Tech Problem Aggregator

Virus downloaded

Q: Virus downloaded

I need hlep removing the following virus: 33742600.exe contained threat UltraDefraggerFraud. I used Norton Power Eraser to remove but it is still corrupting my computer.

Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft Windows 7 Home Premium , 32 bit
Processor: Intel(R) Core(TM)2 Duo CPU T6670 @ 2.20GHz, x64 Family 6 Model 23 Stepping 10
Processor Count: 2
RAM: 3032 Mb
Graphics Card: Mobile Intel(R) 4 Series Express Chipset Family, 1292 Mb
Hard Drives: C: Total - 290204 MB, Free - 216034 MB; D: Total - 14999 MB, Free - 9870 MB;
Motherboard: Dell Inc., 0C145T, , .4S15RK1.CN129619AI01CC.
Antivirus: Norton Internet Security, Updated and Enabled

A: Virus downloaded

I sent this last weel and still haven't received a reply with assistance.

1 more replies
Answer Match 45.78%

When I discovered the virus, the problem file (Edit seemed to be C:\WINDOWS\system32\ursrq.dll.

Logfile of HijackThis v1.99.1
Scan saved at 9:34:25 PM, on 10/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\cf000430614\D... Read more

A:After several years of virus-free computing, I've downloaded a virus.

10 more replies
Answer Match 45.78%

Hi, i was playing a video game when i got a bubble on the bottom right of my screen telling me my computer is infected. The background of the computer turned blue and i get a pop up every few minutes telling me that my computer is infected with 38 viruses. Also, it will not allow me to open up system restore, please help me :/ before its too late. Thank you for your time. Oh i also get blue error screens if i leave the computer on for too long. Sorry i keep editing more stuff, I had to run system restore under safe mode because it got really bad, could not even get online.
 

A:Major Help removing Virus and Virus scanners that were downloaded by themselves.

13 more replies
Answer Match 44.1%

I HAVE A VIRUS I CAN NOT GET RID OF FROM SOME FREE PORN SITE IN MY SETTINGS.I HAVE TO USE FIREFOX WHEN I SHOULD BE ON INTERNET EXPLORER. IT STARTS TO LOAD AND AFTER THREE BARS IN THE LOADING PROGRESS BOX. IT THEN GOES TO WHAT EVER PAGE I WAS ON PRIOR TO THAT.

A:DOWNLOADED VIRUS

The virus must have affected your CAPS LOCK key!!! Quick!! Smash the keyboard with a hammer to prevent the spread of this horrible virus Joking...

First, I would suggest you continue to use Firefox and forget about IE except for doing windows and office updates.

Second, I would say that's malware or a browser hijack, though you may have viri (viruses) in addition.

I would begin my downloading, updating, and running Spybot search & destroy, Lavasoft's AdAware, and Microsofts AntiSpyware programs. They are all free.

Do you have an anti-virus program installed? If so update it and run a complete scan. If not AVG antivirus is free and a decent performing product.

Try the above and we can go from there

Just my .02 (YMMV)

3 more replies
Answer Match 44.1%

I have this annoying little thing down on the taskbar that keeps spamming this message.

-------------------------------------------------------------------------------------------------------
Systam Alert: [email protected]
Type: Spyware/Trojan
Vulnerable: Windows 95/98/ME/NT/2003/Windows XP
Description: Spyware program that sends confidential information to a remote attacker
Protection: Click this balloon to download official security software.
-------------------------------------------------------------------------------------------------------

Now, I have Windows Vista, but its obviously still being affected. I keep getting pop-ups for fake spyware-removal programs, and it's so obvious they're fake that it's not even funny. It also changes my homepage to http://iexplorerpage.com/. I didn't "click this balloon to download official security software" because I'm too smart for that old gag (Although not smart enough to avoid getting this virus in the first place). So first thing that comes to my mind is "Search for it on google". I found another topic on this site which said to get HijackThis and post what the log says. So here it is.

Logfile of HijackThis v1.99.1
Scan saved at 9:14:52 AM, on 5/28/2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
... Read more

A:I Downloaded A Virus.

Bump... I really need help >.<
 

2 more replies
Answer Match 44.1%

Im fairly sure I have a virus on my laptop. Internet explorer won't load at all but Firefox will. Firefox acts normally until I try to go to a web page that has anything to do with virus software or virus removal, hence having to type this from my iPhone as it won't even let me access this site. As I say, any other sites load as usual. Any ideas?

A:Downloaded Virus

Hello, I moved this to Am I Infected Windows NT/2000/2003/2008Can you do these next?Please download MiniToolBox, save it to your desktop and run it. Checkmark the following checkboxes: Flush DNS Report IE Proxy Settings Reset IE Proxy Settings Report FF Proxy Settings Reset FF Proxy Settings List content of Hosts List IP configuration List Winsock Entries List last 10 Event Viewer log List Installed Programs List Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Run RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
If nothing happens or if the tool does not run, please let me know in your next replyDo not reboot your computer after running rkill as the malware prog... Read more

1 more replies
Answer Match 44.1%

I writing from my kids computer. Stupid me downloaded a bug.
Now I get, A problem has been detected and windows has been shut down
to prevent damage to your computer.
Tech info:
STOP 0X0000007E (0XC0000005,0X804E37EE, 0XF899591C, 0XF8995618)

I can get to safe mode, but the arrow keys won't work, so I can't navigate.

I am not very techy, but can follow instruction.

Windows xp home IE 7

Help please,
IJ

More replies
Answer Match 44.1%

i clicked this link and it was a program i accepted it because i thought it was something else

Can someone help please?!
 

A:I downloaded a virus on MSN help!!!

9 more replies
Answer Match 44.1%

A few days ago I accidently downloaded a virus. I clicked on the download button, instead of the download link. The download button was a virus, when I opened the file, it proceeded to download many unwanted programs to my computer. Some of the symptoms my computer is having are:
-File keeps popping up on my desktop named, "Continue Live Installation"
-That same file opens on its on several times while im on the computer. I Close It and do not continue with the installation
-Almost everything I click on makes ads pop up in new windows.
-Their are ads all over websites that would normally not have ads (ex. Youtube, facebook)
-Computer is generally slower
Those are my problems. Things I have done so far are:
-Immediately uninstalled unwanted programs via control panel
-Ran Malwarebytes Anti-Malware and got rid of anything it found
-Ran RKill and JRT
-Ran Hitman Pro and got rid of anything it found

After this I am still having all the problems listed above. I hope someone can help me out please!!! This is a work computer and I haven't been able to do any work all week .
 

A:Downloaded a virus

Welcome to TSG,

I've removed your offer since that is not allowed on these forums.

What kind of work computer is this?
 

2 more replies
Answer Match 44.1%

I was on a website I'd never been on before, and I clicked a link to download a torrent. However, it actually downloaded a .exe file. Not thinking, I opened it, and as I expected, nothing happened. About a minute later, my computer starts opening windows in Internet Explorer (even though I use Firefox) with adverts. I also keep getting notifications saying (something).exe is not working, such as vhr.exe or mas.exe. I am currently running a virus scan (with AVG), but I'm not sure it will detect it, as I opened an .exe file myself. Does anyone know what I can do to get rid of this? The file is gone now, and I cannot remember what it is called.

Thanks

A:Help, I think I've downloaded a virus.

Hello and Welcome to TSF.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new thread, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

------------------------------------------------------

1 more replies
Answer Match 44.1%

Hi everyone. I was wondering if someone could help me. I have had this little box on the bottom left of my computer when I first start it. It says c:\windows\odbc.hta. I think it is making my explorer crash because after about 15 minutes on the internet, I recieve a message that explorer has performed an illegal opperation and will be shut down. I end up having to restart my computer. I have run adware and spybot but they have been unable to locate it or remove it. I have also searched multiple virus webpages and didnt find anything as well. Can someone please help me and tell me how to remove this annoying thing! Thank you
Victoria
 

A:I think that I downloaded a virus, please help me!

Please do this:

First create a permanent folder somewhere like in My Documents and name it Hijack This.

Now Click here to download Hijack This. Download it and click "Save". Save it to the Hijack This folder you just created.

Click on Hijackthis.exe to launch the peogram.

Click the "Scan" button when the scan is finished the scan button will become "Save Log" click that and save the log.

Go to where you saved the log and click on "Edit > Select All" then click on "Edit > Copy" then Paste the log back here in a reply.

DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required. Someone here will be glad to advise you on what to fix.
 

3 more replies
Answer Match 44.1%

megabite hi, im stun on a blue dumping screen all because i think ive downloaded a virus. done all i can, a restore system recoery etc wahat do you think\/ any thoughts\/
 

A:Downloaded a Virus

6 more replies
Answer Match 44.1%

i tried downloading something, and when i did my computer just started going really slow, acting wierd... and now there is this dark red circle in the notification area with a white "!" in it and it says "security warning: your computer may be infected with harmful or unwanted softwear." and i keep getting random pop ups even if i don't have a window up. can anyone help? and here is my HJT log.Logfile of HijackThis v1.99.1Scan saved at 10:47:35 PM, on 6/2/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\WINDOWS\System32\nvsvc32.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exeC:\Program Files\Linksys Wire... Read more

A:I Think I May Have Downloaded A Virus

Welcome to the BleepingComputer HijackThis Logs and Analysis forum dizz15 My name is Richie and i'll be helping you to fix your problems.Download Avenger from the link below:http://swandog46.geekstogo.com/avenger.zipUnzip/extract it to your desktop.Start up Avenger. Check the 'Input script manually' option.Click the Magnifying Glass icon.In the box that opens,copy and paste ALL the following bold blue text in the Quote box below:Files to delete:C:\Documents and Settings\All Users\Application Data\tgfglslg.exeC:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\svagent.exeC:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\monsyn.exeC:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\564265.exeC:\WINDOWS\WindowsUpdates.exeC:\WINDOWS\system32\drvrub.dllC:\WINDOWS\retadpu1000272.exeC:\WINDOWS\system32\lvnyitnk.dllThen click on 'Done'.Click the Traffic Light icon to start the program.Then press OK at the prompts to reboot your PC.Post the Avenger output.txt, which you can find at C:\Avenger\.txt into your next reply.*****************************Please download VundoFix.exe to your desktop.Double-click VundoFix.exe to run it.When VundoFix re-opens,click the "Scan for Vundo" button.Once it's done scanning,click the "Remove Vundo" button.You will receive a prompt asking if you want to remove the files, click "YES".Once you click yes, your desktop will... Read more

9 more replies
Answer Match 44.1%

I downloaded a virus about a month and 1/2 ago. As soon as I opened the program I got a bsod " irqL_not_not_less_then_or_equal_to" then my laptop turned off. I tried to reformat before I tried to get rid of the virus. It did not work I had to restore using system Image. Obvious now that was the wrong thing to do. Well It got rid of the bsod's, but now I cannot run any kind of bootdisk because it will turn off about the middle of whatever I'm running. I've tried reformatting with win7 bootdisk, spotmau's bootdisk "Partition wipe, disk wipe", killdisk, hitachi disk fitness test disk. I've also ran scanners ; AVG anti-virus, Avira antivirus(which was what I was running and also scanned the program before opening it with avira.), Gmer, Sophos anti-rootkit, kaspersky anti virus scanner, mbr check, tdss killer, etc..... hah....just about everything I could download... And found nothing. So I've still got something screwing me up but none of these programs can find it... Possibly buried it after trying to format and using sytem image. Since it wont let me do anything with the boot disks is that in Would it be coming from MBR? Any help is very appriciated.

A:Downloaded virus, and I've tried everything to get rid of it.

Hi,

That does sound MBR related. You need to try and scan prior to Windows loadup. To do that please follow these steps:

1. Download and burn the F-Secure ISO file to a CD using something like IMGBURN.
2. Turn on your PC, then enter the BIOS before it has a chance to load the Windows OS.
3. In the BIOS, make sure the CD/DVD drive is first in the boot sequence.
4. Insert the F-Secure bootable CD into the CD/DVD drive, and boot the PC.

The PC will now boot using Linux. F-Secure will then update its anti-malware database (ensure you leave your ethernet cable plugged into your router/modem). Follow the prompts to do a scan of your system - it may take quite some time.

Make a note of the malware that it finds, and post the names here as we may need to do some additional work depending on what it finds.

Note that if some critical system files are infected, F-Secure deletes them, and your system may not be bootable. In this case, you will need to do a clean Windows install, preferable after a secure wipe of the hard disk. Make sure any critical data is backed before scanning.

Regards,
Golden

9 more replies
Answer Match 44.1%

Hello all.
I am a newbie to vista. In November I bought a Dell Inspiron 1525.
The other day i was playing an online poker game (multi player) then the sound stopped
working. After a few seconds i get a pop up saying i needed to download the latest
sound driver. and i did and the sound did come back after restarting.
I thought to myself .. this is great, vista tells ya when drivers need updating.
now spybot keeps telling me that new startup values have changed.
Startup is like Direct TV during a hurricane but only for a couple of seconds.
I chat with the Dell Techs and they wont help becouse i bought the laptop at
Best Buy (geek squad).. I chat with them a they said the driver i downloaded was a virus.
Ive always tried to keep things updated and drivers have been a real pain.
Should a new laptop already need driver updates? How do i know when a driver needs
updating?
I use system mechanic pro. firewall antivirus and all are up to date
spybot w/tea timer. maybe the warning signs were there but i missed it.
can someone give me some direction.
will include hjt log.
And system info. any help will be greatly appreciated.
OS Name Microsoft® Windows Vista™ Home Premium
Version 6.0.6001 Service Pack 1 Build 6001
Other OS Description Not Available
OS Manufacturer Microsoft Corporation
System Name OZINMYLAND-PC
System Manufacturer Dell Inc.
System Model Inspiron 1525
System Type X86-based PC
Processor Intel(R) Core(TM)2 Duo CPU T5800 @ 2.00GHz, 2000 Mhz, 2 Core(s), 2 Logical Processor... Read more

A:might have downloaded a virus

7 more replies
Answer Match 44.1%

this is where i downloaded my virus and i still havent ridded my comp of it .. any help would be greatly appriciated ____________!!!!!"note this is a virus dont download if you dont know how to handle it"!!!!!!!!1_____ .. it will mess your computer up it says the process name is dw20.exe and there were about 200 of them the discription was rxRZP

[url removed]

and im sorry if this was out of area or against some regulations .. i just want my comp back :'(
 

A:!!!! This is a virus i downloaded !!!!!

To help the trained malware helpers to identify and resolve the problems on your computer, please follow the instructions in this sticky thread:
http://forums.techguy.org/virus-other-malware-removal/943214-everyone-must-read-before-posting.html

From that point please await help from an antimalware helper (identified by a gold shield beside their name. It could take a few days as trained helpers are in short supply, but I'm confident you'll be seen to.
 

2 more replies
Answer Match 43.68%

I opened an email I thought was from USPS and downloaded a virus! Ever since then whenever I try to open anything the only thing that opens is windows media player. I did some investigation and think that how I open .exe files was corrupted or my .exe files were deleted. I downloaded and installed SpeedMaxPC and a lot of things were restored. But then when I restarted my computer I was back to the original problem. I've tried to download and reinstall SpeedMax but I can't. It will download but not install. Now I'm lost. I don't know too much about computers but I can usually find and follow directions to solve mt problems but not this time. Should I save any info I have left and reset to original settings? Please someone help.

Thank you!

Carol

A:Downloaded a nasty virus

Hi, we have a specialist security forum follow this link, and you should not use registry cleaners they have a tendency to make the situation worse.

http://www.techsupportforum.com/foru...lp-305963.html

2 more replies
Answer Match 43.68%

Yesterday my computer was infected by what I think is the koobface virus. A friend of mine send me a link on facebook and it sent me to a site that I later realized was youtube.com not youtube.com I stupidly downloaded the fake flash update and wham, got a virus. So far I've noticed that when I do a search on google and try to open up a link with a new tab that I am redirected to some ad site. I've also noticed that svchost ris using way more memory than normal.

So far I've tried to fix the problem by using malwarebytes and combofix. Nothing has done the job. As requested you'll find the necessary logs below and attached. Thanks you so muvch for volunteering the time to address this issue. You guys and gals are true Internet hero's.
DDS (Ver_10-12-05.01) - NTFSx86
Run by Owner at 15:15:08.15 on Sun 12/05/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.247.24 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Pur... Read more

A:Please help I downloaded the koobface virus

Good evening. If you take a look in the root of your hard drive, you should find a copy of the log that ComboFix produced when it was run - C:\ComboFix.txt. Will you post that in your next reply, assuming you can find it.

2 more replies
Answer Match 43.68%

Hello and good morning, my bleeping computer. A few days ago I accidently downloaded a virus. I clicked on the download button, instead of the download link. The download button was a virus, when I opened the file, it proceeded to download many unwanted programs to my computer. Some of the symptoms my computer is having are:

 

-File keeps popping up on my desktop named, "Continue Live Installation"

-That same file opens on its on several times while im on the computer. I Close It and do not continue with the installation

-Almost everything I click on makes ads pop up in new windows.

-Their are ads all over websites that would normally not have ads (ex. Youtube, facebook)

-Computer is generally slower

 

 

Those are my problems. Things I have done so far are:

-Immediately uninstalled unwanted programs via control panel

-Ran Malwarebytes Anti-Malware and got rid of anything it found

-Ran RKill and JRT

-Ran Hitman Pro and got rid of anything it found

 

After this I am still having all the problems listed above. I hope someone can help me out. Thanks!!

 

A:Accidently downloaded a virus!

Can anyone help me please? This is a work computer and I haven't been able to work all week now

37 more replies
Answer Match 43.68%

i've had my pc for a while now and it has been fine but for some
reason, from time to time, a window pops up saying:
WARNING!
VIRUS DOWNLOADED DUE TO PC INTEFERENCE
and I'm not sure what it means?
i haven't installed any dodgey software and my
norton 360 doesn't detect it?
I've googled it but it hasn't returned the slightest of help
so i decided to ask you guys!
please help I'm so confused!
thanks!

A:Help? virus downloaded due to pc inteference?

Hi messaaboutz welcome To SevenForums
RogueKiller Download

Click on Download now

Save to the Desktop.

Close all windows and browsers

Right click on and choose Run as Administrator

Press: SCAN

provide the RKreport.txt (Mode: Scan) in your reply.

3 more replies
Answer Match 43.68%

I'll just list details, I guess. I'm running Windows XP. I've tried using McAfee VirusScan Professional to fix the problem, I've run Hijackthis, Spybot, sysclean (albeit an old version)... I've gone into safe mode and still the virus programs couldn't find anything wrong.

Basically the problem is that I cannot connect to the Internet (that's it? haha). The infected computer is connected to my home's wireless network. The wireless card on my desktop is picking up a perfect signal, and as far as it knows everything is fine. Funny thing is, when you have no connection, AIM usually snaps a message at you saying it can't connect. Now when I try to connect, it just says connecting forever. I have a feeling it's a Backdoor CVT virus, though I could certainly be wrong...

Here's my Hijackthis log...

Logfile of HijackThis v1.99.1
Scan saved at 8:36:07 PM, on 4/4/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsof... Read more

A:silly me... downloaded a virus...

16 more replies
Answer Match 43.68%

yesterday I downloaded an virus that I can't remove, I went to "uninstall a program" and i removed it there and it is still in effect. It won't let me open some apps. I was forced to restore to a previous date, but when ever it's in progress, it automatically stops, and closes the window.I really need help, as I just got this computer, and it isn't allowing me to open something that I use that has money on it.
 

More replies
Answer Match 43.68%

This downloaded itself and zonealarm didn't catch it. It actually disabled zonealarm (grayed out treat button).

Also, the search obtion was disabled. Search for a file/folder.

not-a-virus:AdWare.NSIS.Yontoo.n

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Ultimate, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM)2 Duo CPU P8700 @ 2.53GHz, Intel64 Family 6 Model 23 Stepping 10
Processor Count: 2
RAM: 3996 Mb
Graphics Card: Mobile Intel(R) 4 Series Express Chipset Family, 1806 Mb
Hard Drives: C: Total - 112525 MB, Free - 62690 MB; E: Total - 39997 MB, Free - 17138 MB;
Motherboard: Hewlett-Packard, 30DB
Antivirus: Microsoft Security Essentials, Updated and Enabled
 

More replies
Answer Match 43.68%

About 2 days ago I was on my AOL INSTANT MESSENGER when I noticed a link saying : bestfriends or funnybuddys CLICK HERE! in big bold letters. So I did of course, and finally learned my lesson, my curiosity killed it. It downloaded a screensaver onto my computer, and the screensaver never appeared. Then it froze my AIM and posted an away message with the same link I clicked on. It said WHOA OMFG! CLICK ON THIS and then the link. I really don't remember exactly what the link was, or the EXACT name of the thing that was downloaded onto my computer but I do know now that I had to uninstall AIM then install it a few times, and it still did it. I also used my AD-WARE and ran it a bunch of times, the customized way, the regular way, everything. Then I ran Norton, I ran it in all types of modes even in safe mode. Then I deleted everything that had to do with AIM, all of it's components off of my computer, and still when I went to install AIM, it still had that away message up. Now, after installing AIM for the last time it doesn't even appear, a message pops up that I can't install the program since it's already running on my computer, when clearly it isn't. So I pressed ALT CTRL DELETE and it didn't even run. I wanted to run it to cancel the processes on my computer, it wouldn't even run. I restarted my computer a bunch of times as well, still the same problem happened. I would like to know if anyone can give me directions on how to delete thi... Read more

A:Downloaded Screensaver Bug/virus

7 more replies
Answer Match 43.68%

Hi all,

Like the fool I am, I downloaded a "codec" to play a video I had downloaded (the codec went by the name HeroCodec) that was prompted when I opened the file. I knew it was suspicious right off the bat, seeing how I had already downloaded the appropriate codecs. Norton detected it immediately as a trojan, named Backdoor.xxxx (can't remember the name). Since then I have not been able to open my Norton or Spybot, nor Kaspersky (which I downloaded after I was infected). I was able to download and run a scan with BitDefender, which did find a trojan through the Deep Scan... but alas, the problem still is not fixed.

The symptoms I am currently experience are as follows: cannot run Spybot (opens, hourglass shows, then nothing.... though I still see the process in my task manager), certain webpages are redirected upon clicking.. including this forum (I was only able to access it by clicking 'Cached' through my google search).

Anyways, here is my log, any help would be very much appreciated!

Thanks,
D.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:39:52 PM, on 18/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:... Read more

A:Virus downloaded - HJT Log included

8 more replies
Answer Match 43.68%

So I accidently clicked on a different download than I wanted on a website and thought it was the right download and foolishly allowed the download. I realized my mistake immediately and uninstalled it but i'm not sure if there are any viruses left.

A:Dont know if I downloaded a virus

Also I can't open Malwarebytes, is this a bad thing?

1 more replies
Answer Match 43.68%

After downloading 'Hijack this' from http://www.greyknight17.com/spy/HijackThis.exe i noticed that i was infected by the 'bloodhound.exploit.6' virus. this virus seemed to be triggered when trying to save document files (i first noticed it when trying to save a lof file from hijack this), although symantec and microsoft knowledgebase state that it is a security issue with outlook express.
I have tried to use the microsoft patch but to no avail!
this virus may or may not have come from the hijack this file.
has anyone had this same problem, if so how did you get rid of it.

regards pyroluke

A:Possible virus Downloaded with Hijack this!!

I'll betcha a paycheck that it was there, already, dormant, waiting for it's moment in the sun.

The patch will prevent the infection, but it is seldom that the patch cures the infection.

Run an online virus scan at TrendMicro or RAV Antivirus. Select the Autoclean option if you use TrendMicro.

Then, see if you can get an HJT log up, here.

2 more replies
Answer Match 43.68%

And the worst of it is, it's all my fault. But, though I surely deserve what I'm getting for my stupidity, I'd still like to remove it and fix the damage it's caused... Anyway, I don't know much about this virus, and I'm not exatly sure what all it's done, but I'll tell what happened and hope someone else has an idea.

It was in an AIM profile. That is, it was linked to in an AIM profile, with a devious "pics from my trip" title. Which was unfortunate for me, because this profile happened to belong to a pretty girl who actually had just gone on a trip... The "it" in question was an .exe (pics.exe), which should've warned me, but it claimed to be a slideshow and I foolishly trusted it. I downloaded and ran it; nothing much obvious happened. Maybe an hourglass by my mous for a second, but that's about it. It was about then that I began to realize how stupid I'd been... I looked at the rest of the profile:

"www.g00ns.com is the best site ever!"

or something like that. Oh dear; I've seen that site mentioned before. I asked her about it, and nope - she had no idea that that was in her profile. I immediately ran to delete it - no luck, it won't let me. I found a "pics.exe" process running and ended it, scanned with Norton (which found nothing), then went into Safe Mode (with networking, if that makes any difference). In Safe Mode, I deleted it, then searched for "pics&... Read more

A:Downloaded some sort of virus.

16 more replies
Answer Match 43.68%

Hello , this is my first post . I have a Laptop for my Job and use wireless Internet. Recently I was deceived and run an unknown .exe file. Although my PandaAntivirous said it was a clean file , unfortunatelly it wasn't. Since then my computer is slower and very often open sites with games and advertisments. Very often i see that the % use of cpu of the computer goes up to 100% and tha pc stalls for a few minutes.

Can you please help me clean my computer?

Sincerely,
Boubalos Christos

ps. logfile

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:45:32 &#960;&#956;, on 17/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\P... Read more

A:Downloaded wrong .exe & now I have ad virus

16 more replies
Answer Match 43.68%

I went to this link and something was downloaded, can someone tell me if it's a virus? I was sent to here by a couple people on Skype.
hxxp://goo.gl/QYV5H?img=jillybean35226

A:I went to this link and something was downloaded, can someone tell me if it's a virus

Hello hkimbrell0159 and welcome to TSF,

Please do not post live links that may be involved with malware.

We require a comprehensive set of logs to identify and begin the removal of malware. Please follow the instructions in our sticky topic New Instructions - Read This Before Posting for Malware Removal Help and post the requested logs in your next reply.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

1 more replies
Answer Match 43.68%

I went to the following site: www.thekeys.ws/?look=prevx+csi+3.0+activation+key
and downloaded some .exe file and ran it like a fool. It was immediately detected by my av for some backdoor dropper virus. And after that i am having problems working in windows in normal mode. Everything just hangs and the mouse doesnt respond. THe computer has just come fresh after a windows re-installation. I know i shouldn hav downloaded that file. But now i want to repair the system. PLease help me. I am using windows xp sp2, intel t1300 1.66ghz, 1gb ram and 80 gb hdd.
I will log into the normal mode and take a hijack log and post that.
 

A:downloaded malware or virus

I forgot to mention that i am using Avast AV.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:12:07 PM, on 11/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\msdrv32.exe
C:\WINDOWS\system\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
F3 - REG:win.ini: load=C:\WINDOWS\system\svchost.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\... Read more

3 more replies
Answer Match 43.68%

idk what i got but i did a avast scan and it took out 2 infections and i did a boot time scan and it showed up with 3 infections 2 msil drooper go and 1 win32 pup - gen. im still scared to log on to any sites so what should i do to make sure my computer is completly clean?

A:downloaded a virus maybe a keylogger

Hi happysadman,clean temp files with Temp File Cleaner:Double click on TFC.exe to run the programClick on Start button to begin cleaning processTFC will close all running programs, and if ask you to restart computer allow itthen scan your pc with ESET Online Scanner following this steps:Disable your Antivirus and other security softwareClick here to open ESET Online ScannerClick the buttonOnly if you don' use Internet Explorer:Click on to download the ESET Smart Installer and Save it to your desktopDouble click on the esetsmartinstaller_enu icon on your desktopCheck Click Accept any security warnings from your browserUnder scan settings, check and Uncheck Remove found threatsClick Advanced settings and select:Scan potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth technologyESET will download updates and install itself, then begin the scan. Please be patient as this can take some time.When the scan completes, push Click , and save the file to your desktop using a unique name, such as ESETScanClick Click and next download Security Check, save it to your Desktop and:Double-click SecurityCheck.exeFollow the onscreen instructions inside of the black boxA Notepad document should open automatically called checkup.txt; save it to you desktopNow you should to re enable the protections that you have previously disabled and include the contents of the reports in your reply.Regards.

3 more replies
Answer Match 43.68%

Hi,

I'm having trouble with malware. I believe it originated when I was surfing YouTube. I tried to watch a video, and I got a message saying I needed to download Flash. I already had Flash installed, but since I got the message directly from the site, I assumed it was safe.

Since then I've had various problems. Firefox stopped launching. I was not able to run Ad-Aware, Spybot S-D or the Windows Malicious Software Removal Tool.

I ran the Windows online malware scanner, and it found and fixed several problems. One problem it initially said it was unable to fix. The message follows:

documents and settings\christina\local files\temporary internet files\content.ie5\6tcfapsx\style[1]
Trojan:win32/vundo.gen!AK

After I asked it to fix the problem again it acted like it had done so and I got a green, all-clear message.

Now Firefox and the anti-malware programs run, but I've still got weird stuff happening. I get phony virus scan pop-ups, and Internet Explorer starts unbidden. (I use Firefox exclusively.)

On bootup I get error messages saying:
"error loading c:\windows\system32\pamewoje.dll" plus two other errors saying the same thing but with different file names: tafiwizo.dll and muvapevi.dll.

When Spybot is running, I keep getting warnings that a registry change has occurred. Even though I deny the change, the same message recurs repeatedly.

The system is a Dell Dimension E521, AMD Athlon 64x2 Dual Core Processor 3600+, 1.9 Ghz, 448 MB RAM, W... Read more

A:Downloaded virus from YouTube?

Hello Mike,

It will require more than one round to properly clean your system. Please stay with me until given the 'all clear' even if symptoms seemingly abate.


We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

9 more replies
Answer Match 43.68%

I have a virus or something. I get a pop up warning near the bottom of my computer near the time that says (You have a security problem). If you click on that balloon you are taken to watchnetprotection.com. This pop up will also just show up on the screen like an error. Each time it does this you loose the cursor to type. I also get a pop up for a scan of VirusRemover2008. This all started at the same time. THANKS

Here is the log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:27:58 PM, on 12/31/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\Google\GoogleToolbarNotifi... Read more

More replies
Answer Match 43.68%

Hello,
 
I went to CNET to download some codecs (KLite) and I have now downloaded some malware as I'm being redirected to other sites (one of them being asked to fill out a fake customer survey for CNET.) I inadvertently downloaded some Wanjam application (since removed) and PC Backup (since removed)... neither of which I was looking for.
 
Please let me know what I need to do to remove this. Thank you.
 
Edit: Forgot to mention it is Windows 7 that I'm on.
 
Edit 2: Also noticed that I'm now seeing 'Lucky Leap' ads on Google.

A:Downloaded a virus and now having redirects

Hello videoguy........ Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.Note: When using "Reset FF Proxy Settings" option Firefox should be closed. Download TDSSKiller and save it to your desktop.Extract (unzip) its contents to your desktop.Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.It may ask you to reboot the computer to complete the process. Click on Reboot Now.If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here....ADW CleanerPlease download AdwCleaner by Xplode and save to your Desktop.Double click on AdwCleaner.exe to run the toolClick on the Scan button.AdwCleaner ... Read more

1 more replies
Answer Match 43.68%

hello, i have been here before and i love the site. but to get to the problem i downloaded a video from morpheus and i think it was a virus. my CPU is running at 100% all the time and the video i downloaded doesn't even play. i am going to run all my virus and spyware stuff but if anyone knows how to get rid of the video please help. i tried to delete the video but it said it is in use by another program or user. so i can't delete it. please help me!!! thank you ahead of time.
 

A:i downloaded a video and i think it was a virus...

Closing this one too......you now have two strikes against you.

A review of the forum rules is highly in order.
 

1 more replies
Answer Match 43.68%

I have just been infected with a virus
It happened so quickly, but even though norton couldn't delete it, i managed to sort of get to see it was something like trojanavalert
the following problems have occured

when i start up i get a white desktop with all my icon changed and a few extra ones which seem to want me to buy a product

When i try to enter IE my homepage is overtaken and i cannot access any websites

when i go to the start menu i now have no run section, no search section, no section to see my installed programmes.

I cannot also install anything new

safe mode will not start up. I goes to safe mode and then just freezes

I am new here and i need some serious help if possible
I don't know what to do next

I am using my laptop to write this, in the hope someone can help me get rid of this virus.
 

A:Serious Virus just downloaded on my pc - help needed

6 more replies
Answer Match 43.68%

hey
i am having problem with my computer at the moment which cin serns the internet mostly. it all statred when i accidently clicked on an active X download when moving too fast on the screen with the mouse because i meant to click on the scroll for previous website seen.so then with out warning or varification it starts to download itself and not give any warning. the consiquence being that it has sent tonnes of spam onto my email address and my dads emails address meaning i can't access my email at [email protected] on my computer because it is clogged up(but now it is ok thanks to you r help, thanks) well since you emailed me it has worked again. it has also overided the starter screen for the internet meaning that instead of loading about:blank fully it goes onto this weird security center website up as well as a security toolbar. i hav tryed to get rid of the toolbar and the only way being to delete the root of it from active X file in the c drive. but i try too get rid of the starter menu of security center by changing it on the tools but it keeps coming back so i go to the active X file go on the unistall and it tells me it has unistalled but nothing changed all the files were still there apart form the unistall one, i try and delete them but it tell me some other program opr person is using the files each time. oh and also oonce this file downloaded itself i get this little yellow sheild in the right bottom corner bar warning me of a trojan that is coming an... Read more

A:porblem from self downloaded virus

8 more replies
Answer Match 43.68%

Hello, I want to thank anyone in advanced for helping me. My brother was using my computer recently and somehow he downloaded a virus that makes my laptop go crazy with popups that say "system needs to restart" and restarting continuously, also windows defenr just says "malware detected, windows defender is deleting it" and doesn't do a thing.
I appreciate any help I get.  

More replies
Answer Match 43.68%

I Downloaded some bad Juju.

I keep getting this pop-up from "MS Antivirus" saying i need to fix it. It says to install something and it will be fixed. right...
I downloaded AVG antivirus and am scanning now.
Also spysweeper is scanning.

Where do i get Hijack This, and can anyone help me fix this?
Edit:
I also have some new icons on my desktop.

Two of them are adult entertainment, and there are 3 new "antivirus programs"

Edit 2: The virus is blocking my from coming to techguy.com, or spykiller.co.uk.

It seems that it is messing with my admin. priviledges...
Started in safe mode, and messed around a little.

I deleted a couple folders contain pictures or the fake icons it created. Also checked to make sure I have all admin. privledges.

Logged on regular: Still can't get to my docs., my comp., or control panel. Opened up recycle bin, and accessed them through the side links. The folders I deleted in Safe mode are still there. Re-deleted folders. Only one pop-up is occuring now. Also the fake desktop background takes longer to establish from startup. I can't access any serials any more, so I may not be able to get another HJT log up.
 

A:Solved: Downloaded Virus-Please help!

Alright good news!

Saved HJT setup on a flash, then transferred it onto my laptop, then saved the log on the flash and got it back on non-infected desktop!

So heres the log.

My computer is a 5 something year old toshiba laptop.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:41: VIRUS ALERT!, on 9/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ACS.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\system32\RioMSC.exe
C:\WINDOWS\System32\svchost.exe
c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\EzButton\EzButton.EXE
C:\Program Files\T... Read more

3 more replies
Answer Match 43.68%

My brother downloaded "photoshop" off of uTorrent today. I opened the file and its a bunch of rar files and they all say the same thing - its definitely NOT photoshop. I have a terrible feeling its a stupid trojan. Yeah I know it was idiotic to download it (and even more idiotic to open) Here is my hijackthis logfile, I dunno if one can use it to tell if my computer has a trojan? I don't know that much about computers...
Anyway thanks for any little bit of help, it is beyond appreciated


Logfile of HijackThis v1.99.1
Scan saved at 20:47:21, on 2008-03-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\ctfmo... Read more

More replies
Answer Match 43.68%

bump...
my sister downloaded this virus from some random guys aim profile...
i've tried everything that has been said here....but the little bugger still pops up....
help!!

Logfile of HijackThis v1.99.1
Scan saved at 9:32:18 PM, on 8/31/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\spoolsv.exe
C:\Windows\System32\Ati2evxx.exe
C:\Windows\Cpqdiag\Cpqdfwag.exe
C:\PROGRA~1\NavNT\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\NavNT\Rtvscan.exe
C:\Windows\SYSTEM32\Rpcnet.exe
C:\Windows\System32\atiptaxx.exe
C:\Program Files\Compaq\EAB\EabServr.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Windows\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\user1\LOCALS~1\Temp\Rar$EX00.324\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aimho... Read more

A:Downloaded some sort of virus.

6 more replies
Answer Match 43.68%

Okay, I'm having serious issues with my computer after the virus/spyware trojan.zlob was installed somehow on my computer. I bought the anti spyware/virus program Defender Pro 5-1 and think that some of the issues have been deleted, or rather the multiple alerts that kept telling me my system was infected have since ceased. However, internet explorer is still acting retarted, and by this I mean it loads as a about:blank screen. When I try to open like updates or any sort of link it starts going crazy like bringing up 45 different internet explorer windows which would indicate to me the problem isn't fixed. Any help in regards to this issue would be greatley appreciated.Now to vent a little bit, I have no clue how this thing got on my computer or how the numerous files got on my computer as I haven't ventured away from the few websites I visit. However, I'm not the only person on my computer so I understand that someone else may have. Now with that being said I have Norton 360, which as one of the support techs told me, it's suppose to prevent these problems not fix them. Well in my opinion its the biggest piece of crap out there and their techs ain't real smart either. It did however identify the aforementioned virus as well as one called infostealer. Again any information on this topic is not only appreciated but desperatley needed as my computer is basically my classroom due to online classes. It also contains my homework which I submit reg... Read more

A:Trouble After A Virus Was Downloaded

Try running Superantispyware. be sure to update fully. If your computer will start in safe mode, restart the computer into safe mode and run a Complete scan Let SAS remove anything that it finds. Let us know your results, please.

3 more replies
Answer Match 43.68%

I opened an email I thought was from USPS and downloaded a virus! Ever since then whenever I try to open anything the only thing that opens is windows media player. I did some investigation and think that how I open .exe files was corrupted or my .exe files were deleted. I downloaded and installed SpeedMaxPC and a lot of things were restored. But then when I restarted my computer I was back to the original problem. I've tried to download and reinstall SpeedMax but I can't. It will download but not install. Now I'm lost. I don't know too much about computers but I can usually find and follow directions to solve my problems but not this time. Should I save any info I have left and reset to original settings? Please someone help. I posted this on a different board and was politely directed to a forum that included instructions on how to run some tests and provide the info to anyone who can help. I hope I have done it correctly. The reports are below.
Thanks for any help!

Thank you!

Carol

.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 9/27/2011 8:55:44 PM
System Uptime: 7/14/2012 5:10:20 PM (4 hours ago)
.
Motherboard: Hewlett-Packard | | 1693
Processor: Intel(R) Pentium(R) CPU P6200 @ 2.13GHz | CPU | 2133/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 393.162 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 1.63 GiB free.
E: is CDROM (CDFS)
F:... Read more

A:Downloaded a nasty virus

Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

As far as SpeedMaxPC, please read this > SpeedMaxPc Reviews - Legit or Scam?

------------------------------------------------------

It appears you didn't post the entire dds.txt or attach.txt logs. Both are incomplete.

Please make sure you copy/paste the entire logs in your next reply.

Press the Windows "logo" key and "R" key then copy/paste the following into the Run box and click OK:

%temp%\dds.txt

A text file should open. Save it to your desktop then post that file in your next reply.

Repeat for the following:

%temp%\attach.txt

A text file should open. Save it to your desktop then post that file in your next reply.

------------------------------------------------------

Also...

Please download aswMBR.exe to your desktop. Double-click aswMBR.exe to run it.
When prompted to download the latest Avast! virus definitions, please choose Yes
Click the Scan button to start scan.
Wait until it says, 'Scan finished successfully'. ( Note - do not select any Fix at this time)
C... Read more

2 more replies
Answer Match 43.26%

My sister clicked (what she thought was a perfectly safe) "id=1008" type of link, the ones without an extension, and ever since that my PC has been running aggonisingly slowly ... takes 4 maybe 5 times longer to load up and run simply applications such as Firefox and WMP.

HJT log is:

Logfile of HijackThis v1.99.1
Scan saved at 20:56:56, on 15/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Video\FxSvr2.e... Read more

More replies
Answer Match 43.26%

hey title says it all, i recently downloaded a crack and yeh computer is going really slow. here is HJT log




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:40:08 PM, on 26/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Windows\Explorer.EXE
C:\Program Files\ATK Hotkey\HControlUser.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Windows\AsScrPro.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL ... Read more

A:downloaded a crack and i think i now have a virus :S hjt log included

hey computer has been going really slow lately and i dont know why :(
can someone please check thru my HJT log?? thnx alot


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:56:12 PM, on 28/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Windows\Explorer.EXE
C:\Program Files\ATK Hotkey\HControlUser.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Windows\AsScrPro.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKCU\Software\Microsoft\Interne... Read more

1 more replies
Answer Match 43.26%

downloaded a virus from tpb the other day. been trying to rid of it with anti-malware programs and deleting programs but this pop up continues to appear about ever 10 minutes. anyone think they can help out and idiot? http://imgur.com/5gIMUcGEdit: Moved topic from Virus, Trojan, Spyware, and Malware Removal Logs to the more appropriate forum. ~ Animal

A:Downloaded a torrent, ended up being a virus

Hello dirtcobain and Welcome to the BleepingComputer.  
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.
Before we move on, please read the following points carefully.
Please complete all steps in the specified order.
Even if tools don't find malware, I want you to post the logfiles anyway.
Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
Don't install or uninstall software during the cleanup unless you are told to do so.
Ensure your external and/or USB drives are inserted during always the scan.
If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
Please reply to this thread. Do not start a new topic
As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
Please open as administrator  the ... Read more

7 more replies
Answer Match 43.26%

I have Windows XP Home, with SP1. This is what the message reads:

Virus
Trojan horse Startpage.8.AZ
Is found in file

C:\System Volume Information\_restore(68DCCD3E-2073-4915A5DC-A445A55876AD)\RP62\A0005727.dll

I've run AVG anti-virus / Spybot / Ad Aware / CW Shredder - nothing is detecting it. The "System Volume Information" folder isn't showing up in my visable or hidden C Drive folders. It shows up when I run a specific scan on AVG, but AVG is saying nothing is wrong (yes, it's been updated). It doesn't seem to have any apparent effect on my system for the time being, but it's there and I've run out of ideas.

Can anyone help with this? Thank you.
 

A:downloaded a trojan virus that I now can't find

10 more replies
Answer Match 43.26%

Stupid story. I got an email that i was unsure if it was the real company i use or a scam. So i went ahead and contacted the 100% real company through their customer service and asked about the email i got. THEY SAID IT WAS LEGITIMATE. So i clicked on a link in the email that downloaded a .src to my computer. Obviously my red flags go up for good. I did not open it but had still downloaded it. I'm running the usual Malwarebytes and Avast scans- nothing so far, but do i need to be very worried about a virus?

More replies
Answer Match 43.26%

Recently, all files I download (from a wide variety of reliable sites...), have been corrupt. I know how to temporarily fix this, I downloaded the file for a second time, overwritting the previous file, and it usually works.
However, thats quite a nusience. Is there anybody else who previously had a problem like this? It's really annoying!
 

A:All downloaded files corrupt. Maybe a virus?

...Please? Any suggestions?
 

3 more replies
Answer Match 43.26%

Hello,
 
I recently incurred a virus from a Windows Update--that's right, a Windows Update.
 
I have Windows 10 and the other day it downloaded a bunch of updates and asked me to schedule a restart. I accepted the suggested time, and when that time came, it did a reboot. When it rebooted, everything seemed fine until I went to surf the internet in Chrome. I went directly to my usual website (a trusted and innocuous discussion forum, not unlike this one) and all of a sudden, new tabs started opening up, advertizements filled the browser, warnings about being infected, etc. I quickly killed the power and booted again. This time I tried in a different browser (Firefox) and the same thing happened. Then I tried rebooting in safe mode with networking, opened IE and the same thing happened there (different website this time).
 
It seems like after the Windows Update, all my browsers have been hijacked, even in safe mode.
 
Anyway, I'd like to request some guidance with this. I'm going to try my usual method of removing viruses:
 
* Run rkill.
* Run MalwareBytes.
* Run Herd Protect.
* Run AdwCleaner.
* Run SuperAntiSpyware.
 
I always download the latest versions of these before running them.
 
Some assistance while I do this would be very much appreciated. Thanks.

A:Windows Update downloaded virus

Hello
Welcome to Bleeping Computer.
My name is fireman4it and I will be helping you with your Malware problem.
Please take note of some guidelines for this fix:
Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.
Finally, please reply using the Post button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
I will be analyzing your log. I will get back to you with instructions.
1. Go ahead and run all the programs you have listed besides HERD Protect. then post me the logs they produce.
 
2.  Please download Farbar Recovery Scan Tool and save it to your Desktop.Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of the... Read more

29 more replies
Answer Match 43.26%

So i went and downloaded this program which ended up being virus

Now when i try to turn on windows 7 my pc it keeps going to "loading windows files" and then it will continue to do a startup repair which does nothing.

Not even safe mode works.

I tried to repair with windows cd but I do not have a a 64bit cd I only have a 32 bit please help.

A:Downloaded virus... cannot start up computer...

Hi,

Welcome to TSF.

Sorry for the delay in getting to you.

I'm K27 and I am currently reviewing your log.

Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.

Please Print or Save to Notepad all instructions and please follow them carefully and if there's something you don't understand or that will not work please let me know and we will go through it together.

Please DO NOT use this system for anything apart from visiting this forum and other sites I direct you too, as this will only make the cleanup process all the more difficult.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed. This is to free up my time so as to continue to help others. If you need longer to reply, then that is fine, but please to let me know.
Were you able to get the system booting? Please let me know if you are still in need of assistance.

Thanks.

2 more replies
Answer Match 43.26%

Hello,

I recently incurred a virus from a Windows Update--that's right, a Windows Update.

I have Windows 10 and the other day it downloaded a bunch of updates and asked me to schedule a restart. I accepted the suggested time, and when that time came, it did a reboot. When it rebooted, everything seemed fine until I went to surf the internet in Chrome. I went directly to my usual website (a trusted and innocuous discussion forum, not unlike this one) and all of a sudden, new tabs started opening up, advertizements filled the browser, warnings about being infected, etc. I quickly killed the power and booted again. This time I tried in a different browser (Firefox) and the same thing happened. Then I tried rebooting in safe mode with networking, opened IE and the same thing happened there (different website this time).

It seems like after the Windows Update, all my browsers have been hijacked, even in safe mode.

Anyway, I'd like to request some guidance with this. I'm going to try my usual method of removing viruses:

* Run rkill.
* Run MalwareBytes.
* Run Herd Protect.
* Run AdwCleaner.
* Run SuperAntiSpyware.

I always download the latest versions of these before running them.

Some assistance while I do this would be very much appreciated. Thanks.
 

More replies
Answer Match 43.26%

I went to the following site: www.thekeys.ws/?look=prevx+csi+3.0+activation+key
and downloaded some .exe file and ran it like a fool. It was immediately detected by my av for some backdoor dropper virus. And after that i am having problems working in windows in normal mode. Everything just hangs and the mouse doesnt respond and it takes a lot of time to load the desktop. Also applications get hung and task manager also does not respond. The computer has just come fresh after a windows re-installation. I know i shouldn hav downloaded that file. But now i want to repair the system. PLease help me. I am using windows xp sp2, intel t1300 1.66ghz, 1gb ram and 80 gb hdd. I am using avast home edition v4.8.
 

More replies
Answer Match 43.26%

I seem to have a virus that I cant remove from my computer. I tried a couple of removal software programs (AVG, CA, Spybot, A2) with no luck. I used Hijack This the first time and removed some items, enough to allow AVG and A2 to download their updates. But after a while, the browser started to get hijacked again. I've run AVG and A2 a couple of times with no luck.
DDS (Ver_09-03-16.01) - NTFSx86
Run by Anthony at 17:33:00.89 on Sun 05/03/2009
Internet Explorer: 7.0.6001.18000
Microsoft? Windows Vista? Home Basic 6.0.6001.1.1252.1.1033.18.2046.967 [GMT -4:00]

AV: CA Anti-Virus *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\a-squared Free... Read more

A:I've downloaded a virus/trojan that I cant detect

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

2 more replies
Answer Match 43.26%

So the other day i downloaded some file to play a video.As soon as that was downloaded the spyware i use (norton antivirus) told me it had detected a virus. I instantly tried to delete this folder which was saved onto my desktop, but it instantly came up with a box saying "cannot delete E8BHG7HGB7: The directory is not empty". I have googled ways to help solve my problem, but no sucess..I have used a program called killbox but it could not delete it..I have tried various other ways that i have found on numerous sites but none seem to work or i am doing something wrong.Please help..This silly virus folder makes me feel defeated. Not sure if there is anymore i can do or jus give up on it..But thought i would atleast try. *sigh*.Any help would be greatly appreciated
 

A:Please help!..cannot delete downloaded folder containing virus

15 more replies
Answer Match 43.26%

I accidentally downloaded a virus whilst downloading what I thought as something else. While I managed to find and delete most of the folders, two folders in particular will not delete due to something in the folder running. I cannot for the life of me figure out what they're running, and have even tried using Safe Mode with Networking to try and sort them out, but it still says they're running.
Can anyone help?
-KP

A:Accidentally Downloaded Virus, How to Destroy

So I tried to go on Google Chrome and it came up with an error screen that says that it is "Unable to connect to the proxy server". I can't access any websites or do anything like that, but my Skype still gives me updates so I know my internet is working.
This may or may not be related to me deleting load of files that may have included something necessary to run Chrome.
Can anyone help?
-KP

4 more replies
Answer Match 43.26%

For any malware, spyware, virus, trojan, etc, is it possible to find the website is was downloaded from? I know you can find the location it was downloaded to on your computer using most ecurity software, but I would like to know a website's name so I could potentially block it or take precautions to avoid it.

Would this be possible, and if so, what would be required?

Thank you anyone for your help.

A:Is there a way to find the website a virus was downloaded from?

It may be difficult to find out where a past virus is from, but you can test websites and individual folders, for future use, to test if there are potential problems.
If you have a list of recent site visits, which may have given you a virus, you can test each
https://www.virustotal.com/

9 more replies
Answer Match 43.26%

It's saved as 'Adobe Photoshop CS3 V10.0 with full key' , file type is application. I can't find it in the 'add or remove programs' option in my control panel, it's not coming up in programs, all I have is the icon for it. I can't find anything for it apart from the icon, and I have no idea what to do or look for. When I click on it, nothing happens but my laptop keeps crashing - the bottom bar with the start menu and icons disappear, as do my desktop icons. It has happened now, all I have is this window open and nothing else is here. The link to the torrent I downloaded is http://www.torrentreactor.net/torrents/174...0-with-full-keyWhat do I do? Help!

A:I Downloaded 'adobe Photoshop' But It's A Virus, Help!

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.If after 5 days you still have received no response, then post a link to your HJT log in the thread titled "Haven't Had A Re... Read more

1 more replies
Answer Match 43.26%

I recently download sum sort of trojan virus at gamehacks.be nd it has messed up my computer and i am no longer able to access Diablo II (Online Game). Here is my hijack this log any help would be grateful...
Logfile of HijackThis v1.99.1
Scan saved at 1:02:08 PM, on 8/29/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\SYSTEM32\Brmfrmps.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Ap... Read more

A:Solved: Downloaded virus Hijack this log--HELP PLZ

10 more replies
Answer Match 43.26%

Good Evening,
I have Windows 7 and I believe I have downloaded a virus filled adobe flash player. It has this pop up box on Chrome that will not go away. I have tried to run Malwarebytes and my Microsoft Essentials Anti Virus a couple of time but it does not have seems to have gotten rid of it. Can anyone help me? Thank you, Myshmo
 

A:Downloaded Flash Player Virus. Can get rid of it!

Here is Hijack this report
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:12:08 PM, on 8/31/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16660)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe
C:\Program Files (x86)\HP\QuickPlay\QPService.exe
C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\HP Owner\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Mai... Read more

1 more replies
Answer Match 42.42%

OMG OMG HELP! THERES A VIRUS ON MY COMPUTER THAT APPEARED WHEN I WAS ON ADDICTIVE GAMES ITS THIS BOX ON THE TOP RIGHT HAND CORNER THAT SAYS THIS (box)[Import Downloaded File] in order to remove this ransom, follow these steps: 1.click the link at the bottom of the program2.complete the surevey(Tutorials on how to do this are easily online)3.import the downloaded file by clicking link above4.the file will be checked and the virus will be removes Please note this is not a harmful virus.files/pictures/documents will not be changed (link removed) the underlined is what that box on my top right hand corner says.i wanna give enough info for it to be solved so i give you everything.it wont let me open task managerit doesnt appear down below where it shows tabswhen i click the box it takes me to internet explorer and it basically takes me to the link and internet stops me and says its maliciousMY FREAKING PC SLOWED DOWN 50 TIMES LIKE WHEN IM WRITING THIS ITS NOT KEEPING UP TO SPEED!!!!!!!I NEED HELP PLZ DONT EMAIL ME THE SOULTION CUZ I DONT CHECK MY MAIL OFTEN JUST REPLY HERE THAT WOULD BE VERY USEFUL PLZ TRY TO FIX THIS CUZ I NEED HEEEEEEEEEEEEEEEEEEEEEEEEEEELP!!!   oh and windows defender does not help cuz it didnt even detect it -.-

A:SOME WIERD IMPORT DOWNLOADED FILES VIRUS

p.s i advise you dont goto that link

3 more replies
Answer Match 42.42%

Hi all, new to this site (told by brother to go on-line for help) and having problem. I downloaded a WMA music file from limewire 1.5 months ago and got a Trojan-Downloader.WMA.Wimad.l (virus) . It said it deleted sucsessfuly but it came back every 2 weeks ( 4 times I deleted and it came back). I have shaw secure, virus/spyware service provided by my internet supplyer protecting my system.

This is not really effecting much but since I loaded new (april 17) limewire (deleted old limewire and installed new limewire) the virus reappeared (deleted again) but then would not let limewire connect yet hours later it worked fine? my desk to also rearanged it's self out of normal and just this time? Is this dangerious?

Shaw deleting log:

Scanning Report
17 April 2008 16:21:49 - 16:21:50

Computer name: KERRY-232E51953
Scanning type: Scan target
Target: C:\Program Files\LimeWire\Top of Charts - 2004 (dance).0ma
Result: 1 malware found
Trojan-Downloader.WMA.Wimad.l (virus)

* C:\PROGRAM FILES\LIMEWIRE\TOP OF CHARTS - 2004 (DANCE).0MA Action: deleted

Statistics
Scanned:

* Files: 1
* Not scanned: 0

Result:

* Viruses: 1
* Spyware: 0
* Suspicious items: 0
* Riskware: 0

Actions:

* Disinfected: 0
* Renamed: 0
* Deleted: 1
* Quarantined: 0
* Failed: 0

Boot Sectors:

* Scanned: 0
* Infected: 0
* Suspicious items: 0
* Disinfected: 0

Options
Definitions version:

* Viruses: 2008-04-17_06
* Spyware: 2008-04-17_04

Scanning Engines:

* F-Secure AVP: 7.00.171, 2008-04-17
* F-Sec... Read more

More replies
Answer Match 42.42%

Hi everyone. New to the forums (although I have come here for help plenty of times). I have already broken the rule of not using combofix before being told to use it because I did a google search on my problem and it was recommended for each of the people who had similar problems (and I didn't realize I wasn't supposed to do it without supervision). I will give a summary of how this started, what I have done to fix it so far, and where things stand.

I have a Dell Latitude E6500 with windows XP pro, SP3. This is a work computer, and the hard drive is encrypted using safeguard easy 4.3. It has some proprietary software that is only compatible with certain versions of "off the shelf" software. One of the programs we need is Adobe Reader 9.1. As you know, 9.1 is an old version of adobe, but no other version will work with our proprietary software and of course our corporate office likes to make things difficult. So after a google search for 9.1, I attempted the download here: affenknecht.com/temp/files/download-adobe-reader-91.php

That site is where I contracted the virus that I now have. Our virus scan software is required and controlled by our corporate office (but they do not help us clean infected PCs). We run Symantec Endpoint Protection. I also run Immunet 3.0, Secunia PSI and Malwarebytes if I suspect infections or if software needs to be updated (I can update some software on my own without creating conflicts, but not adobe reader).

So aft... Read more

A:Downloaded an unsafe exe file and contracted a virus

With the information you have provided I believe you will need help from the malware removal team. Please make sure that you read the information about getting started first.Then start a new thread HERE and include or required logs.Including a link to this thread will be helpful. Good luck and be patient. Help is on the way!

5 more replies
Answer Match 42.42%

Hi, I tried to download some keygen files but accidently downloaded a bunch of crap into a rar file. i deleted rar all together, but there's still problems - 1. website redirect. 2. some viral dll file: the name was tomcats...something but i renamed it thinking it'd let me remove it if i did...didn't work, but now i don't remember what the original name was. 3. my Avira keeps popping up security warnings and when i click on remove system scan bar pops up. and this keeps happening so i have many scan bars constantly on the screen. pls pls help me. thank you so much!
 

More replies
Answer Match 42.42%

Hello thank you for taking the time to read this. I use a laptop which runs off windows vista business edition. I recently was bored of the old themes that windows had so I tried to download a custom one I read many guides and they also said I had to change the shell32.dll file in the windows/system32 folder so I found a few ones and that I liked but shortly after I decided to change back to the original theme because the font was too small to read. But I had deleted the original shell32.dll file so I googled download windows vista shell32.dll and found this site http://www.dll-files.com/dllindex/dll-files.shtml?shell32 and I downloaded it and it seemed quite professional so I used it and everything was fine until I restarted my laptop. Once I start it up it runs smoothly until it eventually turns to a black screen and a message pops up saying
logonUI.exe - Entry Point Not Found "The procedure entry point SHCreateShellItemArray could not be located in the dynamic link library SHELL32.dll."
I then click okay. The windows symbol and noise appears and my accounts show up normally. When I click on either of them and log on, the welcome sign appears and then a white box pops up saying
explorer.exe -Ordinal Not Found "The ordinal 790 could not be located in the dynamic link library SHELL32.dll."
It then says windows explorer has stopped working and also task scheduler engine has stopped working. I am unable to open task manager to run explorer.exe and the same messages appear. I ha... Read more

A:I have downloaded a virus that has changed my shell32.dll file. Please help.

Hi,
 
If you press F8 during boot can you access a screen like this?
 
Select Repair Your Computer if you don't seen the option can you boot in Safe Mode with Command Prompt?

1 more replies
Answer Match 42.42%

Problem: codex.exe causing Vundo virus, pop-ups, Internet Explorer to close, computer is slow

Operating System info: Microsoft Windows XP, Media Center Edition Version 2002 (Service Pack 3)

Details:
I unfortunately downloaded codec.exe around 9/17/08 to watch a TV show online, and either later that night or the next day, my virus software started giving me constant messages regarding the Vundo virus - that the clean and move and delete failed. Internet Explorer keeps closing, and I'm getting a lot of pop-up windows that my blocker (B Safe Online) is blocking or attempting to block. I did some research and found your forum, and I have followed the "first steps" information. I could not perform Step 4 - regarding Windows Update because my automatic updates will NOT work so the windows site tells me that it will not install updates. I tried to enable them via the Administrative Tools/System area but that would not work either. I have a copy of the virus scan log from 9/17 through today, and I also have the Hijack This log. As instructed, I attached the "Active Scan" log from the Panda Scan (instead of including it in the thread). Please help! Thank you!

VIRUS SCAN LOG:
9/17/2008 10:29:04 PM Statistics:
9/17/2008 10:29:04 PM Files scanned: 19382
9/17/2008 10:29:04 PM Files detected: 0
9/17/2008 10:29:04 PM Files cleaned: 0
9/17/2008 10:29:04 PM Files deleted: 0
9/17/2008 10:29:04 PM Files moved: 0
9/17/2008 10:31:33 PM Engine ver... Read more

A:downloaded codec.exe-virus/cmptr problems

Hello and Welcome, newc1217. Apologies for any delay in replying, but we have been rather busy lately.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

---------------------------------------------------------------------------------------------

If you still require assistance with this issue, and since it's been several days since your original log was posted, please do this:
Download RSIT by random/random and save it to your desktop.
Double click RSIT.exe to start the tool and click Continue at the disclaimer.
When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized.
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of log.txt here.
Please attach info.txt to your post.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:C:\rsit\info.txt

Click Upload.

---------------------------------------------------------------------------------------------

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

19 more replies
Answer Match 42.42%

I was trying to download a game and got this computer security scheme instead.  It is called internet security and does not allow me to open firefox, IE or any other program.  It says that they all have a virus and that, if I sign up for their service and pay them money, they can take care of it.  I have tried going into programs on my comp and deleting them but it does not show up on there. Any help appreciated.

A:Accidentally downloaded a virus... Internet Security

Hello, where did you download from.
Use our guide here and let me know how it goes.Remove Vista Internet Security 2013 (Uninstall Guide)

3 more replies
Answer Match 42.42%

he opened it and noticed that it took away my documents and my computer among others on the start list and then he turned it on the next day and a message appeared sayin system massage (yes massage) your system has been hacked and then he pressed ok (all e could do) and it takes him a log in box like you would find at a library or at school not the list of names of account like you would get on a home computer, so he logged in and all it shows is his blank desktop background with no icons not start button nothing, i tried safe mode but it still does the same just a blank screen but in safe mode. i think this thing is in the registry some where coz the prompt comand box came up he said when he clicked it so if i could get to the registy i could delete it but at the moment its saying that editing the registry has been disabled by the administrator which lol my friend thought he was (the admin) so its obviously a virus or as it said at the beginning been hacked, what can i do coz he needs files for tomorrow and would preferable want his computer back in one state without restarting everything.
thanks.
 

A:My friend stupidly downloaded a .exe file that is a virus and ned help!!!!!!!!!!!!

16 more replies
Answer Match 42.42%

I can't seem to use my task tray (the lower grey bar which displays my start menu and all applications that are open in Windows). When I place my mouse over any of the application boxes or my start menu or any other icons in that tray, I get the caution bell and non access to the programs. However, I can still access the programs and get them to launch if I go to my program files on my C: drive and launch them from there. I can also launch any programs or applications from any shortcut icons on my desktop.

This is super strange and I think that it may be from a virus that I downloaded which my virus protection must have been unable to rid of.


My 2 questions are as follows:

1. Has anyone had this problem and how do you fix it?

2. Can anyone recommend a good virus, malware, spyware program that will be sure to protect me from online saboteurs?

A:Can't use my task tray, thinks its a virus I downloaded.....

Well I guess the first question would be did you have an AV solution to begin with ? If not, you could be completely infected, and this latest sympton is only the one that you noticed.

Running naked on the internet is not a good idea. Malware will interfere with your ability to install anti-virus software.

I think, if it were my computer, the best thing to do would be to pull the HD and install it as slave on another, well-protected computer and scan it that way. First to get a sense of if & how badly it's infected and second to try to clean up as much stuff as possible before reinstalling it on the original computer and trying to install an anti-virus software.

Most people like AVG for good, free and light protection.

4 more replies
Answer Match 42.42%

After saying yes to an activeX request Internet Explorer such down and I was no longer able to go online. The same happens in Microsoft Outlook. If I am not connected to the internet I can open Explorer and I can open Outlook. I am unable to access my registry at all. I have tried running some scans but some won't even open. Any suggestions, I really don't want to have to take it somewhere. I'd like to have a go at fixing it myself if its possible.

I'm running XP and the latest version of explorer. Also I have had to access this site from another computer as I can't access the internet on the infected machine.

Cheers

A:Trojan virus downloaded via activeX request

Hello and welcome to TSF.

In order to be able to help, we need certain logs. You might like to use some kind of a removable medium to transfer the tools to the infected machine to run the required scans.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

1 more replies
Answer Match 42.42%

HelloI was talking to sumone on msn, and they gave me a file to download, then only to swear at me and say i had been infected....The fiel wont delete, and also i noticed it is on my start up menu, i have unticked it there...The dodgy file is called WEBCAMVID and it is in 'my received files' folder... and also another one on my desktop.as you usually ask for a hijack this report, i will post one now.Thanks.Logfile of HijackThis v1.99.1Scan saved at 01:21:26, on 15/04/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\WINNT\System32\svchost.exeC:\Program Files\ntl\ntl Netguard\fws.exeC:\WINNT\system32\spoolsv.exeC:\WINNT\System32\PAStiSvc.exeC:\WINNT\system32\svchost.exeC:\WINNT\Explorer.EXEC:\WINNT\system32\ctfmon.exeC:\Program Files\ntl\ntl Netguard\Rps.exeC:\Program Files\MSN Messenger\usnsvc.exeC:\Program Files\MSN Messenger\msnmsgr.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Common Files\Command Software\dvpapi.exeC:\Documents and Settings\Ingrid1\My Documents\hijack... Read more

A:Think I Got A Virus Fromn A Dodgy File I Downloaded

Hello borat, I am SifuMike and I will be helping you. Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update. Updating Java: Download the latest version of Java Runtime Environment (JRE) 6u1. Scroll down to where it says "Java Runtime Environment (JRE) 6u1". Click the "Download" button to the right. Check the box that says: "Accept License Agreement". The page will refresh. Click on the link to download Windows Offline Installation, Multi-language jre-6-windows-i586.exe and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Examples of older versions in Add or Remove Programs:
Java 2 Runtime Environment, SE v1.4.2
J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 6 Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6-windows-i586-p.exe to install the newest version.****************** Disable your antivirus program and go here http://www.bitdefender.com/scan8/ie.html and run an online scan with BitDefender (you will need t... Read more

18 more replies
Answer Match 42.42%

Hi,

About 30 minutes ago I was searching images on Google using Safari and i clicked on an image and two packages/folders downloaded into my downloads box. I tried to exit out and stop them but they stayed in the box. I wasn't sure what to do so I put the packages in the trash and emptied it. I have McAfee Virus Scan but I am not sure how to use it or if it will protect my computer over what just happened? I need help on how to run a virus scan or if I should do anything? I have a Mac OS X Version 10.5.8. I could use any help or information people might have.

Thank you,
Kate

A:Virus Downloaded After Clicking on Google Image....Not sure what to do?

Per McAfee, http://home.mcafee.com/root/landingpage.aspx?LPName=macmis_performics&culture=en-us&affid=736&aco=0&adid=Internet%20Security%20for%20Mac%20-%20Nonbrand%20-%20Tier%202&PPCid=GGSearch .

I've never seen an AV program...that did not come with instructions for use.

Louis

1 more replies
Answer Match 42.42%

I accidentally downloaded a virus and now on every browser that I have checked (Google Chrome and Microsoft Edge) I get constantly redirected to tradeadexchange . com. I have reset my computer to remove all programs but keep personal files and I have removed the biggest part of the virus using Malwarebytes and tons of other adware removers. I have also reset my modem but I just keep getting redirected to this tradeadexchange . com website if my Malwarebytes protection is disabled. Malwarebytes blocks the websites from opening, which is great, but why doesn't it delete it? How can I get rid of this annoying virus? I'm on WIndows 10 by the way.
 
I don't know if this helps but I'm willing to donate a few bucks via PayPal to the person that helps me get rid of this virus.

A:Downloaded a virus, now I get constantly redirected to tradeadexchange . com

Adware Cleaner Scan.
 
Please download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Scan button.
When the scan has finished click on Clean button.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.
 
JRT Scan.
Please download Junkware Removal Tool and save it on your desktop.
 
Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log is saved to your desktop and will automatically open.
Please post the JRT log.
 
Adware Removal Tool Scan.
 
Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.
 
 

 
Hit Ok.
 

 
Hit next make sure to leave all items checked, for removal.
 

 
 
The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete, thenOK ... Read more

0 more replies
Answer Match 42.42%

It's saved as 'Adobe Photoshop CS3 V10.0 with full key' , file type is application. I can't find it in the 'add or remove programs' option in my control panel, it's not coming up in programs, all I have is the icon for it. I can't find anything for it apart from the icon, and I have no idea what to do or look for. When I click on it, nothing happens but my laptop keeps crashing - the bottom bar with the start menu and icons disappear, as do my desktop icons. It has happened now, all I have is this window open and nothing else is here. The link to the torrent I downloaded is http://www.torrentreactor.net/torrents/174...0-with-full-keyWhat do I do? I just downloaded and run spyware doctor which deleted serveral trojans. My laptop has not crashed since I retstarted 10 minutes ago - I am keeping my fingers crossed, but please could you check my hijack this scan? (My laptop wouldn't even let me save the file before I scanned and restarted)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 13:13:54, on 27/03/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32&#... Read more

A:Downloaded 'adobe Photoshop' Torrent But It's A Virus, Help!

Hi,

The forums are really busy, that explains why logs get behind. If you still need some help, please start with posting a new hijackthislog in this thread. Don't start with a new thread.
Then I'll take a look.

2 more replies
Answer Match 42.42%

I'm completely new to virus protection and getting rid of viruses. I went to see someone at computer depot and they reccomended combo fix, Malware bytes, and maybe G-parted. anyways i was downloading this movie from frostwire, and i woke up the next day to find my hard drive completely filled. got rid of the movie, and it didn't do bleep. i was told that the virus had multiplied itself in binary code and Mcaffee isn't going to fix it. i think it's stopped now because it hasn't continued filling up my harddrive when i delete stuff.

A:I downloaded a virus that filled my hard drive.

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

3 more replies
Answer Match 42.42%

I know I downloaded a virus and cant get rid of it.
I went to this site: Provides link to virus download.
http://digg.com/music/Heidi_Montag_Music_Video

and clicked on the first link on the page and a popup box keeps coming up to download player... stupid me clicked it and opened it... Now I know I have a virus but McAfee can't find it!!! Can somebody help on how to get rid of it?

Thanks Matt

More replies
Answer Match 42.42%

So I accidentally downloaded an antivirus program that is really a virus.

It really sucks. Internet explorer refuses to work. Task manager has been disabled by the administrator. Any program that operates under windows explorer fails to run properly. This makes it very difficult to use the computer.
What exactly is wrong? Do I need to repair the registry? What if I did not make a backup?
This problem has been plaguing me for a long time. Any help would be greatly appreciated.

Kevin

A:So I accidentally downloaded an antivirus program that is really a virus.

Hello CL Smooth.

Can you tell us the name of the virus you've downloaded?

8 more replies
Answer Match 42.42%

Hi, two nights ago I downloaded a Google image and immediately a marketing message took over my screen (the message said something about the FBI and requesting payment to unlock my computer). I had to manually power off my computer in order to get rid of the message. From then on, my WinPatrol comes up every minute or so and says that a 'new autostart program has been detected.' I have to continuously keep pressing 'no' to decline. It shows the following files:

User/AppData/Roaming/8428C5 and
User/AppData/Local/Temp/EOBF

Virus scans are coming up clear and I can't locate these files to remove them manually. Any help getting rid of them would be greatly appreciated! DDS log file below. .ark and .attach are attached.

Thanks,
Breanna

DDS log:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19328 BrowserJavaVersion: 1.6.0_30
Run by User at 19:30:48 on 2012-09-25
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.61.1033.18.2974.1524 [GMT -4:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32... Read more

A:Malware or virus downloaded from Google image

Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please be patient with me during this time.

11 more replies
Answer Match 42.42%

Hi there! I hope you can help. I was looking for a Kaspersky 2010 activation code but stupidly ended up with a virus.

Below is my HJT log.

Thanks in advance.

===============================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:44:13 AM, on 8/24/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Users\roelle\AppData\Roaming\pridl\pridl.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\Syst... Read more

A:HELP! stupidly got a virus from running .exe downloaded from www.thekeys.ws

The security team doesn't use HijackThis anymore. You need to read their new instructions found here and post here.

1 more replies
Answer Match 42%

I keep getting periodic popups. They seem to be looking for either freewebs.com or angelfire.com. I think my kids must have downloaded or looked at something yukky.

I have run Adaware and Spybot and both have come out clean. The following is my latest HijackThis output...

Logfile of HijackThis v1.97.7
Scan saved at 10:24:30 PM, on 7/14/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\GEARSEC.EXE
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Kazaa Lite K++\KazaaLite.kpp
C:\Progr... Read more

A:Periodic random popups; kids downloaded virus?

First you need to unzip (extract) Hijack This and move it to a permanent folder. It will not function properly when run from the zip folder or the Temp folder.

You need to create a new folder in My Documents and name it Hijack This. Right click on the HijackThis.zip file and choose "Extract all" and extract it to the Hijack This folder you created. That way it can create and restore backups if needed. HJT will store the backups in the same location that it is run from.
Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

O4 - HKLM\..\Run: [Automatic Windows Updates] MSOFTUPDATES.EXE

O4 - HKLM\..\Run: [AOL Messenger] XQWIQMDP.EXE

O4 - HKCU\..\RunOnce: [Automatic Windows Updates] MSOFTUPDATES.EXE

O4 - Startup: PowerReg Scheduler.exe

Restart to safe mode.

How to start your computer in safe mode

Because XP will not always show you hidden files and folders by default, Go to Start > Search and under "More advanced search options".
Make sure there is a check by "Search System Folders" and "Search hidden files and folders" and "Search system subfolders"

Next click on My Computer. Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and "Hide extensions for known file types" . Now click "Apply to all folder... Read more

1 more replies
Answer Match 42%

I downloaded a file that was a supposed crack of a program, and it was not. I double clicked to open it, and the file disappeared. Since then there are four programs that I believe to be viruses that will show up every now and then under processes in Windows Task Manager, and I'll end them when they come back. The processes that have appeared since I opened the file are:
aw1.exe
apyqya.exe
fvufxggtssd.exe
verclsid.exe

I found the first one listed as malware I believe, and it took up a very large amount of ram. The second and third were nowhere to be found with a Google search. The fourth one I am pretty sure prevented me from clicking anything on the task bar, because once I ended it I could click the task bar again. Also, my inability to click the task bar began when a pop-up window appeared in the lower right hand corner, along with an icon that I do not think I have seen on my computer before. This a picture of the pop-up, along with the icon circled in red:

The pop-up went away after a while of clicking on other windows I believe, and the icon went away when I canceled the fourth process. All of the above processes have reappeared a few times since the original file was opened. I have started the steps in the forum about posting logs, but GMER is still running after I started it three hours ago. I was wondering if anyone had advice about this situation without the files requested in the forum instructions

A:Virus processes appeared after I opened a file I downloaded

All right, GMER finished so I can post the logs now


DDS (Ver_10-03-17.01) - NTFSx86
Run by All at 20:44:27.88 on Wed 07/07/2010
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1320 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
svchost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\McAfe... Read more

19 more replies
Answer Match 42%

Hello,
 
I will apologize for my ignorance up front in hopes that you all forgive me after reading my post.
 
Recently my child was fooling around on the home office cpu after being told not to and downloaded a nasty virus affecting Google Chrome that my wife uses for school. The browser would lock up and load warnings that the cpu was under attack, that we were infected, and needed to call an "855- Number." I promptly ran all my tools I had in hand and found that it was worse than I expected especially after I rebooted my computer after running AdwCleaner, MalwareBytes,Trend House-Call and MS Security Essentials. I recently ran RKill and found even more. I then got desparate and before reading about ComboFix and ran the scan. I accidentally closed the word pad doc before I read the notes, but did find the quarantine log in the "Qoobox" file. I also remember reading the in the notes that Windows/SysWOW64 was infected. 
 
I have posted the information I could find below from ComboFix from tonight and MB from 11/11 below that:
 
Combofix
2014-12-01 04:44:20 . 2014-12-01 04:44:20              171 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{F897EB0E-A3A4-46C3-80EB-2729699D8892}.reg.dat
2014-12-01 04:43:47 . 2014-12-01 04:43:47              377 ----a-w-  C:\Qoobox\Quarantine\Registry_back... Read more

A:Child Downloaded virus on Home Office CPU (ComboFix Help)

Hello joe_black,
Welcome to Bleeping Computer!
My name is Cody and I'll be helping you clean up your computer.
I will reply to your posts as soon as possible -- typically within 24 hours. In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, I just ask for notice ahead of time.
Please do note any time differences between us. If I do not respond within 48 hours, feel free to send me a private message.
==========================================================================Some points for you to keep in mind:
Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are wa... Read more

28 more replies
Answer Match 42%

Hi, this is my previous post - http://www.bleepingcomputer.com/forums/topic360076.html/page__p__2014488__fromsearch__1#entry2014488
we tried other scans including mbam/atf cleaner/superantispyware/eset online scan but problem persists, redirected to this forum, please find DDS logs attached, thanks

DDS :
DDS (Ver_10-11-10.01) - NTFSx86
Run by Alice at 9:44:56.14 on 14/11/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1014.376 [GMT 0:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\ArcSoft\Magic-i Visual Effec... Read more

A:virus downloaded via thinkpoint, google re-directing / pixlestatservice

Hello and welcome to the forum. I apologize for the delay in responding to your request for help but it is very busy here and we can get overwhelmed at times.If you have since resolved the original problem you were having, we would appreciate you letting us know.In the meantime, I am going to analyze your logs and will get back to you with some instructions ASAP. Please note the following while we clean your computer.Please include a clear description of the problems you're having.Please also refrain from running tools or applying updates other than those we suggest while we are cleaning your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Please be patient while I analyze your logs, as you post them. Note that all of my fixes are checked by higher level forum members before posting.After 5 days if your topic is not replied to, I will assume it has been abandoned and will close it.I will return with your next instructions ASAP.Thank you.DR

22 more replies
Answer Match 42%

I'm pretty sure I have malwarebytes anti malware installed on the computer but the doj virus has completely locked me out. I have tried running in safemode, safemode with networking, and safemode with command prompt but the doj pop up still shows up immediately. I even tried running them with my lan unplugged and router off but then I just get a popup (presumably from the virus) that says "turn off safe mode and connect to the internet" or something to that effect. Now the weird part is that when I ran the virus in the three safe modes with the web still connected it never mentioned that I had it in safe mode. I read that hitmanpro kickstart on a usb will get rid of it but my dad has files on the computer that he wants to keep and I've read that hitmanpro could accidentally delete those files. I'm assuming this is a new version of the virus because no one seems to have made a post about it anywhere on the internet. Can someone please help me. Also the computer is a desktop windows vista. I can't take a screenshot of it because I can't even use the computer but I took a picture of it. 
http://i1129.photobucket.com/albums/m511/thiskid7u7/0120141406-00.jpg

A:My dad accidently downloaded the Department of Justice moneypak virus!

Hi and welcome.
Please download Farbar Recovery Scan Tool and save it to a flash drive.Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Plug the flash drive into the infected PC.
If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.
If you are using Vista or Windows 7 enter System Recovery Options.To enter System Recovery Options from the Advanced Boot Options:
Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.
Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.htmlTo enter System Recovery Options by using Windows installation disc:
Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows... Read more

1 more replies
Answer Match 42%

here is my dds and my attach filie is attached. I started another topic which can be found here explaining what happened to me.
http://www.bleepingcomputer.com/forums/t/508563/i-installed-windows-movie-maker-from-a-nasty-download-area-think-im-infected/
 
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16506 BrowserJavaVersion: 10.25.2
Run by claires at 1:12:26 on 2013-09-22
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8157.4117 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
FW: ZoneAlarm Free Firewall Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svc... Read more

A:Downloaded windows movie maker and got a possible zero access virus

Hello and welcome.  Please follow these guidelines while we work on your PC:Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.”  Absence of symptoms does not mean your machine is clean!Please do not run any scans or install/uninstall any applications without being directed to do so.Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.   Please download Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

34 more replies
Answer Match 42%

Recently as of last night my computer has been acting very weird Websites loading strange sometimes not loading code at all making me have to refresh till it loads Videos Youtube / Warcraftmovies etc wont load ive tried downloading at least 4 Anti Viruses to scan but everytime I attempt to open a file it reads it as corrupt Example , Bitdefender : Extracting File Failed It is Most likley caused by low memory which it isnt or a Corrupted Cabinet file Another Example kaspersky : The Installer You are trying to run is Corrupted or Incomplete This could be the result of a Damaged Disk , a Failed Download , or a Virus my computer was running fine yesterday afternoon did nothing but played WoW for a few hours and have no idea how a virus could have randomly gotten into my computer Ive ran a system restore and a Chkdisc on my C:\ Drive I feel preety freaked out and out of options any help would be great and would buying an anti virus and trying to run a CD work or would I get the same Corrupt error that im getting with everything else I try to install from download please please help me >
 

A:Suspected Virus Downloaded Files Reading as Corrupt really need help

I tried downloading HJT but just like the other programs it comes up as corrupt
 

2 more replies
Answer Match 42%

I downloaded a torrent, then shutdown my computer. Next time I started it up, it went really slow and every time I move the mouse, the desktop icons disappear and a window pops up saying "Explorer has encountered a problem and needs to close" also something saying "run DLL as an APP has run into a problem and needs to close"

I deleted the afore mentioned download, but the problem persists and gets worse each day. Did the 5 steps, ran different cleaners, virus scans, etc. and nothing new. I tried to system restore, but it kept saying no changes made.

Here is my main.txt and extra.txt:

Deckard's System Scanner v20071014.68
Run by Tony on 2008-02-15 18:10:28
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
61: 2008-02-15 23:10:51 UTC - RP61 - Deckard's System Scanner Restore Point
60: 2008-02-15 07:26:13 UTC - RP60 - Software Distribution Service 3.0
59: 2008-02-15 0625 UTC - RP59 - ComboFix created restore point
58: 2008-02-15 05:41:59 UTC - RP58 - Removed Ad-Aware 2007
57: 2008-02-15 05:24:38 UTC - RP57 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-01-14 00:39:41 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memo... Read more

A:Worse each day! downloaded memory eating virus from torrent

Forgot to add:

Incident Status Location

Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Tony\Cookies\[email protected]lver[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Tony\Cookies\[email protected][1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Tony\Cookies\[email protected][2].txt
Spyware:... Read more

19 more replies
Answer Match 42%

Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft Windows 7 Professional , 32 bit
Processor: Intel(R) Core(TM)2 Duo CPU T7500 @ 2.20GHz, x64 Family 6 Model 15 Stepping 11
Processor Count: 2
RAM: 2037 Mb
Graphics Card: Mobile Intel(R) 965 Express Chipset Family, 384 Mb
Hard Drives: C: Total - 76216 MB, Free - 5960 MB;
Motherboard: Dell Inc., , , . . .
Antivirus: ESET NOD32 Antivirus 4.2, Updated and Enabled
I stupidly downloaded Foxtab PDF Converter on Saturday night (13/08/2011), and only found out the hard way it was not the converter I hoped it was. Since then, User Account Control keeps popping up asking me for permission to make changes to my computer. If I say no, then it pops right back up, and I had to change the settings for when the notifications appear, otherwise the laptop was rendered useless as it lets you do nothing but say yes.

I tried running a scan with Eset NOD 32 Antivirus, but i noticed that it had shut down, when I try and open it, it will shut down straight away, I can only open it if I click run as administrator. I have since done a full scan - see results below:

Scan Log
Version of virus signature database: 6376 (20110814)
Date: 14/08/2011 Time: 13:51:00
Scanned disks, folders and files: C:\Boot sector;C:\
C:\hiberfil.sys - error opening [4]
C:\pagefile.sys - error opening [4]
C:\Program Files\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\Data1.cab » CAB » EScript.api - archive damaged - the file co... Read more

More replies
Answer Match 42%

I downloaded the virus around the beginning of april, my operating system is Windows XP Office addition. I have Norton antivirus but it has expired. I'm getting pop-ups and when I open internet explore the virus automatically take me to {edited by Moderator to remove malware link} There is a small flashing icon next to the time that says:"System Alert! System has detected a number of active spyware applications that might impact the performance of your computer. Click the icon to get rid of unwanted spyware by downloading up-to-date anitespyware solution" when I click on the icon or the message it opens an internet browser at { also edited to remove malware site link} I have seen another thread on this site about getting rid of this virus but it looks like the solution is different for each computer. If someone could help me out that'd be great thank you.

{Moderator note: I have edited links to the sites you posted in your post. We and others don't need to see those....}
 

A:downloaded the [email protected] virus nees help removing it

9 more replies
Answer Match 42%

I have a Windows XP Student/Teacher system. A few days ago I was downloading an Mp3 file through Zshare.net. When it said that it had finished downloading, I nearly immediately started hearing mouse clicking sounds, when I wasn't clicking anything, and also I could hear but not see Ads saying things like 'You have just won a new Xbox', even when I didn't have an Internet browser open. It also made my Internet browsers act up, run slower, and freeze, no matter what browser I used; Google Chrome, Internet Explorer, or Firefox. I used Spybot-Search and Destroy and I also have AVG Anti Virus 8.5 Free on my computer.

AVG Anti Virus 8.5 Free found nothing when it ran on its scheduled scans. My results were different with Spybot-Search and Destroy: I first ran a scan of my files and they found many items. It deleted most, but couldn't delete 14 of them because they said they were in memory use. They prompted me to restart my computer so they could then delete them. I did so, and it deleted those also. I also clicked 'Immunize' after I carried this out on Spybot-Search and Destroy. Unfortunately, after all this, I still heard the clicking sound sporadically from time to time. I then downloaded HijackThis, ran it, and saved the log file.

Can someone tell me what to do to find the problem and get rid of this clicking and slowing down of my browsers?

A:Audio Virus? Downloaded Mp3 on Zshare.net, now getting strange sounds.

Please do not post a HJT log in this section of the forums.Some types of malware will disable MBAM and other security tools. If MBAM will not install, try renaming it.Before saving any of your security programs, rename them first. For example, before you save Malwarebytes', rename it to something like MBblah.exe and then click on Save and save it to your desktop. Same thing after you install it. Before running it, rename the main executable file first

Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.

If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run..Another work around is by not using the mouse to install it, Just use the arrow keys, tab, and enter keys. ~ Courtesy of boopmePlease download Malwarebytes Anti-Malware and save it to your desktop.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will aut... Read more

4 more replies