Tech Problem Aggregator

# Exploit Rogue spyware scanner

Q: Exploit Rogue spyware scanner

IE pops up with "this page cannot be displayed" or just fake "you're computer may be infected" type messages... Then AVG pops up saying "threat detected"... When I run AVG or MalwareBytes, I get nothing... I just want to know how to make it stop

More replies

Folks,I have been trying off and on for 2 weeks to clean this machine. It is my brother in laws computer and used by his kids to play many on-line games. It came to me with a BSOD which I recovered from by removing Antivirus XP malware using Malwarebytes Anti malware. I subsequently cleaned about 30 infections off the machine. I have scanned it with AVG Free, Malwarebites, Spybot S&D, Ad-Aware, House call and Bit defender (online). Still It has a browser highjacker in both Firefox and IE v8. I am getting repeated virus alerts from AVG concerning iastor.sys and one concerning kxdiypod.sys. I have tried to replace iastor.sys by renaming it and copying a new version. Every time I mess with it, I get another AVG alert and it replicates itself. Please help!DDS (Ver_10-03-17.01) - NTFSx86 Run by Michele at 17:54:04.18 on Sat 04/24/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.202 [GMT -4:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) Copyright Information 0============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exesvchost.exesvchost.exeC:\Program Files\AVG\... Read more

A:Exploit Rogue Spyware scanner

17 more replies

My son downloaded some videos on how to fix his car from You Tube and since then my laptop has been getting worse and worse. I ran Sammsoft ARO and Malware. I have since taken both off my computer thinking that might help. I have AVG, but it comes up with nothing when I scan. I keep getting the threat alert scaneriche.cz.cc/scan/dim_sp2/free as the file name and Exploit Rogue Spyware Scanner (type 140) as the Threat name.
I found a post about rkill on a random site and downloaded rkill, but every time I try to run it my computer goes to blue screen with a loooong message and then reboots automatically.
When I try to use the internet, I am directed to different sites that I don't want.
Help!!

A:Exploit rogue Spyware Scanner (type 140)

Hello kathym and welcome to BC.

We're so sorry about the delay, do you still need help?

4 more replies

I recieved a threat alert on my AVG 8.0 that I had something called Exploit Rogue Spyware Scanner type 621. I ran the AVG Scan and it showed nothing. I ran Adaware and all it found were some tracking cookies. I started getting redirected when browsing with internet explorer and I down loaded Mozilla because the pop ups and redirects became so bad I couldn't use My Internet Explorer to get to any place for help... This is My HighJackThis Log.... I do not know why all My AVG Scans come back that everything is fine. Please can You Help me... I have No Idea What this is.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:26:49 PM, on 3/21/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe

More replies

DDS does work on Vista 64bit so i have to use Hijackthis. Anyways AVG detected after I clicked a link by mistake while googling. Avg hasn't detected it before this happened and hasn't since.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:53:54 PM, on 3/19/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\AVG\AVG8\avgtray.exe
C:\Program Files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cnnb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cnnb

A:AVG just detected: exploit rogue spyware scanner (type 621). Vista 64 bit

Hello and Welcome to TSF.

We no longer use HijackThis as our initial analysis tool.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:

Having problems with spyware and pop-ups? First Steps

link at the top of each page.

---------------------------------------------------------------------------------------------

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please start a new thread in our Virus/Trojan/Spyware forum along with the required logs

1 more replies

My PC's been running wierd for about a week now and in that time numerous infections have been found, quarantined and removed. Last virus scan came back clear 'hooray!'... or so i thought...I use AVG free 8.5 and within the space of 45 mins i have received two seperate threat alerts. The first one was exploit phoenix exploit kit type 1112and the second one was exploit rogue scanner type 1148 The next step was unplugging it and drop kicking it out the window until these threat alerts popped up as it proves the machine is still under the influence of something. Can someone please advise me on the 'whats', 'hows' and 'whens' to restore my PC back to how it should be?Many much thanks in advance!

More replies

My Toshiba laptop with Windows 7 was showing a pop up (thought to be from Windows Security) stating I had a virus. I cannot figure out how to get rid of it. I have scanned with everything and quarantened 3 trojans. Ran anti spyware, anti virus again with nothing showing, however the pop up keeps happening. Can you tell me how to get this "exploit rougue scanner" trojan/virus/thing gone for good. Thank you so much for your help/adviceEDIT: Moved from Win 7 to Am I Infected forum ~ Hamluis.

A:Exploit rogue scanner

Hello and welcome... I think if we try this we can get a foot in the door.You need to do all the steps as some pertain to your issue..Please follow our Removal Guide here Remove Antispyware Soft (Uninstall Guide) You will move to the Automated Removal InstructionsAfter you completed that, post your scan log here,let me know how things are.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

1 more replies

Hi. My computer has been redirecting all searches (in IE and Firefox) to random websites since last night. I'm running Windows XP and we did try to download Adobe Flash Player yesterday, so I'm wondering if maybe that was the problem. We deleted Flash Player this morning, but that didn't fix the problem. So,if anyone could help, that'd be great.Occasionally we see a pop up window that says "Threat Detected" and underneath that it identifies the threat as "Exploit Rogue Scanner (type 1634)" if that helps at all.
Thanks.

EDIT: We ran AVG security software earlier and it didn't catch anything. We also ran MalwareBytes and it pulled up 12 things. We removed all of those, but nothing changed. I can post the logs if need be.

NOTE: Every time I try to post our log from HijackThis (I've seen others doing it), we get a "Internet Explorer cannot find webpage," so I'm not sure we'd even be able to post that if you requested it. I tried emailing the log to myself, same issue. The only way I could post anything (email or here) was to take out the log.

More replies

My infected computer is in real bad shape. All of a sudden my "security" system detects theres a virus and a whole different anti virus application pops up saying i should download it, trying to push me to pay. It infected everything, i mean EVERYTHING. I can't run a single application without it interrupting and telling me to buy buy buy. I managed to track it and i tried to delete but it needs the administration's permission which is me (I have vista) and i continue and it still can't delete it. I know its the Rogue Scanner. I can't delete anything or get on the internet or anything. I hope you guys can help Im on the other computer in the house posting this because its that bad.

I have AVG, thought it could protect but I guess not. I read that the Exploit Rogue Scanner makes additional virus to be a diversion for it to work behind the security systen and then acts like the new security system.

A:Exploit Rogue Scanner of some sort

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:

Having problems with spyware and pop-ups? First Steps

link at the top of each page.

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

1 more replies

My infected computer is in real bad shape. All of a sudden my "security" system detects theres a virus and a whole different anti virus application pops up saying i should download it, trying to push me to pay. It infected everything, i mean EVERYTHING. I can't run a single application without it interrupting and telling me to buy buy buy. I managed to track it and i tried to delete but it needs the administration's permission which is me (I have vista) and i continue and it still can't delete it. I know its the Rogue Scanner. I can't delete anything or get on the internet or anything. I hope you guys can help Im on the other computer in the house posting this because its that bad.

I have AVG, thought it could protect but I guess not. I read that the Exploit Rogue Scanner makes additional virus to be a diversion for it to work behind the security systen and then acts like the new security system.

More replies

While doing some research via Google yesterday, a redirect to an infected site was attempted twice. When I noted the odd name of the site coming up in the URL (and when the page had barely begun to load), I clicked back to Google. Meantime, on the way to the redirected site, AVG had popped up with a virus alert of Exploit Rogue Scanner Type 1007, listed twice. The site name was also identified.

I ran the ATF cleaner, then a full AVG scan which found no problems, and followed up with an MBAM scan which also found no problems.

Can I rely on these two results without running any other diagnostics?

Thanks, folks.

A:Exploit Rogue Scanner Type 1007

Me too. For the past 6 days the browser has been hijacked. Sometimes I get transferred as soon as I click on a Google link, sometimes the transfer appears to occur later, after already visiting the correct site. AVG Safe Search add-on in Mozilla does not complain about the link. AVG only very occasionally throws up a warning (Explot Rogue Scanner Type 1007) after the hijack. PC Tools Spyware Doctor (free version) and AVG 9.0.733 find nothing on complete scans (files, registry, etc ...).

8 more replies

Hello, sorry I'm new to this forum so i may not know the rules here, but i just found this sub forum of this site and i decided to ask a few questions. Okay so basically last night, i was just randomly on Facebook, so then i just clicked the search friends button and i suddenly got this string of findings by my Anti-virus AVG, which i will show you in the screenshot attached to this message. Furthermore, i took the initiative to try and clear out the viruses by deleting the infected files through the registry and manually deleting them from the system32 folder which some of the viruses got into.Those were called the following:mzzup.dllqzzup.dlldzzup.exeThese were all found in my system32 folder which i successfully deleted, however, there came a bunch of popups in my Mozilla firefox afterwards when i was searching about the virus on google and whenever i clicked on a link it would give me this totally random website so I'm guessing its the works of the virus. As a result of this, i uninstalled Mozilla Firefox in hopes of getting rid of the random pop ups, but to no luck it came back afterwards. Although right now, the popups don't seem to be present, I STILL want to make sure that my computer is completely cleaned of this virus, spyware, adware, or whatever it was.Furthermore, this morning, when i was browsing in Firefox on a canucks website, i got this virus that got detected by AVG called an Exploit Rogue Scanner (type 1148) as you can see in the screenshot, whi... Read more

A:Trojan Horse, Exploit Rogue Scanner

2 more replies

hi i have this virus on my comp,,and cant seem to get rid of it..avg keeps blocking it but would like to get it off comp (EXPLOIT ROGUE SCANNER (TYPE 889) can someone plz helpEDIT: Moved from Vista to more appropriate Am I Infected forum ~ Hamluis.

More replies

Hello,
Thanks so much in advance for helping me.

Running XP and keep getting redirected when I search via yahoo. AVG has detected 'exploit rogue scanner type 1652'.
Ran malwarebytes anti-malware but nothing is found.

A:Exploit rogue scanner type 1652 detected by AVG

Here is my DDS log...
DDS (Ver_10-12-12.02) - NTFSx86
Run by Mark at 7:03:11.82 on Fri 02/04/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.347 [GMT -5:00]

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
svchost.exe

3 more replies

Hello, sorry I'm new to this forum so i may not know the rules here, but i just found this sub forum of this site and i decided to ask a few questions. Okay so basically last night, i was just randomly on Facebook, so then i just clicked the search friends button and i suddenly got this string of findings by my Anti-virus AVG, which i will show you in the screenshot attached to this message. Furthermore, i took the initiative to try and clear out the viruses by deleting the infected files through the registry and manually deleting them from the system32 folder which some of the viruses got into.

Those were called the following:
mzzup.dll
qzzup.dll
dzzup.exe

These were all found in my system32 folder which i successfully deleted, however, there came a bunch of popups in my Mozilla firefox afterwards when i was searching about the virus on google and whenever i clicked on a link it would give me this totally random website so I'm guessing its the works of the virus. As a result of this, i uninstalled Mozilla Firefox in hopes of getting rid of the random pop ups, but to no luck it came back afterwards. Although right now, the popups don't seem to be present, I STILL want to make sure that my computer is completely cleaned of this virus, spyware, adware, or whatever it was.

Furthermore, this morning, when i was browsing in Firefox on a canucks website, i got this virus that got detected by AVG called an Exploit Rogue Scanner (type 1148) as you can see in the screensho... Read more

A:Virus: Trojan Horse, Exploit Rogue Scanner

Apparently I can't post the whole DDS log for some reason, here is the rest of the log

DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default

19 more replies

While browsing a messageboard using Firefox I received a supposed AVG Antivirus pop-up about "exploit rogue scanner (type 922)". I think it only said threat detected so I wasn't sure it it had been blocked or if I had been infected with anything. From what I have read, this was probably not a genuine AVG notice, but a faked one.
I didn't notice any problem until a couple of days later when I was unable to access some websites. This problem is worse for Firefox, but there are some websites I cannot access on either Firefox or AOL/Internet Explorer.

I usually run AVG and Malwarebytes Anti-Malware, and was unable to find anything with these. In addition I have tried Trend Micro, Bit Defender, Lavasoft Adaware, Kaspersky, Panda Active Scan, F secure, Spybot S&D, SuperAntiSpyware, Hijack This and found nothing significant (only false positives as far as I can tell, Panda giving a Virtumonde in Viewpoint media player, Kaspersky saying I had a virus in my hosts file when in fact it was entries previously inserted by Spybot to block "bad sites").
I had some problem running rootkit detectors, although for Gmer I believe that was because I didn't have AVG disabled. With AVG disabled I was able to run a full Gmer scan although this took a long time and slowed down towards the end - I was able to save a log file before the CPU usage went to 100% and I had to manually switch the computer off.
I still have problems running some of the sections of Root... Read more

A:exploit rogue scanner (type 922), websites blocked, possible rootkit?

I think I have fixed the problem on AOL (which may have been due to a recent AOL security update) by going herehttp://help.aol.co.uk/why-cant-i-access-a-...802091909990001and applying step no 5. I seem to be able to get to any site on AOL now though access is a bit intermittent on Paypal for example.The problem on Firefox remains. I wondered if it could be due to a corrupt profile but anything I try - creating a new profile, clearing cache and cookies - doesn't fix it. It sounds very much as though I have a Vundo trojan as described herehttp://support.mozilla.com/en-US/kb/Firefo...ertain+websitesAny clue as to how to find and get rid of it?And now unfortunately my stand alone Internet Explorer is exhibiting the same problems as Firefox which I'm sure it wasn't before

2 more replies

I've been working at this for about a week now and don't remember everything I've done. AVG sometimes identifies this as an Exploit Rogue Scanner. Sometimes it finds nothing.

When I click on a link I get some random website. A Wireshark trace shows the requested website actually downloads but then 2 or 3 more websites load immediately afterward.

I've, also, been redirected to a website that asks me to take a survey,even after typing in an address in the address bar. I close that web page almost subconsciously so I don't have much info on it.

Any help would be greatly appreciated.

~Perry
DDS (Ver_09-12-01.01) - NTFSx86
Run by Gemarl at 3:47:38.54 on Fri 12/25/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2636 [GMT -5:00]

AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE

A:Search engine redirect problem (Exploit Rogue Scanner?)

39 more replies

Hello BC community. Hopefully I am posting in the correct section. I have followed the steps, and I have included the required logs below.I shall begin with what I know. I consider myself to be of decent computer knowledge; I know how to write HTML, I properly run Windows 98/XP/Vista without many problems, and I can, and have on occasion, installed hardware (new graphics card, etc).Currently, AVG is giving me warnings that is has blocked "Exploit Rogue Scanner (type 1178)". As far as I know, this is a rare form and is extremely difficult to remove. The effects of this 'virus' include: opening and leading to completely random webpages. I have attempted to research how to remove such a problem. However, my google searches have yielded me little results and the virus still persists (on occassion, AVG tells me the Exploit Rogue Scanner threat is blocked).Here is what I have done to remedy the situation:Switched from IE to Mozilla Firefox.Complete Scan with AVG Free (AVG version: 9.0.851 -- Virus DB: 271.1.1/3043). It did not remove the ERS1178.Complete Scan with Spybot-SD (version: 1.6.2). It did not remove the ERS1178.Complete Scan with Malwarebytes' Anti-Malware (version: 1.41). I have a log for 22July2010. It did not remove ERS1178.Complete Scan with SUPERAntiSpyware Main Menu (version: 4.40.1002). It did not remove ERS1178.(Note: I do not run these protection software at the same time).Finally, I would like to thank those who spend the time reading my po... Read more

A:Exploit Rogue Scanner (Type 1178) - Desperately need help! Logs Included

Hello mercmaniaWelcome to BleepingComputer ==========================Download OTL to your desktop.Double click on OTL to run it. When the window appears, underneath Output at the top change it to Minimal Output.Under the Standard Registry box change it to All.Under Custom scan's and fixes section paste in the below in boldnetsvcs%SYSTEMDRIVE%\*.*%systemroot%\*. /mp /sCREATERESTOREPOINT%systemroot%\system32\*.dll /lockedfiles%systemroot%\Tasks\*.job /lockedfiles%systemroot%\System32\config\*.sav %systemroot%\system32\drivers\*.sys /90%systemroot%\system32\Spool\prtprocs\w32x86\*.dllCheck the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.====================

21 more replies

Hi!
I have a problem with my Firefox browser directing me to all types of pages when I click on a search result.
A pop up from AVG comes up indicating a threat - Exploit Rogue Scanner (type 1652) is blocked while I'm browsing sites.
I have AVG free and scanned the computer. It shows no infections. The only errors AVG found is in the Rootkit scan, where I get 28 errors of a IRP hook and when I have AVG remove them and restart they keep showing up on the rescan. The pop ups still go.
I found an identical problem solved in your forum (Browsers redirecting and malware programs not running or updating Do not know how to remove/ posted by bd1000 on 02 November 2010 - 07:25 PM), could you please help me as well?
Thank you
Below is the DDS scan log of my computer. I have attached the requested files.

DDS (Ver_10-11-10.01) - NTFSx86
Run by Kalina at 1:53:28.50 on ЇҐІєЄ 11/12/2010
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1251.1.1033.18.2038.1354 [GMT 2:00]

AV: AVG Anti-Virus Free Edition 2011 *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe

A:Browsers redirecting problem, AVG pop up 'Exploit Rogue Scanner (type 1652)'

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

19 more replies

A:Infected with Trojan horse Patched_c.JQJ and Exploit Rogue Scanner (type 1349)

21 more replies

I've recently acquired the false Zinaps malware "remover," and i'm trying to get rid of it. I've reasd that its really recent, so my previous scanners probably will not do the job. Could I get some help?

The lower task bar "notifies" me constantly with a yellow triangle with an exclamation mark. It reads "Windows has detected spyware infection. It is recommended to use special antispyware tools to prevent data loss. Windows will now download and install the most up-to-date antispyware for you."

By the way, this is Windows XP

Also, my computer's been excruciatingly slow recently (even before Zinaps), so if you could help me take care of those too?

A:Zinaps rogue spyware scanner 7.0 removal

Here's the HiJackThis log

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 3:21:54 PM, on 6/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\VMware\VMware Player\hqtray.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE

1 more replies

I'm infected with a Fake spyware scanner by the name of Zinaps 7. Can you help me get rid of it?

Thanks.

A:Help me delete Zinaps 7 rogue spyware scanner

Welcome to TSG

Click the Download button. When the Trend Micro HJT install box appears, double click on the HJTInstall.exe. Click on Install.

It will be installed by default here: C:\Program Files\Trend Micro\HijackThis

A shortcut to the application will also be placed on your Desktop.

The program will open automatically after installation.

You can double-click the icon that was placed on the Desktop to run subsequent HijackThis scans or you can use the icon inside the folder. The folder HijackThis is where you will find the HJT logs that you save. When you use the application to remove anything, you will also find the backup copies made by HJT inside this folder.

Close all other windows except HijackThis.

Click on "Do a system scan and save logfile" When the log pops up in Notepad, copy and paste that file back here.

Do NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required.

1 more replies

Hello, i suspect this all happened a few days ago when a friend attempted cracking a software program for me. Which he did do, but I see I am paying for it. The day it was cracked AVG detected a trojan downloader, I don't remember the name since i dismissed it.(Had gotten them before with no problem.) But I still ran avg scans in normal and safe mode and deleted all files it showed as a threat. About 4 days later after no problem my computer started acting sluggish all of a sudden, the next day AVG detected a new threat "Exploit Spyware Scanner" through the web alert I believe it was and told me the infected file and process was IEXPLORE.EXE, which was odd since I had deleted internet explorer a long time ago. I finally found it in program files and attempted to delete it but it wouldnt let me. The files I was able to delete from the IEXPLORE.EXE folder would come back the second I deleted them so I gave up and started looking for help. Around this time I started getting popups mostly spyware/adware removal related while firefox was inactive. The site I went to suggested running SuperAntiSpyware removal program, so I did. Out of 50 minutes of scanning it has found these problems:
Trojan.Vundo-Variant/NextGen-Six 4 files

A:Exploit Spyware Scanner/Vundo & Trojan infection

2 more replies

Hi there! Recently, I'm pretty sure I downloaded a virus or worm or whatever it technically is called. I used system restore to go back to the day before and I hoped that would have taken care of it. Well, it mostly did, but now when I search for websites on yahoo or google, if i click a link I just get redirected to another really sketchy website. I scanned using Malwarebytes and my AVG and it turned up nothing. I even put my computer in safe mode and scanned with malwarebytes and it still found nothing. Occasionally AVG will pop up with an infection saying that the process name is svchost.exeHere's a link to the picture http://www.mediafire.com/imageview.php?quickkey=xcybk20yoyzI checked on these forums for several similar problems and they were able to fix theirs, so I'm hoping you guys could do the same for me I know a decent amount about computers but I was just looking for some more help. Thanks so much!

More replies

HJT log; I ran Micro Security Essentials full check and it found some Trojans, I removed them but the issues still persist. I'm getting pop ups on the bottom of my screen on IE, Fire Fox And Chrome. Ran a Melwarebites but it didn't think I had anything. I'll post the log for that to. Let me know if anyone could take a look at this and see if there's something wrong with computer.
Appreciate it very much.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:26:25 PM, on 3/27/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16470)
Boot mode: Normal

Running processes:
C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Owner\Desktop\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,D... Read more

16 more replies

On saturday i suddenly got a message from avg that said "rogue scanner 1007 etc...". i did a scan with malwarebytes,search and destroy, etc, and i thought it went away. but today i was redirected to a site, randomly, and i got another message "rogue scanner 1031". I did a Hijackthis scan, and was wondering if anyone could please help .Running processes:C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exeC:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exeC:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exeC:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exeC:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exeC:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exeC:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exeC:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC: ... Read more

A:Rogue scanner 1031 plz help

2 more replies

I have been having some problems with winrscmde warnings showing up on my desktop. Initially I dismissed these warnings, thinking that it was a genuine process that had stopped running. Too late I realized that this wasn't benign. As the computer that has this is not always used on a regular basis, I did not immediently notice that my fan was running louder that usual and that things seemed to be running slower as well.  Both AVG and MBAM have caught things that seem to reappear with repeated scans. Included are the results of my DSS scan.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16476
Run by Machelle at 22:33:32 on 2013-04-13
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6143.3498 [GMT -4:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService

A:Help with winrscmde and Expoit rogue scanner

20 more replies

About a week ago I sat down at a computer that is kept on, but is not always used daily and saw a warning telling me that winrscmde had stopped running. Unfortunately, I assumed it was legit and basically dismissed it. I returned to the computer several days later and discovered that the  same warning was back. In addition to this, AVG had blocked several things, including a HTML Framer and an Exploit Rogue Scanner. When I ran MBAM, it found 2 trojans that it claimed to have cleaned up. Several scans later, MBAM is still removing those same two trojans and AVG is blocking something seemingly evey hour or so. I feel that I am really out of my depth here and would really appreciate some help.

A:Help with winrscmde and Expoit rogue scanner

7 more replies

Whatever it is i have been cleaning it of my machine every time i scan my machine.

I did get i virus a month or so ago but i got it of relatively quick.

Should i be concerned about these?

Also according to avg it found it while it was trying to turn on or something.

Is it like tracking cookies always there being a pest but never doing real damage or is it something bad

Thanks for replies also here is a pic

P.s also what are those java things

A:What is the pdf.exploit that my scanner keeps talking about

Hi computergeekguy.

Firstly I would remove AVG and replace it with Microsoft Security Essentials & Malwarebytes. Why? Because Microsoft Security Essentials has better detection, is lighter and doesn't cause BSOD's.

I would then run a Scan using Microsoft Security Essentials and Malwarebytes to see if it can detect and remove it.

Next if none of this helps, I would either Disable or Update Java on every Browser or uninstall it completely until the infection is gone.

If Malwarebytes or MSE finds and removes the infection, run an SFC Scan to repair any files the virus could have corrupted.

2 more replies

Hi White Knights, Good Guys and Gals,

My PC was attacked, likely through Internet Explorer today, since I haven't downloaded anything. The following are is the list of Malware that XP Security Center has notified:

=email-worm.win32.netsky.q
=rootkit.win32.agent.pp
=backdoor.win32.kbot.al
=net-worm.win32.mytob.t
=net-worm.win32.dipnet.d
=virus.win32.hala.a
=virus.win32.gpcode.ak

and Trojan Remover has identified
c:\windows\system32\vacinit.dll

and Mcafee
NTROSKRN... (rootkit trojan)

The program "Protection Systems" continues to pop up prompting me to buy along with random IExplorer bombs despite having removed it from programs. The system regularly freezes when I employ anti-malware programs.

I have attempted to use in normal and safe operating mode (Mcafee from safe command prompt)
=Mcafee VirusScan Enterprise (halts early in operation, Identifies NTROSKRN and 11 cookies)
=Stopzilla (Halts early in operation)
=Malwarebytes(fails to open even with changed name)
=Rooter Malware Finder (Eric_71) (operates results indeterminant)
=Trojan Remover (Runs. results indeterminant)

I am not in a good position to format the PC (in the wilderness).

Any advice what is preventing these malware programs from operating?

Thanks, and happy to repay the favor particularly if you like homebrew since PC wars arent my specialty!

Lookingtree

DDS (Ver_09-06-26.01) - NTFSx86
Run by Iamcomputer at 20:41:08.59 on Wed 07/15/2009... Read more

A:Unknown Attack Disables Malware Scanner/Antivirus/Spyware Scanner

It is important you rename Combofix during the download, but not after.Please do not rename Combofix to other names, but only to the one indicated.Close any open browsers.Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------Close any open browsers. WARNING: Combofix will disconnect your machine from the Internet as soon as it startsPlease d... Read more

2 more replies

DDS (Ver_09-02-01.01) - NTFSx86
Run by Owner at 9:36:21.34 on Fri 02/13/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Ed... Read more

A:Exploere 7 Redirected to Rogue Anivirus Scanner

YEA!! I REMOVED IT! It was Win32Tr\.\NewMedia Here is a screen shot of where it took me:Here is Lavasoft's info about these bugs: http://www.lavasoft.com/support/securityce...?p=366#more-366HOW I REMOVED IT1) Backed up all files2) Restored to a date before (unauthorized) software change3) Downloaded Ad-Aware Anniversay Edition, updated and ran scan4) Scan found [ Win32Tr\.\NewMedia - "Serious Threat" - MALWARE that trys to infect registry by redirecting your browser to rogue anivirus and causes popups to purchase product, and thereby release infection. ]5) DELETED, restarted, ran again and it appears to be gone!NOTE: Ad-Aware 2008, Malwarebytes, Spyware and Norton Internet Securitry 2008 all missed it, and though my computer acted better after I restored to an earlier date, I wanted to make sure I had done all I could. And I'm glad I did! Best of luck!

2 more replies

Trying to fix a friends computer, seems he has numerous rogue spyware/antivirus programs on his computer including Security Tools and maybe a couple others. I am working on getting a combo fix log right now. Tried to manually edit the registry, however the virus won't even let me open regedit. Tried to run Malwarebytes, but about a minute in it crashes (I'm guessing due to the virus).

A:Massive Rogue Virus Scanner Infections

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

2 more replies

Hi all.A few weeks ago, I got a popup 'computer scanner'. Unfortunately, I used the task manager to stop it before getting its name (figured I could find it and delete elsewhere--NOT!). Nothing odd in HJT, Trend Micro, Panda, Spybot, MBAM, SAS, or my Avira Antivir (except a temp file in the activescan one day after that that I quarantined). Figured it was a fluke.Got another last night. Called itself "Computer Security" in the Application tab in task manager and I ended it. Nothing came up in MBAM (see attached). Tried searching for this "Computer Security" scanner, couldn't find a thing as it's too generic.Avira Guard found another infected file last night after the 'scan'. Says, "contains recognition pattern of the HTML/Infected.WebPage.Gen.HTML script virus"Changed temp files from the last time... I quarantined it. I'm not a gamer, pirater, rarely download 'cept necessary programs from trusted sources (to the best of my ability) and try to keep the system lean & relatively tight 'cept I do allow scripts (with permissions) and am a researcher, having to access Myspace, FB, Twitter & thousands of searched sites. Have a Compaq Presario V5000 XP SP3. Wireless FIOS. Free Zonealarm, fiance has the router locked-down w/some custom rulesets, too.Followed Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help and pasted the first DDS log but was unable to attach the rest of the f... Read more

A:Rogue virus? Unnamed / unfound scanner

17 more replies

I have ESET NOD32 Antivirus 4.2.67.10, it came with my computer. I recently had an attack by one of those rogue scanners, I don't remember which one. I knew I didn't install it, intentionally, so I ran my antivirus software and thought that would be that. However, every time I run a scan I get the same trojan file as if ESET isn't cleaning it properly.

This is the file ESET finds everytime I run a scan.
Operating memory ? \GLOBAL??\0b043b2e\WINDOWS\$NtUninstallKB12330$\184826670\Desktop.ini - a variant of Win32/Sirefef.DN trojan - cleaned by deleting [1]

Since the attack by the rogue scanner: when I do google searches and click on weblinks I get sent to other sites, and sometimes new tabs will also generate. Unsure if it related but when I use gmail, sometimes my cursor will change location making typing an email frustrating.

Also, this is my first PC in a long time, used to game, and have since gone to Mac. In the past I had prefered to stay away from Symantec, Norton, etc. is there any other less invasive anti-virus software available?

A:Rogue scanner, ESET, sirefef trojan

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you. I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!

26 more replies

Hi, please help. There is a yellow triangle icon in my task bar that keeps popping up messages about my computer being infected with adware/spyware. There was also a wierd green/red icon but Ad-Aware got rid of that - I think it was spyware quake. I have downloaded spycleaner gold, and spyware doctor, spyware doctor found stuff on scan, but won't let me fix it without paying $30 that I don't have... Anyway, I have spent 2 days now trying to get rid of this, and am at my wits end here. My computer and my internet are running as slow as slush, seriously, I am connected at .1 Kbps, normally I run at 115Kbps, this is horrible. My dad purchased norton 2006 for me, and I can't install it, the "live update" won't work. (I'm not a kid, TMI but I'm 28) I normally use firefox, but just now switched to internet explorer in order to run a panda scan. Internet explorer is totally hijacked, with "perfected security" popping up, and "pestcontrol" and a few others...Here is my hijack this logfile:Logfile of HijackThis v1.99.1Scan saved at 12:12:36 AM, on 4/14/2006Platform: Windows 2000 SP4 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\P... Read more A:Rogue Spyware- Spywareno, Spyware Quake, Perfected Security, And More... Click here to download SmitfraudFix (by S!Ri). Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.Click here to download System Security Suite. Extract it from the zip file into a folder.Click here to download ewido security suite - it is a trial version of the program.Install ewido security suiteWhen installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".Launch ewido, there should be an icon on your desktop double-click it.The program will now go to the main screenYou will need to update ewido to the latest definition files.On the left hand side of the main screen click updateThen click on Start UpdateThe update will start and a progress bar will show the updates being installed. Do NOT run a scan yet. Exit the program.Open the SmitfraudFix folder and double-click smitfraudfix.cmdSelect option #1 - Search by typing 1 and press EnterThis program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log in your next reply.IMPORTANT: Do NOT run any other options until you are asked to do so! 10 more replies Answer Match 55.02% I was reading an article on cleaning malware at:http://www.maximumpc.com/article/howtos/ul...r_pc_junk_filesIn the article they refer people over to www.combofix.org which has a link that appears to download combofix from bleepingcomputer.com...On the same page it recommends a program called "Spyware Cease" which my AntiVirus detected as a virus.Featured antispyware softwareSpyware Cease: Removes and Protects from: Spyware, Adware,Trojans, Hijackers,Worms,Keyloggers, Rootkits, Rogue Antispyware ,Password Stealers, Tracking Threats and other Malware attacks!scan you computer for free - Current Version: 3.0 (File Size: 3.63 MB)In looking on the net for info on this software I have found mixed reviews.I installed it on an isolated PC that I use for software testing and then ran combofix - and combofix removed "Spyware Cease"I believe it is a "rogue" program.1. Is Spyware Cease a rogue program?2. Is combofix.org a rogue site?Your thoughts? A:Is "Spyware Cease" a rogue anti-spyware app? Spyware Cease is available at several of the major download sites so it appears legit or they would not be hosting the program. http://www.softpedia.com/get/Internet/Popu...are-Cease.shtmlhttp://downloads.zdnet.com/abstract.aspx?k...mp;docid=914643http://www.download.com/1770-20_4-0.html?q...htype=downloadsHowever, how effective it's detection/removal scanner is...that's another question. I don't know any experts who use this program. As such, i recommend that you use one with a proven track record like those mentioned in BC's Freeware Replacements For Common Commercial Apps or Trustworthy Anti-Spyware Products.Please note the message text in blue at the top of this forum. You should not be using Combofix unless instructed to do so by a Malware Removal Expert who can interpret the logs. It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Combofix was never meant to be used as a general purpose malware scanner like SuperAntispyware or Malwarebytes' Anti-Malware. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Please read Combofix's Disclaimer. 8 more replies Answer Match 55.02% My laptop is infected with Spyware Protect 2009 - using Avast anit-virus; spybot and the spyware remains. Here is my hijack log... please advise. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:21:28 AM, on 2/1/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe c:\TOSHIBA\IVP\swupdate\swupdtmr.exe C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\WINDOWS\system32\wuauc... Read more A:Rogue Spyware - Spyware Protect 2009 - HELP! Used Malwarebyte's Anti Malware - problem solved. 1 more replies Answer Match 54.6% I got all of these viruses and i can't work properly because of these. Zlob.Trojan, Rogue.VirusTrigger, Rogue.Errorsmart, Rogue.System Antivirus 2008 I think i got more malware on. I believe it started when my sister inserted her flash disk on my pc. What do i do? A:Zlob.Trojan, Rogue.VirusTrigger, Rogue.Errorsmart, Rogue.System Antivirus 2008 Hello please run an MBAM scan on this PC. DO NOT put that Flash drive into any other PC's it is infected.Please download Malwarebytes Anti-Malware and save it to your desktop.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main ... Read more 12 more replies Answer Match 54.6% First, thanks for taking a look at my problem. Your attention and time are appreciated! The machine in question is a Dell Precision M6600 running Windows 7 Pro. A scan with Vipre from ThreatTrack Security discovered a file it called Lookslike.swf.malware.h which it quarantined and eventually deleted. Subsequent deep scans with Vipre came up clean. However, Microsoft Safety Scanner came back with 12 files infected, calling the malware Exploit.Java/Obfuscator.w. The MS scanner said it could not do anything about the matter. All updates to Windows, Vipre, Java and Adobe products have been made and the machine is currently not displaying any strange behavior. However, since it is a machine that gets heavy use on very important, time-sensitive projects, I would like to get ahead of the issue and do anything I can to remove the threat entirely. Normally I would just back up the data and do a clean reinstall of Windows but this particular machine is chock full of difficult to reinstall software that I would much rather leave in place. Any assistance is very much appreciated. -Scott A:Exploit:Java/Obfuscator.w found by MS Safety Scanner - Help Removing, Please Hello mudhustler and welcome to BleepingComputer! My name is Sirawit and I'm here to help you. Please note that I'm currently in training and my fixes need to be approved first, that may delay our fix a bit, but I will normally reply back in 24 hours. If I don't reply after 3 days, feel free to PM me. ==========================================================================Some points for you to keep in mind: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer. We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I wi... Read more 15 more replies Answer Match 53.34% Hello, My computer has become infected with the following trojans/rootkits, and I've everything I know how (which is very little) to fix it, with no effect. I discovered this forum while googling the relevant trojan names and come to you humbly for whatever assistance you may offer. The first problem I noticed was computer/browser slowdown. There was an svchost process that was listed as using over half of my RAM. I suspected an infection and so ran my antivirus/malware software -- Avast, AdAware, & Malwarebytes. Nothing was discovered. Shortly after this alerts began popping up from Avast saying it was blocking communication to a certain website. I'm sorry, I didn't take this as seriously as I should have at first and did not write down anything about these first warnings. Repeated scans again revealed nothing. I remembered from removing one of the "AntiVirus" rootkits from a girlfriend's computer that starting in safe mode, installing a new Malwarebytes, and then scanning may help. I tried that, and two trojans were discovered, both named Exploit.Drop.7, and I removed them. After this I also ran the Free Windows Registry Repair command, as well as the registry repair function of C-Cleaner (I'm not sure why, in retrospect, I just remembered doing that last time). I restarted the computer again. It appeared to be working normally, and I accessed the internet and checked e-mail, etc. However, in just a few minutes I again notice... Read more A:Infected with Rogue.FakeHDD, Trojan.FakeAlert, PUM.Hijack.StartMenu, PUM.Hijack.TaskManager, Exploit.Drop.7, etc. Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about y... Read more 28 more replies Answer Match 52.08% i need a real time spyware scanner for free. I also need a virus scanner (realtime) avast, avg, or antivir? Does anybody have suggestions? A:real time spyware spyware scanner? (free) 16 more replies Answer Match 51.66% PLEASE HELP!! i have this darn spyware that jst won't go away. It says "Exploit Rogue Spyware scanner (type 621)" then another windw come up that has "Bonuspromooffer.com" i have downloaded AVG 8.5, Malwarebytes, and windows defender, plus i already had the Adaware program. these programs found a lot of viruses and spyware, but this Rgue one keeps coming back. plus now my computer is runnng so slow, it's like dial-up or worse. can nyone help me getrid of this? More replies Answer Match 51.66% I've recently been through the ringer with just about every known virus on the face of the earth. After getting a fake window's police pro ad pop up, all hell broke loose. I was able to rid my computer of that, but later aquired AV CARE and many more viruses through a ghost in my system. This rogue virus(es) have caused mass havoc on my computer. I cannot open or install any anti-virus/anti maleware problems. I've tried the .com hijack but that was to no avail, the antivirus scanners shut down after 10 seconds. Whatever is on my computer deleted xp, or at least appears to have, my computer doesn't recognize any sound input/output and only beeps through the sound card like way back when with MS DOS.. I've tried everything under the sun and I've come to terms that my computer is just going to have to be redone. I don't have a problem with that, thankfully awhile back I saved all my valuable information, documents, music files,etc. on spare hardrives. HOWERVER, there is one VERY IMPORTANT folder that I need to re-add to my data E-DRIVE because there are new files i need on my new computer! (I make music and alot of my new unfinished projects are in this folder) This lil virus, maleware or whatever the hell it is won't let me copy and paste, wont let me send the folder, won't let me drag, won't even let me send to a flash drive. I don't know what to do, I need to get the new computer up and running as fast as possible but I need thi... Read more A:Rogue Spyware Moved from HJT to a more appropriate forum. Tw 2 more replies Answer Match 51.66% Hi I'm a new member here but nonetheless I need help. I received this spyware called windows XP 11. It's a spyware. It turned off my firewall and override all of my anti-virus's. I ran MBAM in safe mode and it let me remove the spyware, but when I rebooted my computer, it was still there. I got rid of the virus. But now every time I try opening ANYTHING, it gives me with the 'open with' prompt, so the files aren't able to open correctly. I'm not able to connect to my control panel, I dont have 'rundll32.exe' The 'open with' prompt is giving me a bunch of programs i can run the file with. I'm not able to Download ANYTHING, because it gives me 'open with' prompt. Please guys, thank you so much. Edit: I can't even run as an administrator because I don't have a password and it is asking me for one. It's 3 am, please leave your comments I will get back to you in the morning. More replies Answer Match 51.66% Hi. I have many rogue spyware programs popups, ultimate cleaner, privacy protector, error cleaner, spyware & malware detector etc etc hear is HJT log. Task manager has been disabled. Macafee changes log show new dll files added, bxsnvqt, dopfwrllwr, aslpmqk on the day I got the malware. Thanks C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\gearsec.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\McAfee.com\Agent\mcagent.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\windows\system\hpsysdrv.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\System32\hphmon05.exe C:\HP\KBD\KBD.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\WildTangent\Apps\GameChannel.exe C:\WINDOWS\ALCXMNTR.EXE C:\WINDOWS\wt\updater\wcmdmgr.exe C:\WINDOWS\system32\ICO.EXE C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\WinTV\Ir.exe C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe C:\Progr... Read more More replies Answer Match 51.24% I am reasonably sure I have removed the rogue program antispycheck 2.1 from a neighbours computer. I used the advice on bleeping computers (many thanks). I deleted all relevant folders, files and registry entries and used HJT to remove a few relevant odds and ends. I stopped aspch from running at start up. I uninstalled antispycheck 2.1 using Add/Remove programs. I ran another registry cleanup to make sure no references remained. I also removed 12 Downloader.Zlobs and a quantity of spies. Re-running anti virus and anti spy programs shows the computer is now clean. However, I am unable to remove the live link to the antispycheck website which lives in the Windows XP notification area. It is a shield just like the Windows security shield, it flashes alternately from red to blue to red to blue. Making sure I was off-line I clicked the shield to see what URL it was linked to. This was antispychecker.com/?aid=1012 Something is also resetting the Windows automatic update to 'off'. At regular intervals of about a minute the shield throws out one of two false warning balloons. The yellow triangle in the balloons looks quite genuine but the System alert asks you to either download antispyware or download a tool for removing malware. I would be grateful for advice on stopping this little blighter from operating. Regards Awestruck A:Rogue Anti-spyware Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list ... Read more 1 more replies Answer Match 51.24% my dads laptop has some sort of rogue spyware program on it. ive dealt with one before on a friends computer but its been a while. just guide me thru the steps and gimme a link to hijackthis. thanks for the help A:need help, rogue spyware program 16 more replies Answer Match 51.24% Hello, Thanks for helping me with this issue. I cannot get rid of a rogue spyware application. I tried using Malware Byte's and VIPRE anti-virus software. VIPRE keeps finding the virus after each scan of my computer, but whether I choose quarantine or remove the virus remains and I still see the red circle/white x icon in my systray that tries to install antivirusagent or system guard. Here is my DDS.txt log: DDS (Ver_09-06-26.01) - NTFSx86 Run by Brian at 5:46:03.29 on Thu 07/02/2009 Internet Explorer: 6.0.2800.1106 BrowserJavaVersion: 1.6.0_11 Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.1023.496 [GMT -4:00] ============== Running Processes =============== C:\WINDOWS\system32\svchost -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\AOL\1233955266\ee\AOLSoftware.exe C:\WINDOWS\System32\brastia.exe C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe C:\WINDOWS\System32\RunDLL32.exe C:\Program Files\AOL 9.1\waol.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Logitech\SetPoint\KEM.exe C:\Program Files\WiFiConnector\NintendoWFCReg.exe C:\Program Files\Logite... Read more A:Infected by rogue spyware Hi,Please download GooredFix from one of the locations below and save it to your DesktopDownload Mirror #1Download Mirror #2Ensure all Firefox windows are closed.To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).When prompted to run the scan, click Yes.GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).Download ComboFix by sUBs from here or hereNote: If you already have a copy of ComboFix on your system it is essential that you delete it before downloading this copy.**Save it to your desktop**Double click on ComboFix.exe & follow the prompts. If you are prompted to install the Recovery Console I recommend you go ahead and hit yes.When finished, it shall produce a log for you. Please save that log to post in your next reply along with a fresh HJT logNotes:Do not mouseclick combofix's window whilst it's running. That may cause it to stall.ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know. ComboFix disconnects your machine from the internet when it runs. This connection should be automatically restored when ComboFix completes its run. If ComboFix runs into difficult... Read more 9 more replies Answer Match 51.24% Had a client unknowingly install rogue spyware on her laptop. Needless to say she was pretty upset. As a teacher she needs access to her files for lesson plans and was locked up. The rogue spyware was disguised as Internet Security I was able to get into the system and install HJT. Here is the log file. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:23:10 PM, on 2/27/2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe C:\Program Files\Toshiba\Power Saver\TPwrMain.exe C:\Program Files\Toshiba\SmoothView\SmoothView.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Toshiba\FlashCards\TCrdMain.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Toshiba\ConfigFree\NDSTray.exe C:\Program Files\Toshiba\TOSHIBA Service Station\TSS.exe C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe C:\Program Files\Linksys\Links... Read more A:HJT Log FIle - Rogue Spyware HiJackThis 2.0.4 needs to be installed in that computer and allowed to install in the default location: C:\Program Files. You currently have the HiJackThis.exe file running from the E drive, which is improper. Most of the HiJackThis log is also missing. ----------------------------------------------------------- You wasted your time running a scan with Malwarebytes Anti-Malware 1.60.1.1000 because you didn't select and remove what it found. The "No action taken" entries in the scan log confirm that. ----------------------------------------------------------- Download and install SUPERAntiSpyware 5.0.0.1144. Make sure to update its definition files during the install process. ----------------------------------------------------------- Follow these instructions next, carefully and completely. DON'T use the computer while each scan is in progress. Start Malwarebytes Anti-Malware. Click "Scanner(tab) - Perform quick scan - Scan". If infections or problems are found during the scan, the number of them will be highlighted in red. When the scan is finished, click "Show Results". Make sure that EVERYTHING is selected, then click "Remove Selected". If you're prompted to restart to finish the removal process, click "Yes". Start Malwarebytes Anti-Malware again. Click "Logs"(tab). Highlight the scan log entry, then click "Open". When the scan log appears in Notepad, copy-and-paste... Read more 1 more replies Answer Match 51.24% I somehow wound up with "Spyware Guard 2008". I cannot click any links online and only half of my programs will run properly, random firefox pages pop up out of knowhere and my pc is running very slowly. Everytime i try to run smitfraudfix.exe or try to install a spyware removal application they fail, and it brings me to the windows error report screen. I need to have this problem fixed :( Im dependant on my computer for employment. __________________________________________________________ gmer.exe would not run on the infected computer, so I cannot attach the ark text file.. I have included attach.txt and the dds here is the DDS. DDS (Version 1.1.0) - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2814.2402 [GMT -5:00] ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe -k HTTPFilter c:\program files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Sean\Desktop\dds.com ============= FINISH: 1:39:03.92 ======... Read more A:[SOLVED] HELP - ROGUE SPYWARE. Please help bump please. I was able to run exterminate it , a free spyware checker but of course, not remover. I have "Net Sky", "Spyware Gard 2008", and "Vundo" . I might just reformat today, all of the spyware is on my first harddrive and I've put everything onto :/D. 3 more replies Answer Match 51.24% My computer is running slower than usual and I keep getting either Adultfriendfinder pop-ups or rogue anti spyware pop-ups. I need help!Logfile of HijackThis v1.99.1Scan saved at 11:13:36 PM, on 3/31/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.e... Read more A:Rogue Anti-spyware Pop-ups Hello DancerchickPlease download VundoFix.exe to your desktop.Double-click VundoFix.exe to run it.Put a check next to Run VundoFix as a task.You will receive a message saying vundofix will close and re-open in a minute or less. Click OKWhen VundoFix re-opens, click the Scan for Vundo button.Once it's done scanning, click the Remove Vundo button.You will receive a prompt asking if you want to remove the files, click YESOnce you click yes, your desktop will go blank as it starts removing Vundo.When completed, it will prompt that it will shutdown your computer, click OK.Turn your computer back on.Please post the contents of C:\vundofix.txt and a new HiJackThis log.David 6 more replies Answer Match 51.24% Hi, I have an annoying anti-spyware pop-ups that won't go away. I did everything on the preparation guide, yet the pop-up keeps coming back. I haven't noticed any significant performance problems since this pop-ups started about a week ago. This is the website the pop-ups send me too: //antispyware-reviews.biz/?wmid=4663&pwebmid=R3n1c2Bg8A. Also, now that I have installed Zone Alarm it picks up the pop-ups and asks if I should allow or deny, which is nice. However, this is oviously not a solution. The application that Zone Alarm identifies when the pop-ups try to appear is sjyxwnkn.exe. I have posted below my Hijack This log. Thanks for any help.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:50:47 PM, on 2008-03-29Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16609)Boot mode: NormalRunning processes:C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\Windows\RtHDVCpl.exeC:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exeC:\Windows\WindowsMobile\wmdc.exeC:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exeC:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exeC: ... Read more A:Rogue Anti-spyware Pop-up I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please post a brand new HijackThis log, along with a description of any problems you are experiencing. If we do not hear back from you within a couple of days we will need to close your topic.When posting your logs please post them directly into the reply. Do not attach them.Thank you for your patience. 1 more replies Answer Match 50.82% Hi guys, I'd be so grateful for a little help with this problem i'm having. i recently got my broadband router but when i tried to use it, i couldn't access web pages. the guy on the tech support line finally concluded that i had spyware on my computer, so i downloaded spybot and adaware. i've run both of these, and they both cleaned a load of stuff off the hard drive, but one keeps reappearing on spybot, called "dso.exploit". I downloaded hijack this to make a log, but that won't run; a warning screen comes up that disappears too quickly for me to read. can you help me get rid of this thing? the frustrating thing is, it doesn't affect the internet surfing when i use the old dial-up, only with the broadband. further, broadband works for about ten seconds, after that, i can't open any web pages. thanks. A:Help with exploit spyware 8 more replies Answer Match 50.82% I have three computers in my home on a wireless network, D-Link DI-624 router and DWL-G520 PCI adapters, my access is broadband cable. all three operate on Windows XP. Recently i began getting a message from my firewall (Norton) that a program is trying to contact the internet......Process name is "C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe".... not knowing what it was i blocked it and directed my firewall to always take the same action. I use MSN messenger 6.2, as of that date, everytime i tried to log on to it i got a message that windows messenger (which I had deactivated long before) was online, and had to be disconnected. i promptly unstored my user information from the control panel so it could not be used without entering a password manually. ever since then my computer, but not the other two, has been acting oddly, every time i started up i noticed items missing from my toolbar. i repeatedl ran my av (norton) as well as my spyware programs (Ad-Aware and spybot). I ran spybot on all 3 tonight and got the same results on all 3, DSO Exploit with 5 H-Key Users entries in my windows registry file, after trying to remove them with spybot several times, i noticed that they keep re-occuring, i need help in getting my system back to normal. I did try re-installg XP and re downloading all the critical updates, but this did not help. any help will be greatly appreciated...... thank you A:DSO Exploit spyware I will be interested in the facts about this, too. Everytime I run Spybot Search and Destroy, the DSO Exploit shows up. Is this dangerous or annoying spyware? Where does it come from ? I have stopped having Spybot fix the problems for the time being, though, as I think I messed up the registry a while back by doing it and I had to to a System Restore. Haven't run it since. 2 more replies Answer Match 50.82% Please help me get rid of "System Security", a rogue spyware program. I will not bother to describe this malware because there is already a detailed description posted to the Malware spyware removal guide forum (see http://www.bleepingcomputer.com/malware-re...ystem-security). I have read the post about getting rid of this, and I've downloaded Malwarebytes' Anti-Malware (MBAM) software and run it twice and it does not get rid of it. Each time I run MBAM, it identifies the rogue software, but even when I try to remove it, it's still there! I have also run Avast! and Troja Remover--nothing works! Here is my DDS log (I'm attaching the "attach" file unzipped because it's so small):DDS (Version 1.1.0) - NTFSx86 Run by Harry at 12:15:22.94 on Wed 12/31/2008Internet Explorer: 7.0.5730.13Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.190.35 [GMT -5:00]AV: avast! antivirus 4.8.1296 [VPS 081231-0] *On-access scanning enabled* (Updated)FW: Sunbelt Kerio Personal Firewall *enabled*============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\Ati2evxx.exeC:&#... Read more A:"System Security" Rogue Spyware Hello and welcome to Bleeping Computer my name is BHowett and I will be helping you get sorted.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know.If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Thanks and again sorry for the delay.Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE 2 more replies Answer Match 50.82% Somehow this VirusProtect program ended up on my laptop yesterday afternoon. I tried removing it using the add/remove programs thing. This didn't work until I had deleted the .exe file from somewhere else (system32 folder??). I was then able to remove the program and the icons were gone off the desktop and I couldn't find any files or things called VirusProtect so I though all was fine. However, an icon then appeared in the toolbar (its a shield that flashes from red with a white X to blue with a white ?). It keeps putting up bubbles saying "System Alert -System has detected a number of spyware " and if you click on it it brings you to the virusprotect website where they want you to buy a bunch of stuff. I downloaded a program called SpyHunter which duly told me that I had a Zlob Trojan (??) and some other things to do with the VirusProtect program which it deleted for me. But this didn't fix anything. If someone could help me get rid of this I'd be really grateful! I followed those 5 steps to posting a log and here's what I got: (the extra.txt file is attached) Thanks! Deckard's System Scanner v20071014.68 Run by Sarah on 2007-12-28 22:11:18 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 28: 2007-12-28 22:11:31 ... Read more A:Rogue anti-spyware - VirusProtect 3.9 Hello and welcome to TSF. You are running DSS.exe(Deckard System Scanner)from a temporary directory. It needs to be in a permanent folder. Please go into Windows Explorer, click on C: then click on File > New > Folder and call it DSS , or another name of your choice. Then move DSS.exe to this new folder. DSS can be found at C:\Documents and Settings\Sarah\Local Settings\Temporary Internet Files\Content.IE5\0DIF4TY7\dss[1].exe ================== Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs: SpyHunter- Enigma's SpyHunter anti-spyware application was listed on this page primarily because of the company's history of employing aggressive, deceptive advertising The company was also known for exploiting the name "spybot" in its domain names and online advertising. These objectionable business practices were employed primarily from late-2002 to mid-2004.While there are still unresolved allegations that SpyHunter transmits the Windows Product ID from users' PCs , we can no longer classify this application as "rogue/suspect." Nonetheless, SpyHunter -- at least in its current state -- cannot be recommended because of its mediocre performance as an anti-spyware scanner. Testing indicates that it does not recognize some well-known spyware installations and has difficulty removing critical spyware/adware files even from those it does recognize. Given the many excellent competing anti-spyware appl... Read more 1 more replies Answer Match 50.82% The Antivirus.net icon showed up on the toolbar at the bottom of my screen and presented several 'Windows' pop-up messages of false tojan, malware reports. A pop-up window also showed the Antivirus program performing a false scan of my computer with false reports. When trying to access Internet Explorer, it would only bring up a page that said that the website could harm my computer, and would only allow me to access the antivirus.net website to purchase the software to 'protect' my computer. I am only able to access the internet now through Safe Mode (or by logging into a different user on the computer). This website has more details on the virus: http://www.myantispyware.com/2011/01/26/how-to-remove-antivirus-net-virus/ Thank you for your time in helping me!! DDS (Ver_10-12-12.02) - NTFSx86 NETWORK Run by Melina at 14:31:44.06 on Thu 01/27/2011 Internet Explorer: 8.0.6001.18999 BrowserJavaVersion: 1.6.0_17 Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.1014.548 [GMT -7:00] AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308} SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows&... Read more A:Infected with "Antivirus.net" rogue spyware Hello and welcome. I apologize for the delay. If you no longer need help with this issue, we would appreciate you letting us know. Otherwise, please perform the following steps so I can have a look at the current condition of your machine. I realize that you have already posted logs, but because of the time that has passed I'd like a fresh set. Please download DDS by sUBs from one of the following links and save it to your desktop.DDS.scrDDS.comDDS.pifDisable any script blocking protection (How to Disable your Security Programs)Double click DDS icon to run the tool (may take up to 3 minutes to run)When done, DDS.txt will open.After a few moments, attach.txt will open in a second window.Save both reports to your desktop.---------------------------------------------------Post the contents of the DDS.txt report in your next replyAttach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and then click UPLOAD. Download GMER Rootkit Scanner from here to your desktop. Double click the exe file. If asked to allow gmer.sys driver to load, please consent . If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO. Click the image to enlarge it In the right panel, you will see several boxes that have been checked. Uncheck the following ... IAT/EAT Drives/Partition other than Systemdrive (typically C:\) Show All (don... Read more 2 more replies Answer Match 50.82% Running under Windows XP... I have ran all spyware programs to date; spysweeper, pest patrol corp., adaware se 1.06, spybot, etc. but to no avail. I got a process running. I can view it and delete it in Task Manager under the process tab. However it comes back and it renames itself under a different name everytime. I run in safe mode and its the same thing. Here is a list of the process: First name on boot-up was this (pswtms.exe) when deleted it changes to jislqyf.exe and so on. deaflxh.exe mwqrynf.exe rsxpsuu.exe oqhyzhd.exe dfrmady.exe rofhch.exe pffono.exe igqjfb.exe hhyhfrr.exe paenzx.exe tkfcdjr.exe rjycsnk.exe duxzhx.exe mqrmxfb.exe and so on and so on.... I believe it is a .dll file somewhere do to the fact that is running in safe mode too. Can someone help? HiJack This log avail on request. I don't think it will help though! Thanks Doomsy p.s. I have also ran an online virus check and, a 3rd party virus check (via taking my hd out and scanning as slave under 2nd machine) Logfile of HijackThis v1.99.1 Scan saved at 2:11:03 PM, on 7/2/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Fi... Read more A:Weird spyware problem... maybe rogue .dll Please post your Hijack This log. 1 more replies Answer Match 50.82% My wife's computer has the Security Tool Spyware on her computer. Have tried to do what we can to remove it...no success. We purchased Fix-IT Utilities 10 Professional and the spyware won't even let us use it...blocks it at every attempt...any suggestions??? A:Security tool rogue spyware http://www.bleepingcomputer.com/virus-remo...e-security-tool 1 more replies Answer Match 50.82% My friends laptop was completly riddles with rogue spyware programmes and other malware and spyware. He asked me to try and fix it because i have a fairly good knowledge of computers.I think i have removed most of it but im not sure if it is gone completely. I have done scans with 3 or 4 different types of anti-spyware, anti-virus and anti-malware in safe mode.I have ran hijack this and fixed a few entries that i know are associated with rogue anti-virus program Trusted Antivirus. Now heres where i need your help. I am not 100% sure of some of the entries and as its not my laptop, i dont want to delete the wrong entries. I would appreciate if someone could take a look at my hijack this log and let me know what i have to do to get rid of everythingHere is my log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 19:13:18, on 15/03/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0013)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\... Read more A:Need Help To Completely Remove Rogue Spyware. Sorry for bumping this again, but is there any chance that i can get this looked at soon because my friends needs his laptop back today or early tomorrow. thanks. 3 more replies Answer Match 50.82% I have a strong feeling I've been hit with one of these. My computer shut itself down and restarted...and slowly started "disassembling" itself. By that, I mean everything began to disappear. First, my desktop background, then many useful desktop shortcuts, such as My Computer. The whole time, access to the Task Manager was restricted...Control Panel and other menu items under the Start menu were removed. I can access Sticky Notes, Notepad, Calculator, Mozilla Firefox, Adobe Photoshop CS4, and Adobe Dreamweaver CS4 from the start menu. I tried accessing other programs, such as MSPaint.exe, by using Ctrl + R and this did work fine. I also was able to navigate to a random folder using notepad and change the settings to not be "hidden," sure enough the files within reappeared in the folder.I tried running the Unhide.exe application but received the following errors: repeatedly until the program closed itself.Processing C:\'ATTRIB' is not recognized as an internal or external command, operable program or batch file.Processing D:\'ATTRIB' is not recognized as an internal or external command, operable program or batch file. Currently, I am running full scans with the following: Malwarebytes (Trial version), iolo System Mechanic Professional, and Microsoft Safety Scanner -1.0.03001. So far, all but the iolo SMP have picked up infection(s).Meanwhile, I am repeatedly receiving a bunch of notifications, which I have typed into Notepad a... Read more A:FakeHDD Rogue Anti-Spyware Thought I'd go ahead and post an update of what's going on and what I'm doing to attempt to fix this. I have confirmed that this bit of malware is indeed "System Check". I am having SpyHunter 4 run through right now and detect it, though I doubt that will do any good as I do not own the full version of this software. I need to remove system check, not just detect it. I am afraid to do this manually in case I leave anything behind by accident, however, I am not sure if there are any free tools which can remove it for me. At this point, that should be all I need, so if you have information regarding that (or other useful info), please let me know!EDIT: Also, all of the messages/popups described have gone away since I put in the activation key listed on the site I linked to before. I have a program "Trojan Killer" that is supposedly taking it out right now...all should be well soon, I hope. All of my files and permissions appear to have been restored as well, at least that I have noticed. I just need to remove the traces of this program so it doesn't recreate itself later down the road or have other adverse effects (tracking web usage, taking passwords etc. to important account information).EDIT: 3 and a half hours into the full scan I read that a "full scan" is not even necessary...so I aborted and just did a quick scan. It found a number of issues and removed them then prompted me to restart my computer. I did so, it rebooted s... Read more 5 more replies Answer Match 50.82% Here is some back story on my problem before I post my logs. I got hit with a firefox extra tab pop-up the other day that redirects itself around until the "Anti-virus 2009" message comes popping up. So I went and ran Malwarebytes hoping it would take care of it all in one shot, and then moved onto hi-jack this and attempted removal of the unknown dll's showing up in that list. All to no avail. Malware Bytes and the Hi-Jack this removal methods show completed successfully but the virus is re-installing itself at some point during system activity and I can't track down the roots of this infection as of yet.*removal apps I have tried to note* -Mcafee full scan, Malwarebytes full scan, HiJack-This removal methods, -SDFix scan (did not work properly in safe mode), SmitFraudFix (also would not work properly), -VundoFix (showed clean, yet look at my logs now)-Attemped manual unregistering of .dll's - usually .dll's could not be foundI'm posting my RSIT tool logs and info with this post along with my most recent Malwarebytes Scan I have run. - please note my Malware bytes Scan logs have changed on me showing different found .dll names and registry keys now over the past few days. (nojepake.dll to note can't be disabled in msconfig on startup, nore can I delete the registry key value for it in regedit, more file infections are behind the scenes) But these are the most recent scans I have run on my computer so far. ========== Paste Of LOG.TXT Logfile of random's syst... Read more A:Bad Malware Rogue Spyware Infection - need help I just ran combo-fix and it appears to have successfully removed the remaining Mal Ware on my PC. So far so good anyway. After the Combo-fix scan Malwarebytes returned only 4 infected files on a full scan - all system volume restore information files which I deleted for good measure. I also am in the process of uninstalling and reinstalling a fresh version of Java for my PC. I've referenced this forum before for removing malware and spyware from peoples pc's and even though I recieved no responses on this thread - Just searching threads for requested fixes offers lots of valuable and safe information if followed correctly. My steps to remove this pesky infection included, *McAfee Scan - did not detect all infected files or fix them *Malwarebytes Scan - detected most of infected files - fixes were not permanent *HiJack This Scan - detected most infected files - fixes were not permanent SDfix Scan (locked and scanning processes step for me in safe mode) no help. SmitFraudFix (also locked in safe mode) no help. SysInternals RootKitRevealer - detected no rootkits *Atf Cleaner - deleted many old temp files lurking on PC (for good measure) VundoFix - detected nothing ( not sure if it was even helpfull, possibly harmfull ) *ComboFix - successfully detected infection - deleted infected files and repaired pc start up programs -removed repaired and prevented reinstallation of virus! Ran Malewarebytes full scan and Mcafee scan after successfull ComboFix run. Un-installed... Read more 2 more replies Answer Match 50.82% The PC of one of my colleagues have been infected by SpywareKnight and SpySoldier.I found the appropriate instructions how to remove these infections in this Forum("Spyware and Malware Removal Guides and Reading Room") and told him to followthem.1. Nor SpywareKnight either SpySoldier appears in the Add/Remove Programsbut when he is starting Internet Explorer his homepage is about:blank and containing text stating that he is infected with Trojan.DLoader/LX and that you should install either SpySoldier or SpywareKnight to remove it. 2. He downloaded SmitFraudFix and ran it in Safe-Mode as per above instructionsThe program ran well at the beginning but a windows appeared with the following:"Windows is running in Safe Mode.This special diagnostic mode of windows enables you to fix a problem which may be caused byyour network or hardware settings. Make sure these settings are correct in Control Panel, andthen try starting Windows again. While in Safe Mode scan of your device may not be available.To proceed to work in Safe Mode, click Yes, if you prefer to use System restore to restore your computer to a previous state, click No" The infection is still there.Please asking for assistance. A:Rogue Anti-spyware Popups I'm not sure why that window appeared when running the tool. Was he able to complete the scan or not? He can try running the tool in normal mode if not able to use in safe mode. Also, another alternative is to download RogueRemover and save to you Desktop. (This program is for Win XP, 2000, NT only)Double-click on rr-free-setup.exe to install in C:\Program Files\RogueRemover. During the installation an icon will automatically be created on your Desktop.Double-click on the RogueRemover icon to launch the program.Select "Scan" and the program will walk you through the remaining steps. 1 more replies Answer Match 50.82% Greetings and so glad I found this site! I think I have been infected with one of these rogue programs after reading about them in the topic about your Unhide program. Iexplorer went crazy with pop-ups and shut down. (crashed) on restart wouldnt work and then popups restarted. A program like the one described here started running what looked like a scan and showing problems that needed fixed. After stopping it, I could not run my Malwarebytes program or my anti virus. On reboot, my files are now hidden. Went to safe mode, installed Malwarebytes on the D (back-up) drive and was able to have some success. after updating and running it, I now can access IE and My computer on the desktop as well as recycle bin. I ran my Anti-virus (avast) it found some infections, however all my programs are still missing and files are empty.On restart, I also get an error mssge box that says "ERROR loading CTMBHA.DLL" I would greatly appreciate any help you could provide to make sure the virus or malware is gone and restoring my PC to full operation again. Thanks in advance for any and all help. A:rogue anti-spyware programs. Hi fotobe01, I know it looks like a lot, but it's really just a lot of text asking for only 4 scans. Once you've done these and posted the results in your next post, let me know how the computer is running.Note: You may have to perform some or all of the following in Safe Mode With Networking, depending on if you have internet access while in the normal Windows environment.========================================================================================================================================================Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.========================================================================================================================================================Please download and scan with SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the upda... Read more 5 more replies Answer Match 50.82% Hello, My computer was infected with "security shield rogue anti-spyware" while browsing the internet. I followed the help instructions listed on bleeping computer (http://www.bleepingcomputer.com/virus-removal/remove-security-shield) and ran Malawarebytes. It removed security shield and I thought all was well. Apparently not!! Because, I have an issue with my windows security center. I cannot start Microsoft Essentials on my computer. When I open my security center it says that "Security center is currently unavailable because "Security Center" service has not been started or was stopped. I have tried enabling security center by going into administrative tools-computer management-services-enable security center. It enables for a second but when I try to open Microsoft Security essentials it disables automatically. I believe my computer is still infected and would appreciate any help in fixing it. Operating system: Windows XP Professional A:Security Shield rogue ani-spyware Can you run a System restore to a date prior to the infection?Windows XP System Restore GuideRerun MBAM (MalwareBytes) like this:Open MBAM in normal mode and click Update tab, select Check for Updates,when doneclick Scanner tab,select Quick scan and scan (normal mode).After scan click Remove Selected, Post new scan log and Reboot into normal mode.Please ask any needed questions,post logs and Let us know how the PC is running now. 11 more replies Answer Match 50.82% hi there, recently i've been having some trouble with a rogue program that pretends to be part of microsoft vista security but is actually a spyware program. the first time it occurred it popped up on my screen saying ALERT and prompting me to pay and download fake anti-spyware. i ignored it and restarted my computer. then it blocked my access to the internet. i was able to restore internet access after i used a separate computer and followed instructions to use a windows command prompt on my computer. i also removed the program using Super Anti-software. However, today the program accessed my computer again. i removed it again ( by using safe mode and the super anti-software program--didn't need to go through the rest of it). i am concerned this will occur again and want to get rid of this thing for good. any thoughts? thank you... p.s. my firewall is turned on. i just modified it to "block all incoming connections." i'm not sure if this is helpful or not. A:rogue vista anti-spyware Hello and welcome.Lets run RKill then MBAM and RKill and SUPER again. Post back both logs and tell me how it is now.RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop. Link 1 Link 2 Link 3 Link 4 Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how. Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator) A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed. If nothing happens or if the tool does not run, please let me know in your next replyDo not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interf... Read more 10 more replies Answer Match 50.82% hi guys,im newbee to this forum. kaaash i got this site address from my friend.my system got effected with the rogue spyware " trust cleaner".i went through the whole process wht u guys suggested in the forum http://www.bleepingcomputer.com/forums/t/54501/how-to-remove-trust-cleaner-removal-instructions/ but still hev the problem..i used spyware doctor, windows defender, panda live scan, norton anti spyware...i would appreciated if any one helps to sort it out..here im sending the log file... pls help meLogfile of HijackThis v1.99.1Scan saved at 12:48:14 AM, on 7/6/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5450.0004)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\system32\spoolsv.exeC:... Read more A:Pls Help Me To Get Rid Of This Rogue Spyware "trust Cleaner" Im eagerly waitng for the help. thanks in advance 7 more replies Answer Match 50.82% I have had this problem since the end of August; almost 3 weeks now. I was first alerted to the problem when HughesNet slowed down my internet connection (this called being FAPed by their Fair Access Policy) I am allowed 350 MB per day but this was being exceeded with downloads per hour of anything between 40-100MB. At the moment I am controlling it by continually disconnecting my modem and the bug does have occasional quiet periods when downloads are normal. I live in the rainforest in southern Belize and run a small network of 3 computers and have no local assistance. All computers run Windows XP Service Pack 2. I have 3 browsers installed on each (IE, Mozilla Firefox and Google Chrome) I generally avoided using IE except where https sites were incompatible with the other two. I had made Chrome my preference although after researching this problem I rwead about security problems with Chrome also. I was insufficently protected before. I was running AVG FREE and Spyware doctor FREE as well as Spybot Search and Destroy. I now have the full version of Spyware Doctor and Antivirus and have downloaded Superantispyware and Malwarebytes AntiMalware. Yesterday and the day before I disconnected all 3 computers from each other and from the internet connection and ran Malwarbytes in Safe Mode with Networking . It found spyware.banker and rogue.installer and told me it had successfully quarantined and deleted them. I later ran it again and MBAM found both in different locations now... Read more A:Spyware.Banker and Rogue.Installer Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Pleaseinclude a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner o... Read more 11 more replies Answer Match 50.82% AVG Alert, as follows: Accessed file is infected. Threat was blocked! File name: defender-fmof.in/scan1/77 Threat name: Exploit Rogue Spyware Scanner (type 140) Process name: C:\Program Files\Mozilla Firefox\firefox.exe Process ID: 2756 _______________________________________ BACKGROUND INFORMATION Within last 48 hours: Upgraded browser from Mozilla Firefox 3.6 to Firefox 4.0 Previously-installed Add-ons not compatible with Firefox 4.0, now (disabled): Aging Tabs 0.7.1 AVG SafeSearch 9.0.0.872 Smart Bookmarks 2.0 *(Love this Add-on; searched for similar) Installed (after reading positive reviews): samfind Bookmarks Bar 2.2.1 Attempted to customize interface; was prompted to register at: http://samfind.com/ Created account; received email confirmation; activated account via link in email ALMOST IMMEDIATELY computer became very slow; then (Not responding); then Firefox crashed. Restarted Firefox; within seconds received AVG Alert, as described above. For reference, it is AVG 9 Anti-Virus Free Edition (see attached printscreen, in Word doc) _______________________________________ System: Microsoft Windows XP Professional (32-bit) Version 2002 Service Pack 3 Computer: AMD Athlon™ Processor 1.04GHz, 512MB of RAM _______________________________________ _______________________________________ . DDS (Ver_11-03-05.01) - NTFSx86 Run by Melinda at 21:37:03.46 on Sun 03/27/2011 Internet Explorer: 8.0.6001.18702 BrowserJa... Read more A:AVG Alert_file infected - Rogue Spyware Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your ... Read more 20 more replies Answer Match 50.82% For the first time in my experiences with cleaning computers, I need your help!I've fixed like 30 computers of these rogue applications with a success rate of 100% until today. My sister's computer has one that simply will not go.Specs:Windows XP Pro (which is apparently the only OS this rogue application lingers in)Antivirus: Symantec Antivirus Corporate Gold VersionFirewall: Sygate Personal Firewall ProI've seriously tried about 15 things already that have all worked in the past. To list the main ones:1. Full scanned with Malwarebytes, Spyware Doctor, Spybot Search and Destroy, and SUPERAntiSpyware both in safe mode (administrator account) AND in normal startup mode.2. Ran Rkill.exe and did all above. The process seems to be hidden, (maybe a rootkit?) because the the trojan titled ekr.exe is starting on startup without being listed in the msconfig and even if we end the process, the rogue application is still there. This leads me to believe ekr.exe is the trojan that turns everything else on and is useless after it does so.3. Unchecked all fishy items in msconfig's startup tab4. Searched the registry in specific locations for the string ekr and ekr.exe and manually searched other directories where reported threats were, but was not able to locate anything in specific. The name must be randomized, (as it is for many of the computers I have fixed). Searched the computer for ekr.exe and found nothing except for in the prefetch folder (come to think of it, I... Read more A:"XP Anti-Spyware" rogue application IS NOT GOING ANYWHERE Hello, looks to me as if possbly an EKR frojan is trying to connect yo the internet thru your Steam application.ESET should get this.Please perform a scan with Eset Online Antiivirus Scanner.This scan requires Internet Explorer,Opera or Firefox to work. Vista/Windows 7 users need to run Internet Explorer as Administrator.To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.Click the green button.Read the End User License Agreement and check the box: Check .Click the button.Accept any security warnings from your browser.Check Check Remove found threats and Scan potentially unwanted applications. (If given the option, choose "Quarantine" instead of delete.)Click the Start button.ESET will then download updates for itself, install itself, and begin scanning your computer.If offered the option to get information or buy software at any point, just close the window.The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.When the scan completes, push Push , and save the file to your desktop as ESETScan.txt. Push the button, then Finish.Copy and paste the contents of ESETScan.txt in your next reply.Note: A log.txt file will also be created and automatically saved in the C:\Program Files\EsetOnlineScanner\ folder.If you did not save the ESETScan log, click > Run..., then type or ... Read more 1 more replies Answer Match 50.4% Can anybody tell me what is "TightVNC"? Is it an exploit? an spyware/malware? what is it? Should I be of concern of its behavior? How do you deal with it, if the antispyware failed in quarantine/removing it? How do you you remove it???? Thank you . YOYO. A:Exploit/ Spyware/or Malware? TightVNC is a free remote control utility derived from VNC software. Depends on how it is used as to whether its good or bad.Any commercial product that is normally used for remote administration, but which might be exploited to do this without user consent or awareness.ca.com/securityadvisor.What alerted you to this program? 4 more replies Answer Match 50.4% Spybot 1.3 detected and "fixed" (5) DSO exploit items, but failed to bring up the congratulations, you've cleaned up the problem. My understanding is although the "checked items" still remain (they have a large, vivid green checkmark) on the screen, that they HAVE been fixed but a bug in the program doesn't allow removal of the items from the screen. My QUERY is whether or not what still remains will interfere with future downloads, since I plan to download Zone Alarm and follow that with the XP SP2 mega-patch. Any explanations will be received with great interest. Thanks for your help on this matter. Ivan Kogan A:DSO exploit spyware: possible interference w/XP SP2? Hello Ivan http://support.microsoft.com/default.aspx?kbid=884130&product=windowsxpsp2 Follow that link to Microsoft and a list of programs that conflict with SP2 Zone Alarm is one of them . Good Luck 3 more replies Answer Match 50.4% I recently just bought my new computer and got it home. I immediately downloaded all new Windows Critical Updates, Zone Alarm, AVG Antivirus, Spyware S&D, Ad-Aware, and CWShredder to keep my system optimal, but upon running Spyware and Ad-Aware, I already have Spyware on my PC! My problem is, I cannot remove it. Here is what SpyBot finds: DSO Exploit: Data source object exploit (Registry change, nothing done) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3 DSO Exploit: Data source object exploit (Registry change, nothing done) HKEY_USERS\S-1-5-21-484763869-436374069-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3 DSO Exploit: Data source object exploit (Registry change, nothing done) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3 DSO Exploit: Data source object exploit (Registry change, nothing done) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3 DSO Exploit: Data source object exploit (Registry change, nothing done) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3 --- Spybot - Search && Destroy version: 1.3 --- 2004-07-09 Includes\Cookies.sbi 2004-07-09 Includes\Dialer.sbi 2004-07-09 Includes\Hijackers.sbi 2004-07-09 Includes\Keyloggers.sbi 2004-05-12 Includes\LSP.sbi 2004-07-09 Includes\Malware.sbi 2004-07-09 I... Read more A:DSO Exploit Spyware I cannot remove... 7 more replies Answer Match 49.98% My friend got tricked into downloading a "video" from Youtube which turned out to be SpyLocked 4.0. Long story short is I've been here for a few hours trying to get his system cleaned. I *think* I've rid him of the program (nothing popus up on reboot telling him about the nefarious trojan he needs to install SpyLocked for, etc.). However, his homepage in IE is still hijacked to their homepage. Soooo... there's something lurking in the registry still. Here's the copy/paste from hijackthis... gotta run now but will be back in about 2 hours to check... thanks in advance for any/all help: Logfile of HijackThis v1.99.1 Scan saved at 1:19:26 PM, on 5/25/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\system3... Read more A:Spylocked 4.0 rogue spyware & browser hijacker ok... back... no one's replied but it's only been a few hours. here is further info from hijackthis: Adobe Acrobat - Reader 6.0.2 Update Adobe Reader 6.0.1 ALPS Touch Pad Driver AOLIcon Broadcom Management Programs 2 Canon Camera Access Library Canon Camera Support Core Library Canon Camera Window DC_DV 5 for ZoomBrowser EX Canon Camera Window DC_DV 6 for ZoomBrowser EX Canon Camera Window MC 6 for ZoomBrowser EX Canon G.726 WMP-Decoder Canon MovieEdit Task for ZoomBrowser EX Canon RAW Image Task for ZoomBrowser EX Canon RemoteCapture Task for ZoomBrowser EX Canon Utilities EOS Utility Canon Utilities PhotoStitch Canon Utilities ZoomBrowser EX Conexant D110 MDC V.9x Modem Dell Digital Jukebox Driver Dell Driver Reset Tool Dell Game Console Dell Wireless WLAN Card DellSupport Digital Content Portal Digital Line Detect EarthLink setup files EducateU ELIcon ESPNMotion GemMaster Mystic Get High Speed Internet! Google Desktop Google Toolbar for Internet Explorer HijackThis 1.99.1 Hotfix for Windows Media Player 10 (KB903157) Hotfix for Windows XP (KB888795) Hotfix for Windows XP (KB891593) Hotfix for Windows XP (KB895961) Hotfix for Windows XP (KB899337) Hotfix for Windows XP (KB899510) Hotfix for Windows XP (KB902841) HP DeskJet 880C Series (Remove only) IExplorer Security Plug-in Intel(R) Graphics Media Accelerator Driver for Mobile Internal Network Card Power Management Internet Explorer Secure Bar Java 2 Runtime Environment... Read more 7 more replies Answer Match 49.98% When I use Google and I click on a link to a site, I get redirected to a different site, so I click the back button which usually takes me back to the Google page, I click the same link again, then it takes me to the correct site. Another problem that I'm having is certain spyware applications (ie., Malwarebytes, SuperantispywarePro, Spybot, etc...) are not executing unless I rename the execute file. At first, I could not update any virus or spyware applications, but after I renamed the Malwarebyte's exe file and ran it, I finally can update my Zonealarm extreme security, and other virus and spyware scanners. I've removed various trojans and rogue anti spyware found on my computer but I still am having these problems. I've also uninstalled FileVoom and uTorrent (which I've tried only once) applications and deleted any files I got from a torrent site. I've used Flash disinfectant, SuperanitspywarePro, Zonealarm extreme security, spybot, ATF cleaner, Malwarebytes, MSN cleaner, and others that I can't remember. I've also tried to install the Microsoft (MS08-067), not sure if its working though. DDS (Ver_09-05-14.01) - NTFSx86 Run by HP_Administrator at 1:35:47.56 on Sun 06/07/2009 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.250 [GMT -10:00] AV: ZoneAlarm Extreme Security Antivirus *On-access scanning enabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF} FW: ZoneAlarm Extreme Security ... Read more A:Possible Trojan.DNSchanger and rogue anti spyware Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.??If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine.??Please perform the following scan:Download DDS by sUBs from one of the following links.??Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool.??No input is needed, the scan is running.Notepad will open with the results.Foll... Read more 2 more replies Answer Match 49.98% just need instructions on how to remove AV System Pro...thanks A:Rogue Anti Spyware - Antivirus System Pro Hello and welcome. Please follow our Removal Guide here Remove Antivirus System Pro .You will move to the Automated Removal InstructionsAfter you completed that, post your scan log here,let me know how things are.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system. 2 more replies Answer Match 49.98% I downloaded something from the internet a few weeks back. Ever since I began to notice some performance problems. Every now and then I experience lagging. It got worse every day. Frustrated, I used Spybot: Search and Destroy to look for the problem. Turned out to be 111 mal-ware problems. But the problem isn't fixed and now it's difficult for me to even type on that computer (I used a different one for this thread). Any suggestions on boosting CPU performance? CPU usage seems to spike viciously on even the smallest of tasks (or so it seemed for my computer until that day I downloaded the music). It's as if some mal-ware attacked my hardware A:CPU performance problem- could it be rogue anto-spyware? It also seems that some anti-spyware I installed additionally were detected by my Spybot: Search and Destroy were detected as spyware themselves. Could it be rogue anti-spyware? (they were Stopsign and NoAdware. Which stinks because I just dealt with WinReanimator being on my computer.) 1 more replies Answer Match 49.98% Everytime I run Aol spyware protection it picks up vloading dialer rogue active x threat level elevated, even when it's supposed be blocked from a previous time. Aols livehelp advised me to take it to a pc technician. Ad-aware SE, Spybot and Spyware Blaster don't pick this up? Using Aol broadband and XP home. Any help please? Merry Christmas everyone! A:Spyware-Vloading dialer rogue activex I don't have a whole lot of faith in AOL spyware, especially if Adaware doesn't pick it up. But if you post a hijackthis log we can take a look. http://downloads.subratam.org/hijackthis.zip 1 more replies Answer Match 49.98% Hi, I've used this site before on malware issues and know that you guys are great, so I've got another problem that needs helping. I was browsing the web today and randomly got a rogue anti malware virus (windows antivirus?). It disabled system restore so I booted into safe mode and ran combo fix. Combofix seemingly got rid of all the adverse effects (unfortunately I don't have that log). I ran MBAM after that where deleted some more remnants. Yet....I don't think this is over. Google chrome refuses to run, and I'm getting odd processes that keep popping up on my task manager. I don't know if it's going to get worse so that's why I'm posting now in case things get dicey. Heres the dss report:Deckard's System Scanner v20071014.68Run by Owner on 2010-04-24 19:28:50Computer is in Normal Mode.---------------------------------------------------------------------------------- HijackThis (run as Owner.exe) -----------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:28:57 PM, on 4/24/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.17023)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\syst... Read more A:Lingering viruses from rogue anti spyware Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions... Read more 8 more replies Answer Match 49.98% I have the little shield emblem in the toolbar that tries to direct me to pcspyremover.com Ad-Aware SE finds lots of nasties that keep coming back... CWShredder diesn't find anything CCleaner removes Uninstall keys (HSA, SE, SW) Spybot S&D finds stuff like Hotsearchbar, CoolWWWSearch.aff.Winshow, Startpage-EH, and URLSearchHook.Altpz... Norton Antivirus doesn't find anything... BHODemon 2.0 is running... AboutBuster removed several things but they keep coming back... Here's a HijackThis log from this morning" Logfile of HijackThis v1.99.1 Scan saved at 10:07:11 AM, on 5/20/2005 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\system32\Ati2evxx.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe C:\WINNT\System32\svchost.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\d3lu.exe C:\WINNT\system32\pctspk.exe C:\WINNT\system32\atiptaxx.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Dell\AccessDirect\dadapp.exe C:\WINNT\system32\PRPCUI.exe C:\WINNT\system32\netfq32.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe C:\Progr... Read more A:Solved: Spyware, etc. keeps coming back... rogue dll? 8 more replies Answer Match 49.98% System info: Windows XP Pro 2002, Service Pack 2 Been getting pop-up in the task panel saying critical system alert, infected with spyware, etc. Also, IE pop-ups when I'm not even using IE that appear to be scanning my system & telling me that infections have been found. I ran Spyware Doctor and told me that I have several infections of the above (title), but it's a downloaded version that apparently won't remove infections without purchase. Here is my HJT log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:42:08 PM, on 8/15/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Applications\wcs.exe C:\Program Files\Applications\iebtm.exe C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\ioloAV.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.e... Read more A:trojan.popuper & rogue anti-spyware Hello, Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe. ======== Please follow all instructions and in which order they come, if you have any questions, please ask before proceeding. Its important that you follow this through until i give you the all clear, a lack of symptoms does not mean that it is no longer present. Please DO NOT Attach logs to your posts unless you are advised to do so. ======== Please visit this webpage for instructions for downloading and running ComboFix: http://www.bleepingcomputer.com/comb...o-use-combofix Please ensure you read this guide carefully and install the Recovery Console first. The Windows Recovery Console will allow you to boot up into a special recovery mode. This allows us to help you in the case that your computer has a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time. Once the Recovery Console is installed using ComboFix, you should see a message that says: The Recovery Console was successfully installed. Please continue as follows: Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Click Yes to allow ComboFix to continue scanning for malware. When the tool is finished, it ... Read more 9 more replies Answer Match 49.98% Attempting to disinfect a co-workers computer. I know he had the rogue anti-spyware program Personal Security on the computer. The computer kept getting pop-ups about it being infected with spyware and suggesting to use Personal Security to fix the problem. I ran rkill (even renamed) and Malwarebytes both in normal and safe mode. It seems the only thing rkill stopped was itself and Malwarebytes found nothing. I could not update Malwarebytes. Any attempt at updating or downloading any legitimate anti-spyware or malware program was met with the redirecting of the browser to Stopzilla and Paretologic Anti-Virus Plus websites. I also loaded Ad Aware and Spybot by way of flash drive and ran them in Safe Mode. Neither found anything which did not surprise me. Any help you could provide would be greatly appreciated. DDS (Ver_09-12-01.01) - NTFSx86 Run by kyle senette at 20:04:16.89 on Mon 03/15/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1012.549 [GMT -4:00]AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\WINDOWS\system32\svchost... Read more A:rogue anti-spyware Personal Security and others Hello sgtlmassie Welcome to the BC HijackThis Log and Analysis forum. I will be assisting you in cleaning up your system.I ask that you refrain from running tools other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond the your topic and facilitate the cleaning of your machine.Please keep in mind that we have a large backlog of users just like yourself waiting to be helped so try to be as timely as possible in your replies. Since we do this on a part-time voluntary basis we are limited on how many logs we can respond to and keep open due to time restraints. If you have to be away or can't answer for some other reason just let me know. Thank you for your understanding.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.One or more of the identified infections is a backdoor trojan. This allows hackers to remotely control your computer, steal critical system information and download and execute files.I would counsel you to disconnect this PC from the Internet immediately. If you do any banking ... Read more 18 more replies Answer Match 49.98% My neighbor went somewhere he shouldn't have and ended up with Spyware Protect 2009 on his computer. Here are some of the symptoms: * On start up Symantec announces there's an infection involving iehelper.dll at C:\Windows\System32 and that it will clean it and reboot. Rebooting solves nothing. * Spyware Protect 2009 has an icon on the system tray that can't be closed and constantly comes up with the following message: Windows reports that computer is infected. Antivirus software helps to protect your computer and other security threats. Click here for the scan your computer.(sic) Your system might be at risk now. * IE slows to a crawl when running, and constantly opens ad related pages (casino sites etc.) * Running Spyware Protect 2009 brings up an entire array of worms, trojans and keyloggers. I looked for free solutions to rid his computer of this, but to no avail, and I really don't trust anyone but you guys. One thing I'm a little confused about though is that your instructions include running DSS, but then there's another thread saying that DSS might have been hacked and not to use it. I'm trusting that is no longer the case and ran it. Here is the text file (and the two attached files as requested in the instructions). Thank you very much in advance for your help. DDS (Ver_09-05-14.01) - NTFSx86 Run by Jeana.Cole at 12:56:37.29 on Wed 06/10/2009 Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.5.0_12 Microsoft Windows XP Professio... Read more A:Spyware Protect 2009 (rogue problems) Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe. Regarding your concern about DDS.....please note, that is NOT Deckard's System Scanner(dss.exe, note the spelling) which has been retired. Quote: Running Spyware Protect 2009 brings up an entire array of worms, trojans and keyloggers. This is the nature of rogue applications. Do not act on anything this rogue scanner tells you. Quote: Click here for the scan your computer.(sic) Your system might be at risk now. Please do not click. --------------------------------------------------------------------------------------------- Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed. --------------------------------------------------------------------------------------------- Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate. Stay with me until given the 'all... Read more 19 more replies Answer Match 49.98% I'm currently working on a client's computer who has encountered problems with a rogue anti-spyware utility called ContraVirus, I'm taking steps to minimize and remove the problems, but I was wondering if there was anything I needed to do relative to HijackThis. Here's the logfile, thanks! Logfile of HijackThis v1.99.1 Scan saved at 11:00:00 AM, on 8/1/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe C:\Program Files\Lexmark X5100 Series\lxbabmon.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\Sys... Read more A:Rogue Anti-Spyware Issues - ContraVirus Hello and welcome to TSF. I apologize for the delay in responding to your log. If you still need assistance please follow the instructions below. Please download SmitfraudFix (by S!Ri) to your Desktop. Double-click smitfraudfix.exe to start the tool. Select option #1 - Search by typing 1 and press "Enter" and a text file will appear which lists infected files (if present). Please copy/paste the content of that report into your next reply. IMPORTANT: Do NOT run option #2 OR any other option until you are directed to do so! 1 more replies Answer Match 49.98% I was surfing the net when small square popped up..........Warning you have virus infection, do you want to scan? I have AVG8 and Malaware, so I thought they should take care of this! But that was not the case. The screen popped up,and got more frequent. I spent all yesterday trying to locate the problem. To no avail. After several hours I had to give in. Why? Simple! It started to change my URLs! Then I checked the security, and it appeared I had none! I got Smitfraud down eventually after many tries. This would not work either, Malaware was neutralised and of no value, I tried to get Spybot down, no good! The rogue was really getting at me. I read your pages for a short while, then it cut me off and put a Chinese screen up. This then was the pattern that took place. Every page I tried I got the URL change and the Chinese screen. I spoke to someone who is familiar with computers, and they said it looks as if you will have to give in, the Mafia are knocking on your door. I did then submit, and had the scan and then paid them US$49-95 to leave me in peace. The computer worked OK then. Malaware has been neutralised and AVG8 appears to be doing the Firewall and antivirus etc I paid them for.

What I am concerned about now: To what extent has that rogue compromised my computer? Can I get to taking it off, but if I do, will I be left with a messy computer, will it still be in the Registry?

They oddly offer a 30 day trial.

How could I have stoppe... Read more

A:Rogue Antispyware Spyware Protect. [Moved]

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested..Warning you have virus infection, do you want to scan?To what extent has that rogue compromised my computer? Can I get to taking it off, but if I do, will I be left with a messy computer, will it still be in the Registry?They oddly offer a 30 day trial.What is the name of this rogue?~ OB

2 more replies

I was using Firefox yesterday morning when the problem first occurred. Firefox closed automatically and a message came up warning that the computer had suffered a hard drive failure. I've had a hard drive failure before, and I could tell that this was a phony report. Malwarebytes wouldn't open, and Task Manager was blocked, but I was able to start SuperAntiSpyware and do a scan. It reported a few instances malware, including the blocked Task Manager.

I rebooted as told, but when Windows started, all of my desktop icons were missing, and the Start menu icons were gone too. I got the same phony hard drive failure message (something about scanning the HDD for problems before using this computer), and about 20 other message windows saying "failure to write." The hard drive warning screen said this:

"Windows detected a hard disk problem
A potential disk failure may cause loss of files, application and documents stored on the hard disk. It's highly recommended to scan and solve HDD problems before continue [sic] using this PC."

I was able to load Malwarebytes' and TDSS Killer from a flash drive, and the system seems to be back to normal. However, all of the icons remain hidden (I've changed the settings to that I can see hidden files and folders). At this point, I would like to make sure that everything is clean on this PC.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_16
Run by Henry at... Read more

A:Rogue Anti-Spyware and Rootkit remnants

2 more replies

This afternoon, the malware Antivirus System PRO popped up on my system. I performed an internet search and followed the directions from this web page:http://www.bleepingcomputer.com/virus-remo...irus-system-prousing these applications: rkill.comMalwarebytes' Anti-Malwarerkill.com worked pretty well to shut down ASP, and Malwarebytes' Anti-Malware found and quarantined a related registry key, but when I reboot, ASP just pops back up. I have also tried scanning with Symantec Anti-Virus and CCleaner. I also tried removing the Ethernet cable from the PC before rebooting, and ASP still pops up. Also, after running rkill.com I can't get Internet connections (broadband router to DSL), although the LAN seems to work. Here is the DDS log. I have attached the attach.txt and the mbam-log in a ZIP file. I do not have a report from RootRepeal as it seems to want to take all night, so I'll post it tomorrow. Thanks in advance for your help!DDS (Ver_09-11-29.01) - NTFSx86 Run by Avery Davis at 19:20:21.98 on Sun 11/29/2009Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1350 [GMT -7:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\WebWeaver\WebWeaver.exeC:\Program Files\CinemaNow\Ci... Read more

A:Antivirus System PRO rogue anti-spyware

Update: I was going to upload the report from RootRepeal, but it hasn't finished yet. I started it up Sunday evening and it ran overnight, all day Monday, a second overnight, and now all day Tuesday and it is still going. My disk access light is on steadily, NVIDIA Monitor reports the CPU usage at 18%, but the disk usage is at 0%. I tried starting Task Manager, and NVIDIA Monitor showed disk usage for that, but then it went back down to 0%. RootRepeal says it is "scanning", and it displays a file name and path which changes every few minutes. Task manager processes shows activity in the following:
System Idle Process = 98% or 99%
VxBlockServer.exe = usually 01, sometimes 02 or 00
NVMonitor.exe = sometimes 01 or 02
explorer.exe = sometimes 01
mbamservice.exe = sometimes 01
lsass.exe

Should I just let RootRepeal keep running, or should a stop and restart it? Any other suggestions?

Thanks!

4 more replies

While running vista I had my pc taken over by a couple rogue anti-virus programs...so i finally made the jump to windows 7 and had been clean for a good 3 months. However yesterday i got hit with "anti-spyware soft." I cleaned it up today but I'm wondering whats the best way to prevent my pc from being hit with these rogue programs... I keep auto-update on, Adobe Reader & Java are both up-to-date (i think they seem to exploit Adobe somehow to infect pc's), I use AVG's free version & just added MalwareBytes too

In short, I was wondering if un-installing Internet Explorer would help since once the programs do find a way in they use IE to connect to the internet...

A:How to Prevent Rogue Anti-Virus/Spyware Programs???

There's an add on for firefox 'Noscript' which can stop drive-by downloads, click jackings etchttps://addons.mozilla.org/en-US/firefox/addon/722/There's Host file protection, blocks access to dodgy sites http://www.mvps.org/winhelp2002/hosts.htmAnd also Web of trust, which gives an indication about the quality of the site you're about to visithttp://www.mywot.com/You say you have AVG anti virus, but do you have a firewall?

2 more replies

Hello,A moderator on another board has already walked me through how to deal with the Vista Anti-Spyware rogue malware, but I just want to be sure that it has been entirely flushed out. Topic referenced is here: http://www.bleepingcomputer.com/forums/topic411056.html ~ OB I used a combination of MBAM, SAS, and TDSSkiller, but, even after scanning with Avast and assorted other anti-virus programs and finding nothing, I just want to confirm that the machine is clean and safe to use. I was asked to post DDS and GMER log files here, and I would be very grateful if a moderator could review them and let me know one way or the other. Thanks again, and please let me know if you need any other info.***DDS***.DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_26Run by Paul at 22:40:50 on 2011-07-26Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.2.1033.18.2037.955 [GMT -4:00].AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\SYSTEM32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k secsvcsC:\... Read more

A:"Vista Anti-Spyware 2012" Rogue Malware

2 more replies

Hello.

Yesterday I was hit with what appears to be rogue anti-spyware that brought up incessant pop-up (fake) alerts warning me of infection and fake Windows security virus scans and warning windows. I had a clean laptop to do some quick research into the problem and found advice on using Malwarebyte's Anti-Malware to clear this mess as well as using Hijack This. I did a quick scan with the anti-malware which located a bunch of junk, I followed the instructions on removing it, rebooted the computer and did a couple more thorough scans using my own virus-protection program (McAfee) and Malwarebyte program. All the crazy pop-ups are gone and my scans are yielding 0 infection results, but ever since then, I have been noticing a few quirks: "clicking" sounds in the background as if processes are being activated/accessed (?) and random Internet Explorer window popping up out of nowhere (I primarily use Mozilla Firefox for browser) with an error message along the lines of "page is not accessible" or "page is disabled". I would be grateful if someone could check out a HJT log (I'll send when prompted) or give any additional advice.

Thanks so much!

A:Infected with "System Security" rogue anti-spyware