Tech Problem Aggregator

Urgent - Warning against "My Security Engine" malware/virus

Q: Urgent - Warning against "My Security Engine" malware/virus

I was browsing through the internet today and this bloody thing infected my computer. It removed my McAfee and I couldnt access my Task Manager, I could not uninstall the program, I tried deleting it's associated files (But by this time,as I had guessed, that that would not work either, as the programmer of this virus seems to have done everything possible to prevent it stopping)
Because I had no antivirus software I looked up on the internet and did a very stupid thing. I came across this website - http://www.bleepingcomputer.com/virus-removal/remove-my-security-engine
After reading another write up it seems that the solution that was on this site is linked with my original site of "My Security Engine".
As I had no other anti virus, i took a stupid risk and downloaded the software to get rid of the virus.
Ever since I cannot open McAfee and even after I have reinstalled it.
Please tell me what risks are my computer under and what can I do to completely get rid of this off my system, and how do I know the checks that are being done are covering every part that this virus has accessed.

Urgent!!!!!!!!! Please help!!!!
Thnks Recessionbuster

More replies
Answer Match 108.36%

Got my computer back today (Windows XP), and my background is now all green with a black box in the middle saying "Your System Is Infected...etc"

Also a red circle with a white X in the task bar

I can't open the task manager

Can Anyone Help???...

Downloaded HiJackThis

My log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:04:51 AM, on 12/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\dlcqcoms.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\i... Read more

More replies
Answer Match 108.36%

Got my computer back today (Windows XP), and my background is now all green with a black box in the middle saying "Your System Is Infected...etc"

Also a red circle with a white X in the task bar

I can't open the task manager

Can Anyone Help???...

Downloaded HiJackThis

My log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:04:51 AM, on 12/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\dlcqcoms.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\sy... Read more

A:"Your System Is Infected" Background + "Internet Security 2010" virus/malware problem

Hi and welcome to TSF.

I'm afraid HijackThis no longer provides the information we require.

We want all our members to perform the steps outlined in the link given below, as far as they possibly can, before posting for assistance.

http://www.techsupportforum.com/f50/...lp-305963.html

If you have problems with any of the steps, simply move on to the next one and make a note of the problem in your reply.

Please note that the Security Forum is always busy, so I would ask for your patience while waiting for a reply - it may take a few days.

This thread will now be closed.

1 more replies
Answer Match 102.48%

I got this thing called "MY SECURITY ENGINE" in my computer, XP Pro. I need help big time. PLEASE!!!!

I have a backup cloned HD I backup weekly in case something happens to my main HD. Well, I got this stupid "Engine" in the main HD and now it "crawled" into the backup drive without cloning it to the backup HD. Well, guess what, neither HD will startup now. Says "no operating system" on one of them and says nothing at all on the other one.

Before all this happened, I tried one of the "fixes" for "MY SECURITY ENGINE" called something like Malware" or some name.When it got through, the drive quit, no boot up and I changed to the backup and, BAM, it quit on startup too.

I put them, one at a time in an old computer with XP to see if the drives were readable and they are, but YEAH! that's right, it crawled into this HD also. The old computer is still running but will not let Norton anti virus operate at all.

Anyone know what I can do?
Thanks and Have a Great Day
 

A:Virus "My Security Engine" BIG TIME PROBLEMS

14 more replies
Answer Match 101.22%

I've run SuperAntiSpyware, Ad-Aware, SpyBot and Norton which removed some trojan files and registry items but I'm still getting pop-ups ("Security System Warning" and "System Integrity Scan Wizard"). Below is my HiJackThis log. Thanks in advance!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:00:21 PM, on 4/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\cryptainersrv.exe
C:\WIND... Read more

A:"Sys Integrity Scan Wizard" & "Security System Warning" Pop-ups

Hi Welcome to TSG!!
Please visit this webpage for instructions for downloading and running ComboFix.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
 

1 more replies
Answer Match 100.38%

When I open an old (2003) Exel-file with VBA-code in it with Excel 2007, I get one of these two responses
and I do not know what causes Excel to make different choices
-----------------
1)
A Dialog Box: "Microsoft Excel Security Notce"
This one is very similar to the one in Excel 2003 and that is how I want Excel to behave.
The user has to “Enable Macros” to go on and work with the file.

2)
"Security Warning"
This one is new in 2007 and the user can continue to work with the file even if he does not see the security warning.
That means that VBA-code that I (the programmer) want to run when the file is opened, does not execute.
--------------------------

My problem is that I do not know what causes the two different behaviors and cannot force Excel to open files with the first Dialog box.
Can you?
 

A:Solved: Excel "Security Notice" vs "Security Warning"

I think most of the info will be in the dailog screen, i'sn't there's more text in the dialog box than the text you mentioned?

I think if you read through it it'll become clear.

It has all to do with the improved Security settings with 2007 and up

Found this in a simple search with Google:
http://peltiertech.com/WordPress/improved-macro-security-warning-in-excel-2010/
 

2 more replies
Answer Match 95.76%

Hello,

I'm running Windows XP SP 3. I have fake "Security Center Alert" popups and "Security Center" popups. A program called "Malware Defense" has also seemed to installed itself onto my computer. And I've just noticed porn icons appearing on my desktop. It's also disabled my Avira software.

GMER doesn't seem to run. I've clicked on it a couple of times but it doesn't seem to do anything. The DDS logs are attached/follows.

Thanks in advance!

DDS (Ver_09-12-01.01) - NTFSx86
Run by zili at 23:28:31.96 on Wed 01/06/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.1022.493 [GMT 11:00]

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WI... Read more

A:"Security Center Alert" popups, "Malware Defense" self install

Let's try this version of gmer.


Download GMER Rootkit Scanner from here to your desktop. Double click the exe file.
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.



Click the image to enlarge it


In the right panel, you will see several boxes that have been checked. Ensure the following are unchecked Sections
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and attach it in reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

4 more replies
Answer Match 95.34%

Hi

Is it possible to start the app without "Security Worning" window ("Cancel. Open, More Info" buttons)? If yes, how you can make changes then?

Is it possible to start the app without "Microsoft Access" window on the background?

Thanks,
Barbos
 

A:Solved: Access 2003 - To start the app w/o "Security Warning" and "Microsoft Access"

6 more replies
Answer Match 94.92%

Hi.

I've got the flashing yellow icon in the taskbar, the popups saying I'm infected, all the dodgy internet shortcuts on the desktop, it's the typical malware situation.
Attached are HJT logs.
Thanks lots
-D/

I had a bit of a stab at cleaning it last night using SmitFraudfix I think it's called, but looks like it's all reinfected it self.
I'm not totally stupid, so I was able to manually fix some of the stuff, like the HOSTS file redirecting all the antivirus and antispyware sites to dodgy IPS.
But one particular thing thats getting to me are all the Restrictions, Win+E is restricted, System Properties is restricted, Display properties is restricted.. I can't find anything in the registry, all the common restriction keys like 'NoDispCPL' or 'NoDispBackgroundPage' are all set to 0...

Anyway, heres the HJT log, help is much appreciated
Thanks
-D/

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 09:49:50, on 21/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Prog... Read more

More replies
Answer Match 94.92%

Hey guys, recently my computer started behaving strangely and I believe I have some sort of a virus. Two icons, with the names of "Live Safety Center" and "Online Security Guide," downloaded themselves onto my desktop. Also I would receive random pop-ups in IE imploring me to "find true love," among other things. Also I would receive a flashing exclamation point on my desktop toolbar stating that I had some sort of a virus and that I should go to a certain site to download software to remove it. There were a few other notifications that would pop up that would say other things, but at the moment I can't remember exactly what they said (although I think it also had to do with a virus on the computer and asking me to click on something to get rid of it). Any ideas on what's happening here? Thank you in advance for taking a look for me.

Here's my hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:37:06 AM, on 11/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system... Read more

A:Malware/Virus Problem ("Live Safety Center/Online Security Guide")

Please do this:

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt in your thread in the HijackThis Log Help Forum.
Please attach extra.txt to your post.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:C:\Deckard\System Scanner\extra.txt

Click Upload.

What DSS will do: create a new System Restore point in Windows XP and Vista.
clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

---------------------------------------------------------------------------------------------

9 more replies
Answer Match 93.66%

My desktop has been taken over by a serious malware called "Security Tool"

I suspect it came when my eldest son went onto a Nissan Forum which he said has a bad name currently for passing PC infections

What happens is this:
* A false security system called "Security Tool" downloads itself and installs an icon in the bottom right hand corner of my screen (actually two icons)
* It continually takes over my screen with messages saying that there are serious viruses and malware infecting my PC. I "X" them out but they keep coming back insisting I activate the illegal security ststem "Security Tool" and run it. It brings up another screen showing that I have 21 serious viruses and malware.
* I tried uninstalling this crap in Start>All programs, but it deletes its new program listing but the program remains. I think it actually re-installs back in All programs
* I have the latest updated Zone Alarm Security Suite installed and set to max but it did not stop this malware. I notice though that every time I turn on anti-phising it tyrns itself off. I tried a ZA "deep scan" but it timed out. I tried a "normal scan but it timed out. I tried a quick scan but it didn't find anything. By timed out I mean this maleware causes my PC to turn itself off after about 10-15 minutes. A strange screen pops up taking over whole page and says something like for security of your PC your PC is being turned off.
Something comes up saying:... Read more

A:"SECURITY TOOL" a serious malware/virus need help bad

16 more replies
Answer Match 92.82%

The System Fix Virus & Privacy Protection Virus hijacked and infected my system: WinXP (64-bit). They've caused my default web browser to change frequently (each time I reboot my PC). So I've been having trouble getting rid of all of this malware/viruses from my system, since I use Windows XP x64.

ComboFix.exe and TDSSKiller.exe are not compatible with my Windows XP 64-bit system. So how do I get rid of the malware/viruses from this computer without those apps that were made to get rid of the following problems on other Windows OS's?:

The latest version(s) of ComboFix and TDSSKiller don't work on the 64-bit version of Windows XP, but they are compatible with other versions of Windows: 98, XP, VISTA, 2000, 2003, 2008 and Windows 7!

1. System Fix Virus (the first virus that affected my Windows system, 2 days ago.)
2. Privacy Protection Virus (behaves almost exactly like the aforementioned virus)
3. Google-Redirect Malware (redirects all my searches to this site: 63.209.69.107)

Thanks in advance to ANY users for helping me and others with this malware/virus problem: I understand and read the previous pinned-thread about the revelant malware/virus issue that Windows-users solved with the programs I've been unable to install on my system. The aforementioned malware/viruses began to infect my PC on December 14, 2011 (since that day, I haven't found a single anti-virus program that can detect the Google-redirect malware/virus on my system).
&nbs... Read more

More replies
Answer Match 92.4%

virus.. popup "Malware Wipe" "the spy guard" and alot of commercials like porn poker and more crap..
this is what I get when I start internetexplorer
Recommended Anti-Spyware Software: Pest Trap, Malware Wipe, Spy Guard Internet Security

TOP RATED
Pest Trap
Most popular spyware/adware cleaner software all over the world. Cleans all known viruses and worms.

• Visit Website • Free Scan
Malware Wipe
Became one of the most popular programs very fast. It`s really easy to use and at the same time very effective.

• Visit Website • Free Scan
The Spy Guard
Developed as the most efficient spyware cleaner with realtime protection.

• Visit Website • Free Scan
Brave Sentry
Award-winning spyware removal utility that will help you fighting all kinds of spyware including keyloggers, trojans and password thieves.

• Visit Website • Free Scan
AD Protect
World's leading software application that checks, protects and re-checks spyware and spam vulnerability in your home computer.

• Visit Website • Free Scan

WARNING! YOUR SYSTEM IS VULNERABLE TO HACKERS' ATTACKS AND BREAKDOWNS!
Attention! Your system is currently exposed. Any remote computer can easily browse following folders and files on your computer:
- \Windows\System32
- \Program Files\Internet Explorer
- \My Documents
- Drive C:\ files
Click here to download official intrusion detection system (IDS software)
YOUR PRIVATE INFORMATION IS IN OPEN ACCESS TO OTHER COMPUTERS
Your... Read more

A:Solved: virus.. popup "Malware Wipe" "the spy guard" and alot of commercials

14 more replies
Answer Match 89.88%

Yesterday I started getting a popup claiming to be from "Security Center" and telling me that I have no antivirus software (I have AVG) and instructiong me to download certain files to fix the problem. The files are named:

Antivirus Security Package
MS Antivirus
The Spybot Antivirus
Spyshredder Professional Antispyware Suite

At the same time I got a series of warnings (which I ignored) and icons kept appearing on my desktop that gave links to porn websites. I ran AVG and Ad-Aware. both cleaned up a number of issues that were not there the day before. The porn links are gone but the so-called security center warning continues.

I ran Hijack This yesterday and again today and found a number of suspicious entries. I'm tempted to just get rid of them, but I would rather have someone take a look so that I can do this the right way. I have other minor issues that bug me, but I want to take care of the major stuff first. (Note: there are three other people who use this PC, all of whom claim innocence. Yeah, right)

Thanks for your help.

Here is the HJT log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:14:35 AM, on 9/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Fi... Read more

More replies
Answer Match 89.88%

System suddenly reboots and on start up Microsoft warning as"system as recovered from a serious error."
And in the log created for error reporting to microsoft includes file:

c:\Docume~1\XYZ\locals~1\temp\WER7.tmp.dir00\sysdata.xml
error key no:
Bccode:1aBcP1:00041z84 BcP2:75A84000 BCP3:0000012B BCP4:C0503000
osver:5_1_2600 SP:1_0 product:256_1
 

More replies
Answer Match 89.88%

Hello,

I've been having this problem for the past few days where my internet explorer (7) crashes everytime I run it (I'm working in safe mode now), and there is this red icon near the clock which says "Security warning: your computer may be infected with harmful or unwanted software" when i put the mouse over it.

I've tried running a full system scan with PC-Cillin 2006, ewido, spybot, trojan hunter but the problems keep occuring. Any help would be appreciated.

I'm running Windows XP Home and here is a log file from HijackThis....

Logfile of HijackThis v1.99.1
Scan saved at 11:52:52 AM, on 11/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Johnny\Desktop\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName ... Read more

A:Solved: "Security Warning" & Internet Explorer Crashing

16 more replies
Answer Match 89.88%

I've been plagued with shortcuts that seem hellbent on making me want to turn off security settings in Windows 7 that are better left on.

Does this sound woefully familiar?

Well - here is THE CORRECT WAY (especially if the elusive "Unlock" option never presents itself - I certainly have never seen it on any property pages!)

Open an elevated command prompt window.

cd to your shortcut folder.

run the command:

C:\Users\YourName\Desktop\AFolder> icacls MyLink.lnk /L /SetIntegrityLevel med

You can use wildcards, but take care WHERE you do this. Also REMEMBER THE /L OPTION, because that ensures you are processing the shortcut, not the "addressed" program or file pointed to by the shortcut.

Note that the trick is in the (slightly counter-intutive) MEDIUM setting (med) rather than setting it LOW (which is what it often defaults to, thus causing the problem).

Personally, I like to create folders full of "themed" shortcuts on my desktop. Unfortunately, the default behaviour is that any shortcut moved to or created in such subfolders of the desktop(on my system at least) default to low integrity. You have to RAISE the integrity of the shortcuts to stop the endless tedious prompting.

If you cd to a folder full of shortcuts and further subfolders to that folder are also full of shortcuts, then using an asterisk (whilst potentially dangerous anywhere else) will update the ACLS for ALL the shortcuts - and apparently those in subfolders to... Read more

A:Another cure for "Open File - Security Warning" Prompt Blues : ICACLS

AWESOME!


Code:
C:\Windows\system32>cd\
C:\>cd users
C:\Users>cd nigel
C:\Users\Nigel>cd desktop
C:\Users\Nigel\Desktop>icacls *.lnk /L /SetIntegrityLevel med
processed file: Microsoft Word 2010.lnk
processed file: Windows Live Mail.lnk
Successfully processed 2 files; Failed processing 0 files
C:\Users\Nigel\Desktop>
It works!

6 more replies
Answer Match 89.46%

Please help- I have tried running anti-virus and malawarebytes and starting in safe mode, with nothing working. The malawarebytes and anti-virus are claiming there are no threats found??? I have looked and see that this is malware, but cannot get rid of it- Please help, leaving for business trip in AM and need my laptop!!

Thanks.

A:"security warning application cannot be executed" Message

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

1 more replies
Answer Match 89.46%

Running :- WinXP HOME SP3 IE7, standalone PC, but using shared wireless modem (Vista laptop)
Not running :- GPedit (Home system) so the tweaks regarding this are out the window straight away.

....and all of a sudden I start getting the above warning box when opening .exe files (not all of them) including IE7 and strangely, if I click on show Desktop !?!
Maybe Windows knows something I don't !
Also occurs with .reg, .vbs, and other random files, again not all of them. this started on the 23rd Aug, the last auto update was the 18th Aug., that is, until today when I un-installed and re-installed IE7 as I've been reading it may be an issue with it's security settings. Didn't cure it though ! Still got the warnings with IE6.
Other strange things I've (so far) found are :-
Links toolbar shows up ok but is empty, the links folder in Favorites (and under username) however shows 72 entries grouped in folders, none of whose properties are marked as hidden.
Finally, S/ware program Advanced System Cleaner no longer runs as it has always "encountered a problem and needs to close, hope you weren't in the middle etc."
Kaspersky AV, Malwarebytes (both up to date) and Trend Home Visit all show up clean, so basically I think it's a settings issue.
The settings in intranet have been changed as per web sites (Why Though? It's a standalone PC.)). Ive added 2 entries

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations]
"LowRiskFileType... Read more

A:That Damned "Open File - Security Warning" !!

Patched (Botched) over, but not cured.

Well after adding the Desktop .scf file, which I thought was an .exe, to the low risk registry entrie(s) above and a couple of re-boots nearly all seems to have settled back down again. WinPatrol being the one exe that springs to mind that's still playing up although I haven't been through them all yet.

Strange thing is that nothing was stopped from being d/loaded from the web, just when I tried to execute them.

Even stranger is why this started and I'm suddenly having to mess about in the registry .

If anyone has any clues I'd love to know !

1 more replies
Answer Match 89.46%

I just read the articles. Here they are.

http://news.softpedia.com/news/Micr...ls-Fake-Security-Essentials-2010-144312.shtml

http://www.neowin.net/news/microsof...urity-essentials-2010quot-anti-virus-software

-----------------------------------------------------------------
 

A:Warning! Fake "Security Essentials 2010"

6 more replies
Answer Match 89.46%

i went to post in a Yahoo forum site and i recieved this message when i hit the submit post buttom.

"Yahoo! security warning! Crumb error"
 

A:"Yahoo! security warning! Crumb error" --What ?

You surely must have searched Google for that error. Google returns almost nothing about it!

Only probable solution I've found:

http://forums.precentral.net/webos-...o-mail-missing-crumb-invalid-login-error.html
 

1 more replies
Answer Match 89.46%

In Internet Explorer which I only use for safe sites and testing (my main browser is Firefox) I am getting an annoying message which I can't get rid of - it comes back on every new page.

"Your current security settings put your computer at risk".

It's obscuring a not insignificant part of the screen, sometimes right over buttons and navigation features.

I am aware of the risk and do not need any more warnings. I have set exactly the security settings I need want and know what I am doing.
Found two solutions on Google - neither works.

How can I disable this for good?

A:Turn off warning "Your current security settings" in IE

Use this page - internet explorer 9 - IE9 keeps telling me that "Your security setting level puts your computer at risk" - Super User - you need to reboot before the fix works.

1 more replies
Answer Match 89.46%

Hi All,

I am working on a project at work that requires me to call a .bat file from the network from within IE.

Im running IE6 on XP SP2. Problem is, I keep getting the "File Download - Security Warning" prompt.
I have attempted to disable this in "internet options\security\local intranet\

automatic prompting for file downloads - disable
file download - enable"

yet it keeps appearing.

Microsofts feel they need to keep us all "secure" but I know the code im dealing with in terms of this batch file and want it to run, without prompt.

Anyone know a workaround? tks in advance.
Joe

More replies
Answer Match 89.04%

So... my Windows Defender gave me a warning earlier ago. It said I had an infected system file named "hosts". I already removed the file from my computer, but it can still be found on my history. Look:

What is that malware about anyway? I know I already removed it, but I worry a lot about my computer so I want to make sure everything is fine.

So... can someone tell me why I got it? Is it really dangerous?

A:Windows Defender gave me a malware warning (file name = "hosts")

First of all the threat has been removed. You are no longer in danger from that particular threat. Malware is used to describe harmful software that has been installed on your computer. It can be very dangerous with the capability of hacking into your system, harvesting passwords, bank accounts, etc. In your case it was a medium threat. It usually means, pop ups, advertisements. Since it has been uninstalled it is no longer a threat.
For the future, download the free Malwarebytes and scan once a week.
Be sure that you have a quality Anti Virus such as Avast.
Stay away from sites that may be dangerous. Those are the ones that you really want to visit.

4 more replies
Answer Match 88.62%

Hello. I am using 7100 build and I would like to know, how to forever get rid of the "Open file - security warning" dialog. It is of no use and it certainly does not help with security, it just annoys... thanks

A:How to get rid of "Open file - security warning"

It does help because a program cant automatically launch those file but I agree. It's more annoying than anything.

This worked for XP. Haven't tried it on 7 yet but I don't see why they would change it. Edit it as you wish...


Code:
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations]
"LowRiskFileTypes"=".exe;.bat;.reg;.vbs;"

9 more replies
Answer Match 88.62%

I have this message whenever i try, for example, to login and play a game called league of legends, i always get this message



(Sorry it's in my language, i'm pretty sure you know what the message says or you can find it on google)

I have googled this problem and i know i have to in the ?Miscellaneous? section to change ?Display mixed content? to Enable, but i still have the problem

A:message pops up "security warning"

Test the game file with virus total
https://www.virustotal.com/

3 more replies
Answer Match 88.62%

This warning is coming up with all documents and photos that I downloaded on the internet. It happens even with the files that I am synchronizing through One Drive.

The warning only stop if I keep the default Microsoft applications. So, for example, I need to remove the Irfanview and let the photos as default. So the warning stops happening.

There is how to solve this?

More replies
Answer Match 88.62%

Hello. I wanted to avoid opening a new thread but it looks like I have to...
I read and made minor attempts at following this thread (http://www.techsupportforum.com/f100...re-391140.html) but cannot do really anything on the computer...

I get a "Security Warning" pop up when the computer turns on and it comes up whenever the mouse is clicked. The warning reads:
"Application cannot be executed. The file "....exe" is infected. Do you want to activate your antivirus software now?" - "yes / no" - I clicked no repeatedly.. then decided to click yes once, it opened a trial virus scanner requesting that I purchase in order to fix... - obviously I did not.

Also a 'balloon' pop-up down on the task bar appears and reads:
"Windows Security Alert
Windows reports that computer is infected. Antivirus software helps to protect your computer against viruses and other security threats. Click here for the scan your computer. Your system might be at risk now."

And behind that a box that reminds me of HP software pop-ups...
"Antivirus software alert
INFILTRATION ALERT
Your computer is being attacked by an internet virus. It could be a password-stealing attack, a trojan - dropper or simlar.
DETAILS
Attack from: 153.198.206.197, port 36649 *changes repeatedly*
Attaked port: 62987 *changes repeatedly*
Threat: BankerFox.A *changes repeatedly*
Do you want to block this attack?"
"yes / no"

I re... Read more

A:Security Warning - "Application cannot be executed..."

I forgot to mention I am disconnected from the any and all networks.

17 more replies
Answer Match 88.62%

Hi, I just recieved malware this morning when I was checking online where to watch baseball online on reddit. I have never done this before and won't after this encounter. lol Hopefully I can attach files correctly. Thanks for the hopeful anticipated positive results.
Best Regards, James
 

A:Just got malware, "Warning Flash Player is out of date"

Hello,
You're missing FRST.txt report.
 

0 more replies
Answer Match 87.78%

Hi there
I have accident opened the attachment virus file "Word doc malware"from email
Your Amazon.co.uk order has dispatched (#203-2083868-0173124)
details below:
https://www.virustotal.com/en/file/...dd67d5fedfb1a9accb6f418a77c1989bd70/analysis/
https://forums.malwarebytes.org/index.php?/topic/159995-another-malicious-doc-attachment/
Anyone can tell me how to remove it?
Many thanks!!!
 

More replies
Answer Match 87.78%

hello,

This site helped me cure my Laptop in the past and now I am in the process of aiding a friend whose IE is being hijacked to a suspected Anti-malware site for a product known as "Ultimate Cleaner 2007". He also keeps getting repetative pop-ups for an alleged virus known as "Worm.Win32.NetSky" which redirects you again to an unknown site.

here is his HJT log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 8:27:09 PM, on 11/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HPQ\shared\hpqwmi.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Docume... Read more

A:HJT log for "Ultimate Cleaner 2007" browser hijacking and "Worm.Win32.NetSky" warning

Welcome to TSG

Please download SmitfraudFix

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
 

3 more replies
Answer Match 87.36%

RE:
Installing "Search Engine" and "Visitors' Counter" on my MSN Forum board.

A typical MSN Group Forum looks like this,(below) where in da left column, are all the
"activity menus" commands available.

Example:

http://groups.msn.com/greatgujarat/messages.msnw

Some people can add "search" command ( Only for the posts inside that forum ) and also visitors indicators ( how many ppl visited da forum) on their forum Boards, and I always wonder...
How do they do that?

I also monitor one MSN group and I need to do those.

Pl. Advise me step by step, as I am novice and I will highly appreciate it.

Thanks all.

A:Installing "Search Engine" and "Visitors Counter" on my MSN Forum board.

bravenet.com is good for people who dont know any computer languages i used it once upon a time its free you can get your post counters small search bars and what not there

1 more replies
Answer Match 86.94%

My browser is being re-directed to different sites & I keep getting pop-ups warning of "security" problems. I am also unable to get my Windows Automatic Updates to start. Any help would be appreciated, thanks!
 

More replies
Answer Match 86.94%

FYI

Hackers Embrace P2P Concept
Wed Mar 17, 8:22 AM ET Add Technology - washingtonpost.com to My Yahoo!
By Brian Krebs, washingtonpost.com Staff Writer

Computer security experts in the private sector and U.S. government are monitoring the emergence of a new, highly sophisticated hacker tool that uses the same peer-to-peer (P2P) networking abilities that power controversial file-sharing networks like Kazaa and BearShare.

By some estimates, hundreds of thousands of computers running Microsoft's Windows operating system have already been infected worldwide. The tool, a program that security researchers have dubbed "Phatbot," allows its authors to gain control over computers and link them into P2P networks that can be used to send large amounts of spam e-mail messages or to flood Web sites with data in an attempt to knock them offline.
The new hacker threat caught the attention of cyber-security officials at the U.S. Department of Homeland Security, prompting the agency to send an alert last week to a select group of computer security experts. In the alert, the agency warned that Phatbot snoops for passwords on infected computers and tries to disable firewall and antivirus software.
A copy of the DHS alert was made available to washingtonpost.com by two sources at different companies who asked that their identities not be used because they did not want to risk losing access to future government alerts. Officials at the department and US-CERT -- a gover... Read more

A:New Security Warning "Phatbot"

Seems this Phatbot is particularily dangerous due to is ability to evade detection among other features.
Have a look at the feature list at this site. Listing is about half way down.

Click here....

Manual removal instructions are also included further down.

Dave
 

2 more replies
Answer Match 86.52%

I have some kind of malware on my system and I need help to remove it.

Symptoms: After performing a web search using google and click my desired site, my browser is usually redirected to one of the following sites: zapmeta, netster, romemaster, stopzilla, toseeka. It's different everytime.

What I've done thus far: I've run Spybot and Ad-Aware during a "safemode" session. These found a lot of "threats," which I removed. This did not fix the problem. I then tried to restore my computer to an earlier date, but that failed.

Any help would be greatly appreciated, thank you.
 

A:"Zapmeta" "Netster" search engine IE redirect problem

8 more replies
Answer Match 86.52%

Hello,

I have a Windows XP Pro Version 2002 Service Pack 3, Pentium 4, 3.20 GHz, 2 Gig Ram desktop machine. I was browsing several websites and had a popup message to install some program. Without thinking, I accidentally hit yes instead of cancel and now my machine is infected with spyware. When the computer starts, a program called "System Security" pops up that appears to do a system scan and finds 38 trojans and spyware. Since I have never heard of "System Security" before, I am almost positive that I have been infected and that the "System Security" software is in fact part of the malware itself.

I ran HijackThis v2.0.2 after startup and this is the log that resulted. I did not kill any of the processes that I believe to be malware and have not yet run any antispyware software such as Malwarebytes or SuperAntiSpyware. I have physically disconnected my machine from the network.
Please advise on the steps necessary to correct this problem. Thank you and happy new year! Hopefully yours is off to a better start than mine.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:23:33 PM, on 1/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svcho... Read more

More replies
Answer Match 86.1%

One lapse of judgement and I'm out of action for the weekend...
Anyway, I've run Avast and removed a number of viruses it found, but I still have these annoying popups, etc.
Log:

reLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:49: VIRUS ALERT!, on 12/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avast\Avast4\aswUpdSv.exe
C:\Program Files\Avast\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Avast\Avast4\ashDisp.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\ATI Technol... Read more

A:Time changed to 24h and reads "VIRUS ALERT!" also various "Security Alert" popups

Apologies for the double-post. I could not see an edit function.
I've cleaned out a couple of nasties with Adaware, although i've not seen much change - still getting the same "VIRUS ALERT!" and popups. Still, I thought it best to update the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:37: VIRUS ALERT!, on 12/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Avast\Avast4\aswUpdSv.exe
C:\Program Files\Avast\Avast4\ashServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Avast\Avast4\ashDisp.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE... Read more

9 more replies
Answer Match 86.1%

Hello,

I am working on a Dell Latitude c840 with Microsoft XP Professional. Usually I use firefox version 3.6.6 but occasionally I use Internet Explorer 8; the search engine redirect and inability to access gmail occurs on both browsers. I have run a few different malware/antivirus programs (independently, shutting down one when trying another) and none has found a threat that resolves this problem, and I fear delving into the registry myself. The gmail page that appears in firefox is:
"This Connection is Untrusted


You have asked Firefox to connect
securely to www.google.com, but we can't confirm that your connection is secure.



Normally, when you try to connect securely,
sites will present trusted identification to prove that you are
going to the right place. However, this site's identity can't be verified.


What Should I Do?


If you usually connect to
this site without problems, this error could mean that someone is
trying to impersonate the site, and you shouldn't continue.



Technical Details


www.google.com uses an invalid security certificate.

The certificate is not trusted because it is self-signed.
The certificate is only valid for 78-159-121-201.local

(Error code: sec_error_untrusted_issuer)

I Understand the Risks"

I researched and though some say the usual cause for this problem is inaccurate date/time, I have checked and rechecked and there are no inaccuracie... Read more

A:Search Engine Redirect suspect Virus/"untrusted connection" for gmail

Welcome to TSF :)

Before i begin, i need you to uninstall 2 of the following 3 security programs Avast, McAfee, Trend. Having three installed and running will make your computer crash and my job much more difficult.


Download Combofix from this webpage: http://www.bleepingcomputer.com/comb...o-use-combofix

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" .
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

9 more replies
Answer Match 86.1%

I found this in a previous thread that pertains to the problem I'm seeing:

Yellow and blue box says: Warning Spyware Detected...
The box appears in the middle of the screen. I can run limited programs because the computer thinks it needs an administrator. The desk top has just turned red and there is a red circle with a white X in the middle of it located in the task bar. Please help.....
I did not see a reply to the thread that mentions how to help remove it. Is there a way to get rid of this? Is this a known, removable entity?

Also, this malware disables my ability to pull up task manager and shut it down that way.

Any help you can provide would be appreciated.

Thanks
 

More replies
Answer Match 86.1%

I have run webroot antivirus with antispyware, several times. Every time I do, it finds the same virus (sometimes others with similar names). This is from the latest scan:

Mal/EncPk-CZ
Troj/FakeAle-FK

and some cookies. However often I quarantine them, they reappear on the next scan and I also can't get the desktop to go back to its normal appearance, it's gone white with a big warning (as above) and refers to:

win32/adware.virtumonde
win32/privacyremover.M64

having been detected on my computer.

I have gone through the 5 steps.

This is the active scan log:

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-08-21 18:37:14
PROTECTIONS: 1
MALWARE: 13
SUSPECTS: 1
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Webroot AntiVirus with AntiSpyware 5.8.1.55 Yes Yes
;==============================================================================================... Read more

A:Can't get rid of "Troj/FakeAle-FK" and "Warning! Spyware detected on your Computer!"

Hi Henry


Disable SpySweeper's realtime protection. Open Spysweeper and click on Options
Choose Program Options and uncheck
load at windows
startup
.
On the left click
shields
and then uncheck everything.
Uncheck
home page shield
.
Uncheck
automatically restore default without notification
.
Exit the program.


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards.

Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

A word of warning: Neither I nor sUBs are responsible for any... Read more

19 more replies
Answer Match 86.1%

This past week I started to noticed my browser became slower and slower to load sites. Then I started getting redirected when I search on search engines. I see the load message saying "redirecting goored" or something along those lines. I did some research and ran scans using AVG, Ad aware, Spybot, all of which came up clean. I just installed HJT and attached my log. I'm not sure what to look for.

Please help! I have finals next week and i really want to clear this virus so i can study without distractions.

I'm not too fluent with computers so forgive me and direct me in the right direction.

i really appreciate it!!!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:51:14 PM, on 12/7/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\Co... Read more

A:"goored" search engine redirect virus

I think i fixed it. I deleted a folder in C:\Documents and Settings\(name)\Local Settings\Application Data

Folder contained a "chrome" installer and 2 other things. I did some research and this is what another person did to fix this problem. So far, no redirects. Hopefully it stays this way.

Is there anything i should do to make sure that my computer is running clean besides scans?
 

1 more replies
Answer Match 85.68%

PROBLEM:
I am having several issues? It started by giving me a Generic Host Process error that reads, ?Generic Host Process for Win32 Services has encountered a problem and needs to close. We are sorry for the inconvenience.? This is followed by the ?NT Shutdown error? which reads:

?System Shutdown This system is shutting down. Please save all work in progress and log off. Any unsaved changes will be lost. This shutdown was initiated by NT AUTHORITY\SYSTEM?

This also displays a 60 second countdown before it shuts down. I was able to stop the shutdown by entering the command prompt and typing ?shutdown ?a? but that is only a temporary solution. The virus has now turned my desktop background black with a grey box in the center with flashing ?Warning? text and a message that reads:

?Warning Dangerous Spyware Many viruses were found on your computer such as : Trojan horse, PassCapture, etc. Your personal information can fall into in the ?third hands?. Please check up the computer with a special software. Thank? (It wouldn?t let me change my desktop background in the Display Properties)

This is partnered with a pop-up balloon stemming from a red circle with an X in the center; the balloon reads: ?Warning! Security report Your computer is infected! It is recommended to start Spyware cleaner tool.? After which it tries to connect to the Internet to download more spyware.

Also, when I try to run SpyBot or any other Spyware removal programs I get an error message that... Read more

A:Win32 Shutdown Virus; Black background, flashing "Warning"

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

1 more replies
Answer Match 85.68%

I downloaded a virus yesterday (8/10) trying to open a video of the opening ceremony of the Olympics (I do not remember the exact URL). The virus was disguised as a video codec for Windows Mediaplayer. After I downloaded the file, a blue screen with a warning in a yellow box replaced my desktop image. The warning says:

"Warning! Spyware detected on your computer. Install an antivirus or spyware remover to clean your computer."

I have tried to remove it with McAfee Antivirus and with a Virus Removal tool I got from my University, but neither of these was able to remove the program. Can you help me?

I attached the two log files below. If you need any additional information, please let me know.

Thanks!

****************Active Scan Log************************
;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-08-11 16:20:06
PROTECTIONS: 1
MALWARE: 37
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===========================================================================================================================================================... Read more

A:Desktop Image Virus - "Warning! Spyware Detected On Your Computer"

Looking over your log, back ASAP.

13 more replies
Answer Match 85.68%

Hi!

Yesterday, I got a virus which changed the background of my Windows XP to a blue background with the message "Warning! Spyware detected on your computer! Install an antivirus or spyware remover to clean your computer."

Also, my screensaver has been changed to a fake BSOD and then the Windows startup screen which is highly irritating! On top of this, I am being bombarded with pop ups and redirections when using the internet.

Here is a copy of my HijackThis log:


Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
C:\PROGRA~1\TALKTA~1\backweb\81720\Program\SERVIC~1.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\BLUETOOTH\Bluetooth Software\bin\btwdins.exe
C:\Program Files\TalkTalk Online Security\Anti-Virus\fsgk32st.exe
C:\Program Files\TalkTalk Online Security\Anti-Virus\FSGK32.EXE
C:\Program Files\TalkTalk Online Security\backweb\81720\program\fsbwsys.exe
C:\Program Files\TalkTalk Online Security\Common\FSMA32.EXE
C:\Program Files\TalkTalk Online Security\backweb\81720\Program\fspex... Read more

A:Virus- Background changed to "Warning! Spyware detected on your computer!"

Anyone?

5 more replies
Answer Match 85.68%

So, a couple of weeks ago someone sent me a strange email. I wouldn't have opened it, but I was expecting a response from this person, along with an attachment re: a group email I had sent to them. I couldn't open the stinking thing, and I knew I was going to see them this holiday weekend, and I was going to ask them about it then. Anyhow, just a few hours ago my gmail inbox starts exploding with people from my Contact list asking if I sent them this e-mail.

Here is what the e-mail read:

"Kindly view the document I uploaded for you using Google Apps . VIEW DOC HERE with your personal email to view the document it's good and very important.

Thanks,
George"

Does anyone here have a remedy?

GPL

A:Urgent: Remedy needed for google app "check doc" virus

What symptoms are you experiencing?

7 more replies
Answer Match 85.68%

My desktop has all turned blue with a background-like warning image. It has a message "SPYWARE INFECTION" Your system is infected with spyware.

I cannot change my wallpaper at all. I have lost the option. Please help get rid of the infection.

Here are the results of my Hijackthis scan:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:52:31 PM, on 20/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
D:\ANTIVI~1\AVG\avgcc.exe
C:\WINDOWS\system32\svchost.exe
E:\Downloads\SpyWareApps\Popups and Ads\Advertising Killer\akiller.exe
D:\AVGAntiSpyWare\AVG Anti-Spyware 7.5\guard.exe
D:\ANTIVI~1\AVG\avgamsvr.exe
D:\ANTIVI~1\AVG\avgupsvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=6... Read more

A:Solved: VIRUS; HELP!! My desktop is blue with a "spyware infection" warning-like back

16 more replies
Answer Match 85.26%

I've been getting spammed with this for the past few hours, it's pretty big (~150k). I'm not 100% sure it's a virus, but I know Microsoft doesn't e-mail its users patches, and the e-mail accounts being used to send the e-mail are fake. Be warned!
 

A:Warning: Virus claiming to be a "Windows Patch"

16 more replies
Answer Match 85.26%

Hi

I received two pieces of SPAM today with the Title "Re: State Exec Comm". Norton caught it. I just wanted to warn you to watch out for it and remember to keep your Anti-Virus patterns updated.

Have a good one!

John
 

More replies
Answer Match 84.42%

Please read and digest ? and make sure you home anti-virus software is up to date!


Many thanks
Josh








Originally Posted by ABF Shared Service Centre


All


The ABF Shared Service Centre have been tracking a new, malicious computer virus that spreads using an e-mail attack. The Virus is beginning to become more widespread.



The virus arrives via e-mail and has a subject line of ?Here You Have? and asks the recipient to click on a link embedded in the e-mail. This link points to a malicious program file disguised as a PDF (Adobe Acrobat) file.



When the user clicks on this link, their computer instantly downloads and launches the Virus. This process also installs the virus onto the victim?s computer without the user knowing!



Once running on the computer, the Virus attempts to e-mail a copy of the original e-mail to all e-mail addresses found in the infected user?s e-mail address book.



The Virus also attempts to spread from computer to computer over the local network (to other machines on your home or office network) by copying itself to open drive shares found on other machines on the network.



Once the Virus copies itself to another machine, if a user opens the folder that contains the Virus on this new machine, this will launch and cause it to spread further through both e-mail and over shared drives.



To mitigate the risk to the ABF Infrastructure, we have confirmed ... Read more

More replies
Answer Match 84.42%

Hi everybody, I'm new to this forum, but I think it's quite useful!
My problem started with an "Urgent System Message:Virus" that came up suddenly. This message said that my computer was infected with last version of internet worm (iworm_attck_v122.02a). It recommended me to follow a link and install Antivirus Gold. I did not install it and google searched for the named virus. That's how I found your forum!

I have Windows XP Pro, ver.2002 with installed McAfee VirusScan and FireWall. I have a DSL Internet connection.

I followed the instructions of Flrman1 (in the first post) and I attach the log files created from ActiveScan and ewido scan. The ActiveScan found one Dialer and one Adware that are not disinfected. Please tell me, what I should do to remove them?
 

A:"Urgent System Message:Virus"

Hi aangel

Welcome to Tech Support Guy Forums!

I have split your post off to its own thread, it is less confusing that way.

Please continue all replies here.

Thank You
 

3 more replies
Answer Match 84.42%

I find myself with the same virus calling itself i.worm_attck_v122.02a, although symantec uk website does not recognise that or Antivirus Gold. I have scanned in safe mode with system restore off but symantec is not picking anything up. Please, please help! Promise to paypal you for result. I have run Hijack This and here is the log :
Logfile of HijackThis v1.99.1
Scan saved at 17:26:28, on 01/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvctrl.exe
C:\WINDOWS\System32\mssearchnet.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\pctspk.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Pro... Read more

A:"Urgent System Message:Virus"

I have split your post off into a thread of your own. It's not a good idea to tack onto an existing thread.

I will post back with instructions shortly.
 

2 more replies
Answer Match 84%

I need help. A worm/virus/malware has invaded my Dell E520 Windows XP OS computer. It appears on the monitor as a small 2" X 3" popup which miniaturizes randomly on the page after logging in to the net.

When I try to hit delete prompt the malware shuts off my internet connection, then the image re-appears, hopping all over the desktop in replicating multiples. It's proved impossible to identify their web address.

I've run AVG, SuperAntiSpyware and MalwareBytes versions to rid the virus, but this has not been effective.

Can someone help or suggest a cure?

Appreciatively,
Hiram
 

A:"Mama Crack" or "Mama Casper" malware/virus invasion

Hiya and welcome to Tech Support Guy.

As you've run MalwareBytes already, can you post the log of what was found, if anything?

Also, can you do the following:

Download TFC by OldTimer to your desktop

Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
It will close all programs when run, so make sure you have saved all your work before you begin.
Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Download RootRepeal from one of the following locations and save it to your desktop:
Link 1
Link 2
Link 3

Double click to start the program
Click on the Report tab at the bottom of the program window
Click the button
In the Select Scan dialog, check:

[*]Drivers
[*]Files
[*]Processes
[*]SSDT
[*]Stealth Objects
[*]Hidden Services
[*]Shadow SSDT

Click the OK button
In the next dialog, select all drives showing
Click OK to start the scan
Note: The scan can take some time. DO NOT run any other programs while the scan is running​
When the scan is complete, click the button and save the report to your Desktop as RootRepeal.txt
Go to File, then Exit to close the program
If the report is not too long... Read more

1 more replies
Answer Match 84%

Ive been getting random popups and my homepage has been reset to http://www.securitynetpage.com/. I also had two programs installed onto my desktop, Online Security Guide" and "Security Troubleshooting". I also have a yellow triangle sign in the lower right hand portion of my screen that says something about a system alert: popups. Help would be greatly appreciated. Thank You.

Logfile of HijackThis v1.99.1
Scan saved at 4:15:12 AM, on 8/17/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ishost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\regscan.exe
C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\WINDOWS\System32\ismon.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\issearch.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\isnotify.exe
C:\Program... Read more

A:Random popups, "Online Security Guide" and "Security Troubleshooting"

Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem a.s.a.p

In the meantime, make sure you subscribe to this thread so that you will receive an instant email when I have replied with a fix to your problem. You may do this by clicking the Thread Tools option at the top of your post and then clicking Subscribe to this thread. Then, make sure Instant Notification by email is selected and click Add Subscription

Please be patient with me during this time.

2 more replies
Answer Match 82.74%

Hello, my system is affected with the "Security Tool" malware, which prevents installation of anti-malware softwares such as malbytes anti-malware.
It has created a random directory in All Users\Application Data and further prevents from running any software.

I can run in safe mode, and delete that directory, but it comes up again. Cant install, MBAM still in safe mode. Infact MalwareBytes installs perfectly, but then when I load it up, a dialog box will appear (entitled "Setup"): Unable to execute file.. (directories) CreateProcces failed; code 2. The system cannot find file specified (the file specified being "mbam.exe").

I have tried to rename the setup, no avail.

I am running off of Windows XP.


I am attaching logs from DDS and GMER.

------------------------------------------------------------------

DDS (Ver_09-09-29.01) - NTFSx86 NETWORK
Run by std at 0:15:34.93 on Sat 10/10/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.727 [GMT -7:00]

AV: avast! antivirus 4.8.1356 [VPS 091009-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\A... Read more

A:Totally troubled "Security Tool" Malware . Logs Attached

Hi,

You didn't mention that you've tried to run ComboFix. Please post its report if any was generated.

Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note: If the window shows a message that says Error deleting file, please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

10 more replies
Answer Match 82.74%

Hello,

I have a computer that is infected by "Total Security" malware. The computer belongs to a friend and is a Dell OptiPlex (5 years old) running Windows XP. MaCafee was installed but it seems it is no longer functional. The user is a teenager who loves to use "Bear Share" P2P which I am sure is how the PC became infected in the first place.

Upon booting, the computer gets to the Welcome screen and stops there for about minute before finishing the boot. Soon after, a Total Security "scan" begins and detects all sorts of viruses and malware. I understand that Total Security is actually the malware and that the scan is just crap trying to convince me to buy their software or click the link. I'm not sure if this link has ever been clicked but If I had to bet...I'd bet "yes".

I used Hiren's Boot Disc CD to run SpyBot and an antivirus program. Spybot fixed 107 problems. The anti-virus fixed 17 trojans. Upon rebooting, Total Security was still there.

So, I came here and began following directions. I downloaded DDS and GMER as instructed but neither program will run. <I'M RUNNING OFF THE BOOT DISC AND NOT IN FULL WIN XP ENVIRONMENT> I'm afraid to let this computer connect to my network because of it's infections which is why I'm operating off the boot disc. Is this why DDS and GMER will not work? If so, what should I do?

Thanks!

Mike

A:Need Help Removing "Total Security" Malware. DDS, GMER Not Working.

Hi Mike,

I need to know what happens when you try to run dds or gmer. Is there an error message or do they just shut down or not respond?

19 more replies
Answer Match 82.74%

My son's web book is infected with malware. There is a "security tool" icon in the tray. I was able to download the dds program but was unable to run that or any other program. I started the machine in safe mode and was able to run dds and GMER. I was able to uninstall Bittorrent in safe mode as well.
We don't have access to any of the disks as this machine was actually won in a raffle.




DDS (Ver_09-12-01.01) - NTFSx86 MINIMAL
Run by Winner at 18:50:31.48 on Thu 02/04/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.823 [GMT -5:00]

AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Winner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.comcast.net/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: SporTV Toolbar: {a298ed31-d405-40e2-880f-b7511948e582} - c:\program files\sportv\tbSpor.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: {5C255C8... Read more

A:Malware "Security Tool" and missing desktop icons

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Please post the C:\ComboFix.txt in your next reply for further review.

Please re-enable your antivirus before posting the ComboFix.txt log.

------------------------------------------------------

9 more replies
Answer Match 82.32%

Hi all, just saw this in the bottom right tray a red windows security alert, when I click it on it says Malware protection, windows did not find any anti-virus software. Although I do have super anti spyware loaded on this machine. I have attached a screen shot.

Any help would be appreciated.
 

A:Solved: Windows security center message "Malware protection not found"

16 more replies
Answer Match 82.32%

I entered a page Google yielded as a result for a particular file I was trying to find, when my computer began to slow down considerably and my desktop got louder. I immediately hit the back button on the browser as I suspected something was possibly beginning to infect my computer, and as a Firefox popup appeared, I opened Windows Task Manager and ended firefox.exe. After this, in the tray appeared a yellow triangle with an exclamation point in the middle, and your standard virus popup claiming to be helpful and that your computer is at risk. I ended every unfamiliar process in Task Manager but the yellow triangle (that said Windows Security Alert when I hovered my mouse over it) remained in the tray. I could not find any process that would make any impact on it by being ended. It popped up again & took over when I tried to right click it in the tray (god knows why I did that) and when I tried to open Firefox.

I got frustrated with the lack of an unfamiliar process and closed Task Manager and decided to try and 'refresh' it by opening it again and when I did so, the yellow triangle turned into a red sphere with a white X in the middle. I began to get several little popups from the tray coming from the icon telling me I had numerous critical errors to do with hard drive/RAM. I also received another popup in the form of a '[Cancel] [Try Again] [Continue]'. I was very careful never to click any of these popups; nor could I end them in Task Manager as ag... Read more

A:Malware posing as "Windows Security Alert"

Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this do following, please.
Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds file to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt

Save both reports to your desktop. Post them back to your topic.

 

1 more replies
Answer Match 82.32%

Dear members and experts,

I'm sorry to rush in with a problem on my first post, but I'm getting quite desperate for help with a very troublesome malware. I'm sure everyone's heard of the "Security Center", "Antivirus 2009" group of malware, and I seem to have one myself. I'll start at the beginning:

It landed on my computer (Windows Vista Home Premium) shortly after browsing along a user-posted news type of site, I don't know where it really came from. I saw the quick signs of it - a "Security Center" icon indicating a virus on the computer, giving a fairly detailed description and with one button enabled to "remove all". It then proceeded to a fake installation screen for an antivirus - sorry, I'm still trying to remember its name. The installation screen was a non-interactive EULA-looking screen which quickly changed to an unmoving installation status screen. I'm sorry I don't have a screenshot.

Ah, I remember now - it was called Paladin Antivirus. However, the program didn't actually install Paladin Antivirus, I think I strangled it before it did - but for some reason I still have all havoc breaking loose.

*Update: A search of my hard drive reveals no files containing the name "Paladin".

Before it all went to hell, I did a scan with AVG, which removed something serious, and the program itself didn't come back. However something still took over my laptop and it's in an awful state. Here is a list of the proble... Read more

A:Desperate to get rid of "Security Center"-esque malware

Hi everyone, an update:

I managed to finish getting rid of this monster of a virus about 10 minutes ago. The solution was indeed one of the easy paths to follow of downloading Malwarebytes Anti-Malware and using it to eradicate everything - though as I said earlier, I simply couldn't get it to run because the virus prevented me. It turned out that renaming the executable file during download worked, to my startled surprise, and even though I had tried all that before, I wasn't quite "doing it right". I'll detail below. I'm darn glad to have control again after what must have been 12 hours but this should have taken just 3.

-My biggest flaw in destroying this was ironically my using the old, expired Windows 7 trial to use the cleaning software. Sure enough, Malwarebytes Anti-Malware ran on the Windows 7 account to clean up my partitioned drive, but it was never exactly going to touch Windows Vista's registry if I'm logged into Windows 7, right? *facepalm* So as a result, a few dodgy looking viruses got removed from the drive but not the registry entries or anything else (I guess), and I suppose because of that everytime I logged back into Vista, virtually nothing had changed.

-Also, since I'm a naughty cheating student, my Windows 7 version is the seriously old beta which probably expired last summer. Thus, it is non-genuine and is programmed to shut down spontaneously every 2 hours, meaning it was impossible to get any sort of full virus/malware scan finish... Read more

1 more replies
Answer Match 82.32%

Hello, i have followed the 5 steps and have the reports which you will need, we have the online security guide pop-up on the computer asking us to buy it to ensure protection. Upon doing a Panda ActiveScan, it has shown 3 Spyware files, and also 3 hacking tools, i have saved the report from panda scan and i can post it in this thread if required along with the attached extra.txt. Below is the main.txt copied from the Deckard System Scanner.

Deckard's System Scanner v20071014.68
Run by brian lee on 2008-02-25 2028
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
13: 2008-02-25 2032 UTC - RP155 - Deckard's System Scanner Restore Point
12: 2008-02-25 20:01:07 UTC - RP154 - Software Distribution Service 3.0
11: 2008-02-24 21:25:01 UTC - RP153 - System Checkpoint
10: 2008-02-17 20:05:19 UTC - RP152 - System Checkpoint
9: 2008-02-16 19:51:49 UTC - RP151 - Software Distribution Service 3.0


-- First Restore Point --
1: 2007-12-04 14:27:11 UTC - RP143 - Software Distribution Service 3.0


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 503 MiB (512 MiB recommended).


-- HijackThis (run as brian lee.exe) -------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
... Read more

More replies
Answer Match 81.9%

Ok where do I begin?! I have been dealing with viruses, spyware/malware for the past week. It all started with Norton advising me that I had been infected with Trojan. Vundo and Trojan.Zonebac. After that I started receiving many different pop ups warning me about critical system alerts. I also had an annoying yellow triangle at the bottom of my screen warning me about different trojans and worms. More evil friends included 2 new icons that had made their home on my desktop one named "Live Safety Center" and the other "Online Security Guide", also installed was a new toolbar named "Security Toolbar 7.1". I have scanned my computer with many different programs and have somehow finally managed to get rid of the pop ups and toolbar, although I know I'm probably still infected somewhere. I'm sorry this is so long but, I wanted to explain EVERYTHING! I'm running Windows XP SP2, and have followed all steps to post. I downloaded DSS, but after many attempts to run, it just wouldn't let me. I do have a fresh hijackthis log and my Panda report, I hope this is good enough.
Many thanks in advance to whomever helps me, I am desperate!
Monica

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:58:35 PM, on 11/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe... Read more

A:2 evil friends on desktop "Live Safety Center" and "Online Security Guide" Help?

Hi, thanks for trying to perform all the steps.


Quote:




I downloaded DSS, but after many attempts to run, it just wouldn't let me.




At what stage does DSS stop working?

7 more replies
Answer Match 81.48%

This began after dumbly going to some non-commercial website. NAV auto-protect did initially detect an infection, but indicated it could not quarantine or delete.

Now when launching IE6, it attempts to redirect to a fake virus software website. When I choose the "not recommended" link, IE crashes shortly afterward. Also, I get a fake "Security Center Alert" popup every few minutes. I stupidly clicked on the link to update the security center.

With System Restore deactivated, I have run (all updated, full scans in safe mode) NAV, Ad-aware, Spybot, SpySweeper, Avira and CCleaner. (Then I found this website and learned I should have waited to do this.) Spybot found a couple of registry entries, but that was the only detection made by any of the programs, other than NAV's initial auto-protect message. File gmer.txt is attached.

dds.txt:

DDS (Version 1.0) - NTFSx86
Run by Mike at 13:22:43.09 on Sat 12/06/2008
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1399 [GMT -6:00]

============== Running Processes ===============

C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\... Read more

A:IE crash after "Insecure Internet activity", "Security Center Alert" popup

Before any work can be done on this machine, there is something that requires your immediate intervention.

This machine is messed up pretty badly because you have several anti-virus programs on your machine. That's not a good idea!!

Alike firewalls, anti-virus programs have conflicts co-existing with each other & produces undesirable results. Please uninstall ALL leaving only one of them.

ALL the antivirus programs must be removed via add/remove program.
For any program that doesn't have an add/remove entry, you will have to do this:re-install the program -> reboot -> uninstallPost a fresh logs when you have completed the above task.

11 more replies
Answer Match 81.48%

My wife seems to have recently installed "System Security" malware, even though we were running an updated version of the AVG 8.5 antivirus and the computer (XP Home) is fully patched.

I find many references to it on the internet, and even some at techguy.org. But all of the instructions tell you to run some malware removal program. This version of the program not only pops fake security messages and asks you to "register" to get rid of them, but it claims that *EVERY* exe I try to run, except Internet Explorer is "infected" and therefore will not be run. This includes the malware removal installation programs that it does allow IE to download, regedit, even notepad. And since it won't let anything run, NONE of the usual antivirus and antimalware programs will run.

Is there anything short of a full reinstall that I can do? And is AVG 8.5 *really* this bad?

Thanks
 

More replies
Answer Match 81.48%

Hi everybody, I'm REALLY glad I found this site. I've got a problem - last night I ran Trendmicro Housecall on my desktop and it found a bunch of threats (49!), I ran the fixes on them then re-booted. When it came up after the reboot it was shoing all this bogus "Security Tools" antivirus thing (I have heard about this virus). I couldn't do anything as these windows kept coming up. I tried re-booting again and now it won't even re-boot! It just goes as far as the POST and then nothing. I can do F8 to get into debug mode but no matter what option I choose there, it won't go into any kind of mode.

Can anyone please help?

Thanks!
Shawn
 

A:"Security Tools" malware and now cannot re-boot.

10 more replies
Answer Match 81.48%

Hi every1!
i am new here...have to admit that i am a beginner on computer issues, especially with regards to computer security...I am a believer that a good anti-virus provider like norton will keep me away from all these threats.til today, when i installed an active x related thing which got my com into a mess...this security thing came as a protection toolbar that cannot be removed while always prompting to me that my com is full of spyware, etc ...luckily, i managed to remove it using smitfraudfix thru help of online forums! Phew..i am glad that there are still many good guys out there! Thanks Guys! Have done several test such as norton internet security 07, ad-adware, trend-micron,and some other free online scans and they all turn out clean (less for tracking cookies)... Read thru a hijackthis log tutorial @ http://hometown.aol.co.uk/jrmc137/hj...l/tutorial.htm to understand more abt it, and fixed some really obvious thing like "protection toolbar" etc.. I realize that it is rather stupid of myself to attempt to do it on my own without any expert's advise... In the end,i wasn't sure whether the thing has been removed completely from my com...here's the log.. Pls help to check to c if it has been cleared and if there r any undesirable stuffs that shld be removed... I can only pray that my actions have not made things worse...
Thanks for the help in advance!

Logfile of HijackThis v1.99.1
Scan saved at 2:40:06 AM, on 6/10/2007
Platform: Windows X... Read more

A:Help! Just recovered from a malware "security toolbar 7.1"

Hello kandfer and welcome to TSF,

SmitfraudFix would have produced a report located at C:\report.txt. Please post that log in your next reply, along with the following:


Download Deckard's System Scanner (DSS) to your Desktop.

What DSS will do:create a new System Restore point in Windows XP and Vista.
clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
check some important areas of your system and produce a report for your analyst to review.
DSS automatically runs HijackThis 1.99.1 for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed. **Allow dss.exe to download HijackThis 1.99.1 when prompted**


Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt in your next reply.
Please attach extra.txt to your post.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:C:\Deckard\System... Read more

10 more replies
Answer Match 81.48%

Okay, I'm usually pretty good at getting rid of this stuff, but this one has me stumped. I've got that problem with the fake Total Security software that takes over the computer. Once it's active, it kills any security software running and prevents most useful programs from executing, most annoyingly, the task manager. Safe is disabled somehow, as I always end up with a BSOD. If I choose "Directory services restore mode" in the boot options menu I can get into a form of safe mode that allows for networking. In this safe mode, I ran scans of various anti-malware software including AVG, Spybot S&D, Malwarebytes and CCleaner.

These scans seemed to have an effect as I can now have some time to run a quick scan (Malwarebytes is most effective) in normal mode before the takeover and stop it from happening. But it always re-infects itself on reboot.

Looking around Google, I've found and tried various methods of removing it, but there is no consistent solution, or at least no solution consistent with what's going on with my PC. Some tricks I've used include renaming the Malwarebytes executable files to something benign (my name).

Through my scan results, I've found references to files either named or associated with Vundo and Vundomonde. I don't know if this (these?) are seperate viruses or if they are just the proper names for the Total Security program.

My computer is a 4yo Dell Dimension 9100 running WinXP Pro SP2, with a ... Read more

A:Takeover by "Total Security" malware and maybe others

Here's a HJT log. I ran it in safe mode entered from "directory services restore mode" in boot menu.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:32:35 PM, on 9/20/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTserv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GS.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dlbtcoms.exe
C:\Documents and Settings\Eric\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU... Read more

2 more replies
Answer Match 81.06%

I'm having the same problem that a lot of people are having. These icons have showed up on my desktop and i keep getting pop ups telling me to download them because i have a virus. i would really applicate the help.
thanks!
John

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
91: 2007-11-17 16:39:03 UTC - RP554 - Deckard's System Scanner Restore Point
90: 2007-11-17 15:47:18 UTC - RP553 - System Checkpoint
89: 2007-11-16 15:05:33 UTC - RP552 - System Checkpoint
88: 2007-11-15 01:17:54 UTC - RP551 - Software Distribution Service 3.0
87: 2007-11-13 22:39:57 UTC - RP550 - Removed Banctec Service Agreement


-- First Restore Point --
1: 2007-11-12 23:17:11 UTC - RP464 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 81% (more than 75%).
Total Physical Memory: 510 MiB (512 MiB recommended).
System Drive C: has 2.78 GiB (less than 15%) free.


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-11-17 11:42:27
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM32\SMSS.EXE
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
C:\WINDOWS\SYSTEM32\SERVICES.EXE
C:\WINDOWS\SYSTEM32\LSASS.EXE
C:\... Read more

A:"online security guide" and "live safety center" deckard log here

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Please download VundoFix.exe to your desktop. We'll use this later.

Download SDFix and save it to your Desktop.

Please download & install - ERUNT (This is a utility that'll replicate a copy of your Registry)
Start ERUNT, confirm the Welcome message.

Next, select the backup options:

System registry
Current User Registry
Other open user registry

Click "OK" and wait until the backup process is complete. (Note that depending on your system configuration this may take some time, and that the first bar is NOT a progress bar, just an indicator that the program is still running.)
# Note: To ensure proper operation of ERUNT, you should be logged in a... Read more

13 more replies
Answer Match 81.06%

I don't have a clue where to begin trying to fix this problem. Spybot doesn't seem to fix the problem. I keep getting random icons on my desktop and start menu called "online security guide" and "live saftey center". There are also many fake balloon warnings appearing and a window titled "Critical System Warning!" that wants me to download stuff. What process can I go through to clean my system. Any help would be great...thank you!

A:i need help - "online security guide" & "live safety center" icons!!

Please follow MicroBell's 5 Step process outlined here:

http://www.techsupportforum.com/secu...tml#post342651

After running through all the steps, please post the requested logs.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

1 more replies
Answer Match 81.06%

Ever since I started using Windows Live Mail, I get the following every time I start it:

How do I stop this?

A:"Open File - Security Warning" when running a LNK file

Right click the .lnk file and select Properties. Look for a 'Unblock' button and click it. Apply>OK.

9 more replies
Answer Match 81.06%

Greetings,

I realize that I posted this thread previously, but I see that I had erroneously created it in the inappropriate forum (Windows Vista). However, the user "Macboatmaster" was kind and patient enough to provide me with assistance there, though I am still waiting on his following procedures.

In the meantime, as this is the Windows XP forum (my operating system is Windows XP), I wanted to formally post my dilemma here as well, as I thought that I may acquire more feedback. Here is the problem that I am facing, along with what Macboatmaster already suggested:

-I recently encountered some trouble on my pc (a BENQ) with respect to starting it up. During a recent system restore, a power failure occurred, and ever since I attempted to boot the computer, I receive the following error just before the desktop appears:

"Explorer.EXE - Unable To Locate Component: This application has failed to start because WININET.dll was not found. Re-installing the application may fix the problem."

This error prevents me from accessing anything on my desktop (i.e. task bar, icons, etc.) - only the desktop background appears, and all that I have access to is the Task Manager (Control+Alt+Delete). Control+Escape does not allow me to have access to the Start menu. I receive the same error just before I get into the cmd prompt, but it appears that I am still able to use it.

What has been already attempted (Macboatmaster's suggestion):

Went to Task Manager >New ... Read more

More replies
Answer Match 80.22%

My son uses his computer on the net a lot and of course there is a virus out there waiting to serve its twisted master.

He got the wellknown "Live Safety Center" and "Online Security Guide" and it keeps comming back and hijacks his internet browser to redirect to the same page that promises peace and wellbeing for money ... of course.

Here is the DDS log:
"
Deckard's System Scanner v20071014.68
Run by Emil on 2007-11-10 20:43:53
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Emil.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:44:39, on 10-11-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\F?lles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\agsdyely.exe
C:\Programmer\F?lles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Progra... Read more

A:Need to get rid of "Live Safety Center" and "Online Security Guide"

I did follow MicroBell's 5 Step process and the Panda scan said that no virus could be found. However, my Avast anti-virus warned me 5-6 times about files while I was running the Panda virus scanning. One of them was named "win.exe" and was in C:\temp\ but has now been deleted. Every time Avast issued a virus alert I chose the option to delete the file in question.

19 more replies
Answer Match 80.22%

My ASUS computer (Windows 7, 64 bit) was infected by "AV Security 2012". It seems that it is bundled with "ZeroAccess Rootkit" because it won't allow any program to run, claiming that they are infected. Besides poping up alerts and windows, it also disabled "System Restore" function and won't allow me to boot into Safe Mode. It does not allow me to delete AV Security 2012v121.exe either.

I read a bunch of articles online about how to remove it, but apparently, the people who developed this virus are reading them too! This version of virus has rendered these instruction useless. This is way beyond me now. I need help from a few Einsteins to kick this virus's butt.

Below is the HijackThis log. It won't let me run DDS, downloaded from the first link, probably killed by the "ZeroAccess Rootkit".

The complete HijackThis log:

===
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:25:14 PM, on 11/10/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Users\Shawn\AppData\Roaming\hAA11uvvS\AV Security 2012v121.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Virtual Account Numbers\CitiVAN.exe
... Read more

A:Infected with "AV Security 2012" bundled with "ZeroAcess rootkit"

Oh, one more thing, after the infection, the computer told me that I need to restart the computer to install Windows updates and stupidly I did.
 

1 more replies
Answer Match 80.22%

I don't have a clue where to begin trying to fix this problem. I keep getting random icons on my desktop called "online security guide" and "live safety center". There are also many fake balloon warnings appearing and a window titled "Critical System Warning!" that wants me to download stuff. What process can I go through to clean my system. I didn't have this problem until I upgraded to Norton 2008. I am currently running IP tool antivirus and spyware, I also have ran Smitfraudfix, still getting pop ups like crazy. Also my IP tools is finding Trojan.Virtumonde. I use Quicken and it seems to have attacked it because I am no longer able to use it. Any help would be great...thank you!

A:"online security guide" and "live safety center"

Hi and welcome to TSF.

Apologies for any delay in replying, but we have been rather busy lately, and, of course, all our helpers are volunteers.

Since it has been a few days since you first posted, please follow these instructions if you still need assistance.

Download Deckard's System Scanner (DSS) to your Desktop . Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - minimised > extra.txt and maximised > main.txt.
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt back in this thread (do not attach it).
Please attach extra.txt to your post.


To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:C:\Deckard\System Scanner\extra.txt

Click Upload.

I will monitor this thread for your reply.

Thank you for your patience.

1 more replies
Answer Match 79.8%

I was browsing the internet when suddenly I got attacked by a malware.
"Security Tool" was the name of the "anti-virus" It has been reporting fake virus'
Can someone help me fix this?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:30:24 AM, on 2/15/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe
c:\PROGRA~2\mcafee.com\agent\mcagent.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\DNA\btdna.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Program Files (x86)\LimeWire\LimeWire.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1355.0\mswinext.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Inte... Read more

More replies
Answer Match 79.8%

We are running windows XP on the infected computers. There are 2 now. I have disconnected them from the network. It originally started under a teachers profile and did not show up under administrator profile I found the program in doc and settings/all users/app folder but it keeps replicating. I took the computer out and put in a new clean computer that was just ghosted and logged in as the teacher and within a minute Security Tool popped up. I checked their profile and could not find anything. We run Active directory with roaming profiles on server 2003. Is it easier to just delete the profile of this person? Can I save their documents or do you think it might be saved there? I can always ghost these computers again. hopefully my HIJack this log was attached.
Thank you
cookie208
 

More replies
Answer Match 79.8%

Hi, I have the malware in the title infecting my laptop. I am running on Windows XP.

The malware is only on my daughter's (Lexi) User Account and not affecting the other users. There is a shortcut to it on the desktop pointing to:

"C:\Documents and Settings\All Users.WINDOWS\Application Data\9e0b355\SA9e0b.exe"

and the malware is called "Security Antivirus". It keeps popping up providing false infections and an opportunity to purchase their AV software.

My DDS log follows and the Attach and Ark text files are in the attached zip. Please advise next steps to rid my system of this malware.

Thanks!


DDS (Ver_09-12-01.01) - NTFSx86
Run by Lexi at 14:23:26.44 on Wed 03/10/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.305 [GMT -5:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Security Antivirus *On-access scanning enabled* (Updated) {74101764-077F-4F98-B654-EA4F17BD99B2}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
FW: Security Antivirus *enabled* {21819063-2993-4AD7-9684-F01124B36F4B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WTouch\WTouchService.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService... Read more

A:"Security Antivirus" Malware

Hi,

Please do the following:


Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Click on Yes, to continue scanning for malware.
When finished, it ... Read more

11 more replies
Answer Match 79.8%

In Windows XP, fully updated, I have several folders full of mp3's and want to see the bit rate and duration. I right click on a column heading and select "Bit rate". I then click on "More..." so I can get to "Duration", and I select that one too.

But all the figures in the "Duration" column appear to be in "hours" and "minutes", so I see "00:04" or "00:03", but what I want is "minutes" and "seconds".

Any thoughts as to how to change this?
 

A:Solved: Windows Explorer "Duration" Column - no "Seconds", just "Hours" and "Minutes"

16 more replies
Answer Match 79.38%

This morning, my mom told me to look at her computer because there was something wrong with it. After an hour or so of looking at it, this is what learned:
There's an "Anti-virus" program installed on her laptop that makes claims of fake infections and attempts to lure the user into purchasing the full version of this so-called anti-virus program.

She uses AVG Free edition as her actual anti-virus. This new program (further to be called the "infection") wont allow me to open AVG.

The infection also redirects Internet Explorer to a page that says the following:
Internet Explorer alert. Visiting this site may pose a security threat to your system!
...
Things you can do:
Get a copy of 'Win 7 Security 2011' to safguard your PC while surfing the web (RECOMMENDED)
Run a spyware, virus and malware scan
Continue surfing without any security measures (DANGEROUS)Click to expand...

Upon looking into the running processes, I found something I've never seen before. An entry called "ugg.exe" and the description of which is "Gpg4win: The GNU Privacy Guard and Tools for Windows"
When this process is ended, the taskbar popups cease and any "Win 7 Security 2011" windows close. However, an attempt to run IE or AVG restarts this process and puts us back at square one.

Trying to open the file location of the "ugg.exe" file, it brings me to the AppData\Local\ folder, however, there is no such file in that locati... Read more

A:"Win 7 Security 2011" Fake anti-virus program

7 more replies
Answer Match 79.38%

here is my hijackthis log....please help!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:59:34 PM, on 23/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\Travis\Program Files\DNA\btdna.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehom... Read more

A:Internet redirects me to "microsoft security center" saying i have a virus.

Please download Malwarebytes Anti-Malware and save it to your desktop.
If you have problems with that link, you can also download it from Here or HereMake sure you are connected to the Internet.
Double-click on mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
If you encounter any problems while downloading the updates, manually download them from here
and just double-click on mbam-rules.exe to install.
On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.
Then click on the Scan button.

If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen, click on t... Read more

4 more replies
Answer Match 79.38%

I currently use Norton Internet Security Suite 2006. I just purchased a new Think Pad and was wondering what the difference is between an "Anti Virus" utility and a "Internet Suite" which includes anti virus, firewall, spam filters, ect...................................
Thanks, John
 

A:Anti Virus utility "vs" Internet Security Suite

You pretty much named the difference in your post. A "system security suite" is one which bundles all the required tools for complete system protection, like anti-virus, firewall, anti-spyware, file cleaners, registry cleaners, etc.
 

1 more replies
Answer Match 79.38%

On my laptop the "Preparing Security Options" message is displayed if I press crtl alt del after I logon to Win7, before the desktop is displayed. Please can somebody give a definitive answer if this is a genuine Windows message or the action of a virus. Even MS won't give a definitive answer. There are many posts about this, people have said what they have done to remove the message but without any confirmation of whether it is or isn't becasue of a virus.
I think it is related to slow post bootup on my machine. Tghus far I checked the C: drive for errrors (none) scanned with malware bytes, run CC cleaner, avast anti virus, used system file checker and made sure the most up to date drivers are in use, reduced start up services and programs to the minimum. I still get this message after all that. So again please can somebody tell me definitively if "Preparing Security Options" is a genuine Windows message or the action of a virus.

A:"Preparing Security Options" message - is it genuine or a virus?

Usually it is an indication the you OS validity is under question and being scanned, whilst not always meaning it isn't valid. Thyis happens quite frequently after say installing a dodgy image file that may have corruption or system file dates are inaccurate.

3 more replies
Answer Match 79.38%

Hi, all, first post here, so hopefully I'll go about everything right.

Well, this started about half a week ago when I had an odd little instance of viruses come after me, unfortunately I can't remember all their names (Something about a "Hard Disk Drive crash" and XP Antivirus 2012 virus). I went to bleepingcomputer and managed to get rid of both of them. Then a day or two after, this little bugger shows up.
When I start the computer, the Windows Security icon in the toolbar (lower right) is seen, but red with a white X through it. A balloon pop up appears saying "Your Computer Might be at Risk!" or something along those lines.
I've been brave (and probably stupid) enough to click it. It says that my firewall isn't monitored, and automatic updates are off. Virus protection, however, it reads as being on. Personally, it looks pretty legit, and if this is the actual Windows Security Center flipping out and I'm still on edge from the virus attack, then I'm gonna feel pretty silly, seeing as how I've run Kaspersky, SUPERAntiSpyware, Malwarebytes, AVG and SpyBot all at least twice for a scan and they've all picked at least something up, things I haven't heard of (all trojans or cookies), but not this little guy, and since none of those have prevailed, I'm coming here.
Also, I've run iExplore.exe and exeHelper.exe before running everything, and I've followed several articles on all they way through on... Read more

A:Windows Security Alerts "Your Computer is at Risk" Virus? HELP.

DDS Log:

.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Owner at 22:09:12 on 2011-06-16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2045.811 [GMT -4:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\snmp.exe
svchost.exe... Read more

1 more replies
Answer Match 79.38%

hi. i use the paid norton security suite. i got a popup and closed it. i got it again, etc, etc. then i couldn't even get on line. i called norton and they told me it was my fault for clicking the red x on the popup! they offered to get rid of it for me; for $139!!
now i don't know what to do. thanks for your help, boyd.
 

More replies
Answer Match 79.38%

Hi,

My background changed to all-white and a red/white "pop up/warning" appeared in the center of the screen with "Virtumunde infection Danger".
There was a box on the bottom that said to "click-here for official virus protection". (I did not click the link).

Also there are several pop-ups (every few minutes), labeled as "Microsoft Security Alert!"

1. Microsoft Windows Alert > Critical Systems Warning!
"Your system is probably infected with version of Spyware IEMonster.b
....banking login/password info may be....."

"Click OK to protect your computer" (recommended)
(I did not click)


2. Windows Critical Alert!

Windows Security System detected your PC is under control of remote computer with IP address 297.4.167.118.

The remote computer got access to the following folders in your PC: \Windows\system32, \Program Files\Internet Explorer, \My Documents



Thank you very much!
Daisy_J


Here is my HijackThis Log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:02:45 PM, on 9/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\sv... Read more

A:Virtumunde virus, Spyware IEMonster.b, fake pop ups "Windows Security Alerts"

Looking over your log, back ASAP.

19 more replies
Answer Match 79.38%

Target: Sony Vaio PCV-RX640 w/ XP SP2

Have a Norton antivirus. Got a message (from it?) saying it had stopped a trojan. Then a window popped up offering to search multiple search engines for a solution. I vaguely (I was tired, ok) noticed that it claimed on the top bar to be "Windows Security Essentials" which should have caused me to yank the cord, since though I'd recently installed WSE on a laptop I still had a Norton sub on this computer. So I watched it as it pretended to search (little green boxes as I recall) and clicked on one of the four that claimed to be a solution. *duh* Obviously no real antivirus would follow this procedure, but Norton had worked before and I was not alert. All the Firefox instances closed immediately and then what appeared to be a power-off(-restart?) procedure self-initiated. It was aborted by what appeared to be a memory error and now Windows keeps recycling back to the choose-startup-mode screen. I stuck in the #1 Sony System recovery CD just to see what would happen and it proceeds to the point where it says ?"File \i386\system32\hjalaacpi.dll could not be loaded" / "The error code is 32768" // "Setup cannot continue. Press any key to exit."

Exiting initiates a reboot and, since the recovery cd is in the drive, a loop. Or, if I take it out, the start mode loop.

I take that back. I just looked up and this time I've got a BSOD. "...windows had been shut down to prevent damage..." // &quo... Read more

A:Virus with fake "Windows Security Essentials" ( I think) solution-search popup

Well, thank you all.

Btw, the Sony proved unbootable enough that the easiest solution was to slave its drive in another computer. All the files seem ok. MalwareBytes Anti-Malware did't find any trace of the virus on it.

1 more replies
Answer Match 79.38%

My last Spybot check found two entrees: Windows Security Center Anti Virus Disabler & Windows Security Center Firewall Disabler. I removed them. I run Spybot weekly. In between scans I noticed my Firewall & Virus protection were disabled at start-up. At first I was able to click on & enable them but then twice within 5 days I got the blue screen stop error (0X0000008E) right at the time these two items were loading. I hope by removing these items with Spybot Search & Destroy I have solved the bigger problem of the stop error. Has anyone else had this situation?
 

More replies
Answer Match 78.96%

I have a small red circle with X inside, on my taskbar. Every 30 seconds or so, it produces a window that reads " Windows security Centre has detected spyware/adaware infection. Click here to install the latest protection tools"

Ive run adaware, spyblaster, spubot, Avast anti virus, eiwedo. nothing is found !

Any suggestions ?
Many thanks
Tony.Logfile of HijackThis v1.99.1
Scan saved at 11:35:23, on 30/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\... Read more

A:"Windows Security Center" Virus ? HTL attached

7 more replies
Answer Match 78.96%

This correspondence is sent from username - crudeoil. Crudeoil?s infected laptop runs on XP and is a 32 bit computer. I am communicating to you from another laptop with all preliminary logs and reports. As such, all necessary downloads of log and reports scanning software and resulting text reports were transmitted to and from infected computer to corresponding computer via flash drive.
The virus on crudeoil?s computer is believed to be INTERNET SECURITY designed to protect. A window popped up containing the above name security program suspiciously soon after a previous window (believed to be a fake ADOBE FLASH PLAYER update ) popped up of which I may have inadvertently activated in passing over it with my mouse. Typically I use the ?CTRL/ALT/DEL and end program? termination step for removal of suspected virus pop-up programs when they show up. It may have looked too authentic at the time and I just got lazy.
Also, there appears that another malware type security program already was existing on my computer titled ANTISPYWARE BY ANTISPYWARE LLC(shown to be installed in 2008) when I noticed the above named program in my ?add and remove program? section during the ?reduction to only one security program? step prior to the logging and reporting step. A Google search of the said program described it as a malware security program that would require a special removal technique. The assumption that it has been there results from the 2008 install date. The fact that it has been th... Read more

A:"INTERNET SECURITY designed to protect" VIRUS

Hello and welcome to TSF.

Please note that more than one round may be needed to properly eradicate malware. In co-operation with the cleaning process, please: do not uninstall/install any programs unless asked to do so, to make it easier on us as it is more difficult when files/programs are appearing in/disappearing from the logs;
do not run any tools or scans other than those requested;
follow all instructions in the order they are presented;
if you have problems with or do not understand the instructions, ask before continuing;
stay with this thread until given the All Clear, as absence of symptoms does not always mean the machine is clean;
do not attach any logs/reports, etc.. unless specifically requested to do so.
All logs/reports, etc.. must be posted in Notepad making sure the word wrap is unchecked. (In notepad click format, uncheck word wrap if it is checked.)
Also note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

====================

One or more of the identified infections is a backdoor trojan.

This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wis... Read more

19 more replies
Answer Match 78.96%

Hello all!

Ok, there is something going on with my computer and I can NOT figured out what it is. It's acting like a virus but no program will recognize it. I'm operating on a Dell Inspiron 8600 with MS Windows XP Professional SP3, Intel Pentium M processor 1400MHz, 512MB RAM, NVIDIA GeForce FX Go5200. (Hope that helps, I'm a little lost as to what is relevant information.) Here's what's happening:
It started as a little pop-up ballon in the task bar with a picture of a red shield (similar to McAfee) with a white "X" in it with a message of "You have a security problem!" If you click on the icon to get more information, nothing happens.
Then I started to get "Alerts". The boxes that pop up and you can't click on anything else and those have "Alert" in the top bar and have a message of "You have a security problem! Do you want to scan your computer for viruses?" and Yes or No boxes. I have not selected "Yes" at all so I don't know what that would do.
Then all the other pop ups started and most of them have the fake virus scans on them but some are for other things. These are all IE based but I only ever use Firefox.
Lastly, I now have random audio blurbs play in the background. Even when no windows are open things will start playing like, "Click here to claim your free iPod", or the audio to a movie preview (waking up to my closed laptop playing the audio to the &quo... Read more

A:"Security" Pop-up and random Audio virus? HJT Log included

Update: It seems as though the pop-ups have pretty much stopped but the audio is getting worse. Now I have roaring plane engines bursting through my speakers. Any suggestion would be fantastic! Thanks
 

1 more replies
Answer Match 78.96%

Hello,

Unfortunately my computer was today infected with the "Win 7 Internet Security 2012" virus - odd & frustrating since I'm sure I have an up to date version of Norton. I have limited computer function, can only run a few basic programs (word, excel, pad, etc) and can not access any webpages. Fortunately I have access to another computer from which I can post and download items.

I tried some internet research, but it seems that the best bet is to post on a forum like yours, since the removal process needs to be tailored to each computer.

? I've carefully read the instructions, have downloaded DDS and GMER and am ready to post the logs, but I am actually having trouble deleting "Alcohol" from my system (it doesn't show up on my control panel and I can't delete it otherwise). I suspect that this virus is the cause of this.

? I don't know if I should post the required logs with the "Alcohol" program still installed, so please advice.

I would say that my computer knowledge is average, so I can follow and understand detailed instructions.

Thank you in advance for the numerous posts that this process will surely take. I'm thankful that there are helpful individuals like you out there, with an accessible forum like this.

Thank you!

A:Infected: "Win 7 Internet Security 2012" virus

Hello,

As mentioned, I am not sure if I should post anything, since I am not able to uninstall "Alcohol" from my system as the instructions directed.

However, I'm not sure if there have been no replies to my post, since I have not attached anything, so below is a text of the "DDS" file and attached is the logfile "Attach.txt" in winzip format.

I could not run GMER (possibly because of the virus or "Alcohol" still being present), so therefore nothing is attached for that.

Please assist. My machine is virtually unworkable. Thank you.

__________________

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by PDC at 2:25:31 on 2012-01-09
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6000.4093 [GMT -5:00]
.
AV: Norton AntiVirus *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton AntiVirus *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\Progr... Read more

2 more replies
Answer Match 78.96%

Ladies and germs, I'm having a little trouble removing a virus calling itself "Security Software". This machine has Macafee on it, but its out of subscription.

Also, I tried to install super anti spyware, avast, and avg, but this blasted virus blocks the installer from running.

I'm trying find the program in safe mode and delete the exe so it can't run, but its hidden istelf (big surprise there).

any advice would be greatly appreciated.
 

A:Virus Calling istelf "Security Software"

right, sorry, wrong forum. Thank to whomever moved it.

Oh update, the virus is calling itself "Security Tool" not "Security Software". Idk if that helps.
 

1 more replies