Tech Problem Aggregator

# Malwarebytes run-time error 440 & antivirus 2009

Q: Malwarebytes run-time error 440 & antivirus 2009

Hi, Please could someone look at this, the website I moderated on has been hit with warning about antivirus 2009 (seems to be a google thing when viewing in firefox - ok when viewing in IE) any way my computer has been slow so I have removed my Spysweeper and I had Zonealarm Securtiy Suite trial which I have just purchased but it will not accept my license key and just has a red x on it. Malwarbytes would not run and just comes up with a box saying vd accelaerator S Grid II Control Run-time error 0 then when check that box another comes up saying Malwarebytes' Anti Malware Run-time error 440 Automation error.

I cannot get either to work and I am worried as they said on www.eurobichons site that someone had hacked in.

This is my HJT log;

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:46:50, on 19/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tiscali.co.uk
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\2.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\2.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-73586283-1606980848-682003330-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com.../en/x86/MuCatalogWebControl.cab?1200525507359
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1150184626546
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 7315 bytes
Thank you.

More replies

Hi

I,ve always found Malwarebytes a great program for removing Antivirus Pro 2008/9

But the past couple of days I have installed Malwarebytes on 2 infected XP computers and been unable to install it. Tried safe mode, re-naming file, system restore which eventually worked on one computer once I took it back a couple of months.

I was wondering if the producers of Antivirus Pro 2009 have implemented a way to block the installation of Malwarebytes?

Anyone experienced the same?

More replies

Hi,

So I did the steps in the Instructions, BUT I made a mistake in the beginning, at first I started going off this post: http://www.techsupportforum.com/f100...es-359912.html - Which helped me access the internet, and so I already ran ComboFix, and only read later it could hurt a lot

Well this is what happened, I used rkill and Malware bytes to try to get rid of Antivirus 2009, that kept popping up and also saying random things were infected (like .dll file and such). And I tried manually looking for all those processes and things on my computer using another site. Anyway, my internet stopped working, IE, Firefox and Chrome - the proxy server. But I was able to bypass that with firefox because of tentonbob's advice with the other guy.

So here are my results (attached is Attach.zip which has both Attach and Ark in it, and this is the DDS report):

----

DDS (Ver_10-03-17.01) - NTFSx86
Run by adith at 12:43:38.27 on Tue 07/20/2010
Internet Explorer: 8.0.6001.18928
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3032.1653 [GMT -5:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

A:Malwarebytes Problem - Used to Get Rid of Antivirus 2009

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

I need to see your ComboFix.txt log.

Go Start > Run and copy/paste the following single-line command into the Run box and click OK:

C:\ComboFix.txt

------------------------------------------------------

19 more replies

Hello...I have been trying for days to remove these pop ups I have been getting. Most have been from Antispyware 2009 where it is doing a free online scan stating I have various critical spyware and trojans. Other pop ups include a series of two different IE windows opening with a constant string of tabs opening up inside them. All blank pages it seems. I have to use task manager>end task to close them. Other pop ups I have been getting come after I use google. A new tab in firefox opens up and in the address bar, in the link, it states whatever it was that I typed in my search.

As the topic states, I have tried using Malwarebytes to remove any infection I have, but the problems still persist. Any help would be greatly appreciated as I have been banging my head against the wall for days without any success.

Also, when I log in, I get a missing dll error. Says I am missing c:\windows1\system32\vatokivu.dll. I have searched and can't find any info on this.

I run Microsoft Windows xp 64, use Mozilla Firefox 3. I have tried SuperAntiSpyware, Malwarebytes, swdoctor and quite a few others. Again, any help would be greatly, greatly appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:18:06 PM, on 1/21/2009
Platform: Windows 2003 SP1 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MD... Read more

More replies

I try and run Malwarebytes to remove this Anti-virus 2009 infection, but Malwarebytes just wont run.

Anyone help, or suggest another utility for removing this?
Many thanks

A:Malwarebytes wont run - antivirus 2009

Bump bump, any help please ?

5 more replies

I am really getting frustrated. I have ran malwarebytes just like the instructions say in the tutorial and it keeps saying that it has found "total antivirus" and "ang antivirus 2009" so I hit "remove" and it shows them in the quarantine but they still keep popping up and the icons are always at the bottom right hand of my screen. I keep running the malwarebytes and the next time it won't find anything, but the next time it will find total antivirus and ang antivirus again. Obviously everytime it finds them I hit remove, but still nothing happens. I posted a few days ago and it seems like I got skipped. I don't mean to be a pain, I know you are very busy, but I would REALLY REALLY appreciate any help you could offer! I have attached the reports specified in the instructions. PLEASE HELP!!!

Please run Hijackthis. Click Do a system scan and save a logfile then copy and paste the content of the log to your reply.You might want to save this page on your favorites, so you can find it again when you return.

11 more replies

A:Infected with Antivirus 2009, and malwarebytes not removing it.

Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this post a fresh dds log, please.

2 more replies

I'm trying to remove Antivirus 2009 from a friend's PC running XP. I've stopped a number of the AV processes and removed the winsrc.dll.

I have installed Malwarebytes but it won't run. I can't start it in conventional mode and in safemode when I try to "run as" any user, I get: A device attached to the system is not functioning.

Thanks for your assistance. I have not posted without searching against this symptom. Please forgive me if I haven't found a previously posted solution.

A:Malwarebytes will not startup to remove Antivirus 2009

1 more replies

I have a friends laptop that got infected with ANTIVIRUS 2009.

I was looking for some way to remove this a$$ho** of a program...it's a nasty one. One website said to download Malwarebytes' Anti-Malware tool. HAS ANYONE EVER USED THIS? IS IT ANY GOOD? Also, any recommendations on how to remove ANTIVIRUS 2009? Cheers and thanks mark A:2 questions - 1 about Antivirus 2009 removal - 2nd about Malwarebytes Anti-Malware Hello and Welcome to TSF. Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription. Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed. If you're not receiving help elsewhere and still require assistance for this issue, please follow the process outlined here: NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help After running through all the steps, you shall have a proper set of logs. Please post/attach as instructed. If you have trouble with one of the steps, simply move on to the next one, and make note of it in your next reply. ------------------------------------------------------ 2 more replies Answer Match 62.16% {{{ how do i get it off my computer }}} the malwarebytes' anti-malware didnt work XP Antivirus 2008, XP Antivirus 2009, and XPAntiVirus are rogue antivirus programs that, when run, display false results as a tactic to scare you into purchasing the software. Older versions of XP Antivirus would create 9 entries in your Windows Registry that impersonate infections on your machine. In reality, though, these registry entries were harmless and had absolutely no effect on your computer. Instead, these entries were set so that XP AntiVirus can find them when scanning your computer and report them as infections. The newer of versions of the program , such as XP Antivirus 2008 and XP Antivirus 2009, instead just display false results when scanning your computer that state infections were found. In order to remove these fake infections, though, you would first need to purchase the software as the trial does not allow you to remove them. While running, XP Antivirus will also display fake alerts stating that you are infected or under attack from some type of threat. These alerts are fake and can be ignored. If you do click on the alert, though, it will prompt you to purchase the software. Examples of text contained in these alerts can be found below. Privacy Violation alert! XP antivirus detected Privacy Violation. Some program is secretly sending your private data to untrusted internet host. Click here to block this activity by removing threats (Recommended). o... Read more A:XP Antivirus 2008, XP Antivirus 2009, and XPAntiVirus are rogue antivirus programs that, when run, display false results as a t... There are indeed a lot of those rogues out there, with the one and only scope of scaring you into buying their product.Unfortunately they get harder and harder to remove.For a list of removal guides for the latest rogues, see hereI am moving this topic to a more appropriate forum 1 more replies Answer Match 62.16% Something has happened on my laptop (the laptop with all my documents on it) and I cannot figure out what to do. I have previously posted at another forum here. The thread from my first post here. I have tried the automatic repairs of Windows in both safe mode and regular mode. I am unable to get either Norton 360 or PC Tools Registry Mechanic to open and run. I installed Malwarebytes Anti Malware and it ran until a "Run-Time error '6' " message appeared. I have tried uninstalling Norton 360 and Registry Mechanic, to no avail. I have tried reinstalling them over the old installations. I have tried uninstalling them in safe mode, in regular mode, and with a special program to uninstall themI have e mailed both Norton and PC Tools asking for advice. Can someone give me some more ideas? Thanks A:Malwarebytes run-time error '6' Can you take a screen shot of the exact error message. 1 more replies Answer Match 62.16% When I tried opening Malwarebytes to run a scan on my Dell Inspiron 1400 (operating Windows XP), I get the following error: "Run-time error '372': Failed to load control 'vbalGrid' from vbalsgrid6.ocx. Your version of vbalsgrid6.ocx may be outdated. Make sure you are using the version of the control that was provided with your application." and I'm not able to open the program at all. I tried uninstalling my current version, downloading the latest version (from this site), and installing that, but I kept getting the same error message when I was both uninstalling and installing. I looked into the program folder and I see the vbalsgrid6.ocx file in there, so I'm not sure why the program won't open. Any help is greatly appreciated, thank you! A:Run-time error 372 for Malwarebytes If it was working and the problem is recent surely easiet thing to do is try system restore. . 2 more replies Answer Match 62.16% WinXP Home with SP3 In the process of cleaning up from "Personal Antivirus" "rogue Virurs" Getting this error when running Malwarebytes:- Full or quick scan. "Run-time Error '5' Invalid procedure call or argument" error Tried uninstalling and reinstalling Malwarebytes (version 1.40). Tried running "mbam-clean.exe" rebooting and reinstalling latest malwarebytes. Other: List of files being scanned stops at windows/system32/zipfldr.dll Tried renaming this (new on gets created right away) Not sure if this is a coincidence or not . Have run Combofix and Advanced System Care Have run SFC, Chkdsk and AVG 8.5 .... all to resolve initial issue. I've seen a few posts (not a lot on the runtime error) so I'm wondering if this is a new issue. Any help direction appreciated. More replies Answer Match 61.74% Hi, this is my first time actually needing to go beyond just reading the site and following along--this is my third virus problem in a few years, the first two were resolved easily with Malwarebyte's Anti-Malware. The computer is a Dell Laptop, it's a few years old. (Hey, no jokes! My mom gave it to me, and she's a sweet lady!)I'm going to be as detailed as I can, although i'm sure there's information I'm leaving at since I've been working steadily on this since last night.I had the MS Antivirus 2009 program show up on my computer--the virus that puts up fake, intimidating scans, wants me to sign up for their protection and then goes on to mess up my browser. (I use Mozilla Firefox.) It also opens pop-up ads in Internet Explorer.I ran Malwarebyte's Anti-Malware, and it got rid of the MS Antivirus 2009 problem, but the Mozilla hijack continued. After looking around on Bleeping Computer a bit, I tried another program--SuperAntiSpy--and that got rid of a bunch of infections as well. That's when another version of the fake scan thing started showing up, something called Spyware 2009 Windows. SuperAntiSpy got rid of that as well. I tried to do a system restore to a point when I knew the computer was clear--didn't work.THE CURRENT PROBLEM:When the computer opens up, the following window appears:RUNDLL"Error loading nfr.dllThe specified module could not be found."Also, when I try to go to some websites on Mozilla Firefox, it claims I'm running through a "proxy server"--websi... Read more A:MS Antivirus 2009, which turned into another one, and now it's that nfr.dll error, and malarebytes and superantispy got the... Little update: Kaspersky didn't fix this, and now there is a second error warning that shows up, reads like this: Error Loading c:\windows\ywequ.dll Upon restart, this dialog box opens, and a couple of seconds later, the one mentioned above shows up as well. Now I'm running out of programs and remedies, and I'm at a loss. 25 more replies Answer Match 61.32% Hello, I'm running a trial version of DK 2009 and when I'm trying to do a boot-time defrag, at phase 3, I'm getting an "unexpected error 0xc0000043" and defrag process stops. Can you please help? Thanks. A:XP PRO SP3/Diskeeper 2009/Boot-time defrag error Dont mean to be awkward with you, but adding this type of third party software is just not worth it, uninstall the program and just use windows default defrag, You may have broken windows defrag , so if it doesn't work after you uninstall disk keeper do the following:- Bring up a command window and type the foloowing cd \windows\system32 press enter key. Now re-register the defrag components, type in regsvr32 dfrgsnap.dll press enter key 2 more replies Answer Match 61.32% I was getting a bunch of pop ups for antivirus 2009. After installing Malwarebytes' Anti-Malware it all got cleared up I unfortunately deleted the logs so dont have a record of what got cleaned as I thought my problems were done. Since then I got a random beep which I believe is the "Windows XP Critical Stop.wav". I installed AVG and it didn't find anything, I also used trend micro's housecall and those both gave me a clean bill. I restarted my comp and didn't touch it. About half an hour later it gave the same sound but I hadn't started any programs or anything so I'm wondering if something is lingering from the previous viruses. Thanks for any help DDS (Ver_09-01-19.01) - NTFSx86 Run by Michael at 17:13:53.12 on Mon 01/26/2009 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1424 [GMT -8:00] AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe ... Read more A:random error beeps after virus cleaned - antivirus 2009 Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you.Disable Realtime ProtectionAntimalware programs can interfere with ComboFix and other tools we need to run. Please temporarily disable all realtime protections you have enabled. Refer to this page, if you are unsure how.To disable AVG:Please navigate to the system tray on the bottom right hand corner and look for this sign.Right click it-> select Quit Control Center.A warning will pop up, click YesDownload and Run ComboFixIf you have already run ComboFix, delete your copy and download a new one. If the computer in question is unable to download ComboFix, transfer it using a removable media (CDs, flash drive).Download Combofix by sUBs from any of the links below, and save it to your desktop.Link 1, Link 2, Link 3 Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.Double click on ComboFix.exe and follow the prompts. If you are using Windows Vista, right click the icon and select "Run as Administrator". You will not recieve the prompts below if you are not using Windows XP. ComboFix will check to see if you have the Windows Recovery Console installed.If you did not have it installed, you will see the prompt below. Choose YES. When the Recovery Console has been installed, you will see the prompt below. Choose YES. When finished, ComboFix will produce a report for you. Please post the contents of th... Read more 10 more replies Answer Match 61.32% Hello, below is my HJT log. There are several strange things happening to my PC: 1. on startup, i get a message saying "ntdll64.exe has encountered a problem and needs to close." when i tried looking up ways to get rid of this, the sites that i clicked on in google were not what were listed. i.e. it should link to a support forum but instead links to an ad 2. antivirus xppro 2009 keeps popping up in windows explorer, sometimes 5 windows at once 3. when i hit ctrl alt del it says "task manager has been disabled by your admin", i am the only user of this computer and have always had access to this 4. there is an icon in my bottom right task bar that looks like a white X in a red circle that i've never seen before 5. when i click on items in the start menu the computer reboots itself PLEASE HELP!! Thank you in advance, this site is so helpful! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:05:51 PM, on 5/5/2009 Platform: Windows XP SP3, v.5657 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20900) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Internet Explo... Read more A:Virus, ntdll64.exe error, antivirus xppro 2009 popups 7 more replies Answer Match 61.32% Hello there - About a month ago, our laptop was infected with a bug that was very hard to mess with. It was called Windows Virus Remover 2009 and Antivirus Pro 2009. It would try and sell us bogus virus protection by trotting out fake alarms and warnings. Like every 30 seconds. Very annoying. It also disabled all of our other antivirus programs, and would prevent us from downloading and installing new ones. I got SpyBot onto the laptop and ran it in Safe Mode. This fixed some of the issues. We no longer get the bogus warnings. We still, however, can't run some programs, like Malwarebytes and Root Repeal. The bug also disables our search capabilities in IE or Chrome. You search for "Spyware" and it takes you directly to an online casino out of Kazakhstan. The bug also plays random sound tracks from TV and radio from nowhere. We can't turn these off, because no media player pops up, and they're not embedded video on a web page; sounds just play from nothing. So to sum up, we no longer have the most annoying problems associated with the malware, but there are many issues that remain and that I can't fix. Please help! Here is the DDS log I just ran a few minutes ago. I also have a Win32k log if needed. Thanks! DDS (Ver_09-09-29.01) - NTFSx86 Run by Ciera at 20:08:05.00 on Sun 10/04/2009 Internet Explorer: 7.0.5730.11 AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: Protection Syst... Read more A:Nasty Malware - Antivirus Pro 2009 / Windows Virus Remover 2009 Hi and welcome to the HijackThis Logs and Virus/Trojan/Spyware/Malware Removal forum,I am and I am here to help you!I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Please perform all steps in the order received and do not proceed if you need clarification.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.As I am in the final stages of training an Expert Coach will also oversee your fix. Your benefit will be "four eyes and two brains" but responses may be somewhat delayed so please be patient!!!!I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!==========We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "S... Read more 20 more replies Answer Match 61.32% The volunteer helping me on the "Am I infected" forum recommended I move my problem over here to this part of the site. I'm not sure if I'm at the point where I should reformat my computer, hope someone can help.Here's my original problems and the logs and help I've received so far: http://www.bleepingcomputer.com/forums/t/208885/ms-antivirus-2009-which-turned-into-another-one-and-now-its-that-nfrdll-error-and-malarebytes-and-superantispy-got-their-butts-kicked/I assume that you'll probably get a better explanation from my problems there, but here's the quick and dirty:Dell Laptop, currently disconnected from the Internet. (It was unable to access the bleeping computer forum anyway--just this site specifically, sites like Google, blogs, those kinds of things worked fine.)The problems started with the MS Antivirus 2009 fake spyware stuff, than the browser hijacks (I shut off proxy servers before coming to the forums), and then I got the Spyware Protect 2009 version of malware, and was only able to get Malwarebyte's to run by changing the extension to .bat after reading it here. Since I started working on these forums with DaChew, I've only followed his instructions.Currently working off my wife's computer, a Mac. Using a USB flash drive that DaChew had me immunize so that I can download the programs on this Mac and transfer them over to the infected Dell. Than I copy the logs onto the flash and move them here.Here's my DDS file, i've changed my name on it to USER.DDS (Ver... Read more A:Serious Malware Infection, started with MS Antivirus 2009, Spyware Protect 2009, nfr.dll Hello Thefactualopinion and welcome to Bleeping Computer,1. Please download GooredFix and save it to your Desktop.Select "2. Fix Goored" by typing 2 and pressing Enter. Make sure all instances of Firefox are closed at this point. Type y at the prompt and press Enter again. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system. Please also allow any registry changes that may be prompted by any of your security programs.2. Please read this tutorial carefully to download ComboFix from one of the locations specified, and save it to your Desktop.Double click the ComboFix icon to run it.If ComboFix askes you to install the Recovery Console, please do so..The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you.Once the Recovery Console is installed, continue with the malware scan.Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. If you have any questions along the way, STOP and ask them before proceeding !!Greetings,Thunder 6 more replies Answer Match 60.48% pls help me.................. A:cant update malwarebytes giving run time error 732(0 0) You may find this link useful :http://www.malwarebytes.org/forums/index.p...=19175&st=0 6 more replies Answer Match 60.06% Ok, Hello =) I am not sure what to do but here goes nothing ^^ I shall start at the beginning. I had a problem where a command prompt would appear for about half a second then disappear every 5-10 minutes. The title of this prompt was C:DOCUME~1\Testing\LOCALS~1\Temp\TMP543.exe What read in the box was something along the lines of Bad command or .. . I could never read the rest. After some basic troubleshooting and searching, I decided to post about it on computing.net. In which a helper on their site asked me to use ATF cleaner which i did, then suggested Malwarebytes, which i did as well. I posted the logs and apparently i was heavily infected. (i do not know) their helper then gave me instructions to use ComboFix, which I followed. He gave me various links and such of how to use ComboFix. . .about 11 hours into running Combofix, i restarted my computer, because it had been on the same screen for 8-9 hours now. It hadn't fixed the original problem and I had no taskbar at the bottom of the screen, it was only a sliver of it sometimes, i could not copy and paste files/text/folders. I was then instructed to uninstall ComboFix, then redo the previous instructions. I did. This time combofix went through fine, i got a log and the original problem was gone. however, the copy/paste and taskbar are still problematic. He told me to run malwarebytes again, when i attempted to it gave me this error Malwarebytes' Anti-malware Run-time error '373':... Read more A:Run-time error 372 for malwarebytes, cannot copy/paste, no taskbar Hello again,unforyunately for you, this is why we have the blue text above this forum. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use.Are you running XP,Vista etc???Run-time error '372':Failed to load control 'vbalGrid' from vbalsgrid6.ocx. Your version of vbalsgrid6.ocx may be outdated. Make sure you are using the version of the control that was provided with your application.Download MSFT Visual Basic from here http://www.microsoft.com/downloads/details.aspx?familyid=9EF9BF70-DFE1-42A1-A4C8-39718C7E381D&displaylang=enInstructionsBefore starting the download, create a download directory on your computer. If your internet connection is less than 300K, it is recommended that you run the multi-part download by following the "More Information" link at the upper right, then clicking "Download Now."Click "Download" to begin downloading the single download. When prompted by the download software, choose the option "Save this program to disk" and click OK. Then select the directory you created on your computer. Run the file from the download directory. When prompted, select the same directory you created on your computer. You will be expanding the contents of the EXE into this directory. Run SetupSP6.exe from the download directory. When you accept the terms of the electronic End User License Agreement (EULA) the setup software will replace the appropriate files i... Read more 16 more replies Answer Match 59.22% So I got a fake scan virus (Antivir Solutions Pro) probably a week or so ago. I rebooted in safe mode, ran a scan with AVG (the most recent free edition), and I thought that had taken care of the problem. Ever since, my computer has been acting up. When I try to run Malwarebytes, I get a run-time error 0 and 440. I have the google redirect problem as well. I read and tried to follow the BleepingComputer prep guide. I ran the DDS and will post the two logs I have, and I downloaded gmer, but when I tried to run it, my computer crashes. It went to a blue "stop error" screen. At the bottom of the page, it listed these errors: 0x000000F4 (0x00000003, 0x85E3EC30, 0x85E3EDA4, 0x805D297C). Help please!!!This is my DDS log:DDS (Ver_10-03-17.01) - NTFSx86 Run by Compaq_Administrator at 18:23:36.51 on Thu 07/29/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_19Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.187 [GMT -4:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG ... Read more A:google redirect, computer crashing, malwarebytes run-time error Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more 2 more replies Answer Match 58.8% I am having several issues with my computer running Windows XP Home SP3. To explain, I will give the history. I downloaded a virus that my installation of Mcafee detected. Mcafee told me to restart my computer to resolve the issue, so I did. When my computer had rebooted, I ran a full scan using Mcafee and it quarantined a lot of files that seemed safe, including Windows Media Player, the explorer.exe file, and the divX video codec. When I restarted again, Windows was stuck in a log on/off loop, where it would ask me for my username and password, say it was loading my settings, and then promptly log off again leaving me at the log on prompt again. I used something called BartPE to load an OS from a cd and I copied a new userinit.exe file into the C:\Windows\system32\ directory because whatever virus I downloaded apparently deleted the original. After I did that I could log on to Windows successfully. Now, I am experiencing the following issues: -Windows Media Player was reset to a much earlier version (6.4) -I can't bring up the task manager through the Run > taskmgr command, or Ctrl+Alt+Del -Many websites are blocked, including antivirus sites, help forums, and even Microsoft. -When I tried to install Malwarebytes to try and fix my computer I got the following error message: vbAccelerator SGrid II Control / Run-Time error '0' There are probably more issues I haven't discovered yet. I think there are many systems files missing. I'm ... Read more A:vbAccelerator SGrid II Control / Run-Time error '0' Unable to install Malwarebytes Hi reinsterling,I think you need to try and get through the procedures for the HijackThis forum. I'll ask if this thread can be moved there or if you will need to start a new one there. Do anything you can in the following link:Preparation GuideZllio 2 more replies Answer Match 58.38% hi i keep getting a security pop up from taskbar saying i have a security problem. It then proceeds to open a window to anykuy.com which redirects to onlineproantivirus2009 it also started opening a program called ms antivirus2009. Any help in getting rid of this would be much appreciated.I have avg which doesn't seem to find anything and also malwarebytes. Below are the DDS.txt log and also the Attach.txt file .. DDS (Ver_09-02-01.01) - NTFSx86 Run by Owner at 21:05:12.84 on Mon 09/02/2009 Internet Explorer: 7.0.5730.13 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.895.409 [GMT 10:00] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\userinit.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1... Read more A:Infected with:antivirus pro 2009 and also ms antivirus 2009 Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for p... Read more 2 more replies Answer Match 57.12% Greetings all, In the past two months I've encountered AV & AS 2009 a number of times. I volunteer with our local computer club and more and more members are contracting this hideous software. In most cases, a "birthday suiting" of the system has been the only answer. Especially those that had been infected a while. I've been successful at removing this malware from some systems using instructions found here on bleepingcomputer.com.I have not seen this malware or any evidence of it in my surfing and use of my systems. However, I'd like to know if anyone knows how it works. What is so enticing about this software that unsuspecting users will think to click on it is the right course of action? I've asked those folks who have suffered this insideous attack, but no one seems to know how it got on their systems. Is it an ad as I've seen some forums mention? Does it pop up a window that doesn't allow you to click on an X in the corner to close it? What's the best course of action for someone who encounters this dastardly software on the byways of the net?Any and all comments are welcome . . . ;-} Pandora Boxe A:AntiSpyware 2009 or AntiVirus 2009 Hello, if you could please let me in on the secret as to how to get rid of this. I just encountered this horrible virus today and I am about to scream 5 more replies Answer Match 56.7% Okay, I've been fighting this for a couple weeks now and things keep popping up.It started with Antivirus 2009, which was hijacking my browser windows and making my desktop flicker. I (thought) I'd gotten rid of this but then more issues popped up a week or so later.I had what appeared to be Antivirus 2009/ Antivirus 360 again, but it was coupled with something that was causing my computer to shut down due to "DCOM Server Process Launcher" shutting me down.I'd "mostly" fixed this problem, with the exception that I can no longer defrag my computer.Then today I had a warning pop up in my toolbar that said I was infected, and tried to direct me to real-avg.org, so I immediately shut off my wireless and ran malwarebits, adaware, avg free, Iobit's Advanced System Care and I'm just really paraniod that I can't get rid of this problem.Oh, and I've had a few blue screen's of death here and there in all of this, but I'm not sure what they were specifically warning against.I've ran HijackThis and the DDS thing, and here are the results.. any help would be hugely appreciated!!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:46:30 PM, on 1/12/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:&#... Read more A:Infected Computer, several problems including Antivirus 2009/Antivirus 360 Hello Angelinazooma and welcome to Bleeping Computer,1. Please download GooredFix and save it to your Desktop.Select "2. Fix Goored" by typing 2 and pressing Enter. Make sure all instances of Firefox are closed at this point. Type y at the prompt and press Enter again. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system. Please also allow any registry changes that may be prompted by any of your security programs.2. Please download ComboFix from one of the locations below, and save it to your Desktop.LinkLinkLinkDouble click the ComboFix icon to run it.If ComboFix askes you to install the Recovery Console, please do so..The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you.Once the Recovery Console is installed, continue with the malware scan.Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. If you have any questions along the way, STOP and ask them before proceeding !!Greetings,Thunder 5 more replies Answer Match 56.7% Ok the first indication I had that there was something wrong is when this XP Antivirus 2009 started popping up and it wouldn't go away. I would have to bring up task manager to get rid of it and close IE. This was shortly after returning home. My oldest grandson had been on the computer while I was gone and no telling what sites he went to and of course he not talking. I do have the computer password protected but I forgot to log off when I left and now I'm paying for it. grrrr This is new computer and it came with Macafee installed on it and Macafee didn't do squat ugh. So I ditched Macafee and downloaded Avast! Ran thier boot time scanner and ran it again after start up and these are the things they found and put in the chest the several times I've run it. nstC2aa.dll nstA03C.dll xxx8712.exe xxx6143.exe xxx6173.exe xxx5672.exe 84[1].exe 7[1].exe 6[1]exe 85[1].exe 120[1].exe ~tmpc.exe <several copies of this one.. it keeps coming back eauzycuitwog.dll dbstr.dll There were a couple of files it specifically ask me about in the boot time scan and since I wasn't sure I said "not sure" and it didn't put them in the chest. I guess those files were system files. I also installed spyware doctor.. geesh could kick myself. I've had it since I got puter but never installed it yet. Ran spyware doctor and it found a lot of stuff and supposedly deleted it too. There are 2 files that keep popping up on my task manager or rather processes a... Read more A:XP Antivirus 2009 (virus) pop ups keeps coming back after deleted by antivirus bump it up. I have kept running Avast and Spyware Doctor over and over and I also emptied temp files etc. The pop ups have stopped but IE is running really slow so I think there is still something here. 2 more replies Answer Match 56.28% any one help to remove remove antivirus 2009 and xpsecurity center antivirus. after removing the files and registry entries still a icon in system tray poping up thanks A:remove antivirus 2009 and xpsecurity center antivirus Please do not create multiple threads for the same problem! Read >>Posting help read first<< if you feel you are not getting help. Continue here: http://forums.techguy.org/malware-r...-remove-antivirus-2009-xpsecurity-center.html 1 more replies Answer Match 56.28% Hey guys, Josh here, to start Id like to say thanks. because ur site is well put together, registration was easy and I could quickly locate where i wanted to go. Onto a more topic related subject. Recently i was given ques by my computer that Warning! Security Report Your computer is infected! IT is recommended to start spyware cleaner tool. So instictively i clicked the bubble and took my path onto a link to the software known as Real Antivirus. Through hours of searching, I have come to realise that other people hve also encountered a problem with a virus which sounds similar to this (rouge virus known as, antivirus 2006-7-8-9 etc.) which may be created by the same group or person. I will quickly list the things Ive tried Various virus scans .malbytes antimalware .Mcaffee security center .Super antivirus free edition .The german sounding one which starts with a V (apologies). .Spyware doctor Also tried looking on other threads and googling etc. The symptoms that have become apparent are: .Slight loss of performance .Almost constant Warning! bubble .An incredibly ugly desktop background which says WARNING Dangerous Spyware Many viruses were found on your computer such as : trojan horse, passcapture, etc. Your personal information can fall into the "third hands" Please check up the computer with a special software thank (Gotta love there spelling.) .internet explorer being redirected to either the real antivirus homepage or a page saying that I ... Read more A:Real Antivirus/ antivirus 2009?- Require Assistance Logfile of HijackThis v1.99.1 Scan saved at 6:28:28 AM, on 12/14/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\PROGRA~1\McAfee\MPS\mps.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\S... Read more 1 more replies Answer Match 56.28% any one help to remove remove antivirus 2009 and xpsecurity center antivirus. after removing the files and registry entries still a icon in system tray poping up thanks A:remove antivirus 2009 and xpsecurity center antivirus Hi, Welcome to TSG!! Click here to download HJTInstall.exe Save HJTInstall.exe to your desktop. Doubleclick on the HJTInstall.exe icon on your desktop. By default it will install to C:\Program Files\Trend Micro\HijackThis . Click on Install. It will create a HijackThis icon on the desktop. Once installed, it will launch Hijackthis. Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log. Come back here to this thread and Paste the log in your next reply. DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required. 1 more replies Answer Match 56.28% Hi all,I have a PC with a 2.6 GHZ CPU, 1.5 GB RAM, a 250 GB internal C drive, 80 GB internal D drive and 2 external drives which were detached when the virus hit. I am running Windows XP Home with SP2. I use Panda Internet Security and Spybot S&D. Last week, I was hit with Antivirus 2008 Pro which crippled my PC for a couple days until I thought I had gotten rid of it with SpyHunter. It came back the next day and morphed into XPAntivirus, which also took a couple days to get off. Panda and Spybot didn't find anything when I ran them so I ended up using both Spyhunter and Spyware Doctor as well as SmitFraudFix and a couple of websites that listed files, directories, and registry keys that had to be deleted AND doing a complete clean install of XP after transferring all my relevant files over to an external drive. I finally got it off and was clean for almost a week until the night before last. I was trying to find a free PDF converter program for a friend of mine. I found PrimoPDF (not on the maker's website, unfortunately) and when I clicked on the install program, my computer restarted. When it came back on, I had the red alert message from Windows Automatic Updates which said that my updates were not turned on. When I tried to turn them on, the control panel said they were turned on but the red alert wouldn't go away and I couldn't go to the Microsoft update site manually. Also, error messages involving DLL files came up -- ubijcvin.dll and ijjcvslw.dll -- sayi... Read more A:Infected By Antivirus 2008 Pro, Then Xpantivirus, And Now Antivirus 2009. . . Hello Stacy and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully and install the Recovery Console first (not for Windows Vista users !).The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you. (WinXP SP3 users, please download the appropriate SP2 file, Home or Pro, to install the RC)In the event you already have Combofix, delete your current version and download the latest ... Read more 8 more replies Answer Match 55.86% For the past week or 2 my computer has been infected with Antivirus 2009. I have encountered this virus before on numerous different computers but this is the first time that I have seen it on my computer. Every other time I have dealt with it all I would have to do is run Malwarebytes once or twice and that would be the end of the problem. However when I did that on my computer it did not find Antivirus 2009 anywhere. So I looked for the common signs of it such as the folder in the program files and looking in the process tab of the task manager for av2009.exe or anything of the sort but none of that was there. So after I ran Malewarebytes which found some other viruses or trjoans which required a reboot to delete them I started getting bad image errors for the files that were deleted by Malwarebtyes. This message popsup anytime I open an executable program or when all of these programs load up when Windows starts. So now I have two problems: 1. I keep getting Antivirus 2009 popups as well as popups for other sites like searchme.com but there is no program to delete or any trace of it on my computer so it seems and 2. I keep getting these annoying Bad Image messages anytime I open something and I desperately want to get rid of them. (The exact message error is "The application or DLL c:\windows\system32\dudimuba.dll is not a valid Windows image. Please check this against your intallation diskette.") And I have also tried running Malwarebytes in safe mode doing... Read more A:Bad Image Error/Antivirus 2009 "Ghost" Infection This is in the wrong section but oh well, follow the steps on here >> http://www.techsupportforum.com/f50/...lp-305963.html for malware removal help from the experts... 1 more replies Answer Match 55.86% For the past week or 2 my computer has been infected with Antivirus 2009. I have encountered this virus before on numerous different computers but this is the first time that I have seen it on my computer. Every other time I have dealt with it all I would have to do is run Malwarebytes once or twice and that would be the end of the problem. However when I did that on my computer it did not find Antivirus 2009 anywhere. So I looked for the common signs of it such as the folder in the program files and looking in the process tab of the task manager for av2009.exe or anything of the sort but none of that was there. So after I ran Malewarebytes which found some other viruses or trjoans which required a reboot to delete them I started getting bad image errors for the files that were deleted by Malwarebtyes. This message popsup anytime I open an executable program or when all of these programs load up when Windows starts. So now I have two problems: 1. I keep getting Antivirus 2009 popups as well as popups for other sites like searchme.com but there is no program to delete or any trace of it on my computer so it seems and 2. I keep getting these annoying Bad Image messages anytime I open something and I desperately want to get rid of them. (The exact message error is "The application or DLL c:\windows\system32\dudimuba.dll is not a valid Windows image. Please check this against your intallation diskette.") And I have also tried running Malwarebytes in safe mode doing... Read more A:Bad Image Error/Antivirus 2009 "Ghost" Infection Hello and Welcome to TSF. Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription. Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed. ------------------------------------------------------ Please visit this webpage for download links, and instructions for running ComboFix: http://www.bleepingcomputer.com/comb...o-use-combofix * Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix. Please post the C:\ComboFix.txt in your next reply for further review. ------------------------------------------------------ 13 more replies Answer Match 55.02% Hello all, please help. I have a gateway FX laptop with vista that is two months old. I have Symantec newly installed. I ran a file that I probably shouldn't have and got zapped. I get continuous warnings and popus telling me to run scans. Then I get a popup scan window and advetrisements for MS Antivirus 2008, Vista Antivirus 2009, and other antivirus programs. I also get a ppcsx.exe window in startup, and two self resurrecting links to BDSM Extreme F%CK a T1Ts and A$$. Please help. what should I do? DO i need to download HJT? I have already done a full symantec scan to no effect. Please help.

A:Ms Antivirus 2008 / Vista Antivirus 2009

Welcome to BleepingComputerLet's try 2 different things before we worry about HijackThishttp://www.bleepingcomputer.com/forums/ind...st&p=876163Run a scan with MBAM and post the log pleasealso scan with norton's from safe modehttp://www.malwareremoval.com/tutorials/safemodeboot.php

7 more replies

Hi all,
First of all, thank you to everyone who helps out in this forum, it is greatly appreciated.

I have the unfortunate job of cleaning my relative's computer and here is what I found. There are random popups containing information about purchasing the antivirus 360/antivirus 2009 software. I also ran Trend Micro House Call and it found the Trojan.Vundo file but was unable to do anything about it. Below are the DDS reports. I tried running a kaspersky scan but it forced Firefox to unexpectedly close 3-4 times while trying to complete it. I'm not sure what caused that either!

Thanks again.
DDS (Version 1.1.0) - NTFSx86
Run by Donna at 14:11:57.17 on Thu 12/25/2008
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.66 [GMT -5:00]

AV: AVG 7.5.503 *On-access scanning enabled* (Updated)
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\LEXBCES.EXE

A:Antivirus 2009/antivirus 360/Trojan.Vundo

2 more replies

Firstly I'd like it to be noted that I've done all the preliminary steps suggested. I've also researched Antivirus 2009, which is the malware that I know I have. I then did all the steps posted here http://www.bleepingcomputer.com/malware-re...-antivirus-2009. And though it appears that Av 2009 is no longer in my taskbar (thankfully). It still appears that it is in IE because I'm getting the link that appears in Google, the occasional random blocking, and the constant gold bar on the top of the screen.Thankfully I have Google Chrome to use for now, but I'd still like to completely restore IE and anything else that may remain on my computer.(P.S. I think I may have to remove the BHOs, but I don't know how, and I'm afraid to hack away at them willy-nilly.)Anyways, here's my HijackThis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:42:16 PM, on 1/17/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Dev... Read more

A:AV 2009: Malwarebytes Only Worked Partially

Hello Cryopyre,I'm DocSatan and I will be helping you with your computer problem. Give me some time to research your Log and I will get back to you.In the meantime, please do not make any changes (deletions, etc.) to this system.Doc.

2 more replies

I've been using Webroot Anti-virus with Spy Sweeper but am looking to change as viruses have recently crippled my computer.

I am interested in using Avast and malwarebytes. Can they both be used for real time protection or would they conflict with each other (and/or take up too much resources)? I am looking at getting the paid version of malwearebytes for real time protection.

Would running only one of these programs as real time protection sufficiently protect my computer from virusues, malware and spyware or would using only one leave me vulnerable?

Thanks for any insight here.

A:Is it a good idea to run Avast and malwarebytes (real time protection) at the same time?

3 more replies

My mom gave me an old laptop of hers, it's a Gateway M285-E running Windows 7 32-bit. At first I noticed that explorer wasn't working right, for instance, the entire C drive seems to be empty (except for two files) and some explorer windows are coming up without any words (see first screenshot), task manager included. I tried to Run AVG anti-virus scan, but it froze the computer everytime, so I uninstalled and not have avast! free on it. When scaning, the run0time error pops up each time sometime in the middle of the scan. A friend recommended Malwarebytes, so I tried to use that, but the same error pops up and sometimes I get BSOD after only having started the computer. Below are some screenshots of the problems, and atatched is my Windows_NT6_BSOD_jcgriff2 file. As can be seen in a screenshot, I could not get a system health report, the same error happens everytime I try even after restarting the computer.
If any other information is needed I will be happy to supply it.

Attachment 190903
Attachment 190904
Attachment 190905

A:BSOD and Run-Time error '6': Overflow when antivirus scanning

OK Camokid

There are several problems here that my partner and I are going to help you work through. I would suggest up front if you can do a clean re-install of win 7 it would be faster and easier.

That having been said, in your specs you have SP-1 in the crashes you dont.

Your OS version in the crashes is listed as "enterprise", which is not the best version to be running at home. Has that OS been modified in any manner?

As m partner is saying there are at least three separate malware apps running simultaneously. Thats never a good idea. Follow her directions for the removal of them.

5 more replies

A:Malware, XP AntiSpyware 2009, Malwarebytes Freezing PC

13 more replies

Hi

I have been infected with Spyware Protect 2009

I was able to download Malwarebytes' Anti Malware program however when I ran it it locked up at the "Finishing" Stage of the install.
It is now frozen and I am unable to run it.

I can't even click on "My Computer" i just get the hourglass symbol for a few seconds and then nothing, WMP won't play, everything is in limbo
can't run Spybot, etc.. it did let me connect to the internet.

Windows XP machine with auto updates active

I also am getting a message after turning on that says "ViewMgr has encountered a problem and needs to close"

Everything is frozen for the most part except the popups from Spyware Protect
DO I have any chance of cleaning this mess with so much frozen?

tami

A:infected with Spyware Protect 2009, can not run Malwarebytes

Some types of malware will disable MBAM and other security tools. If MBAM will not install, try renaming it.Before saving any of your security programs, rename them first. For example, before you save Malwarebytes', rename it to something like MBblah.exe and then click on Save and save it to your desktop. Same thing after you install it. Before running it, rename the main executable file first

Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.

If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run..Another work around is by not using the mouse to install it, Just use the arrow keys, tab, and enter keys. ~ Courtesy of boopmePlease download Malwarebytes Anti-Malware and save it to your desktop.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that... Read more

24 more replies

Hi, I've looked at all of your methods, and others online on how to remove spyware protect 2009 from my computer. At least I can use aol browser, but not IE. I've used AVIRA, aol spyware protection, adaware first with no luck. They didn't even find it.

So I went online to see how others got rid of it. I followed their directions. I tried shutting off system restore, then downloading malwarebytes. I couldn't get malwarebytes to run! It just created an icon, but didn't do anything. I then uninstalled it, turned system restore back on, tried to go back to an earlier time, but it wouldn't allow me to do so. I couldn't click the calendar to go back. I then tried another link to download malwarebytes again, but it did the same thing.

While I'm typing this, I just got a message from Norton pc checkup that they found spywareprotect, but it will cost me 129.00 to buy their software. Plus they have my performance as only 2 stars (fair)

I am really not very good at computer lingo, so if anyone can help me, please know I'm not a geek, just a person that can follow step by step directions. Thanks in advance to anyone who can advise.

DJ

A:Cant remove Spyware Protect 2009 malwarebytes won't work

Try to rename the Malwarebytes file to red.com and see if it runs like that. The infection you have is watching for that file to be run. What version of Windows are you using? Please update Avira and run a scan - post its log.

1 more replies

I am having the exact same problem. I did manage to install Malwarebytes, but can't get it to run. I tried renaming the file; I tried using hijackthis, I tried booting windows into safe mode. None of this will run. I even tried combofix and it won't run either. What can I do manually that would temporarily help? I have windows xp.cheezfriquote name='rigel' date='Mar 1 2009, 12:32 PM' post='1158038']Try to rename the Malwarebytes file to red.com and see if it runs like that. The infection you have is watching for that file to be run. What version of Windows are you using? Please update Avira and run a scan - post its log.[/quote]

A:Cant remove Spyware Protect 2009 malwarebytes won't work

3 more replies

A:Infected w/spware protect 2009 used Malwarebytes unsuccessful

2 more replies

Well, MBAM did a flash scan while I was gone for a minute and a Rogue AV popped up in the scan. Ever since last night my computer has been freezing completely, requiring a hard shutdown. This has happened five times so far.I have beefed up my computer security since my last visit here, and I was hoping to not require coming back for help again.Here is the MBAM log.

Malwarebytes Anti-Malware (PRO) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.28.04

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421

Protection: Enabled

1/28/2012 12:51:32 PM
mbam-log-2012-01-28 (12-51-32).txt

Scan type: Flash scan
Scan options enabled: Memory | Startup | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: Registry | File System
Objects scanned: 177055
Time elapsed: 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
c:\program files (x86)\antivirus pc 2009\quarantine (Rogue.AntiVirusPC2009) -> Delete on reboot.

Files Detected: 0
(No malicious items detected)

(end)

A:Rogue AntiVirus - AntiVirus PC 2009

34 more replies

Greetings,

First thanks for the folks that man these great forums, I have read many posts here and I must say I am overly impressed with the kindness and patience shown by everyone.

We are running Windows XP on a Lonovo laptop. Not sure what other info you need regarding the computer but if you ask I will provide.

First we experienced the Sowar issue (it shows Sowar browser and takes us to a porn site called redtube.com) and while trying to track that down we ended up with Antivirus 2009. I had this beofre on another laptop so I tried to use the same fix from Malwarebytes but it would not delete everything. Before you know it I was getting the messsages about Antivirus 360.

Now I am willing to admit I need help. I am not sure which problem to fix first or honestly how to fix them now that malwarebytes does not seem to be able to fix them.

thanks in advance for helping us out.

K

A:Sowar, antivirus 2009 and antivirus 360 all at once

16 more replies

Grrrr I don't know which one I have but I know they are a major pain.I posted a hijack this log on the spybot help forum last night and went to bed but still no answer this morning. Do I need to do another one? Weirdo things happened on startup this morning. Any and all help is appreciated. Thanks in advance. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:45:58 PM, on 9/17/2008Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Windows\RtHDVCpl.exeC:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exeC:\Windows\System32\rundll32.exeC:\Program Files\Java\jre1.6.0_01\bin\jusched.exeC:\Program Files\AVG\AVG8\avgtray.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Windows\ehome\ehtray.exeC:\Windows\System32\rundll32.exeC:\Program Files\MSN Messenger\msnmsgr.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Windows\System32\rundll32.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Windows\System3... Read more

A:Virtumonde, 2009 Antivirus, Ms Antivirus

7 more replies

My friend's computer was infected with Spyware Guard 2009 and a TDSSserv viruses and while I have seemed to get rid of those using SuperAntiVirus it is still hanging during Malwarebytes and HJT. It freezes in HJT after finishing the scan and freeze in Malwarebytes after hitting wups.dll or wups2.dll, always around 13 secs into the scan. Computer is now running but still not exactly smooth. I updated Windows to XP SP3 and downloaded all the security updates and its still not working well.DDS (Ver_09-09-29.01) - NTFSx86 Run by Owner at 3:39:38.85 on Tue 02/09/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.683 [GMT -5:00]AV: McAfee VirusScan *On-access scanning enabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Personal Firewall Plus *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\system32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exeC:\Program Files\iPod\... Read more

A:Laptop Hanging During HJT and MalwareBytes after Spyware Guard 2009 + TDSSserv Removal with SAS

2 more replies

hi . . .
i already removed the antivirus 2008 folder using combofix . . .
however, everytime i accessed the internet, everytime i clicked a link or entered webpage, in my browser, it says
Insecure Internet activity. Threat of virus attack

Due to insecure Internet browsing your PC can easily get infected with viruses, worms and trojans without your knowledge, and that can lead to system slowdown, freezes and crashes.
Also insecure Internet activity can result in revealing your personal information.
To get full advanced real-time protection for PC and Internet activity, register Antivirus 2008.
We recommend you to protect your PC now and continue safe Internet browsing.
Continue to this website unprotected (not recommended).

i tried using Malwarebytes antiMalware but it didn't remove it . . .
Sysclean, however, terminates it but when i opened my pc again it appears again . . .

Since you have a HJT log posted in the HijackThis Logs and Malware Removal forum, I'm going to close this Topic.You shouldn't make any changes to your system, while you are receiving help with your HJT log, as that could make it difficult to properly clean your system.At this point, the HJT Team should be the only members that you take advice from, until they have verified your log as clean.If you have any questions, don't hesitate to send me a PM.

1 more replies

Is there a program someone can recommend that will remove Antivirus 2009 or does it have to be done manually?

A:Antivirus 2009

Doubleclick on the HJTInstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

1 more replies

Hi, I'm new to this site and hoping someone can help me.

I am trying to remove Antivirus Pro 2009 from a friend's PC (running Windows XP SP3). The program has blocked his internet connection completely, so no pages will load in IE or Firefox. Also none of his security programs can gain access to do their updates.

I downloaded the Malwarebytes' AntiMalware program on my computer, then copied it to a CD to load onto the infected computer, intending to follow the removal instructions on this site. However, when I try to run the mbam-setup.exe program, nothing happens - I know from installing it on my own computer that there is a initial dialogue box asking you to select your language, but this does not appear. Task Manager lists mbam-setup.exe as a running process, but there is nothing on the applications tab (the failure to run also affects SpybotS&D and Comodo icons, but it is possible to run AVG8, A-squared, Adaware 2008, although they are all now out of date).

The failure of mbam-setup.exe to run means that I cannot make any further progress in the removal process. I have tried to run it in Safe Mode as well, but it makes no difference.

I have managed to run AVG AntiRootkit and it has shown a hidden program called brastk.exe, along with various files starting TDSS (mainly .ddl or .dat) and other files named c_055nnn.nls (nnn =three digit numeric). I understand that brastk.exe is a problem, but how can I remove it?

Sorry for the length of this post. ... Read more

A:Antivirus Pro 2009

2 more replies

I tried to follow the directions in the preperation guide but D.D.S. just seems to freeze up. I get to the DDS information screen and nothing happens. I have let it run for quite some time without seeming to have any results. As far as I know I am not running a script blocker. Is there an alternative so that I could get started with you all? My computer is quickly becoming unusable. I wasn't even able to get to this site because of it being blocked(seemingly another result of the infection). I ended up needing to go through google.

A:Antivirus 2009

Just to add what is going on. The primary popup I get is for Windows Antivrus 2009. There are several other things that popup and seem to be slowing down my computer. Attempts to use Adaware have been unsuccessful because something causes it to crash midscan.

3 more replies

Hubby called me and yelled at me for the computer freaking out today..

I KNEW something was amiss when he told me there was a program icon on the desktop called Antivirus 2009. I ONLY use AVG after my last conundrum you all awesome forum people helped me with (running like 3 antivirus at the same time = no good!)

I need to know how to get this thing off my computer.. It has a stupid little thing in my task bar that I cannot close down and it keeps coming up with this WINDOWS security faked pop up.

I looked through the search here but could not really find anything on this certain program..

Any help would be greatly appreciated.

I wanna know how I keep getting these!! =( I dont download much of anything anymore because I do not want my computer to crash.. hubby says we are going to buy an antivirus program this weekend.. (any tips on the best one?)

A:Antivirus 2009

SmitFraudFix Search Results

SmitFraudFix v2.352

Scan done at 18:33:33.96, Thu 01/29/2009
Run from C:\Documents and Settings\Krys\Desktop\Computer Doctor lol\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

???????????????????????? Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Dell\Media Experience\PCMService.exe

3 more replies

this is a bit of an odd request. i am looking to GET XP AntiVirus 2009 - purely for TESTING purposes.

basically, i have Malwarebytes protection and i want to see if it'll catch XP AntiVirus 2009 while its downloading or installing...

so yeah. as i said, odd request. if anyone knows of any sites that are infected with it, please let me know.

thanks!

A:XP AntiVirus 2009

this is a bit of an odd request. i am looking to GET XP AntiVirus 2009 - purely for TESTING purposes.basically, i have Malwarebytes protection and i want to see if it'll catch XP AntiVirus 2009 while its downloading or installing...so yeah. as i said, odd request. if anyone knows of any sites that are infected with it, please let me know.thanks!Well, I am not sure about XP AntiVirus 2009, but AntiVirus 2010 has a website: Removed link - see next post. You could run a scan and do whatever you want there.~Mod edit: Removed referenced web site. rigel

2 more replies

Hi,

I have a friend who has got the Windows XP AntiSpyware 2009 virus. It seems to be blocking me from opening any antivirus/antispyware software that I install on the computer. I've tried SuperANTISpyware and Kaspersky Internet Security and AVG... simply nothing happens when I double click the icon or any of their exe files and AVG wouildn't install at all.

I have removed nearly every entry from all of the 'Run' keys within the registry and unchecked everything in msconfig->startup, also tried the 'Minimal Startup' option. Windows XP AntiVirus 2009 still loads, and I still cannot run any antivirus software. What is causing it to still start up? This also applies for Safe Mode. I have downloaded MalwareBYTES and intend to try that when I'm back out there today, but I am not sure if that will work either.

Does it have a Windows Service that I also need to stop in order to prevent it from starting? Or if not, how is it still starting?

Any help would be much appreciated... I am trying to avoid a format or re-install of XP..

I had to get rid of an Email Worm virus that blocked antispyware/antivirus software also and a 'taskkill /F /FI "PID ge 550"' into the command prompt managed to crash the virus so I could run the scan and remove it. but that method didn't work this time.

Thanks,
Cam Johnson

A:XP Antivirus 2009

Sorry it is XP AntiSpyware 2009, not antivirus.. xpas2009.com is it's website...

1 more replies

My wife's computer was infected with the Antivirus Pro 2009 trojan. In addition, her browser is going to some off-the-wall websites on it's own. I am running Symantec Antivirus and the latest updates (2 november 2008) picked it up and quarantined it and yet I'm still having it pop up trying to reinstall itself. I bought Webroot's Spy Sweeper yesterday and it picked up "virtumonde" as well as a couple other minors. I updated Symantec again to 3 november files and still having issues with this machine's browser doing the same thing. I ran Hijackthis and it listed 2 items that I did let it fix (line 08 and 16 in the first log). The second log is after I let it fix those 2 lines and rebooted. the following are the two logs. The first is the one BEFORE I let Hijackthis fix the 2 lines and the econd is AFTER the fix and reboot. What am I missing?

Before Fix:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:00:27 PM, on 11/3/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

A:Antivirus Pro 2009

Hi, Welcome to TSG!!

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Click Exit on the Main menu to close the program.

Make sure you are connected to the Internet.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware

Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
Make sure the "Perform Quick Scan" option is selected.
Then click on the Scan button.

If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say &quo... Read more

1 more replies

I let my son borrow my lap top for the weekend on a trip with his friends and when he returned it to me this past monday it had some pop up thing on it called antivirus 2009 that has got to be the most annoying thing in the world. ive tried deleteing it i did a search about it on how to remove it and tried running a program called malwarebytes which didnt work, its still there hopefuly you all can help me.. please. i run windows vista home premium.

A:antivirus 2009

1 more replies

oom , 10 day ago , in ,my system same error with your error happened but it is viruseand i solve it by install new winhowever install new win is latest work for itMod Edit: Post split from topic "about antivirus 2009"~ TMacK

More replies

i have been struck by "antivirus 2009".I am a novice with computers and have no idea what to do.I run escan antivirus which has picked a virus in the boot sector on myD: what must i do to remove antivirus 2009 and fix my system as there are constant pop-ups and I cannot access my virus monitor which says disabled. I attach hjt log. pls help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:35:11 AM, on 2008/08/01
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\eScan\VISTA\avpmapp.exe
C:\PROGRA~1\eScan\TRAYSSER.EXE
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwrite... Read more

More replies

Hi
I'm blue jeans because I love to wear them. Live in Calif.

My computer was infected with the dreaded 2009 virus and I was able to clean it with software from this site. However
my antivirus software still shows a contaminated file in the System Volume Information directory. How can I get rid of it? I

A:antivirus 2009

Flush your system restore...Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.The easiest and safest way to do this is:Go to Start > Programs > Accessories > System Tools and click "System Restore".Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.Then use Disk Cleanup to remove all but the most recently created Restore Point.Go to Start > Run and type: CleanmgrClick "Ok"Disk Cleanup will scan your files for several minutes, then open.Click the "More Options" Tab.Click the "Clean up" button under System Restore.Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"Click Yes, then click Ok.Click Yes again when prompted with "Are you sure you want to perform these actions?"Disk Cl... Read more

1 more replies

Since yesterday I get a pop-up for Antivirus 2009 offering to link to purchase site in order to remove viruses on my computer. I have not clicked on the link and I did not download or install Antivirus 2009 and can't find it on my add/remove program list.

What can I do to:
1) Remove traces of Antivirus 2009
2) Scan my computer for Malware/Spyware/Viruses.

I am running Windows XP

SILKMAN

More replies

Hello, I was recently infected with the "Antivirus 2009" malware program along with who knows what else. I have tried going on the internet and dowloading malware bytes along with a few other programs and I keep getting redirected to different sites. I then downloaded them from my laptop to a travel drive and when I click on them to use them, they won't run. I can't get my AVG to run either because it won't update and the computer will not let it. I have tried doing all of this in both Safemode with Networking and regular mode.

PS - I lost my windowsXP disk but if we have to redo my computer, I have my vista disk from my laptop if I can use it.

Can I use the restore option? Not system restore but a real "restore" meaning it's a PC Restore option that comes with most dell computers. Do you think this will work? I am just about at my wits end because now I can't even seem to operate the computer unless it's in complete safe mode.

2 more replies

I have the Antivirus 2009 malware on my computer. It is obviously running but it doesn't appear in the task manager and i can't find it by search for antivirus 2009 or av2009. My malware removal tools (AdAware and PC Tools Spyware Doctor) find the program but when they say they remove it, it still appears.

Thanks.

A:Antivirus 2009 - how do i get rid of it?

Hello Ben,

I recommend that you start with the steps posted in the malware removal forum. Run as many steps as possible. At the final step if still having problems you can post a hijackthis log and an expert will assist you in cleaning your system. Please be patient as that is a busy forum and it may take awhile before someone can assist you. Just follow the link below.

http://www.techsupportforum.com/secu...oval-help.html

3 more replies

Hi there, I found these forums a while ago by accident, and decided to keep it bookmarked in case I ever had any problems.

Recently, I was browsing with Firefox when the Antivirus 2009 window came up.

"The page at h t t p://internet-defense2009 . c o m says:

ATTENTION! If your computer is infected, you could suffer data loss, erratic PC behavior, PC freezes and crashes.

Detect and remove viruses before they damage your computer!
Antivirus 2009 will perform a quick and 100% FREE scan of your computer for Viruses, Spyware, and Adware.

Do you want to install Antivirus 2009 to scan your computer for malware now? (Recommended)

Yes No"

I have not clicked anything, because I wasn't sure how to close the window without it doing something, or, does just it coming up mean something is wrong? I started a scan with my anti virus program (Trend Micro), but it's not done yet (and so far it has not found anything)

If someone could tell me if it's safe to close this window, or if I'm already infected, that would be great.

Oh, and I am using XP.

Thanks so much.

A:Antivirus 2009

4 more replies

I have acquired Antivirus 2009....I had 2008 but somehow got rid of it but 2009 then appeared..It has taken my desktop and made it turn white and will not allow recovery

I can only access websites that have nothing to do with virus removal...every time I search for a cure it re-directs me...my quesion is...how do i download or obtain something to rid my machine of this pest.

Thanks

bob

A:Antivirus 2009

Hello Bob, this is the wrong topic they may move you to "Am i infected? what do i do?" forum" Witch our members will help you through your problem.

2 more replies

Had the Antivirus 2008 over a year ago and managed to get rid of it on my own. A few weeks ago I switched ISP from Verizon to Comcast DSL. While installing the Comcast software, which includes McAfee, I was instructed to first completly remove all antispyware and virus and such. I did this and then installed McAfee and then got the Antivirus 2009, really bad too. I called Comcast and they said it was probably on the PC already so it's not thier issue!!!! I've since downloaded spybot, adaware, regcure, Malware, antispyware, McAfee, Microsoft stuff too .... all of which do not help. I tried starting in safe mode and then run some of these programs but the bug begins to show up in safe mode without any internet connnection!!! Whenever I run the various antispy programs I get many results with a fair portion of serious trojans and such.

I read this link and will load the suggested programs and get the data once I get to my home pc where the problem is. I just want to start a thread now so I'll be ready to begin once I get home.

http://www.techsupportforum.com/f100...09-332344.html

I'll also have all the data requested here.

http://www.techsupportforum.com/f50/...lp-305963.html

A:Antivirus 2009

Zipped files attached & text below. What else can I do?

GMER 1.0.15.14939 - http://www.gmer.net
Rootkit scan 2009-03-18 07:37:05
Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.15 ----

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF7483506]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF7472240]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF7472432]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF7483CC8]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF7483F88]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF74823EC]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF74843EC]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF74837B8]

4 more replies

At first my i noticed pops about infections, trojans, spyware etc. AV Pro 2009 came up, hit the red x.
Tried to remove with malwarebytes and had no success.

I ran malwarebytes. Removed everything except for the two entries. I have attached that log from malwarebytes
Maleware thinks it is removed but when i reboot and scan the machine again it reappears.
Thank you

DDS (Ver_09-03-16.01) - NTFSx86
Run by Administrator at 12:48:29.78 on Tue 03/31/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.445 [GMT -7:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL\$VAI... Read more

A:Antivirus Pro 2009

8 more replies

I need help knowing where to post my "LOG" I ran combofix to help get rid of the antivirus 2009 virus and now it is telling me to post the log>>>>Help I am not computer savvy

A:Antivirus 2009

Hello hold on with that for a bit and run this.Hello and welcome please run these next. If you have Spybot installed temporarily disable it.Next run ATF:Please download ATF Cleaner by Atribune & save it to your desktop.Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox browser click Firefox at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser click Opera at the top and choose: Select AllClick the Empty Selected button.

1 more replies

okay so apprently i have acquired the antivirusxppro2009 virus through the pop up i presume. It has caused applications to not launch and others such as my documents to launch on its own. It also wont allow me to acces controlaltdelete. Whenever i try to open up either firefox or window explorer it wont load a page and it randomly with pop up firefox with it saying it is trying to load a antiviruspro2009 website. Im not on my computer at the moment seeing as how im able to post this. Is there anything i can do to remove it without even being able to load a webpage or should i just reformat?

A:antivirus xp pro 2009

If you would like to ke... Read more

1 more replies

Hello there,

I recently read a post of with regard to the antivirus 2009 ([solved] virus 2009) from a Caroline123.

I believe I've also become a victim of this virus and I've followed a manual deletion process (which I don't think has fully worked). However, at the moment antivirus is not popping up in my desktop every second saying you have a virus anymore but my computer is telling me I've got malware detected and the recent spyware doctor that I've installed as a result has informed me of it and it is still coming up in its scan that I just run. It?s also still on my program files list.

I've followed the steps from the NEW INSTRUCTIONS

I've also read that I should download AVG 8.0 which should help in the process of getting rid of it. Right?

Hope you can help.Thank you so much

Kind regards Cheekyzinho

Attached
Zip
*log.txt
*info.txt
*attach.txt

DDS report

DDS (Version 1.0) - NTFSx86
Run by Chike Nnadi at 1:29:03.37 on 16/11/2008
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1015.289 [GMT 0:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe

A:Antivirus 2009

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

It appears that instead of attaching Attach.txt from running DSS.scr, you attached info.txt from running RSIT.exe. Please run DSS.scr again and attach Attach.txt to your next reply.

It also appears that instead of attaching gmer.txt, you attached the actual gmer.zip that you downloaded. The log from running GMER, gmer.txt, should be located on your desktop. Please attach gmer.txt to your next reply. If it is not there, you will have to run GMER again.

------------------------------------------------------

2 more replies

Can you please help me get rid of all the pop-ups for antivirus 2009? I don't know if I need to buy an antivirus. I have tried downloading some things. I either think I have them and nothing is working, or I didn't download right. And my keys aren't working very well. Does that have to do with antivirus 2009?

Thank you.

A:Antivirus 2009

1 more replies

I'm running Windows XP. For about a week I've been getting the fake Antivirus 2009 popup and I can't get it to go away. I run adaware and spybot and sometimes they pick up something and sometimes they don't. I had to reinstall adaware last night because it wouldn't update. I'm also running AVG for virus scanning, but that just seems to sit there when I try to do an update. It did find some kind of Antivirus2009 downloader and quarantined it, which I then had it delete. I download service pack 3 from Windows and still having problems a along with new additional pop-ups that keep returning.

I have no clue what to do next, so any help will be greatly appreciated.

A:Antivirus 2009 Pop-ups

16 more replies

i am confused. i have read up on the internet, that antivirus 2009 is a rogue antivirus system. i have this in my system but icant move it, without having to pay for another system!!!! help

A:Antivirus 2009

Wrong place to post that kind of topic mate ;)

2 more replies

Hello, and thanks for your help.

My Son has tried repeatedly to delete Antivirus 2009 from his work computer. He cannot find a way to delete it through any of the normal channels. Can anyone tell me where to find and then delete this program?

Thanks again,
Charles Capps

A:Antivirus 2009

Hi Snapper3. This should work: http://www.bleepingcomputer.com/malware-re...-antivirus-2009

3 more replies

My computer has been got. The virus has made it so that I can not access the internet. No, I can, but all addresses lead to other pages. I have tried deleting files from the regestary, but, I guess there are still more. Unforcantly, I did not reinstall Hijackthis so I have no log. PLEASE, HELP!
Windows XP professional
Symantec Antivirus (which I think is worthless, but do not know the "password" to uninstall)

uggg
Angela

A:Antivirus 2009

1 more replies

Antivirus Pro 2009 -- This phony antivirus malware installed itself on my computer sometime within the past couple of days. I'm experiencing constant popups of fake warnings advising that I have a spyware infection and need to purchase and run Antivirus Pro 2009. There is a red circle with a white "x" inside, located in my system tray.

Equipment is a Dell Inspiron E1505, running Windows XP Media Center Edition, Version 2002, SP2.

Any help you can provide to assist me in getting rid of this will be most appreciated!

Thank you!

A:Antivirus Pro 2009

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

If you're not receiving help elsewhere and still require assistance for this issue, please follow the process outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help

After running through all the steps, you shall have a proper set of logs. Please post/attach as instructed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your next reply.

------------------------------------------------------

12 more replies

A pop-up for Anti-Virus 2009 can not be closed and several other anti virus pop-ups appear. My Anti-virus programs do not find an problems with this computer.I failed to mention when I shut down my computer it informs me that Rundll32.exe is still running and does not close.I ran my Spybot and it found 'Startcounter' cookie , 'Doubleclick' cookie and VirtumondeLogfile of Trend Micro HijackThis v2.0.2Scan saved at 12:11:51 PM, on 3/22/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\WINDOWS\system32\Hummbird\inetd32.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Cyb... Read more

A:Antivirus 2009 and other ad pop-ups

2 more replies

Hello all!

Situation is bad here...Antivirus 2009 has (from what I gather) disabled my Malware. It won't open and I can't re-install it. It also freezes my Hijack This in midscan. I run Kaspersky and the program is acting funny. Wile running Kaspersky, my firewall is partially running, and if I double click to open it, the entire program freezes. Any help would be GREATLY appreciated. Thanks!
DDS (Ver_09-03-16.01) - NTFSx86
Run by Compaq_Administrator at 0:05:31.04 on Mon 03/23/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_07

============== Pseudo HJT Report ===============

mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe,
BHO: : {149b8bcd-c759-4f95-9642-1137ba3d011b} - c:\windows\system32\ugniyto.dll
BHO: {65b2513f-d98a-4633-a325-992dca5d360e} - No File
BHO: BHO: {abc42510-9b22-41c1-9dcd-8182a2d07c63} - c:\windows\system32\iehelper.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

A:Antivirus 2009 hit me

Another update:

Upon running Hijack this sucessfully and rebooting...Lo and behold, Malware opened and a system scan was performed. Here's the log:
Malwarebytes' Anti-Malware 1.34
Database version: 1863
Windows 5.1.2600 Service Pack 3

3/23/2009 12:46:00 AM
mbam-log-2009-03-23 (00-45-58).txt

Scan type: Quick Scan
Objects scanned: 71024
Time elapsed: 6 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 9
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 1
Files Infected: 16

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\ugniyto.dll (Trojan.Vundo.H) -> No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{149b8bcd-c759-4f95-9642-1137ba3d011b} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xghsxquu (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{149b8bcd-c759-4f95-9642-1137ba3d011b} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xtowecws (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\xtowecws (Trojan.Vundo.H) -> No action taken.

3 more replies

Hi! We have a laptop used by my daughters which I have learned has become infected with Antivirus 2009. Unfortunately they didn't tell me for ages and it has got so bad that it will no longer open any programs and cannot get onto the internet for me to download any antispyware removal programs. Can someone tell me what I need to do please to clean it up and restore the laptop back to life? I REALLY hope this isn't a fatal problem!

A:Antivirus 2009

5 more replies

Accidently my husband hit on some update from antivirus 2009 and we are in trouble now. I've heard this is a spam and I need to know how to get rid of this thing. It already changed our web page and keeps putting warnings and pop up scans on our computer.Help!!!!!!!Edit: Moved topic from AntiVirus, Firewall and Privacy Products and Protection Methods to the more appropriate forum. ~ Animal

A:antivirus 2009

You might want to take a look at How to remove Antivirus 2009 (Uninstall Instructions).

2 more replies

A friend of mine said they got a virus on December 21. Probably either came from free poker or porn. I went over to their house to help them remove it. It turned out to be a trojan called Antivirus 2009. The computer is running XP pro with all the latest updates. I booted into safe mode and there wasn't anything obvious running. Removed a few things with Add/Remove programs. Then used Hijackthis and removed anything that didn't belong. Restarted and Antivirus 2009 hadn't been touched, though most of the other viruses it installed were gone. I had a trial version of NOD32 on my usb drive, but the security policy had been changed to disallow any installations. I figured the fastest and cleanest way to fix it was just to reinstall.

I did a quick format and reinstalled windows over the only partition. I noticed that the windows boot loader listed two different versions of XP. Installed the ethernet drivers. Downloaded drivers from windows updates. Restarted. Antivirus 2009 was back after the restart. Installed the trial version of NOD32 off of my USB drive and updated definitions. It caught one thing right away. I did a full scan including the USB drive and it found another 9 items on the hard drive. Antivirus 2009 popped up tray notifications while NOD32 was scanning and said that it detected destroying the computer or some nonsense like that. When NOD32 was done Antivirus 2009 was still running like normal.

I removed the USB drive. Then disconnected the power cabl... Read more

A:Antivirus 2009

Hi bob65536 this link may help, http://www.bleepingcomputer.com/malware-re...-antivirus-2009

2 more replies

'Antivirus 2009' has over taken Threats detected. Hijacks surfing, Pop up warnings. Help
I have XP Home, IE and FF

More replies

Hello,

On my PC, Internet Explorer just produces a page saying "The page cannot be displayed" and then produces a pop-up banner saying:

ATTENTION! If your computer is struck by spyware, you could suffer data loss, unusual PC behaviour, PC freezes and crashes.Detect and remove viruses before they damage your computer!Antivirus 2009 will perform a 100% FREE and quick scan of your PC for viruses, Spyware and Adware.Doyou want to install Antivirus 2009 to scan your computer for malware now? (Recommended)

below are choices OK or Cancel

This seems like rogue spyware to me.

Can you help me get rid of it please.

here is my DDS log:
DDS (Ver_09-01-07.01) - NTFSx86
Run by jay at 17:54:53.57 on 11/01/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.615 [GMT 0:00]

AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\App... Read more

A:Antivirus 2009

11 more replies

I've had this one before so I thought I knew how to remove it but it's on a friends computer. I went to their house and brought along all the setup files for the antivirus scans but it's basically disabled the computer. I can't get to the desktop to open the flash drive and get the setup files from it. When I start it, it will show the desktop at first but once its fully started up and the virus opens up all I get to see is a blue screen that locks up the desktop and the only thing I see is the pop up for the Antivirus 2009 that tries to scan the computer.

Can you help me out? I can't seem to even get it correctly started in safe mode. This may be a longer thread if there's multiple scans because I'll have to go back and forth from my house to his to get this fixed, I tried bringing the tower to my house but everything I have is wireless and the proper drivers aren't installed on his computer so it wont let me use the mouse or keyboard. I'll post any and all logs that I can, when I can. Thanks!

A:Antivirus 2009

Actually do they have the Original install disks ( I presume it is XP)
A full format and reinstall of the OS may be the fastest ,safest and easiest repair on this PC.

Is there a blue screen error message that you can read and copy for us?

3 more replies

Antivirus has hijacked my internet on another computer. I cannot even access this site, geekstogo, or any link from google, or even malwarebytes.org to download malwarebytes. It lets me go on sites such as yahoo, though. What do I do? Any help is greatly appreciated.

A:antivirus 2009 pro

Hi kooshj you may find this useful http://www.bleepingcomputer.com/malware-re...-antivirus-2009

5 more replies

Hi,
I have been infected with antivirus 2009. I ran ccleaner and deleted the files I could find associated with av 2009. I no longer get popups, but it still blocks my antivirus (avg8) from updating. It also blocks me from getting on the any malware removal websites. It even blocks me from techguy so I had to get here from another computer. Here is the log. Help is much appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:17:56 PM, on 2/7/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe

A:Antivirus 2009

7 more replies

Hello everyone!I was doing an internet search for something and I got redirected to: antivirus-online-scan.com/2009/1/en...n.php?nu=880167 {Mod Edit: broke Dangerous link)I then got a warning and a pop up appearing saying:Windows Internet ExplorerATTENTION! If your computer is struck by the spyware, you could suffer data loss, erratic PC behaviour, PC freezes and crashes.Detect and remove viruses before they damage your computer!Antivirus 2009 will perform a 100% free and quick scan of your computer for viruses, spyware and adware.Do you want to install Antivirus 2009 to scan your computer for malware now? (Recommended)I did not , repeat did not click to install Antivirus 2009. I imediately clicked on cancel. I have not done any scans yet with my anti-maleware programs. As soon as it happened I came here to find out if anyone else was getting the same messages or having the samething happen to them. I did read in the one post that someone said they believe Antivirus 2009 is a scam. If that is true, then why do these people get to keep operating year after year? What can be done to put these creaps out of business and in jail!? As soon as I get a chance I will do scans of my computer in the morning. I forget which programs require safe mode and which do not. I have: Malwarebytes Anti-Malware, a squared free, SUPERAntiSpyware free, Spybot - Search and Destroy, and SpywareBlaster. I will make sure they are all updated before doing any scans.

A:Antivirus 2009 (2)

19 more replies

Hey all,
I am not a computer geek but enjoy surfing. Somehow I got this popup Antivirus 2009 that is messing with me and want to remove it. Can anyone help?

A:Antivirus 2009

Hi ,

I had the same problem I resolved it with the help of Bullguard

2 more replies

My computer started to freeze after it finished loading the desktop icons. I ran Ad-Aware in safe mode and it detected about 70 objects. I also ran Hijack This and saw 2 HOSTS entries with the Antivirus 2009 and deleted them. I restarted the computer and am now able to work in normal mode without freezing anymore. I was able to connect to my wireless lan so that I could jump on your forum. However, at this point I am completely lost.

DDS (Ver_09-05-14.01) - NTFSx86
Run by imelda leal at 13:58:47.10 on 2009-06-18
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2308 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin ... Read more

A:I think I have the Antivirus 2009

7 more replies

I have contracted the antivirus pro 2009 virus.
It will not let me connect to the internet to download the MBAM.

MR G

A:Antivirus Pro 2009

See Post #2 in link below.http://www.bleepingcomputer.com/forums/top...ml#entry1015201If that doesn't allow you to access the internet and download Malwarebytes, you could use another computer to writethe program to a CD or other medium and install on infected computer. It is also suggested that once you haveMalwarebytes on the infected computer to locate the .exe and change the name to fool the malware that is blocking.Right click on the .exe and select rename to lastchancescan.

1 more replies

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:42:03 PM, on 1/5/2009Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\userinit.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exeC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\iTunes\iTunesHelper.exeC:\WINDOWS\System32\rundll32.exeC:\WINDOWS\System32\rundll32.exeC:\WINDOWS\System32\frmwrk32.exeC:\Program Files\Messenger\MSMSGS.EXEC:\Program Files\Hide My IP 2008\HideMyIP2008.exeC:\Program Files\Logitech\SetPoint\KEM.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Logitech\SetPoint\KHALMNPR.EXEC:\PROGRA~1\Grisoft�... Read more

A:help antivirus 2009

21 more replies

hey i got the antivirus 2009 on my wifes laptop. did the malwarebytes run and heres my mbam log

Malwarebytes' Anti-Malware 1.30
Database version: 1402
Windows 5.1.2600 Service Pack 3

12/3/2008 8:41:38 PM
mbam-log-2008-12-03 (20-41-38).txt

Scan type: Quick Scan
Objects scanned: 45441
Time elapsed: 9 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 3
Registry Values Infected: 5
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\suwuwari.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\hodisuto.dll (Trojan.BHO) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\481ea3ac (Trojan.Vundo.H) -> Quarantined and deleted successfully.