOT bump your new topic. Wait for a response from one of the Team Members.

1 more replies
Answer Match 39.48%

Hi guys. I just joined this site and this is my first post. My desktop has been infected with Malware/Viruses and won't boot in any mode (safe, safe + networking, last good setting, or normal mode). The closest thing I get is when i go to safe mode and i get a total black screen with no start button or taskbar and on each of the four corners says "safe mode". However, I cannot do anything else on the screen. (Using laptop right now due to desktop being down)

After some research on the web I found that I could try the Avira Rescue CD and would hopefully remove the malware/virus. It's been almost a week but if memory suits me right, the virus was called Cleanup Antivirus. I also was experiencing google redirects. I have already finished most of the steps on the following Avira rescue cd instructions website:

http://forum.avira.com/wbb/index.php?page=Thread&threadID=82163

I am currently stuck on step 7 part 2&3. The reason for this is because in the command line, I type exactly what is instructed but the only thing it does is in the next line says:

"Devices" (text is in a neon greenish-blue font) (This is when i type in "ls /mnt")
When i type in " /mnt " it then says "/bin/ash: /mnt: Permission denied"

Not sure what to do because I have already restarted my computer and tried all modes including safe and normal but am still unable to get my normal computer settings.

I would get my log files with Hijack ... Read more

More replies
Answer Match 39.48%

Hi, last fri I received an email via my yahoo account from UPS ( which I now now is not). I think this is a nasty virus has worms too.Avira scanned the file before I unzipped it, I did not get any warning, even though I had updated avira files before, then it went spirling downhill!!I had so many windows opening up, I immediately disconnected from the net then proceded to virus scan with Avira. At the end of the scan, it could not help as it was infected. I could not open the report, even though there were warnings.I tried Spybot scan which found a majority of problems which I allowed the fix. I did not think it wise to go on the net as I kept getting Internet Explorer pages opening up.All during this time I was getting Norton virus updates and warnings - I dont have nortons so ignored them and did not open any of the files. Just closed at the X them and made sure i was disconnected from net.After spybot cleaned up, I used ATF to clean my temp files and then turned off and re-started.Since then I can not log on to windows, even in safe mode and adminstrator. I tried and logging on a number of times in a variety of ways but it keeps logging me out. I am not getting past the log on page.I cannot seem to get into windows and think I must have messed up somewhere. I have my external drive plugged in and was about to back up my monthly documents but decided to reply to my emails before! Hence now cannot access anything. I have spent the weekend reading forums and page... Read more

A:infected with UPS virus. Cannot log on even in safe mode

I tried ... logging on a number of times in a variety of ways but it keeps logging me out. I am not getting past the log on page.I have spent the weekend reading forums and pages and pages of advise. I read this forum thread as well as thread: http://thinkinginpixels.com/quick-fixes/fi...onlog-off-loop/I really need my documents and cannot afford to loose them as there are files I need to send to my mortgage lender asap.mandyRe: LogOn/LogOff LoopGo ahead with the thinkinginpixels instructions: That is your best chance to get back in to Windows. It will take several hours to complete, and you should then be able to use Windows and retrieve the documents that you need. The instructions provide a series of logical steps that are relatively easy to follow and should lead to a positive result. Any problems, let us knowShould that fail (unlikely) we can help you get those documents by another means.Let us know how you are getting on.'Alien

81 more replies
Answer Match 39.48%

I have Wxp Pro on a Dell pc. I get no pop-ups, but programs are slow to open and slow to run. I can't start the pc in safe mode by using F2, F8, F12, etc. When those keys are used, the pc ignores it and starts normally.
When a browser window is open, I can open a site, can scroll thru the site, but can't click on any links or buttons. It acts as if it is just a graphic.
One strange thing, if I minimize the browser window, then maximize it again, I can then surf inside the site.

I have run Ccleaner and Ada-ware. I then ran Rkill, then SuperAnti-spyware and Malwarebytes. Running a full scan on both. SuperAnti found 53 items, quarantined all, but no help. Malware did not find any issues.
I've tried a system restore, but keep getting "can't restore system.......".

Any fast help is appreciated, this is for a school secretary's pc.
Phil

A:Am I infected? Can't start Wxp in safe mode

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList last 10 Event Viewer logList Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform quick scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here.Be sure to restart the computer.The log can also be found here:C... Read more

9 more replies
Answer Match 39.48%

Hi, I had McAfee running and it found a trojan, so i removed it right? For some odd reason my PC restarted(blue screen of death, something about memory) Every time i try to boot normally it gives me the blue screen. so now im in safe mode typing this. I've done multiple full scans on Mcafee and it still says one or more errors could not be fixed because of an error. anyways it been like this all day. I just downloaded avast version 4.8 and currently scanning my system. Any suggestions of help? I'd rather not delete the entire contents of my hard drive and reinstall vista.

I tried downloading Malwarebytes but when i try to run it, it won't open.

Edit 1-avast! Virus Cleaner Tool - version 1.0.211 Ansi

Edit 2- Currently scanning with AVG 8.5 Free Trial Safe Mode

Edit-3 It seems that AVG has cleaned my computer right, i can now boot up normally and my mcafee says im secure.tt

Edit-4 Mcafee is on overload again, my computer got blue screen again. and i am currently scanning with mcafee.

Edit-5 Mcafee has been uninstalled by me and now running avg once more

A:Help, infected laptop, currently in safe mode.

Please help anyone?

10 more replies
Answer Match 39.48%

Microsoft did a scan in safe mode, but my computer is still running slow. i cant figure it out. i have one care as my anti virus, and malware bytes. i've ran both and nothing is showing up, any suggs would be greatly appreated.

thanks,
Lindaga35

A:am i still infected? scanned in safe mode already

Please reboot your computer and update Malwarebytes. This time do a FULL scan and post the new log here

5 more replies
Answer Match 39.48%

Hi i made a topic earlier but it was my first topic and a mod helped me get on track, i followed a step that the mod told me from the preperation guide, i'd like to point out that my firewall is alays active and i made no backups of songs games etc because i literally have nothing to lose on my computer of any significant importance i just want this virus gone. basically i have a browser highjacker and i downloaded this program that you all mentioned on a post that we should download to make a log of what it scans called farbar recovery tool. i'll post now the text report it gave me but im not sure it's what you all expect of me to post so if i posted the wrong text please let me know, if this is the correct i hope it contains any valuable information. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016Ran by Miguel (administrator) on MIGUEL-TOSH (02-02-2016 23:36:57)Running from C:\Users\Miguel\DownloadsLoaded Profiles: Miguel &  (Available Profiles: Miguel)Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Português (Portugal)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (IObit) C:\Prog... Read more

A:I am infected by safe search finder please help me.

Welcome to Bleeping Computer's Malware Removal Logs area. My name is Sintharius. I will assist you with your problem.Please give me some time to review your logs and I will be back with instructions.Meanwhile please post the Addition.txt log that comes with FRST.txt the first time FRST is ran on your computer.

5 more replies
Answer Match 39.48%

(See attached)

My Firefox download progress bar has decided to take a dislike to MGlogs.zip from the malware forum.
How can I sort this out please? So sick of software thinking it's being 'useful' !
 

A:Something Deciding Safe Files Are Infected...

That could be Firefox' baked-in Google Safe Browsing/Phishing Protection (or w/e its called now), see if you can find a likely pref from this page to add/modify from about:config: https://wiki.mozilla.org/Safe_Browsing
 

1 more replies
Answer Match 39.48%

I'm not able to use internet in regular mode of windows xp. If i restart in safe mode with network support I can access the internet.I have checked everything concerning driver issues etc. The ip is correctly assigned. I have done several scans wit MBAM, I've used registry cleaners, etc. It all started a couple weeks ago when the pc started working very slow. I did a disk cleanup, defragmented the harddisk, did registry cleans, scanned for viruses etc. It was a bit better but not too much. After a few days the internet stopped working on my pc.Is there any solution to fix this problem?Hereby the DDS.txt log:DDS (Ver_10-03-17.01) - NTFSx86 Run by Zjefne at 13:56:09,23 on vr 24/09/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.447.221 [GMT 2:00]AV: Panda Antivirus Pro 2010 *On-access scanning enabled* (Updated) {EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\system32\svchost.exe -k netsvcsC:\Program Files\Panda Security\Panda Antivirus Pro 2010\TPSrv.exeC:\Program Files\Ahead\InCD\InCDsrv.exeC:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2010\WebProxy.exesvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\A... Read more

A:Infected? No internet, just in safe mode

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

3 more replies
Answer Match 39.48%

I would be very grateful for some help sorting out a friend's PC please.

I've read the First Steps page but cannot carry out all of the suggested scans.

When I boot the PC normally, it works very slowly loading XP Home, then suddenly reboots itself before getting to the login screen. I discovered that it will run in Safe Mode with Networking and I'm using it now to create this thread!

I've run dds.scr and the scan result is pasted below. (Attach.txt is included here in a zipped file). When I try to run GMER nothing happens. The egg timer appears for a few seconds but nothing more. I have downloaded SPTDinst-v162-x86.exe. Executing this file results in a popup stating "No SPTD version was detected". The Uninstall button was greyed-out but the Install button looked inviting, so I clicked it and was prompted to re-start Windows. I restarted XP in Safe Mode and it appeared to load SPTD.sys.

Before looking at this forum I was going to attempt a Windows re-install and backed up My Documents onto a USB memory stick, which I then scanned with Avira on a another laptop. This revealed 16 music files, which had been downloaded with Limewire (I presume), all containing the same virus - EXP/ASF.GetCodec.Gen. I've uninstalled LimeWire now.

I have tried to install Avira AntiVir Personal (in Safe Mode) but, after extracting a load of files to a Temp folder, it gets part way through 'Preparing Installation...' then crashes(?).

I don't know what to try n... Read more

A:Infected PC only works in Safe mode - Help please

Please close this thread - I have wiped the system and re-installed XP. It seemed like the smartest thing to do...

1 more replies