Tech Problem Aggregator

# Malwarebytes run-time error 440 & antivirus 2009

Q: Malwarebytes run-time error 440 & antivirus 2009

Hi, Please could someone look at this, the website I moderated on has been hit with warning about antivirus 2009 (seems to be a google thing when viewing in firefox - ok when viewing in IE) any way my computer has been slow so I have removed my Spysweeper and I had Zonealarm Securtiy Suite trial which I have just purchased but it will not accept my license key and just has a red x on it. Malwarbytes would not run and just comes up with a box saying vd accelaerator S Grid II Control Run-time error 0 then when check that box another comes up saying Malwarebytes' Anti Malware Run-time error 440 Automation error.

I cannot get either to work and I am worried as they said on www.eurobichons site that someone had hacked in.

Please can you take a look and advise me what to do (very simply please)

This is my HJT log;

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:46:50, on 19/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="invilink">http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="invilink">http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tiscali.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank" class="invilink">http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\2.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\2.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-73586283-1606980848-682003330-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com.../en/x86/MuCatalogWebControl.cab?1200525507359
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1150184626546
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner371050.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {DD3641E5-A9CF-11D1-9AA1-444553540000} (Surround Video V3.0 Control Object) - http://secure.sunterra.com/europe/downloads/svideo3.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 7315 bytes
Thank you.

More replies
Answer Match 77.28%

Hi

I,ve always found Malwarebytes a great program for removing Antivirus Pro 2008/9

But the past couple of days I have installed Malwarebytes on 2 infected XP computers and been unable to install it. Tried safe mode, re-naming file, system restore which eventually worked on one computer once I took it back a couple of months.

I was wondering if the producers of Antivirus Pro 2009 have implemented a way to block the installation of Malwarebytes?

Anyone experienced the same?

More replies
Answer Match 76.44%

Hi,

So I did the steps in the Instructions, BUT I made a mistake in the beginning, at first I started going off this post: http://www.techsupportforum.com/f100...es-359912.html - Which helped me access the internet, and so I already ran ComboFix, and only read later it could hurt a lot

Well this is what happened, I used rkill and Malware bytes to try to get rid of Antivirus 2009, that kept popping up and also saying random things were infected (like .dll file and such). And I tried manually looking for all those processes and things on my computer using another site. Anyway, my internet stopped working, IE, Firefox and Chrome - the proxy server. But I was able to bypass that with firefox because of tentonbob's advice with the other guy.

So here are my results (attached is Attach.zip which has both Attach and Ark in it, and this is the DDS report):

----

DDS (Ver_10-03-17.01) - NTFSx86
Run by adith at 12:43:38.27 on Tue 07/20/2010
Internet Explorer: 8.0.6001.18928
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3032.1653 [GMT -5:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\S... Read more

A:Malwarebytes Problem - Used to Get Rid of Antivirus 2009

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

I need to see your ComboFix.txt log.

Go Start > Run and copy/paste the following single-line command into the Run box and click OK:

C:\ComboFix.txt

A text file should open. Please post the contents of that file in your next reply.

------------------------------------------------------

19 more replies
Answer Match 76.44%

Hello...I have been trying for days to remove these pop ups I have been getting. Most have been from Antispyware 2009 where it is doing a free online scan stating I have various critical spyware and trojans. Other pop ups include a series of two different IE windows opening with a constant string of tabs opening up inside them. All blank pages it seems. I have to use task manager>end task to close them. Other pop ups I have been getting come after I use google. A new tab in firefox opens up and in the address bar, in the link, it states whatever it was that I typed in my search.

As the topic states, I have tried using Malwarebytes to remove any infection I have, but the problems still persist. Any help would be greatly appreciated as I have been banging my head against the wall for days without any success.

Also, when I log in, I get a missing dll error. Says I am missing c:\windows1\system32\vatokivu.dll. I have searched and can't find any info on this.

I run Microsoft Windows xp 64, use Mozilla Firefox 3. I have tried SuperAntiSpyware, Malwarebytes, swdoctor and quite a few others. Again, any help would be greatly, greatly appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:18:06 PM, on 1/21/2009
Platform: Windows 2003 SP1 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MD... Read more

More replies
Answer Match 76.44%

I try and run Malwarebytes to remove this Anti-virus 2009 infection, but Malwarebytes just wont run.

Anyone help, or suggest another utility for removing this?
Many thanks

A:Malwarebytes wont run - antivirus 2009

Bump bump, any help please ?

5 more replies
Answer Match 75.6%

I am really getting frustrated. I have ran malwarebytes just like the instructions say in the tutorial and it keeps saying that it has found "total antivirus" and "ang antivirus 2009" so I hit "remove" and it shows them in the quarantine but they still keep popping up and the icons are always at the bottom right hand of my screen. I keep running the malwarebytes and the next time it won't find anything, but the next time it will find total antivirus and ang antivirus again. Obviously everytime it finds them I hit remove, but still nothing happens. I posted a few days ago and it seems like I got skipped. I don't mean to be a pain, I know you are very busy, but I would REALLY REALLY appreciate any help you could offer! I have attached the reports specified in the instructions. PLEASE HELP!!!

A:PLEASE HELP! malwarebytes did not work to remove ANG antivirus 2009

Hi dstarr,Welcome to BC HijackThis forum. I'm sorry about skipping your topic before. I am farbar. I am going to assist you with your problem.Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.Click here to download HijackThis Installer.Save HJTInstall.exe to your Desktop.Double click on the HJTInstall.exe icon to start the installation.When a window pops up asking you the directory to install the program please accept the proposed default directory.The program will automatically place a shortcut on your desktop and if further use of the program is required, you can click on the shortcut to run the program.

Please run Hijackthis. Click Do a system scan and save a logfile then copy and paste the content of the log to your reply.You might want to save this page on your favorites, so you can find it again when you return.

11 more replies
Answer Match 75.6%

I managed to get infected with Antivirus 2009 recently. I followed the instructions and downloaded and used Malwarebytes. After completing the process three times I don't get nearly as many of the "You have a security problem! Do you want to scan your computer for viruses?" pop-ups, but they do still appear. There is atleast one other pop-up that appears occasionally, it's very similar to the other one but uses different wording. unfortunately It won't show up for me now that I want to quote it.Any help would be greatly appreciated.Thanks in advance,Eric.P.S. I read and followed the preparation guide, I'm terribly sorry if I overlooked or forgot to include something.Here are the other pop-up messages:(added 10:26PST) "ATTENTION! If your computer is infected, you could suffer data loss, erratic PC behaviour, PC freezes and creahes.Detect and remove viruses before they damage your computer! XP antivirus will perform a quick and 100% FREE scan of your computer for Viruses, Spyware and Adware. Do you want to install XP antivirus to scan your computer for malware now? (Recommended)"And,"Warning!!!Your computer contains various signs of viruses and malware programs presence.Your system requires immediate anti viruses check! System Security will perform a quick and free scanning of your PC for viruses and malicious programs."This is starting to look like I may have atleast 3 different "anti-virus" scam issues going... Read more

A:Infected with Antivirus 2009, and malwarebytes not removing it.

Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this post a fresh dds log, please.

2 more replies
Answer Match 75.6%

I'm trying to remove Antivirus 2009 from a friend's PC running XP. I've stopped a number of the AV processes and removed the winsrc.dll.

I have installed Malwarebytes but it won't run. I can't start it in conventional mode and in safemode when I try to "run as" any user, I get: A device attached to the system is not functioning.

Thanks for your assistance. I have not posted without searching against this symptom. Please forgive me if I haven't found a previously posted solution.

A:Malwarebytes will not startup to remove Antivirus 2009

No apologies necessary. AV2009 is very hard to remove. Please print out and follow these instructions: "How to use SDFix". When using this tool, you must use the Administrator's account or an account with "Administrative rights"Disconnect from the Internet and temporarily disable your anti-virus, script blocking and any real time protection programs before performing a scan.When done, the SDFix report log will open in notepad and automatically be saved in the SDFix folder as Report.txt.If SDFix is unable to run after rebooting from Safe Mode, run SDFix in either Mode, and type F, then press Enter for it to finish the final stage and produce the report.Please copy and paste the contents of Report.txt in your next reply.Be sure to renable you anti-virus and and other security programs before connecting to the Internet.-- If the computer has been infected with the VirusAlert! malware warning from the clock and the Start Menu icons or drives are not visible, open the SDFix folder, right-click on either the XP_VirusAlert_Repair.inf or W2K VirusAlert_Repair.inf (depending on your version of Windows) and select Install from the Context menu. Then reboot to apply the changes.

1 more replies
Answer Match 73.92%

I have a friends laptop that got infected with ANTIVIRUS 2009.

I was looking for some way to remove this a$$ho** of a program...it's a nasty one. One website said to download Malwarebytes' Anti-Malware tool. HAS ANYONE EVER USED THIS? IS IT ANY GOOD? Also, any recommendations on how to remove ANTIVIRUS 2009? Cheers and thanks mark A:2 questions - 1 about Antivirus 2009 removal - 2nd about Malwarebytes Anti-Malware Hello and Welcome to TSF. Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription. Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed. If you're not receiving help elsewhere and still require assistance for this issue, please follow the process outlined here: NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help After running through all the steps, you shall have a proper set of logs. Please post/attach as instructed. If you have trouble with one of the steps, simply move on to the next one, and make note of it in your next reply. ------------------------------------------------------ 2 more replies Answer Match 62.16% {{{ how do i get it off my computer }}} the malwarebytes' anti-malware didnt work XP Antivirus 2008, XP Antivirus 2009, and XPAntiVirus are rogue antivirus programs that, when run, display false results as a tactic to scare you into purchasing the software. Older versions of XP Antivirus would create 9 entries in your Windows Registry that impersonate infections on your machine. In reality, though, these registry entries were harmless and had absolutely no effect on your computer. Instead, these entries were set so that XP AntiVirus can find them when scanning your computer and report them as infections. The newer of versions of the program , such as XP Antivirus 2008 and XP Antivirus 2009, instead just display false results when scanning your computer that state infections were found. In order to remove these fake infections, though, you would first need to purchase the software as the trial does not allow you to remove them. While running, XP Antivirus will also display fake alerts stating that you are infected or under attack from some type of threat. These alerts are fake and can be ignored. If you do click on the alert, though, it will prompt you to purchase the software. Examples of text contained in these alerts can be found below. Privacy Violation alert! XP antivirus detected Privacy Violation. Some program is secretly sending your private data to untrusted internet host. Click here to block this activity by removing threats (Recommended). o... Read more A:XP Antivirus 2008, XP Antivirus 2009, and XPAntiVirus are rogue antivirus programs that, when run, display false results as a t... There are indeed a lot of those rogues out there, with the one and only scope of scaring you into buying their product.Unfortunately they get harder and harder to remove.For a list of removal guides for the latest rogues, see hereI am moving this topic to a more appropriate forum 1 more replies Answer Match 62.16% Something has happened on my laptop (the laptop with all my documents on it) and I cannot figure out what to do. I have previously posted at another forum here. The thread from my first post here. I have tried the automatic repairs of Windows in both safe mode and regular mode. I am unable to get either Norton 360 or PC Tools Registry Mechanic to open and run. I installed Malwarebytes Anti Malware and it ran until a "Run-Time error '6' " message appeared. I have tried uninstalling Norton 360 and Registry Mechanic, to no avail. I have tried reinstalling them over the old installations. I have tried uninstalling them in safe mode, in regular mode, and with a special program to uninstall themI have e mailed both Norton and PC Tools asking for advice. Can someone give me some more ideas? Thanks A:Malwarebytes run-time error '6' Can you take a screen shot of the exact error message. 1 more replies Answer Match 62.16% When I tried opening Malwarebytes to run a scan on my Dell Inspiron 1400 (operating Windows XP), I get the following error: "Run-time error '372': Failed to load control 'vbalGrid' from vbalsgrid6.ocx. Your version of vbalsgrid6.ocx may be outdated. Make sure you are using the version of the control that was provided with your application." and I'm not able to open the program at all. I tried uninstalling my current version, downloading the latest version (from this site), and installing that, but I kept getting the same error message when I was both uninstalling and installing. I looked into the program folder and I see the vbalsgrid6.ocx file in there, so I'm not sure why the program won't open. Any help is greatly appreciated, thank you! A:Run-time error 372 for Malwarebytes If it was working and the problem is recent surely easiet thing to do is try system restore. . 2 more replies Answer Match 62.16% WinXP Home with SP3 In the process of cleaning up from "Personal Antivirus" "rogue Virurs" Getting this error when running Malwarebytes:- Full or quick scan. "Run-time Error '5' Invalid procedure call or argument" error Tried uninstalling and reinstalling Malwarebytes (version 1.40). Tried running "mbam-clean.exe" rebooting and reinstalling latest malwarebytes. Other: List of files being scanned stops at windows/system32/zipfldr.dll Tried renaming this (new on gets created right away) Not sure if this is a coincidence or not . Have run Combofix and Advanced System Care Have run SFC, Chkdsk and AVG 8.5 .... all to resolve initial issue. I've seen a few posts (not a lot on the runtime error) so I'm wondering if this is a new issue. Any help direction appreciated. More replies Answer Match 61.74% Hi, this is my first time actually needing to go beyond just reading the site and following along--this is my third virus problem in a few years, the first two were resolved easily with Malwarebyte's Anti-Malware. The computer is a Dell Laptop, it's a few years old. (Hey, no jokes! My mom gave it to me, and she's a sweet lady!)I'm going to be as detailed as I can, although i'm sure there's information I'm leaving at since I've been working steadily on this since last night.I had the MS Antivirus 2009 program show up on my computer--the virus that puts up fake, intimidating scans, wants me to sign up for their protection and then goes on to mess up my browser. (I use Mozilla Firefox.) It also opens pop-up ads in Internet Explorer.I ran Malwarebyte's Anti-Malware, and it got rid of the MS Antivirus 2009 problem, but the Mozilla hijack continued. After looking around on Bleeping Computer a bit, I tried another program--SuperAntiSpy--and that got rid of a bunch of infections as well. That's when another version of the fake scan thing started showing up, something called Spyware 2009 Windows. SuperAntiSpy got rid of that as well. I tried to do a system restore to a point when I knew the computer was clear--didn't work.THE CURRENT PROBLEM:When the computer opens up, the following window appears:RUNDLL"Error loading nfr.dllThe specified module could not be found."Also, when I try to go to some websites on Mozilla Firefox, it claims I'm running through a "proxy server"--websi... Read more A:MS Antivirus 2009, which turned into another one, and now it's that nfr.dll error, and malarebytes and superantispy got the... Little update: Kaspersky didn't fix this, and now there is a second error warning that shows up, reads like this: Error Loading c:\windows\ywequ.dll Upon restart, this dialog box opens, and a couple of seconds later, the one mentioned above shows up as well. Now I'm running out of programs and remedies, and I'm at a loss. 25 more replies Answer Match 61.32% Hello, I'm running a trial version of DK 2009 and when I'm trying to do a boot-time defrag, at phase 3, I'm getting an "unexpected error 0xc0000043" and defrag process stops. Can you please help? Thanks. A:XP PRO SP3/Diskeeper 2009/Boot-time defrag error Dont mean to be awkward with you, but adding this type of third party software is just not worth it, uninstall the program and just use windows default defrag, You may have broken windows defrag , so if it doesn't work after you uninstall disk keeper do the following:- Bring up a command window and type the foloowing cd \windows\system32 press enter key. Now re-register the defrag components, type in regsvr32 dfrgsnap.dll press enter key 2 more replies Answer Match 61.32% I was getting a bunch of pop ups for antivirus 2009. After installing Malwarebytes' Anti-Malware it all got cleared up I unfortunately deleted the logs so dont have a record of what got cleaned as I thought my problems were done. Since then I got a random beep which I believe is the "Windows XP Critical Stop.wav". I installed AVG and it didn't find anything, I also used trend micro's housecall and those both gave me a clean bill. I restarted my comp and didn't touch it. About half an hour later it gave the same sound but I hadn't started any programs or anything so I'm wondering if something is lingering from the previous viruses. Thanks for any help DDS (Ver_09-01-19.01) - NTFSx86 Run by Michael at 17:13:53.12 on Mon 01/26/2009 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1424 [GMT -8:00] AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe ... Read more A:random error beeps after virus cleaned - antivirus 2009 Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you.Disable Realtime ProtectionAntimalware programs can interfere with ComboFix and other tools we need to run. Please temporarily disable all realtime protections you have enabled. Refer to this page, if you are unsure how.To disable AVG:Please navigate to the system tray on the bottom right hand corner and look for this sign.Right click it-> select Quit Control Center.A warning will pop up, click YesDownload and Run ComboFixIf you have already run ComboFix, delete your copy and download a new one. If the computer in question is unable to download ComboFix, transfer it using a removable media (CDs, flash drive).Download Combofix by sUBs from any of the links below, and save it to your desktop.Link 1, Link 2, Link 3 Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.Double click on ComboFix.exe and follow the prompts. If you are using Windows Vista, right click the icon and select "Run as Administrator". You will not recieve the prompts below if you are not using Windows XP. ComboFix will check to see if you have the Windows Recovery Console installed.If you did not have it installed, you will see the prompt below. Choose YES. When the Recovery Console has been installed, you will see the prompt below. Choose YES. When finished, ComboFix will produce a report for you. Please post the contents of th... Read more 10 more replies Answer Match 61.32% Hello, below is my HJT log. There are several strange things happening to my PC: 1. on startup, i get a message saying "ntdll64.exe has encountered a problem and needs to close." when i tried looking up ways to get rid of this, the sites that i clicked on in google were not what were listed. i.e. it should link to a support forum but instead links to an ad 2. antivirus xppro 2009 keeps popping up in windows explorer, sometimes 5 windows at once 3. when i hit ctrl alt del it says "task manager has been disabled by your admin", i am the only user of this computer and have always had access to this 4. there is an icon in my bottom right task bar that looks like a white X in a red circle that i've never seen before 5. when i click on items in the start menu the computer reboots itself PLEASE HELP!! Thank you in advance, this site is so helpful! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:05:51 PM, on 5/5/2009 Platform: Windows XP SP3, v.5657 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20900) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Internet Explo... Read more A:Virus, ntdll64.exe error, antivirus xppro 2009 popups 7 more replies Answer Match 61.32% Hello there - About a month ago, our laptop was infected with a bug that was very hard to mess with. It was called Windows Virus Remover 2009 and Antivirus Pro 2009. It would try and sell us bogus virus protection by trotting out fake alarms and warnings. Like every 30 seconds. Very annoying. It also disabled all of our other antivirus programs, and would prevent us from downloading and installing new ones. I got SpyBot onto the laptop and ran it in Safe Mode. This fixed some of the issues. We no longer get the bogus warnings. We still, however, can't run some programs, like Malwarebytes and Root Repeal. The bug also disables our search capabilities in IE or Chrome. You search for "Spyware" and it takes you directly to an online casino out of Kazakhstan. The bug also plays random sound tracks from TV and radio from nowhere. We can't turn these off, because no media player pops up, and they're not embedded video on a web page; sounds just play from nothing. So to sum up, we no longer have the most annoying problems associated with the malware, but there are many issues that remain and that I can't fix. Please help! Here is the DDS log I just ran a few minutes ago. I also have a Win32k log if needed. Thanks! DDS (Ver_09-09-29.01) - NTFSx86 Run by Ciera at 20:08:05.00 on Sun 10/04/2009 Internet Explorer: 7.0.5730.11 AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: Protection Syst... Read more A:Nasty Malware - Antivirus Pro 2009 / Windows Virus Remover 2009 Hi and welcome to the HijackThis Logs and Virus/Trojan/Spyware/Malware Removal forum,I am and I am here to help you!I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Please perform all steps in the order received and do not proceed if you need clarification.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.As I am in the final stages of training an Expert Coach will also oversee your fix. Your benefit will be "four eyes and two brains" but responses may be somewhat delayed so please be patient!!!!I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!==========We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "S... Read more 20 more replies Answer Match 61.32% The volunteer helping me on the "Am I infected" forum recommended I move my problem over here to this part of the site. I'm not sure if I'm at the point where I should reformat my computer, hope someone can help.Here's my original problems and the logs and help I've received so far: http://www.bleepingcomputer.com/forums/t/208885/ms-antivirus-2009-which-turned-into-another-one-and-now-its-that-nfrdll-error-and-malarebytes-and-superantispy-got-their-butts-kicked/I assume that you'll probably get a better explanation from my problems there, but here's the quick and dirty:Dell Laptop, currently disconnected from the Internet. (It was unable to access the bleeping computer forum anyway--just this site specifically, sites like Google, blogs, those kinds of things worked fine.)The problems started with the MS Antivirus 2009 fake spyware stuff, than the browser hijacks (I shut off proxy servers before coming to the forums), and then I got the Spyware Protect 2009 version of malware, and was only able to get Malwarebyte's to run by changing the extension to .bat after reading it here. Since I started working on these forums with DaChew, I've only followed his instructions.Currently working off my wife's computer, a Mac. Using a USB flash drive that DaChew had me immunize so that I can download the programs on this Mac and transfer them over to the infected Dell. Than I copy the logs onto the flash and move them here.Here's my DDS file, i've changed my name on it to USER.DDS (Ver... Read more A:Serious Malware Infection, started with MS Antivirus 2009, Spyware Protect 2009, nfr.dll Hello Thefactualopinion and welcome to Bleeping Computer,1. Please download GooredFix and save it to your Desktop.Select "2. Fix Goored" by typing 2 and pressing Enter. Make sure all instances of Firefox are closed at this point. Type y at the prompt and press Enter again. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system. Please also allow any registry changes that may be prompted by any of your security programs.2. Please read this tutorial carefully to download ComboFix from one of the locations specified, and save it to your Desktop.Double click the ComboFix icon to run it.If ComboFix askes you to install the Recovery Console, please do so..The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you.Once the Recovery Console is installed, continue with the malware scan.Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. If you have any questions along the way, STOP and ask them before proceeding !!Greetings,Thunder 6 more replies Answer Match 60.48% pls help me.................. A:cant update malwarebytes giving run time error 732(0 0) You may find this link useful :http://www.malwarebytes.org/forums/index.p...=19175&st=0 6 more replies Answer Match 60.06% Ok, Hello =) I am not sure what to do but here goes nothing ^^ I shall start at the beginning. I had a problem where a command prompt would appear for about half a second then disappear every 5-10 minutes. The title of this prompt was C:DOCUME~1\Testing\LOCALS~1\Temp\TMP543.exe What read in the box was something along the lines of Bad command or .. . I could never read the rest. After some basic troubleshooting and searching, I decided to post about it on computing.net. In which a helper on their site asked me to use ATF cleaner which i did, then suggested Malwarebytes, which i did as well. I posted the logs and apparently i was heavily infected. (i do not know) their helper then gave me instructions to use ComboFix, which I followed. He gave me various links and such of how to use ComboFix. . .about 11 hours into running Combofix, i restarted my computer, because it had been on the same screen for 8-9 hours now. It hadn't fixed the original problem and I had no taskbar at the bottom of the screen, it was only a sliver of it sometimes, i could not copy and paste files/text/folders. I was then instructed to uninstall ComboFix, then redo the previous instructions. I did. This time combofix went through fine, i got a log and the original problem was gone. however, the copy/paste and taskbar are still problematic. He told me to run malwarebytes again, when i attempted to it gave me this error Malwarebytes' Anti-malware Run-time error '373':... Read more A:Run-time error 372 for malwarebytes, cannot copy/paste, no taskbar Hello again,unforyunately for you, this is why we have the blue text above this forum. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use.Are you running XP,Vista etc???Run-time error '372':Failed to load control 'vbalGrid' from vbalsgrid6.ocx. Your version of vbalsgrid6.ocx may be outdated. Make sure you are using the version of the control that was provided with your application.Download MSFT Visual Basic from here http://www.microsoft.com/downloads/details.aspx?familyid=9EF9BF70-DFE1-42A1-A4C8-39718C7E381D&displaylang=enInstructionsBefore starting the download, create a download directory on your computer. If your internet connection is less than 300K, it is recommended that you run the multi-part download by following the "More Information" link at the upper right, then clicking "Download Now."Click "Download" to begin downloading the single download. When prompted by the download software, choose the option "Save this program to disk" and click OK. Then select the directory you created on your computer. Run the file from the download directory. When prompted, select the same directory you created on your computer. You will be expanding the contents of the EXE into this directory. Run SetupSP6.exe from the download directory. When you accept the terms of the electronic End User License Agreement (EULA) the setup software will replace the appropriate files i... Read more 16 more replies Answer Match 59.22% So I got a fake scan virus (Antivir Solutions Pro) probably a week or so ago. I rebooted in safe mode, ran a scan with AVG (the most recent free edition), and I thought that had taken care of the problem. Ever since, my computer has been acting up. When I try to run Malwarebytes, I get a run-time error 0 and 440. I have the google redirect problem as well. I read and tried to follow the BleepingComputer prep guide. I ran the DDS and will post the two logs I have, and I downloaded gmer, but when I tried to run it, my computer crashes. It went to a blue "stop error" screen. At the bottom of the page, it listed these errors: 0x000000F4 (0x00000003, 0x85E3EC30, 0x85E3EDA4, 0x805D297C). Help please!!!This is my DDS log:DDS (Ver_10-03-17.01) - NTFSx86 Run by Compaq_Administrator at 18:23:36.51 on Thu 07/29/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_19Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.187 [GMT -4:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG ... Read more A:google redirect, computer crashing, malwarebytes run-time error Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more 2 more replies Answer Match 58.8% I am having several issues with my computer running Windows XP Home SP3. To explain, I will give the history. I downloaded a virus that my installation of Mcafee detected. Mcafee told me to restart my computer to resolve the issue, so I did. When my computer had rebooted, I ran a full scan using Mcafee and it quarantined a lot of files that seemed safe, including Windows Media Player, the explorer.exe file, and the divX video codec. When I restarted again, Windows was stuck in a log on/off loop, where it would ask me for my username and password, say it was loading my settings, and then promptly log off again leaving me at the log on prompt again. I used something called BartPE to load an OS from a cd and I copied a new userinit.exe file into the C:\Windows\system32\ directory because whatever virus I downloaded apparently deleted the original. After I did that I could log on to Windows successfully. Now, I am experiencing the following issues: -Windows Media Player was reset to a much earlier version (6.4) -I can't bring up the task manager through the Run > taskmgr command, or Ctrl+Alt+Del -Many websites are blocked, including antivirus sites, help forums, and even Microsoft. -When I tried to install Malwarebytes to try and fix my computer I got the following error message: vbAccelerator SGrid II Control / Run-Time error '0' There are probably more issues I haven't discovered yet. I think there are many systems files missing. I'm ... Read more A:vbAccelerator SGrid II Control / Run-Time error '0' Unable to install Malwarebytes Hi reinsterling,I think you need to try and get through the procedures for the HijackThis forum. I'll ask if this thread can be moved there or if you will need to start a new one there. Do anything you can in the following link:Preparation GuideZllio 2 more replies Answer Match 58.38% hi i keep getting a security pop up from taskbar saying i have a security problem. It then proceeds to open a window to anykuy.com which redirects to onlineproantivirus2009 it also started opening a program called ms antivirus2009. Any help in getting rid of this would be much appreciated.I have avg which doesn't seem to find anything and also malwarebytes. Below are the DDS.txt log and also the Attach.txt file .. DDS (Ver_09-02-01.01) - NTFSx86 Run by Owner at 21:05:12.84 on Mon 09/02/2009 Internet Explorer: 7.0.5730.13 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.895.409 [GMT 10:00] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\userinit.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1... Read more A:Infected with:antivirus pro 2009 and also ms antivirus 2009 Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for p... Read more 2 more replies Answer Match 57.12% Greetings all, In the past two months I've encountered AV & AS 2009 a number of times. I volunteer with our local computer club and more and more members are contracting this hideous software. In most cases, a "birthday suiting" of the system has been the only answer. Especially those that had been infected a while. I've been successful at removing this malware from some systems using instructions found here on bleepingcomputer.com.I have not seen this malware or any evidence of it in my surfing and use of my systems. However, I'd like to know if anyone knows how it works. What is so enticing about this software that unsuspecting users will think to click on it is the right course of action? I've asked those folks who have suffered this insideous attack, but no one seems to know how it got on their systems. Is it an ad as I've seen some forums mention? Does it pop up a window that doesn't allow you to click on an X in the corner to close it? What's the best course of action for someone who encounters this dastardly software on the byways of the net?Any and all comments are welcome . . . ;-} Pandora Boxe A:AntiSpyware 2009 or AntiVirus 2009 Hello, if you could please let me in on the secret as to how to get rid of this. I just encountered this horrible virus today and I am about to scream 5 more replies Answer Match 56.7% Okay, I've been fighting this for a couple weeks now and things keep popping up.It started with Antivirus 2009, which was hijacking my browser windows and making my desktop flicker. I (thought) I'd gotten rid of this but then more issues popped up a week or so later.I had what appeared to be Antivirus 2009/ Antivirus 360 again, but it was coupled with something that was causing my computer to shut down due to "DCOM Server Process Launcher" shutting me down.I'd "mostly" fixed this problem, with the exception that I can no longer defrag my computer.Then today I had a warning pop up in my toolbar that said I was infected, and tried to direct me to real-avg.org, so I immediately shut off my wireless and ran malwarebits, adaware, avg free, Iobit's Advanced System Care and I'm just really paraniod that I can't get rid of this problem.Oh, and I've had a few blue screen's of death here and there in all of this, but I'm not sure what they were specifically warning against.I've ran HijackThis and the DDS thing, and here are the results.. any help would be hugely appreciated!!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:46:30 PM, on 1/12/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:&#... Read more A:Infected Computer, several problems including Antivirus 2009/Antivirus 360 Hello Angelinazooma and welcome to Bleeping Computer,1. Please download GooredFix and save it to your Desktop.Select "2. Fix Goored" by typing 2 and pressing Enter. Make sure all instances of Firefox are closed at this point. Type y at the prompt and press Enter again. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system. Please also allow any registry changes that may be prompted by any of your security programs.2. Please download ComboFix from one of the locations below, and save it to your Desktop.LinkLinkLinkDouble click the ComboFix icon to run it.If ComboFix askes you to install the Recovery Console, please do so..The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you.Once the Recovery Console is installed, continue with the malware scan.Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. If you have any questions along the way, STOP and ask them before proceeding !!Greetings,Thunder 5 more replies Answer Match 56.7% Ok the first indication I had that there was something wrong is when this XP Antivirus 2009 started popping up and it wouldn't go away. I would have to bring up task manager to get rid of it and close IE. This was shortly after returning home. My oldest grandson had been on the computer while I was gone and no telling what sites he went to and of course he not talking. I do have the computer password protected but I forgot to log off when I left and now I'm paying for it. grrrr This is new computer and it came with Macafee installed on it and Macafee didn't do squat ugh. So I ditched Macafee and downloaded Avast! Ran thier boot time scanner and ran it again after start up and these are the things they found and put in the chest the several times I've run it. nstC2aa.dll nstA03C.dll xxx8712.exe xxx6143.exe xxx6173.exe xxx5672.exe 84[1].exe 7[1].exe 6[1]exe 85[1].exe 120[1].exe ~tmpc.exe <several copies of this one.. it keeps coming back eauzycuitwog.dll dbstr.dll There were a couple of files it specifically ask me about in the boot time scan and since I wasn't sure I said "not sure" and it didn't put them in the chest. I guess those files were system files. I also installed spyware doctor.. geesh could kick myself. I've had it since I got puter but never installed it yet. Ran spyware doctor and it found a lot of stuff and supposedly deleted it too. There are 2 files that keep popping up on my task manager or rather processes a... Read more A:XP Antivirus 2009 (virus) pop ups keeps coming back after deleted by antivirus bump it up. I have kept running Avast and Spyware Doctor over and over and I also emptied temp files etc. The pop ups have stopped but IE is running really slow so I think there is still something here. 2 more replies Answer Match 56.28% any one help to remove remove antivirus 2009 and xpsecurity center antivirus. after removing the files and registry entries still a icon in system tray poping up thanks A:remove antivirus 2009 and xpsecurity center antivirus Please do not create multiple threads for the same problem! Read >>Posting help read first<< if you feel you are not getting help. Continue here: http://forums.techguy.org/malware-r...-remove-antivirus-2009-xpsecurity-center.html 1 more replies Answer Match 56.28% Hey guys, Josh here, to start Id like to say thanks. because ur site is well put together, registration was easy and I could quickly locate where i wanted to go. Onto a more topic related subject. Recently i was given ques by my computer that Warning! Security Report Your computer is infected! IT is recommended to start spyware cleaner tool. So instictively i clicked the bubble and took my path onto a link to the software known as Real Antivirus. Through hours of searching, I have come to realise that other people hve also encountered a problem with a virus which sounds similar to this (rouge virus known as, antivirus 2006-7-8-9 etc.) which may be created by the same group or person. I will quickly list the things Ive tried Various virus scans .malbytes antimalware .Mcaffee security center .Super antivirus free edition .The german sounding one which starts with a V (apologies). .Spyware doctor Also tried looking on other threads and googling etc. The symptoms that have become apparent are: .Slight loss of performance .Almost constant Warning! bubble .An incredibly ugly desktop background which says WARNING Dangerous Spyware Many viruses were found on your computer such as : trojan horse, passcapture, etc. Your personal information can fall into the "third hands" Please check up the computer with a special software thank (Gotta love there spelling.) .internet explorer being redirected to either the real antivirus homepage or a page saying that I ... Read more A:Real Antivirus/ antivirus 2009?- Require Assistance Logfile of HijackThis v1.99.1 Scan saved at 6:28:28 AM, on 12/14/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\PROGRA~1\McAfee\MPS\mps.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\S... Read more 1 more replies Answer Match 56.28% any one help to remove remove antivirus 2009 and xpsecurity center antivirus. after removing the files and registry entries still a icon in system tray poping up thanks A:remove antivirus 2009 and xpsecurity center antivirus Hi, Welcome to TSG!! Click here to download HJTInstall.exe Save HJTInstall.exe to your desktop. Doubleclick on the HJTInstall.exe icon on your desktop. By default it will install to C:\Program Files\Trend Micro\HijackThis . Click on Install. It will create a HijackThis icon on the desktop. Once installed, it will launch Hijackthis. Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log. Come back here to this thread and Paste the log in your next reply. DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required. 1 more replies Answer Match 56.28% Hi all,I have a PC with a 2.6 GHZ CPU, 1.5 GB RAM, a 250 GB internal C drive, 80 GB internal D drive and 2 external drives which were detached when the virus hit. I am running Windows XP Home with SP2. I use Panda Internet Security and Spybot S&D. Last week, I was hit with Antivirus 2008 Pro which crippled my PC for a couple days until I thought I had gotten rid of it with SpyHunter. It came back the next day and morphed into XPAntivirus, which also took a couple days to get off. Panda and Spybot didn't find anything when I ran them so I ended up using both Spyhunter and Spyware Doctor as well as SmitFraudFix and a couple of websites that listed files, directories, and registry keys that had to be deleted AND doing a complete clean install of XP after transferring all my relevant files over to an external drive. I finally got it off and was clean for almost a week until the night before last. I was trying to find a free PDF converter program for a friend of mine. I found PrimoPDF (not on the maker's website, unfortunately) and when I clicked on the install program, my computer restarted. When it came back on, I had the red alert message from Windows Automatic Updates which said that my updates were not turned on. When I tried to turn them on, the control panel said they were turned on but the red alert wouldn't go away and I couldn't go to the Microsoft update site manually. Also, error messages involving DLL files came up -- ubijcvin.dll and ijjcvslw.dll -- sayi... Read more A:Infected By Antivirus 2008 Pro, Then Xpantivirus, And Now Antivirus 2009. . . Hello Stacy and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully and install the Recovery Console first (not for Windows Vista users !).The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you. (WinXP SP3 users, please download the appropriate SP2 file, Home or Pro, to install the RC)In the event you already have Combofix, delete your current version and download the latest ... Read more 8 more replies Answer Match 55.86% For the past week or 2 my computer has been infected with Antivirus 2009. I have encountered this virus before on numerous different computers but this is the first time that I have seen it on my computer. Every other time I have dealt with it all I would have to do is run Malwarebytes once or twice and that would be the end of the problem. However when I did that on my computer it did not find Antivirus 2009 anywhere. So I looked for the common signs of it such as the folder in the program files and looking in the process tab of the task manager for av2009.exe or anything of the sort but none of that was there. So after I ran Malewarebytes which found some other viruses or trjoans which required a reboot to delete them I started getting bad image errors for the files that were deleted by Malwarebtyes. This message popsup anytime I open an executable program or when all of these programs load up when Windows starts. So now I have two problems: 1. I keep getting Antivirus 2009 popups as well as popups for other sites like searchme.com but there is no program to delete or any trace of it on my computer so it seems and 2. I keep getting these annoying Bad Image messages anytime I open something and I desperately want to get rid of them. (The exact message error is "The application or DLL c:\windows\system32\dudimuba.dll is not a valid Windows image. Please check this against your intallation diskette.") And I have also tried running Malwarebytes in safe mode doing... Read more A:Bad Image Error/Antivirus 2009 "Ghost" Infection This is in the wrong section but oh well, follow the steps on here >> http://www.techsupportforum.com/f50/...lp-305963.html for malware removal help from the experts... 1 more replies Answer Match 55.86% For the past week or 2 my computer has been infected with Antivirus 2009. I have encountered this virus before on numerous different computers but this is the first time that I have seen it on my computer. Every other time I have dealt with it all I would have to do is run Malwarebytes once or twice and that would be the end of the problem. However when I did that on my computer it did not find Antivirus 2009 anywhere. So I looked for the common signs of it such as the folder in the program files and looking in the process tab of the task manager for av2009.exe or anything of the sort but none of that was there. So after I ran Malewarebytes which found some other viruses or trjoans which required a reboot to delete them I started getting bad image errors for the files that were deleted by Malwarebtyes. This message popsup anytime I open an executable program or when all of these programs load up when Windows starts. So now I have two problems: 1. I keep getting Antivirus 2009 popups as well as popups for other sites like searchme.com but there is no program to delete or any trace of it on my computer so it seems and 2. I keep getting these annoying Bad Image messages anytime I open something and I desperately want to get rid of them. (The exact message error is "The application or DLL c:\windows\system32\dudimuba.dll is not a valid Windows image. Please check this against your intallation diskette.") And I have also tried running Malwarebytes in safe mode doing... Read more A:Bad Image Error/Antivirus 2009 "Ghost" Infection Hello and Welcome to TSF. Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription. Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed. ------------------------------------------------------ Please visit this webpage for download links, and instructions for running ComboFix: http://www.bleepingcomputer.com/comb...o-use-combofix * Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix. Please post the C:\ComboFix.txt in your next reply for further review. ------------------------------------------------------ 13 more replies Answer Match 55.02% Hello all, please help. I have a gateway FX laptop with vista that is two months old. I have Symantec newly installed. I ran a file that I probably shouldn't have and got zapped. I get continuous warnings and popus telling me to run scans. Then I get a popup scan window and advetrisements for MS Antivirus 2008, Vista Antivirus 2009, and other antivirus programs. I also get a ppcsx.exe window in startup, and two self resurrecting links to BDSM Extreme F%CK a T1Ts and A$$. Please help. what should I do? DO i need to download HJT? I have already done a full symantec scan to no effect. Please help.

A:Ms Antivirus 2008 / Vista Antivirus 2009

Welcome to BleepingComputerLet's try 2 different things before we worry about HijackThishttp://www.bleepingcomputer.com/forums/ind...st&p=876163Run a scan with MBAM and post the log pleasealso scan with norton's from safe modehttp://www.malwareremoval.com/tutorials/safemodeboot.php

7 more replies
Answer Match 55.02%

Hi all,
First of all, thank you to everyone who helps out in this forum, it is greatly appreciated.

I have the unfortunate job of cleaning my relative's computer and here is what I found. There are random popups containing information about purchasing the antivirus 360/antivirus 2009 software. I also ran Trend Micro House Call and it found the Trojan.Vundo file but was unable to do anything about it. Below are the DDS reports. I tried running a kaspersky scan but it forced Firefox to unexpectedly close 3-4 times while trying to complete it. I'm not sure what caused that either!

Thanks again.
DDS (Version 1.1.0) - NTFSx86
Run by Donna at 14:11:57.17 on Thu 12/25/2008
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.66 [GMT -5:00]

AV: AVG 7.5.503 *On-access scanning enabled* (Updated)
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\... Read more

A:Antivirus 2009/antivirus 360/Trojan.Vundo

Please download Malwarebytes' Anti-Malware from HERE or HERENote: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.NEXTPlease download RSIT by random/random and save it to your Desktop.Double click on RSIT.exe to run RSITBefore you click "Continue", make sure you change the List files/folders created or modified in the last 3 monthsClick Continue at the disclaimer screen.Once it has finished, two lo... Read more

2 more replies
Answer Match 55.02%

Firstly I'd like it to be noted that I've done all the preliminary steps suggested. I've also researched Antivirus 2009, which is the malware that I know I have. I then did all the steps posted here http://www.bleepingcomputer.com/malware-re...-antivirus-2009. And though it appears that Av 2009 is no longer in my taskbar (thankfully). It still appears that it is in IE because I'm getting the link that appears in Google, the occasional random blocking, and the constant gold bar on the top of the screen.Thankfully I have Google Chrome to use for now, but I'd still like to completely restore IE and anything else that may remain on my computer.(P.S. I think I may have to remove the BHOs, but I don't know how, and I'm afraid to hack away at them willy-nilly.)Anyways, here's my HijackThis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:42:16 PM, on 1/17/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Dev... Read more

A:AV 2009: Malwarebytes Only Worked Partially

Hello Cryopyre,I'm DocSatan and I will be helping you with your computer problem. Give me some time to research your Log and I will get back to you.In the meantime, please do not make any changes (deletions, etc.) to this system.Doc.

2 more replies
Answer Match 55.02%

I've been using Webroot Anti-virus with Spy Sweeper but am looking to change as viruses have recently crippled my computer.

I am interested in using Avast and malwarebytes. Can they both be used for real time protection or would they conflict with each other (and/or take up too much resources)? I am looking at getting the paid version of malwearebytes for real time protection.

Would running only one of these programs as real time protection sufficiently protect my computer from virusues, malware and spyware or would using only one leave me vulnerable?

Thanks for any insight here.

A:Is it a good idea to run Avast and malwarebytes (real time protection) at the same time?

I see you have an open log topic here: http://www.bleepingcomputer.com/forums/t/309829/google-redirect-fake-virus-warnings-antivirus-plus-popup-xp-security-center-and-other-assorted-issues/Please finish up there with m0le before making any changes to your system not called for by m0le.But to answer your question, I highly recommend Avast. As for MBAM, I use the free version for on demand scans. Read this:The full version of Malwarebytes Anti-Malware includes the ability to schedule updates and provides a real-time malware protection module that stops malicious processes before they can infect your computer. The Protection Module is not intrusive as it utilizes few system resources and should not conflict with other scanners or anti-virus programs. Keep in mind that Malwarebytes does not act as a real-time protection scanner for every file like an anti-virus program so it is intended to be a supplement, not a substitute. Those who purchase the full version receive a license key via email which includes a lifetime of free upgrades and support. For corporate and business customers, annual licenses are required.Also:Choosing a security toolkit with anti-virus, firewall and anti-malware programs is a matter of personal preference, your technical ability and experience, features offered, the amount of resources utilized, how it may affect system performance and what will work best for your system. A particular combination that works well for one person may not work as well for anot... Read more

3 more replies
Answer Match 55.02%

My mom gave me an old laptop of hers, it's a Gateway M285-E running Windows 7 32-bit. At first I noticed that explorer wasn't working right, for instance, the entire C drive seems to be empty (except for two files) and some explorer windows are coming up without any words (see first screenshot), task manager included. I tried to Run AVG anti-virus scan, but it froze the computer everytime, so I uninstalled and not have avast! free on it. When scaning, the run0time error pops up each time sometime in the middle of the scan. A friend recommended Malwarebytes, so I tried to use that, but the same error pops up and sometimes I get BSOD after only having started the computer. Below are some screenshots of the problems, and atatched is my Windows_NT6_BSOD_jcgriff2 file. As can be seen in a screenshot, I could not get a system health report, the same error happens everytime I try even after restarting the computer.
If any other information is needed I will be happy to supply it.

Attachment 190903
Attachment 190904
Attachment 190905

A:BSOD and Run-Time error '6': Overflow when antivirus scanning

OK Camokid

There are several problems here that my partner and I are going to help you work through. I would suggest up front if you can do a clean re-install of win 7 it would be faster and easier.

That having been said, in your specs you have SP-1 in the crashes you dont.

Your OS version in the crashes is listed as "enterprise", which is not the best version to be running at home. Has that OS been modified in any manner?

As m partner is saying there are at least three separate malware apps running simultaneously. Thats never a good idea. Follow her directions for the removal of them.

5 more replies
Answer Match 54.6%

Hi,I have Windows XP Professional installed on my PC, about 3 days ago I started getting this error message ATTENTION! If your computer is struck by the spyware, you could suffer data loss, erratic PC behaviour, PC freezes and creahes."By the spyware? Creahes? Who writes this stuff?"Detect and remove viruses before they damage your computer!Antivirus 2009 will perform a 100% FREE and quick scan of your computer for Viruses, Spyware and Adware.Do you want to install Antivirus 2009 to scan your computer for malware now? (Recommended)But I didn?t buy or install any programs recommended by the message, this might be spyware that I might have gotten from a website.Also popups and ads started to show up as well when I do searches.After some research, I found that Malwarebytes? Anti-malware seems to resolve this problem,After running the scans and restarting the computer, I got this error message Error loading c:\windows\system32\mimovelu.dll After clicking okay? after 5 mins of running the PC fine, all the programs start to run slow and stop working?and I have no choice but to do a manuel restart and the same problems continues.Basicly it is freezing my PC and I believe that it is reinstalling the program?I also tried to run Malwarebytes in safe mode, it finds the corrupted files and delete them but it keeps coming back?Here is Hijackthis in normal modeLogfile of random's system information tool 1.04 (written by random/random)Run by Administrator at... Read more

A:Malware, XP AntiSpyware 2009, Malwarebytes Freezing PC

Hello vb28 and welcome to BC. Let's see what we can find.Before running a new scan let's clean out the temporoary folders. Download ATF Cleaner to your Desktop.Double-click ATF-Cleaner.exe to run the program.Click Select All found at the bottom of the list.Click the Empty Selected button.If you use Firefox browser, do this also:Click Firefox at the top and choose Select All from the list.Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser, do this also:Click Opera at the top and choose Select All from the list.Close ALL Internet browsers (very important).Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Now download OTScanIt2.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt2 on your desktop.Note: You must be logged on to the system with an account that has Administrator privileges to run this program.Close ALL OTHER PROGRAMS.Open the OTScanIt2 folder and double-click on OTScanIt2.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).Click the Scan All Users checkbox on the toolbar.Do not change any other settings.Now click the Run Scan button on the toolbar.Let it run unhindered until it finishes.When the scan is complete Notepad will open with the report fi... Read more

13 more replies
Answer Match 54.6%

Hi

I have been infected with Spyware Protect 2009

I was able to download Malwarebytes' Anti Malware program however when I ran it it locked up at the "Finishing" Stage of the install.
It is now frozen and I am unable to run it.

I can't even click on "My Computer" i just get the hourglass symbol for a few seconds and then nothing, WMP won't play, everything is in limbo
can't run Spybot, etc.. it did let me connect to the internet.

Windows XP machine with auto updates active

I also am getting a message after turning on that says "ViewMgr has encountered a problem and needs to close"

Everything is frozen for the most part except the popups from Spyware Protect
DO I have any chance of cleaning this mess with so much frozen?

tami

A:infected with Spyware Protect 2009, can not run Malwarebytes

Some types of malware will disable MBAM and other security tools. If MBAM will not install, try renaming it.Before saving any of your security programs, rename them first. For example, before you save Malwarebytes', rename it to something like MBblah.exe and then click on Save and save it to your desktop. Same thing after you install it. Before running it, rename the main executable file first

Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.

If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run..Another work around is by not using the mouse to install it, Just use the arrow keys, tab, and enter keys. ~ Courtesy of boopmePlease download Malwarebytes Anti-Malware and save it to your desktop.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that... Read more

24 more replies
Answer Match 53.76%

Hi, I've looked at all of your methods, and others online on how to remove spyware protect 2009 from my computer. At least I can use aol browser, but not IE. I've used AVIRA, aol spyware protection, adaware first with no luck. They didn't even find it.

So I went online to see how others got rid of it. I followed their directions. I tried shutting off system restore, then downloading malwarebytes. I couldn't get malwarebytes to run! It just created an icon, but didn't do anything. I then uninstalled it, turned system restore back on, tried to go back to an earlier time, but it wouldn't allow me to do so. I couldn't click the calendar to go back. I then tried another link to download malwarebytes again, but it did the same thing.

While I'm typing this, I just got a message from Norton pc checkup that they found spywareprotect, but it will cost me 129.00 to buy their software. Plus they have my performance as only 2 stars (fair)

I am really not very good at computer lingo, so if anyone can help me, please know I'm not a geek, just a person that can follow step by step directions. Thanks in advance to anyone who can advise.

DJ

A:Cant remove Spyware Protect 2009 malwarebytes won't work

Try to rename the Malwarebytes file to red.com and see if it runs like that. The infection you have is watching for that file to be run. What version of Windows are you using? Please update Avira and run a scan - post its log.

1 more replies
Answer Match 53.76%

I am having the exact same problem. I did manage to install Malwarebytes, but can't get it to run. I tried renaming the file; I tried using hijackthis, I tried booting windows into safe mode. None of this will run. I even tried combofix and it won't run either. What can I do manually that would temporarily help? I have windows xp.cheezfriquote name='rigel' date='Mar 1 2009, 12:32 PM' post='1158038']Try to rename the Malwarebytes file to red.com and see if it runs like that. The infection you have is watching for that file to be run. What version of Windows are you using? Please update Avira and run a scan - post its log.[/quote]

A:Cant remove Spyware Protect 2009 malwarebytes won't work

Please print out and follow these instructions: "How to use SDFix". When using this tool, you must use the Administrator's account or an account with "Administrative rights"Disconnect from the Internet and temporarily disable your anti-virus, script blocking and any real time protection programs before performing a scan.When done, the SDFix report log will open in notepad and automatically be saved in the SDFix folder as Report.txt.If SDFix is unable to run after rebooting from Safe Mode, run SDFix in either Mode, and type F, then press Enter for it to finish the final stage and produce the report.Please copy and paste the contents of Report.txt in your next reply.Be sure to renable you anti-virus and and other security programs before connecting to the Internet.-- If the computer has been infected with the VirusAlert! malware warning from the clock and the Start Menu icons or drives are not visible, open the SDFix folder, right-click on either the XP_VirusAlert_Repair.inf or W2K VirusAlert_Repair.inf (depending on your version of Windows) and select Install from the Context menu. Then reboot to apply the changes.

3 more replies
Answer Match 53.76%

Hey there! Last time I had troubles, I came to you folks and you helped fix me up! Got the spyware protect 2009 infection. Googled spyware protect and got recomendation to download spyhunter 3. Ran that and found that in order to remove the viruses/parasites that it identified I had to pay for it. After reading in some forums discovered it was basically a fake and to use Malwarebytes' Anti-Malware to locate and remove it. I did and am still having some problems when logging in it can't find some files and once logged in and on a site, occasionally a pop up will appear for advertising, etc. Below is my hijackthis log. Please advise.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:02:22 PM, on 3/6/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.e... Read more

A:Infected w/spware protect 2009 used Malwarebytes unsuccessful

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. Please download Trend Micro - HijackThis. Do a new scan with Trend Micro - HijackThis and post it in your next reply. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instructed to do so! Let me know if any of the links do not work or if any of the tools do not work. Tell me about problems or symptoms that occur during the fix. Do not run any other programs or open any other windows while doing a fix. Ask any questions that you ... Read more

2 more replies
Answer Match 52.92%

Well, MBAM did a flash scan while I was gone for a minute and a Rogue AV popped up in the scan. Ever since last night my computer has been freezing completely, requiring a hard shutdown. This has happened five times so far.I have beefed up my computer security since my last visit here, and I was hoping to not require coming back for help again.Here is the MBAM log.

Malwarebytes Anti-Malware (PRO) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.28.04

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
home :: HOME-PC [administrator]

Protection: Enabled

1/28/2012 12:51:32 PM
mbam-log-2012-01-28 (12-51-32).txt

Scan type: Flash scan
Scan options enabled: Memory | Startup | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: Registry | File System
Objects scanned: 177055
Time elapsed: 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
c:\program files (x86)\antivirus pc 2009\quarantine (Rogue.AntiVirusPC2009) -> Delete on reboot.

Files Detected: 0
(No malicious items detected)

(end)

A:Rogue AntiVirus - AntiVirus PC 2009

Hi Rewster,My name is Jason and I'll be helping you with your computer problems. You can call me by my screename jntkwx or Jason is fine.Some things to remember while we are working together.Do not run any other tool untill instructed to do so!Please do not attach logs or put logs in code or quote boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can also help.Do not run anything while running a fix.If you don't understand a step, please ask for clarification before continuing with any future steps.Click on the Watch Topic button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Note to others: The instructions here are intended for the person who began this topic. If you need help, please create your own topic in the appropriate forum.  Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer ErrorsList Installed ProgramsList DevicesList Users, Partitions and Memory size.List Minidump FilesClick Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings&qu... Read more

34 more replies
Answer Match 52.92%

Greetings,

First thanks for the folks that man these great forums, I have read many posts here and I must say I am overly impressed with the kindness and patience shown by everyone.

We are running Windows XP on a Lonovo laptop. Not sure what other info you need regarding the computer but if you ask I will provide.

First we experienced the Sowar issue (it shows Sowar browser and takes us to a porn site called redtube.com) and while trying to track that down we ended up with Antivirus 2009. I had this beofre on another laptop so I tried to use the same fix from Malwarebytes but it would not delete everything. Before you know it I was getting the messsages about Antivirus 360.

Now I am willing to admit I need help. I am not sure which problem to fix first or honestly how to fix them now that malwarebytes does not seem to be able to fix them.

thanks in advance for helping us out.

K

A:Sowar, antivirus 2009 and antivirus 360 all at once

Try this:How to Remove sowar.vbs VirusCAUTION: These steps involve making changes in the registry. Always back up your registry before making any changes. If you are not familiar with working in the registry, then you should NOT attempt to make any changes on your own.To fix the "Long Live Sowar" message in the title bar, see How to Change the Internet Explorer Window Title (be sure to read the section on backing up your registry first) or you can try using ieclear.bat by IE MVP Hans Le Roy which will reset the title to Windows default.Then download Flash_Disinfector.exe by sUBs and save it to your desktop.Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well. Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.Wait until it has finished scanning and then exit the program.Reboot your computer when done.Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that is plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.When done, check for and remove any Startup RUN values by downloading and using Autoruns.

16 more replies
Answer Match 52.92%

Grrrr I don't know which one I have but I know they are a major pain.I posted a hijack this log on the spybot help forum last night and went to bed but still no answer this morning. Do I need to do another one? Weirdo things happened on startup this morning. Any and all help is appreciated. Thanks in advance. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:45:58 PM, on 9/17/2008Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Windows\RtHDVCpl.exeC:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exeC:\Windows\System32\rundll32.exeC:\Program Files\Java\jre1.6.0_01\bin\jusched.exeC:\Program Files\AVG\AVG8\avgtray.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Windows\ehome\ehtray.exeC:\Windows\System32\rundll32.exeC:\Program Files\MSN Messenger\msnmsgr.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Windows\System32\rundll32.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Windows\System3... Read more

A:Virtumonde, 2009 Antivirus, Ms Antivirus

Hi debbieThanks for telling us you have posted on another forum, I have locked your thread at spybot's forum.It wastes helpers time if you are being helped on one forum & then a helper answers your thread on another forum... it can also cause bigger problems for you if you follow advice from 2 forums at the same time Please Download Malwarebytes' Anti-Malware from Here :-http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.htmlor here :-http://www.besttechie.net/tools/mbam-setup.exeDouble Click mbam-setup.exe to install the application.* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.* If an update is found, it will download and install the latest version.* Once the program has loaded, select "Perform Quick Scan", then click Scan.* The scan may take some time to finish,so please be patient.* When the scan is complete, click OK, then Show Results to view the results.* Make sure that everything is checked, and click Remove Selected.* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.* Copy and Paste the entire report in your next reply.THEN ...Please follow these directions to run Combofix & post a log.http://www.bleepingcomputer.com/combofix/how-to-use-combofixsteam

7 more replies
Answer Match 52.92%

My friend's computer was infected with Spyware Guard 2009 and a TDSSserv viruses and while I have seemed to get rid of those using SuperAntiVirus it is still hanging during Malwarebytes and HJT. It freezes in HJT after finishing the scan and freeze in Malwarebytes after hitting wups.dll or wups2.dll, always around 13 secs into the scan. Computer is now running but still not exactly smooth. I updated Windows to XP SP3 and downloaded all the security updates and its still not working well.DDS (Ver_09-09-29.01) - NTFSx86 Run by Owner at 3:39:38.85 on Tue 02/09/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.683 [GMT -5:00]AV: McAfee VirusScan *On-access scanning enabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Personal Firewall Plus *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\system32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exeC:\Program Files\iPod\... Read more

A:Laptop Hanging During HJT and MalwareBytes after Spyware Guard 2009 + TDSSserv Removal with SAS

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 50.82%

hi . . .
i already removed the antivirus 2008 folder using combofix . . .
however, everytime i accessed the internet, everytime i clicked a link or entered webpage, in my browser, it says
Insecure Internet activity. Threat of virus attack

Due to insecure Internet browsing your PC can easily get infected with viruses, worms and trojans without your knowledge, and that can lead to system slowdown, freezes and crashes.
Also insecure Internet activity can result in revealing your personal information.
To get full advanced real-time protection for PC and Internet activity, register Antivirus 2008.
We recommend you to protect your PC now and continue safe Internet browsing.
Click here to get full advanced real-time protection and continue browsing.
Continue to this website unprotected (not recommended).

i tried using Malwarebytes antiMalware but it didn't remove it . . .
Sysclean, however, terminates it but when i opened my pc again it appears again . . .
please help . . .

A:about antivirus 2009

Since you have a HJT log posted in the HijackThis Logs and Malware Removal forum, I'm going to close this Topic.You shouldn't make any changes to your system, while you are receiving help with your HJT log, as that could make it difficult to properly clean your system.At this point, the HJT Team should be the only members that you take advice from, until they have verified your log as clean.If you have any questions, don't hesitate to send me a PM.

1 more replies
Answer Match 50.82%

Is there a program someone can recommend that will remove Antivirus 2009 or does it have to be done manually?

A:Antivirus 2009

Click here to download HJTInstall.exe

Save HJTInstall.exe to your desktop.
Doubleclick on the HJTInstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

1 more replies
Answer Match 50.82%

Hi, I'm new to this site and hoping someone can help me.

I am trying to remove Antivirus Pro 2009 from a friend's PC (running Windows XP SP3). The program has blocked his internet connection completely, so no pages will load in IE or Firefox. Also none of his security programs can gain access to do their updates.

I downloaded the Malwarebytes' AntiMalware program on my computer, then copied it to a CD to load onto the infected computer, intending to follow the removal instructions on this site. However, when I try to run the mbam-setup.exe program, nothing happens - I know from installing it on my own computer that there is a initial dialogue box asking you to select your language, but this does not appear. Task Manager lists mbam-setup.exe as a running process, but there is nothing on the applications tab (the failure to run also affects SpybotS&D and Comodo icons, but it is possible to run AVG8, A-squared, Adaware 2008, although they are all now out of date).

The failure of mbam-setup.exe to run means that I cannot make any further progress in the removal process. I have tried to run it in Safe Mode as well, but it makes no difference.

I have managed to run AVG AntiRootkit and it has shown a hidden program called brastk.exe, along with various files starting TDSS (mainly .ddl or .dat) and other files named c_055nnn.nls (nnn =three digit numeric). I understand that brastk.exe is a problem, but how can I remove it?

Sorry for the length of this post. ... Read more

A:Antivirus Pro 2009

Hi Portman and welcome to BleepingComputer.First a word of warning about TDSS...IMPORTANT NOTE: One or more of the identified infections was related to a rootkit component. Rootkits and backdoor Trojan are very dangerous because they use advanced techniques (backdoors) as a means of accessing a computer system that bypasses security mechanisms and steal sensitive information which they send back to the hacker. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. Remote attackers use backdoor Trojans and rootkits as part of an exploit to gain unauthorized access to a computer and take control of it without your knowledge. If your computer was used for online banking, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised. They should be changed by using a different computer and not the infected one. If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? Although the rootkit was identified and removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. I... Read more

2 more replies
Answer Match 50.82%

I tried to follow the directions in the preperation guide but D.D.S. just seems to freeze up. I get to the DDS information screen and nothing happens. I have let it run for quite some time without seeming to have any results. As far as I know I am not running a script blocker. Is there an alternative so that I could get started with you all? My computer is quickly becoming unusable. I wasn't even able to get to this site because of it being blocked(seemingly another result of the infection). I ended up needing to go through google.

Thanks in advance

A:Antivirus 2009

Just to add what is going on. The primary popup I get is for Windows Antivrus 2009. There are several other things that popup and seem to be slowing down my computer. Attempts to use Adaware have been unsuccessful because something causes it to crash midscan.

3 more replies
Answer Match 50.82%

Hubby called me and yelled at me for the computer freaking out today..

I KNEW something was amiss when he told me there was a program icon on the desktop called Antivirus 2009. I ONLY use AVG after my last conundrum you all awesome forum people helped me with (running like 3 antivirus at the same time = no good!)

I need to know how to get this thing off my computer.. It has a stupid little thing in my task bar that I cannot close down and it keeps coming up with this WINDOWS security faked pop up.

I looked through the search here but could not really find anything on this certain program..

Any help would be greatly appreciated.

I wanna know how I keep getting these!! =( I dont download much of anything anymore because I do not want my computer to crash.. hubby says we are going to buy an antivirus program this weekend.. (any tips on the best one?)

A:Antivirus 2009

SmitFraudFix Search Results

SmitFraudFix v2.352

Scan done at 18:33:33.96, Thu 01/29/2009
Run from C:\Documents and Settings\Krys\Desktop\Computer Doctor lol\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

???????????????????????? Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files... Read more

3 more replies
Answer Match 50.82%

this is a bit of an odd request. i am looking to GET XP AntiVirus 2009 - purely for TESTING purposes.

basically, i have Malwarebytes protection and i want to see if it'll catch XP AntiVirus 2009 while its downloading or installing...

so yeah. as i said, odd request. if anyone knows of any sites that are infected with it, please let me know.

thanks!

A:XP AntiVirus 2009

this is a bit of an odd request. i am looking to GET XP AntiVirus 2009 - purely for TESTING purposes.basically, i have Malwarebytes protection and i want to see if it'll catch XP AntiVirus 2009 while its downloading or installing...so yeah. as i said, odd request. if anyone knows of any sites that are infected with it, please let me know.thanks!Well, I am not sure about XP AntiVirus 2009, but AntiVirus 2010 has a website: Removed link - see next post. You could run a scan and do whatever you want there.~Mod edit: Removed referenced web site. rigel

2 more replies
Answer Match 50.82%

Hi,

I have a friend who has got the Windows XP AntiSpyware 2009 virus. It seems to be blocking me from opening any antivirus/antispyware software that I install on the computer. I've tried SuperANTISpyware and Kaspersky Internet Security and AVG... simply nothing happens when I double click the icon or any of their exe files and AVG wouildn't install at all.

I have removed nearly every entry from all of the 'Run' keys within the registry and unchecked everything in msconfig->startup, also tried the 'Minimal Startup' option. Windows XP AntiVirus 2009 still loads, and I still cannot run any antivirus software. What is causing it to still start up? This also applies for Safe Mode. I have downloaded MalwareBYTES and intend to try that when I'm back out there today, but I am not sure if that will work either.

Does it have a Windows Service that I also need to stop in order to prevent it from starting? Or if not, how is it still starting?

Any help would be much appreciated... I am trying to avoid a format or re-install of XP..

I had to get rid of an Email Worm virus that blocked antispyware/antivirus software also and a 'taskkill /F /FI "PID ge 550"' into the command prompt managed to crash the virus so I could run the scan and remove it. but that method didn't work this time.

Thanks,
Cam Johnson

A:XP Antivirus 2009

Sorry it is XP AntiSpyware 2009, not antivirus.. xpas2009.com is it's website...

1 more replies
Answer Match 50.82%

My wife's computer was infected with the Antivirus Pro 2009 trojan. In addition, her browser is going to some off-the-wall websites on it's own. I am running Symantec Antivirus and the latest updates (2 november 2008) picked it up and quarantined it and yet I'm still having it pop up trying to reinstall itself. I bought Webroot's Spy Sweeper yesterday and it picked up "virtumonde" as well as a couple other minors. I updated Symantec again to 3 november files and still having issues with this machine's browser doing the same thing. I ran Hijackthis and it listed 2 items that I did let it fix (line 08 and 16 in the first log). The second log is after I let it fix those 2 lines and rebooted. the following are the two logs. The first is the one BEFORE I let Hijackthis fix the 2 lines and the econd is AFTER the fix and reboot. What am I missing?

Before Fix:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:00:27 PM, on 11/3/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\... Read more

A:Antivirus Pro 2009

Hi, Welcome to TSG!!

Please download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Click Exit on the Main menu to close the program.

Please download Malwarebytes Anti-Malware and save it to your desktop. alternate link 1 alternate link 2
Make sure you are connected to the Internet.
Double-click on Download_mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware

Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
Make sure the "Perform Quick Scan" option is selected.
Then click on the Scan button.

If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say &quo... Read more

1 more replies
Answer Match 50.82%

I let my son borrow my lap top for the weekend on a trip with his friends and when he returned it to me this past monday it had some pop up thing on it called antivirus 2009 that has got to be the most annoying thing in the world. ive tried deleteing it i did a search about it on how to remove it and tried running a program called malwarebytes which didnt work, its still there hopefuly you all can help me.. please. i run windows vista home premium.

A:antivirus 2009

You have an actice HJT log postedyou should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.If after 5 days you still have received no response, then post a link to your HJT log in the thread titled "Haven't Had A Re... Read more

1 more replies
Answer Match 50.82%

oom , 10 day ago , in ,my system same error with your error happened but it is viruseand i solve it by install new winhowever install new win is latest work for itMod Edit: Post split from topic "about antivirus 2009"~ TMacK

More replies
Answer Match 50.82%

i have been struck by "antivirus 2009".I am a novice with computers and have no idea what to do.I run escan antivirus which has picked a virus in the boot sector on myD: what must i do to remove antivirus 2009 and fix my system as there are constant pop-ups and I cannot access my virus monitor which says disabled. I attach hjt log. pls help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:35:11 AM, on 2008/08/01
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\PROGRA~1\eScan\VISTA\avpmapp.exe
C:\PROGRA~1\eScan\TRAYSSER.EXE
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwrite... Read more

More replies
Answer Match 50.82%

Hi
I'm blue jeans because I love to wear them. Live in Calif.

My computer was infected with the dreaded 2009 virus and I was able to clean it with software from this site. However
my antivirus software still shows a contaminated file in the System Volume Information directory. How can I get rid of it? I

A:antivirus 2009

Flush your system restore...Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.The easiest and safest way to do this is:Go to Start > Programs > Accessories > System Tools and click "System Restore".Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.Then use Disk Cleanup to remove all but the most recently created Restore Point.Go to Start > Run and type: CleanmgrClick "Ok"Disk Cleanup will scan your files for several minutes, then open.Click the "More Options" Tab.Click the "Clean up" button under System Restore.Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"Click Yes, then click Ok.Click Yes again when prompted with "Are you sure you want to perform these actions?"Disk Cl... Read more

1 more replies
Answer Match 50.82%

Since yesterday I get a pop-up for Antivirus 2009 offering to link to purchase site in order to remove viruses on my computer. I have not clicked on the link and I did not download or install Antivirus 2009 and can't find it on my add/remove program list.

What can I do to:
1) Remove traces of Antivirus 2009
2) Scan my computer for Malware/Spyware/Viruses.

I am running Windows XP

SILKMAN

More replies
Answer Match 50.82%

Hello, I was recently infected with the "Antivirus 2009" malware program along with who knows what else. I have tried going on the internet and dowloading malware bytes along with a few other programs and I keep getting redirected to different sites. I then downloaded them from my laptop to a travel drive and when I click on them to use them, they won't run. I can't get my AVG to run either because it won't update and the computer will not let it. I have tried doing all of this in both Safemode with Networking and regular mode.

Attached is my DDS file... please help.....I have tried posting on a different site and it's been two days and they haven't helped yet......please, please help.

PS - I lost my windowsXP disk but if we have to redo my computer, I have my vista disk from my laptop if I can use it.

A:Please help with getting rid of Antivirus 2009 and possible others

Can I use the restore option? Not system restore but a real "restore" meaning it's a PC Restore option that comes with most dell computers. Do you think this will work? I am just about at my wits end because now I can't even seem to operate the computer unless it's in complete safe mode.

2 more replies
Answer Match 50.82%

I have the Antivirus 2009 malware on my computer. It is obviously running but it doesn't appear in the task manager and i can't find it by search for antivirus 2009 or av2009. My malware removal tools (AdAware and PC Tools Spyware Doctor) find the program but when they say they remove it, it still appears.

Please advise.

Thanks.

A:Antivirus 2009 - how do i get rid of it?

Hello Ben,

I recommend that you start with the steps posted in the malware removal forum. Run as many steps as possible. At the final step if still having problems you can post a hijackthis log and an expert will assist you in cleaning your system. Please be patient as that is a busy forum and it may take awhile before someone can assist you. Just follow the link below.

http://www.techsupportforum.com/secu...oval-help.html

3 more replies
Answer Match 50.82%

Hi there, I found these forums a while ago by accident, and decided to keep it bookmarked in case I ever had any problems.

Recently, I was browsing with Firefox when the Antivirus 2009 window came up.

"The page at h t t p://internet-defense2009 . c o m says:

ATTENTION! If your computer is infected, you could suffer data loss, erratic PC behavior, PC freezes and crashes.

Detect and remove viruses before they damage your computer!
Antivirus 2009 will perform a quick and 100% FREE scan of your computer for Viruses, Spyware, and Adware.

Do you want to install Antivirus 2009 to scan your computer for malware now? (Recommended)

Yes No"

I have not clicked anything, because I wasn't sure how to close the window without it doing something, or, does just it coming up mean something is wrong? I started a scan with my anti virus program (Trend Micro), but it's not done yet (and so far it has not found anything)

If someone could tell me if it's safe to close this window, or if I'm already infected, that would be great.

Oh, and I am using XP.

Thanks so much.

A:Antivirus 2009

Hello and welcome. To play it safe. Open the Task Manager and End the Procees there.In case you need this..hit these 3 keys together to open the Task Manager.CTRL>ALT>DELIn the Applications Tab highlight the running procces.Click,End Task buttonClose Task ManagerNow run a scan to see what it says.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patie... Read more

4 more replies
Answer Match 50.82%

I have acquired Antivirus 2009....I had 2008 but somehow got rid of it but 2009 then appeared..It has taken my desktop and made it turn white and will not allow recovery

I can only access websites that have nothing to do with virus removal...every time I search for a cure it re-directs me...my quesion is...how do i download or obtain something to rid my machine of this pest.

Thanks

bob

A:Antivirus 2009

Hello Bob, this is the wrong topic they may move you to "Am i infected? what do i do?" forum" Witch our members will help you through your problem.

2 more replies
Answer Match 50.82%

I've got it bad.

Had the Antivirus 2008 over a year ago and managed to get rid of it on my own. A few weeks ago I switched ISP from Verizon to Comcast DSL. While installing the Comcast software, which includes McAfee, I was instructed to first completly remove all antispyware and virus and such. I did this and then installed McAfee and then got the Antivirus 2009, really bad too. I called Comcast and they said it was probably on the PC already so it's not thier issue!!!! I've since downloaded spybot, adaware, regcure, Malware, antispyware, McAfee, Microsoft stuff too .... all of which do not help. I tried starting in safe mode and then run some of these programs but the bug begins to show up in safe mode without any internet connnection!!! Whenever I run the various antispy programs I get many results with a fair portion of serious trojans and such.

I read this link and will load the suggested programs and get the data once I get to my home pc where the problem is. I just want to start a thread now so I'll be ready to begin once I get home.

http://www.techsupportforum.com/f100...09-332344.html

I'll also have all the data requested here.

http://www.techsupportforum.com/f50/...lp-305963.html

A:Antivirus 2009

Zipped files attached & text below. What else can I do?

GMER 1.0.15.14939 - http://www.gmer.net
Rootkit scan 2009-03-18 07:37:05
Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.15 ----

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF7483506]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF7472240]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF7472432]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF7483CC8]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF7483F88]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF74823EC]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF74843EC]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF74837B8]
SSDT \??\C:\Program Files\SUPERAntiSpywar... Read more

4 more replies
Answer Match 50.82%

At first my i noticed pops about infections, trojans, spyware etc. AV Pro 2009 came up, hit the red x.
Tried to remove with malwarebytes and had no success.

I ran malwarebytes. Removed everything except for the two entries. I have attached that log from malwarebytes
Maleware thinks it is removed but when i reboot and scan the machine again it reappears.
Thank you

DDS (Ver_09-03-16.01) - NTFSx86
Run by Administrator at 12:48:29.78 on Tue 03/31/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.445 [GMT -7:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL\$VAI... Read more

A:Antivirus Pro 2009

Hello Dave Melendez,I am sorry to give you some very bad news. Your System is infected with Virut!!Virut is a file infecting virus which is able to modify itself each and every time it runs. In addition, when it infects, sometimes it will destroy the file it tries to latch onto. For these reasons, you really can't truly fix Virut. You will need to format/reinstall the operating system on this machine.More information:http://free.avg.com/66558There are bugs in the viral code. When the virus produces infected files, it also creates non-functional files that also contain the virus.http://home.mcafee.com/VirusInfo/VirusProf...aspx?key=143034W32/Virut.h is a polymorphic, entry point obscuring (EPO) file infector with IRC bot functionality. It can accept commands to download other malware on the compromised machine.It appends to the end of the last section of executable (PE) files an encrypted copy of its code. The decryptor is polymorphic and can be located either: Immediately before the encrypted code at the end of the last sectionAt the end of the code section of the infected host in 'slack-space' (assuming there is any)At the original entry point of the host (overwriting the original host code)Miekiemoes, an expert??for malware removal, and an MS-MVP, additionally has a blog post about Virut.I suggest you to start backup all of your valuable data/documents/pictures/movies/songs/etc.. Do NOT backup any applications/installers and Do NOT backup any .exe/.scr/.htm/.html/.x... Read more

8 more replies
Answer Match 50.82%

I need help knowing where to post my "LOG" I ran combofix to help get rid of the antivirus 2009 virus and now it is telling me to post the log>>>>Help I am not computer savvy

A:Antivirus 2009

Hello hold on with that for a bit and run this.Hello and welcome please run these next. If you have Spybot installed temporarily disable it.Next run ATF:Please download ATF Cleaner by Atribune & save it to your desktop.Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox browser click Firefox at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser click Opera at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".Next run MBAM:Please download Malwarebytes Anti-Malware (v1.32) and save it to your desktop.alternate download link 1alternate download link 2If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will auto... Read more

1 more replies
Answer Match 50.82%

okay so apprently i have acquired the antivirusxppro2009 virus through the pop up i presume. It has caused applications to not launch and others such as my documents to launch on its own. It also wont allow me to acces controlaltdelete. Whenever i try to open up either firefox or window explorer it wont load a page and it randomly with pop up firefox with it saying it is trying to load a antiviruspro2009 website. Im not on my computer at the moment seeing as how im able to post this. Is there anything i can do to remove it without even being able to load a webpage or should i just reformat?

A:antivirus xp pro 2009

I would suggest using a clean computer and a usb drive, there are precautions to take as to not spread the infection back thru the usb drivePlease download Flash_Disinfector.exe by sUBs and save it to your desktop.Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.Wait until it has finished scanning and then exit the program.Reboot your computer when done.Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.You can download this fie and others to the clean computer, run Flash_Disinfector.exe and immunize the usb driveI would start with these programsPlease download ATF Cleaner by Atribune & save it to your desktop.Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox browser click Firefox at the top and choose: Select AllClick the Empty Selected button.
If you would like to ke... Read more

1 more replies
Answer Match 50.82%

Hello there,

I recently read a post of with regard to the antivirus 2009 ([solved] virus 2009) from a Caroline123.

I believe I've also become a victim of this virus and I've followed a manual deletion process (which I don't think has fully worked). However, at the moment antivirus is not popping up in my desktop every second saying you have a virus anymore but my computer is telling me I've got malware detected and the recent spyware doctor that I've installed as a result has informed me of it and it is still coming up in its scan that I just run. It?s also still on my program files list.

I've followed the steps from the NEW INSTRUCTIONS

I've also read that I should download AVG 8.0 which should help in the process of getting rid of it. Right?

Hope you can help.Thank you so much

Kind regards Cheekyzinho

Attached
Zip
*log.txt
*info.txt
*attach.txt

DDS report

DDS (Version 1.0) - NTFSx86
Run by Chike Nnadi at 1:29:03.37 on 16/11/2008
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1015.289 [GMT 0:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WIN... Read more

A:Antivirus 2009

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

It appears that instead of attaching Attach.txt from running DSS.scr, you attached info.txt from running RSIT.exe. Please run DSS.scr again and attach Attach.txt to your next reply.

It also appears that instead of attaching gmer.txt, you attached the actual gmer.zip that you downloaded. The log from running GMER, gmer.txt, should be located on your desktop. Please attach gmer.txt to your next reply. If it is not there, you will have to run GMER again.

------------------------------------------------------

2 more replies
Answer Match 50.82%

Can you please help me get rid of all the pop-ups for antivirus 2009? I don't know if I need to buy an antivirus. I have tried downloading some things. I either think I have them and nothing is working, or I didn't download right. And my keys aren't working very well. Does that have to do with antivirus 2009?

Thank you.

A:Antivirus 2009

Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list ... Read more

1 more replies
Answer Match 50.82%

I'm running Windows XP. For about a week I've been getting the fake Antivirus 2009 popup and I can't get it to go away. I run adaware and spybot and sometimes they pick up something and sometimes they don't. I had to reinstall adaware last night because it wouldn't update. I'm also running AVG for virus scanning, but that just seems to sit there when I try to do an update. It did find some kind of Antivirus2009 downloader and quarantined it, which I then had it delete. I download service pack 3 from Windows and still having problems a along with new additional pop-ups that keep returning.

I have no clue what to do next, so any help will be greatly appreciated.

A:Antivirus 2009 Pop-ups

Hello oakslicer and welcome. Please run this scan and see what we get back.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.B... Read more

16 more replies
Answer Match 50.82%

i am confused. i have read up on the internet, that antivirus 2009 is a rogue antivirus system. i have this in my system but icant move it, without having to pay for another system!!!! help

A:Antivirus 2009

Wrong place to post that kind of topic mate ;)

2 more replies
Answer Match 50.82%

Hello, and thanks for your help.

My Son has tried repeatedly to delete Antivirus 2009 from his work computer. He cannot find a way to delete it through any of the normal channels. Can anyone tell me where to find and then delete this program?

Thanks again,
Charles Capps

A:Antivirus 2009

Hi Snapper3. This should work: http://www.bleepingcomputer.com/malware-re...-antivirus-2009

3 more replies
Answer Match 50.82%

My computer has been got. The virus has made it so that I can not access the internet. No, I can, but all addresses lead to other pages. I have tried deleting files from the regestary, but, I guess there are still more. Unforcantly, I did not reinstall Hijackthis so I have no log. PLEASE, HELP!
Windows XP professional
Symantec Antivirus (which I think is worthless, but do not know the "password" to uninstall)

uggg
Angela

A:Antivirus 2009

If you can please download Malwarebytes and run the procedure below. If that isn't possible, please download it from another computer along with its updates, and then move it to your computer via flash drive or CD.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successful... Read more

1 more replies
Answer Match 50.82%

Antivirus Pro 2009 -- This phony antivirus malware installed itself on my computer sometime within the past couple of days. I'm experiencing constant popups of fake warnings advising that I have a spyware infection and need to purchase and run Antivirus Pro 2009. There is a red circle with a white "x" inside, located in my system tray.

Equipment is a Dell Inspiron E1505, running Windows XP Media Center Edition, Version 2002, SP2.

Any help you can provide to assist me in getting rid of this will be most appreciated!

Thank you!

A:Antivirus Pro 2009

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

If you're not receiving help elsewhere and still require assistance for this issue, please follow the process outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help

After running through all the steps, you shall have a proper set of logs. Please post/attach as instructed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your next reply.

------------------------------------------------------

12 more replies
Answer Match 50.82%

A pop-up for Anti-Virus 2009 can not be closed and several other anti virus pop-ups appear. My Anti-virus programs do not find an problems with this computer.I failed to mention when I shut down my computer it informs me that Rundll32.exe is still running and does not close.I ran my Spybot and it found 'Startcounter' cookie , 'Doubleclick' cookie and VirtumondeLogfile of Trend Micro HijackThis v2.0.2Scan saved at 12:11:51 PM, on 3/22/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\WINDOWS\system32\Hummbird\inetd32.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Cyb... Read more

A:Antivirus 2009 and other ad pop-ups

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until ... Read more

2 more replies
Answer Match 50.82%

Hello all!

Situation is bad here...Antivirus 2009 has (from what I gather) disabled my Malware. It won't open and I can't re-install it. It also freezes my Hijack This in midscan. I run Kaspersky and the program is acting funny. Wile running Kaspersky, my firewall is partially running, and if I double click to open it, the entire program freezes. Any help would be GREATLY appreciated. Thanks!
DDS (Ver_09-03-16.01) - NTFSx86
Run by Compaq_Administrator at 0:05:31.04 on Mon 03/23/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_07

============== Pseudo HJT Report ===============

mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe,
BHO: : {149b8bcd-c759-4f95-9642-1137ba3d011b} - c:\windows\system32\ugniyto.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: {65b2513f-d98a-4633-a325-992dca5d360e} - No File
BHO: BHO: {abc42510-9b22-41c1-9dcd-8182a2d07c63} - c:\windows\system32\iehelper.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: {17BFCF1A-B579-48a7-9849... Read more

A:Antivirus 2009 hit me

Another update:

Upon running Hijack this sucessfully and rebooting...Lo and behold, Malware opened and a system scan was performed. Here's the log:
Malwarebytes' Anti-Malware 1.34
Database version: 1863
Windows 5.1.2600 Service Pack 3

3/23/2009 12:46:00 AM
mbam-log-2009-03-23 (00-45-58).txt

Scan type: Quick Scan
Objects scanned: 71024
Time elapsed: 6 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 9
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 1
Files Infected: 16

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\ugniyto.dll (Trojan.Vundo.H) -> No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{149b8bcd-c759-4f95-9642-1137ba3d011b} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xghsxquu (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{149b8bcd-c759-4f95-9642-1137ba3d011b} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xtowecws (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\xtowecws (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE... Read more

3 more replies
Answer Match 50.82%

Hi! We have a laptop used by my daughters which I have learned has become infected with Antivirus 2009. Unfortunately they didn't tell me for ages and it has got so bad that it will no longer open any programs and cannot get onto the internet for me to download any antispyware removal programs. Can someone tell me what I need to do please to clean it up and restore the laptop back to life? I REALLY hope this isn't a fatal problem!

A:Antivirus 2009

Hi and welcome to BleepingComputer The process of cleaning your computer may require temporarily disabliling some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Result... Read more

5 more replies
Answer Match 50.82%

Accidently my husband hit on some update from antivirus 2009 and we are in trouble now. I've heard this is a spam and I need to know how to get rid of this thing. It already changed our web page and keeps putting warnings and pop up scans on our computer.Help!!!!!!!Edit: Moved topic from AntiVirus, Firewall and Privacy Products and Protection Methods to the more appropriate forum. ~ Animal

A:antivirus 2009

You might want to take a look at How to remove Antivirus 2009 (Uninstall Instructions).

2 more replies
Answer Match 50.82%

A friend of mine said they got a virus on December 21. Probably either came from free poker or porn. I went over to their house to help them remove it. It turned out to be a trojan called Antivirus 2009. The computer is running XP pro with all the latest updates. I booted into safe mode and there wasn't anything obvious running. Removed a few things with Add/Remove programs. Then used Hijackthis and removed anything that didn't belong. Restarted and Antivirus 2009 hadn't been touched, though most of the other viruses it installed were gone. I had a trial version of NOD32 on my usb drive, but the security policy had been changed to disallow any installations. I figured the fastest and cleanest way to fix it was just to reinstall.

I did a quick format and reinstalled windows over the only partition. I noticed that the windows boot loader listed two different versions of XP. Installed the ethernet drivers. Downloaded drivers from windows updates. Restarted. Antivirus 2009 was back after the restart. Installed the trial version of NOD32 off of my USB drive and updated definitions. It caught one thing right away. I did a full scan including the USB drive and it found another 9 items on the hard drive. Antivirus 2009 popped up tray notifications while NOD32 was scanning and said that it detected destroying the computer or some nonsense like that. When NOD32 was done Antivirus 2009 was still running like normal.

I removed the USB drive. Then disconnected the power cabl... Read more

A:Antivirus 2009

Hi bob65536 this link may help, http://www.bleepingcomputer.com/malware-re...-antivirus-2009

2 more replies
Answer Match 50.82%

'Antivirus 2009' has over taken Threats detected. Hijacks surfing, Pop up warnings. Help
I have XP Home, IE and FF

More replies
Answer Match 50.82%

Hello,

On my PC, Internet Explorer just produces a page saying "The page cannot be displayed" and then produces a pop-up banner saying:

ATTENTION! If your computer is struck by spyware, you could suffer data loss, unusual PC behaviour, PC freezes and crashes.Detect and remove viruses before they damage your computer!Antivirus 2009 will perform a 100% FREE and quick scan of your PC for viruses, Spyware and Adware.Doyou want to install Antivirus 2009 to scan your computer for malware now? (Recommended)

below are choices OK or Cancel

This seems like rogue spyware to me.

Can you help me get rid of it please.

here is my DDS log:
DDS (Ver_09-01-07.01) - NTFSx86
Run by jay at 17:54:53.57 on 11/01/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.615 [GMT 0:00]

AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\App... Read more

A:Antivirus 2009

Hi, and Welcome to BleepingComputer My name is jpshortstuff. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research, so please be patient and I'd be grateful if you would note the following: I will be working on your Malware issues, this may or may not solve other issues you have with your machine. The fixes are specific to your problem and should only be used for the issues on this machine. Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear. It's often worth reading through the instructions before starting to follow them to amek sure you understand everything you have to do. If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry. Please reply to this thread. Do not start a new topic.Please download GooredFix and save it to your Desktop. Double-click GooredFix.exe on your Desktop to run it.Select "2. Fix Goored" by typing 2 and pressing Enter. Make sure all instances of Firefox are closed at this point. Type y at the prompt and press Enter again. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system... Read more

11 more replies
Answer Match 50.82%

I've had this one before so I thought I knew how to remove it but it's on a friends computer. I went to their house and brought along all the setup files for the antivirus scans but it's basically disabled the computer. I can't get to the desktop to open the flash drive and get the setup files from it. When I start it, it will show the desktop at first but once its fully started up and the virus opens up all I get to see is a blue screen that locks up the desktop and the only thing I see is the pop up for the Antivirus 2009 that tries to scan the computer.

Can you help me out? I can't seem to even get it correctly started in safe mode. This may be a longer thread if there's multiple scans because I'll have to go back and forth from my house to his to get this fixed, I tried bringing the tower to my house but everything I have is wireless and the proper drivers aren't installed on his computer so it wont let me use the mouse or keyboard. I'll post any and all logs that I can, when I can. Thanks!

A:Antivirus 2009

Actually do they have the Original install disks ( I presume it is XP)
A full format and reinstall of the OS may be the fastest ,safest and easiest repair on this PC.

Is there a blue screen error message that you can read and copy for us?

3 more replies
Answer Match 50.82%

Antivirus has hijacked my internet on another computer. I cannot even access this site, geekstogo, or any link from google, or even malwarebytes.org to download malwarebytes. It lets me go on sites such as yahoo, though. What do I do? Any help is greatly appreciated.

A:antivirus 2009 pro

Hi kooshj you may find this useful http://www.bleepingcomputer.com/malware-re...-antivirus-2009

5 more replies
Answer Match 50.82%

Hi,
I have been infected with antivirus 2009. I ran ccleaner and deleted the files I could find associated with av 2009. I no longer get popups, but it still blocks my antivirus (avg8) from updating. It also blocks me from getting on the any malware removal websites. It even blocks me from techguy so I had to get here from another computer. Here is the log. Help is much appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:17:56 PM, on 2/7/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~... Read more

A:Antivirus 2009

7 more replies
Answer Match 50.82%

Hello everyone!I was doing an internet search for something and I got redirected to: antivirus-online-scan.com/2009/1/en...n.php?nu=880167 {Mod Edit: broke Dangerous link)I then got a warning and a pop up appearing saying:Windows Internet ExplorerATTENTION! If your computer is struck by the spyware, you could suffer data loss, erratic PC behaviour, PC freezes and crashes.Detect and remove viruses before they damage your computer!Antivirus 2009 will perform a 100% free and quick scan of your computer for viruses, spyware and adware.Do you want to install Antivirus 2009 to scan your computer for malware now? (Recommended)I did not , repeat did not click to install Antivirus 2009. I imediately clicked on cancel. I have not done any scans yet with my anti-maleware programs. As soon as it happened I came here to find out if anyone else was getting the same messages or having the samething happen to them. I did read in the one post that someone said they believe Antivirus 2009 is a scam. If that is true, then why do these people get to keep operating year after year? What can be done to put these creaps out of business and in jail!? As soon as I get a chance I will do scans of my computer in the morning. I forget which programs require safe mode and which do not. I have: Malwarebytes Anti-Malware, a squared free, SUPERAntiSpyware free, Spybot - Search and Destroy, and SpywareBlaster. I will make sure they are all updated before doing any scans.

A:Antivirus 2009 (2)

Hello ...Run this MBAM scan and poat it's log for review. Some of these are actually activated by hitting the close or X.Also run the SAS and post that log.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all th... Read more

19 more replies
Answer Match 50.82%

Hey all,
I am not a computer geek but enjoy surfing. Somehow I got this popup Antivirus 2009 that is messing with me and want to remove it. Can anyone help?

A:Antivirus 2009

Hi ,

I had the same problem I resolved it with the help of Bullguard

2 more replies
Answer Match 50.82%

My computer started to freeze after it finished loading the desktop icons. I ran Ad-Aware in safe mode and it detected about 70 objects. I also ran Hijack This and saw 2 HOSTS entries with the Antivirus 2009 and deleted them. I restarted the computer and am now able to work in normal mode without freezing anymore. I was able to connect to my wireless lan so that I could jump on your forum. However, at this point I am completely lost.

DDS (Ver_09-05-14.01) - NTFSx86
Run by imelda leal at 13:58:47.10 on 2009-06-18
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2308 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin ... Read more

A:I think I have the Antivirus 2009

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

7 more replies
Answer Match 50.82%

I have contracted the antivirus pro 2009 virus.
It will not let me connect to the internet to download the MBAM.

Anyone got any ideas please?

MR G

A:Antivirus Pro 2009

See Post #2 in link below.http://www.bleepingcomputer.com/forums/top...ml#entry1015201If that doesn't allow you to access the internet and download Malwarebytes, you could use another computer to writethe program to a CD or other medium and install on infected computer. It is also suggested that once you haveMalwarebytes on the infected computer to locate the .exe and change the name to fool the malware that is blocking.Right click on the .exe and select rename to lastchancescan.

1 more replies
Answer Match 50.82%

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:42:03 PM, on 1/5/2009Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\userinit.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exeC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\iTunes\iTunesHelper.exeC:\WINDOWS\System32\rundll32.exeC:\WINDOWS\System32\rundll32.exeC:\WINDOWS\System32\frmwrk32.exeC:\Program Files\Messenger\MSMSGS.EXEC:\Program Files\Hide My IP 2008\HideMyIP2008.exeC:\Program Files\Logitech\SetPoint\KEM.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Logitech\SetPoint\KHALMNPR.EXEC:\PROGRA~1\Grisoft�... Read more

A:help antivirus 2009

Please download Malwarebytes' Anti-Malware from HERE or HERENote: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.NEXTPlease download RSIT by random/random and save it to your Desktop.Double click on RSIT.exe to run RSITBefore you click "Continue", make sure you change the List files/folders created or modified in the last 3 monthsClick Continue at the disclaimer screen.Once it has finished, two lo... Read more

21 more replies
Answer Match 50.82%

hey i got the antivirus 2009 on my wifes laptop. did the malwarebytes run and heres my mbam log

Malwarebytes' Anti-Malware 1.30
Database version: 1402
Windows 5.1.2600 Service Pack 3

12/3/2008 8:41:38 PM
mbam-log-2008-12-03 (20-41-38).txt

Scan type: Quick Scan
Objects scanned: 45441
Time elapsed: 9 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 3
Registry Values Infected: 5
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\suwuwari.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\hodisuto.dll (Trojan.BHO) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\481ea3ac (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97... Read more

A:antivirus 2009

Ok so far so good. Please open MBAM again. Reboot the PC if you haven't already to complete that scans malware removal session.
Next:Click the Update button,there's a newer version. Rescan and post that new log,thanks.

8 more replies