Tech Problem Aggregator

downloaded misleadapp help!!! please!!

Q: downloaded misleadapp help!!! please!!

i have norton antivirus 2007 and i do the scan and everything gets fix except for the downloader misleadapp, i went thru the removal process about 3 times and nothing happens to it

what do i do??

thank you
david

A: downloaded misleadapp help!!! please!!

13 more replies
Answer Match 42%

ogfile of Trend Micro HijackThis v2.0.2Scan saved at 10:55:32 AM, on 12/19/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exeC:\WINDOWS\system32\hkcmd.exeC:\Program Files\WildTangent\Apps\CDA\GameDrvr.exeC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXEC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exeC:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Viewpoint\Common\ViewpointS... Read more

A:Downloader.misleadapp

Hi,Open HijackThis, click Config, click Misc ToolsClick "Open Uninstall Manager"Click "Save List" (generates uninstall_list.txt)Click Save, copy and paste the results in your next post.-------------

2 more replies
Answer Match 42%

Hi!
I'm totally new here and I'll be honest, I registered because of this virus that keeps popping up. I've searched the forum and found similar problems but I figured that this kind of thing should be dealt with individually.

Okay, I have Symantec as my antivirus program and recently I have this pop-up every minute of having found a virus named Downloader.MisleadApp. It says also that all actions taken have failed (Clean, Quarantine, Access).

I'm new with programs such as HiJackThis and I would deeply appreciate it if you could instruct me step by step.

Thanks in advance and Happy New Year!
 

A:Downloader.MisleadApp

9 more replies
Answer Match 42%

The malware window invites me to download a 'fix' , which I have not done---

Norton displayed "Virus Alert"
Unable to repair file

Object name --- ...\install-d2hhDR2ZXI-a2V5aW4-a2V5aw...

Thanks in advance for any help
 

More replies
Answer Match 42%

I have the trojan downloader.misleadapp at. I am running symantec antivirus through my college and until I have a clear virus can my computer is in quarentine. I have it down to 2 instances. when I try to delete them quarenteen them or clean them it telles me I am successful but then when I close out the page they are still there

This is my log

SmitFraudFix v2.315

Scan done at 17:34:35.05, Mon 04/21/2008
Run from G:\SmitfraudFix
OS: Microsoft Windows [Version 6.0.6000] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.ex... Read more

More replies
Answer Match 42%

i don't think my norton can get rid of this. can anyone help?

... is there anyway to post an image here?
 

A:Help with Downloader.MisleadApp

how can i post an image of my norton security history page?
 

1 more replies
Answer Match 42%

Please could someone tell me the best way to remove downloader.misleadapp.exe from my computer? I've tried searching for help on this, but seem to be going round in circles!

Thanks in advance. :)

More replies
Answer Match 42%

I am unable to launch IE from the computer that has the infection. Thanks for any help you can provide so I can be the hero to my daughter's sister-in-law. Following is the HiJackThis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:51:53 PM, on 4/27/2008Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\ibmpmsvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\Documents and Settings\All Users\Application Data\ifwzejox\idwdsrih.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exeC:\WINDOWS\System32\RunDll32.exeC:\Program Files\ThinkPad\Utilities\TpKmapMn.exeC:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exeC:\PROGRA~1\ThinkPad\UTILIT~1... Read more

A:Downloader.misleadapp

I should have mentioned -- Task Manager will not launch -- "disabled by your administrator" it says.

4 more replies
Answer Match 42%

HELP!!

How do I remove Downloader.MisleadApp. It penetrate Norton Internet security system.

Thanks for whatever help you can provide.
 

A:Downloader.MisleadApp

What location was it found in
 

2 more replies
Answer Match 42%

hello, im new to the forum so tell me if i do something wrong, anyway..
i recently got this retarded virus that norton antivirus calls downloader.misleadapp
i started the computer in safe mode and did a virus scan as it said on the symantec website, i also did a spyware scan with spyware doctor but neither of them found anything!
how do i delete this major pain in the *** without reinstalling windows?
Norton antivirus constantly finds and deletes .exe files but it doesnt seem to slow down the virus at all!

heres my HiJackThis log
Code:
Logfile of HijackThis v1.99.1
Scan saved at 19:01:17, on 2007-11-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe
C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Prog... Read more

More replies
Answer Match 42%

I have been trying to fix this for two days now and it just seems to come back again and again. My father recently got the Virus Heat virus/trojan. And I have busted that but now the downloader.misleadapp/downloader is still around. The thing seems to recreate itself as a UNP*different numbers*.tmp file.

Here's my current HiJack Log...

Logfile of HijackThis v1.99.1
Scan saved at 10:44:23 PM, on 3/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Creative\Broadband Blaster UI\bbui.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\lexpps.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alarm Clock 4 Free\AlarmClock.exe
C:\Program Files\stickies\stickies.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple... Read more

More replies
Answer Match 42%

Running on XP.
I realized my computer was infected with something when all of a sudden it started running advertisements in the background.
So I did a Norton scan.
It found 6 results. Won't let me remove or quarantine.
Only gives me the option to "review" but that doesn't do anything.
Ideas? I'm stuck.

A:Can't get rid of Downloader.MisleadApp

Please download Malwarebytes Anti-Malware and save it to your desktop.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.Make sure that e... Read more

1 more replies
Answer Match 42%

Will start off describing the problem and what I have tried to do to fix it.

I noticed that my Norton 360 had stopped working and popups kept appearing flashing about viruses/security risks on my computer, I get my internet from a Wanadoo live box via a wireless connection - the computer was connected to the network but not getting the internet connection.

I booted into safe mode, where all the above features work! Started a scan with Norton which told me I had downloader.misleadapp trojan. I followed the symantec (and agreed with by some other sites) removal procedure, disable system restore, run full virus scan, run regedit removal tool on virus registry entries. Didn't work!

I then ran the app Smitfraudfix after carefully prepping the PC and reading the instructions, which rather amazingly appears to have fixed the popup problem once booting into normal mode, also after running a 'vundo' (which appears to go hand in hand with downloader.misleadapp) removal role this also found some viral entries. However Norton is still not booting on startup and I still can't get onto the internet except in safe mode. At a loose end now after having exhausted the usual find problem, google problem, fix problem approach!! Hope some kind people with more expert knowledge might be able ot get me out of this fix!

Posting HJT thread below and also recopying my system specs but if anymore information is needed please just ask!

Dell Latitude X1, Intel Pentium M 1.1ghz... Read more

More replies
Answer Match 42%

i have norton antivirus 2007 and i do the scan and everything gets fix except for the downloader misleadapp, i went thru the removal process about 3 times and nothing happens to it

what do i do??

thank you
david
 

A:downloader misleadapp help!!!!!! please!!!

Its a trojan. repost in the Malware section for help
 

1 more replies
Answer Match 41.58%

Hi all,
I seem to have picked up the Downloader.MisleadApp virus a couple of days ago and it is causing havoc with the computer I'm running XP Pro SP2 with multiple user accounts - I originally found out about the virus through Norton Antivirus 2005 (kept fully up to date); it popped up with a warning saying a virus has been found and was automatically deleted. However when pressing "OK", another comes up with a different file location and this time says "Unable to repair file"...clicking "OK" comes up with another "Access to the file was denied". This cycles, and I am unable to get rid of the NAV Warning window. I've tried running a full scan in safe mode using NAV2005 and SpyBot - they both find infected files but can't get rid of everything. Having read a couple of other threads, I'm not sure which entries to delete after running Hijackthis etc, so ask for your knowledge to get rid of this. Incidently, the reason i said multiple accounts is because one of the original infected file locations was on my mum's account but now most of the NAV windows say the files are in: C:\Windows\TEMP\... and also in the"\Quaratine" folder of NAV. If you can assist, please advise whether I should log in on the Admin account or that it makes no difference.

Here is the Hijackthis log:
------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 17:38:57, on 02/11/2007
Platform: Windows XP SP2 (WinNT 5.... Read more

More replies
Answer Match 41.58%

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:47:28 AM, on 11/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Documents and Settings\Ben.TRIRDIES\D... Read more

More replies
Answer Match 41.58%

 hijackthis_report_of_jan_29.txt   12.91KB
  1 downloadsSymptoms include a slow browser (IE), and getting redirected when I click on search engine results. (Clicking on the cached file in google shows me where I was supposed to go). Entering anti-malware addresses in the address bar result in an error message saying that my browser could not connect with that website. Even going to wikipedia and entering the names of the trojans gives me an error message on my browser.Spybot will not open. AdAware doesn't find anything. I was using the Zonealarm firewall, but it obviously let something in. The free scan from Spywaredoctor tells me that I have (among other things), trojan downloader misleadApp!sd6 and tdsserv. I believe tdsserv was their first, and misleadApp!sd6 is a recent addition since yesterday. The malware won't let me download malwarebytes, or several other cleaner programs. I've run Ccleaner with no change in symptoms. Smitfraudfix won't run.My HijackThis log is below. Any help is greatly appreciated.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:16:17 PM, on 1/30/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:&#... Read more

A:Malware Tdsserv and misleadapp!sd6?

Hello hal3134,Welcome to Bleeping Computer.My name mas_pogi and I will be helping you with your Malware problem.As I am still in training I will be helping you under supervision of our expert teachers, so there may be a delay between posts.Attention!Please do not run any other tool untill instructed to do so.Please tell me about any problems that have occurred during the fix.Please tell me of any other symptoms you may be having as these can help also.Please try as much as possible not to run anything while executing a fix.Please reply to this thread, do not start another.You might want to save this page on your bookmark, so you can find it again when you return.Firefox: Then click on Done.IExplorer: Then click on Add.Stay calm and everything will be just alright.I will be analyzing your log. I will get back to you with instructions after it is approved.With Regards,mas_pogi

3 more replies
Answer Match 41.58%

Hi Forums Techguy,

I have been hit with a virus. downloader.misleadapp! how do i get rid of it? It has file name udefender_setup[1].exe

I have tried everything from updating Java to current version to deleting BHO files. Here is my highjack log. Many thanks in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:26:17, on 31/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\T... Read more

A:downloader.misleadapp virus!

I've managed to fix it. I had to delete all the HKCU and HKLM lines but thats not the important ones. The important ones I tried are:

O2 - BHO: MSVPS System - {F4CF814F-970F-405D-A42C-0CE06EB97373} - C:\WINDOWS\mxduo.dll
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O21 - SSODL: wmpdev - {77E9E8C0-DEF3-4459-ACEB-093328D030A2} - C:\WINDOWS\wmpdev.dll
O21 - SSODL: wmphost - {7A6146DD-38A5-4B4C-ADBE-31EEC529D063} - C:\WINDOWS\wmphost.dll

My logic was that even though I didnt know what each one exactly does, the worst case scenario would be a total reinstall which isn't too much of a problem for me as I just reinstalled my computer two days ago. I tried does lines above and hey presto the computer isn't hijacked anymore! Hope this is of help to anyone. However I must comment that my boot up time has slowed and if there is any way this can be speeded back up again, I would welcome any advice and recommendations you can give me. Many thanks in advance!

Regards,
Alan.
 

1 more replies
Answer Match 41.58%

Please help I have a Downloader.MisleadApp virus that I cant get rid of! Any help in its removal would be appreciated. I have Windows XP if thats any help.
 

A:Help me remove Downloader.MisleadApp!

Hi and welcome to TSG,

Click here and then scroll down to and click on hijackthis self installer to download HJTsetup.exe

Save HJTsetup.exe to your desktop.
Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

 

1 more replies
Answer Match 41.58%

I keep getting reports from Norton of downloader.misleadapp viruses that are quaranteened but cannot be removed. their numbers have slowly increased and I'm concerned, but can't find how to remove them. I'm operating windows XP on a Dell laptop. Here is my HijackThis log. Thanks for the help.


Logfile of HijackThis v1.99.1
Scan saved at 7:19:23 AM, on 10/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
... Read more

More replies
Answer Match 41.58%

My pc has been infected by this virus and is going nuts there was pop ups everywhere, i have managed to get rid of the pop ups now, but Norton can't get of the virus completely and Symantecs suggestions haven't worked. Help paul
 

A:download.misleadapp cant remove - can anyone help?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:41:14, on 19/09/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATICDE.EXE
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Common Files\Symantec Shared\SecurityHistory\mcui32.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLo... Read more

1 more replies
Answer Match 41.58%

I am currently having trouble removing the Downloader.MisleadApp mailware virus. To remove this I have used Notan Internet Security 2008 and Adware 2008 both in normal and safe mode. This mailware virus has also downloaded a misleading mailware virus (AntiVirus 2008) off another website.

Another thing I have tryied to do is look in the registry editor and have found nothing.

This mailware was picked up by Nortan Internet Security 2008 doing a routine scan.

My System Information

Windows XP Home Edition Sp2

ACER PC
AMD Sempron Processor 3000+
1.81 GHz
704 RAM

Trend Micro Hijack This

No Longer Needed

Please can you help me solve this problem and get rid of the mailware for good.

I have now done an online scan on the Trend Micro website and it has picked up the following mailware:

Tro_FakeAler.VL
Tro_FakeAV.NN
JaveSteam.AA

Now I don't know wether these are the same mailware just called different names from the ones I picked up using Nortan Internet Security 2008.
 

A:Help removing Downloader.MisleadApp

I have been looking for other forum topics to do with removing the downloader.MisleadApp and they have not helped me with removing the mailware.
 

3 more replies
Answer Match 41.58%

I've scanned my computer several times using ad-aware, superantispyware, spybot, norton antivirus and vundofix. however, everytime i boot my computer to normal mode, i always get warning messages regarding Dowloader.MisleadApps like: mevqvvvb3.exe, ucleaner_FOYGq2JV9B[1].exe, udefender_FOYGq2JV9B[1].exe, and ufixer_FOYGq2JV9B[1].exe. I also get the fake security center pop-up balloon on my taskbar along with every boot.my HJT log is as follows:Logfile of HijackThis v1.99.1Scan saved at 3:37:50 AM, on 6/17/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton AntiVirus\IWP\NPFMntor.... Read more

A:Downloader.misleadapp Infection

Hello dopamine and welcome to BleepingComputer!My name is Johannes and I will be dealing with your log today.Please note that comments are made in green, links are in red and important things are outlined by using the blue color.Please also take note of the following:I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.The fixes are specific to your problem and should only be used for this issue on this machineThe process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.If you don't know, stop and ask! Don't keep going on.Please reply to this thread. Do not start a new topic.Please give me some time to look over your log and I will get back to you as soon as possible.Thanks,Johannes

16 more replies
Answer Match 41.58%

Ok this is the third time I have tried to post this problem and each time I get knocked out because my computer hits a popup wanting me to download winantivirus pro 2007....

Anyway Norton has detected that I have a virus called downloader.misleadappp

I have tried to follow their instructions for removal but it won't work.... HELP!!

I have an E-Machine AMD running windows XP Home ed.

Sorry this isn't as informative as I would like to make it but I want to get it posted!!

Thanks
 

A:Solved: Downloader.misleadapp

9 more replies
Answer Match 41.58%

I've got a little nasty problem called Downloader. MisleadApp, and I've tried everything. I am not a professional though, so hopefully a good person out there can help me.
Symptoms:
-Corporate Symantec Norton AntiVirus Cannot Remove It.
-Annoying pop-up of Windows antivirus.
-Has triggered Norton to pop-up everytime it does, and identify it, everytime.
-When I X out of the Norton and Windows antivirus screens, every so often, a misspelled:

Warning! Potential Spyware Operation! Click YES OR NO to download spyware stopper window pops up.

Now, I have tried to do what Symantec said, but when I attempt to disable System Restore for my Win XP, it says: This operation has been cancelled due to restrictions placed on this computer. Please contact system administrator.

It will not even allow me to enter the properties under My Computer.

So, if anyone can help me, I would be very grateful, after spending nearly eight hours on this. Here is my HiJack This log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:00:25 PM, on 9/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGR... Read more

A:Trojan - Downloader. MisleadApp!!!

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 6:13:32 PM, on 9/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\shell.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\gus\Local Settings\Temporary Internet Files\Content.IE5\K7H4TBFA\HiJackThis_v2[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_U... Read more

3 more replies
Answer Match 41.58%

Well it appears that after getting rid of downloader.misleadapp once, it has come back again. Same issue with Norton pop-up coming up over and over again. Any help would be appreciated (again)!

Hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 11:48:46 AM, on 09/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\sys... Read more

A:downloader.misleadapp has returned - help please!

bump, still needing help on this
 

2 more replies
Answer Match 41.58%

Norton computer scan says my computer has been infected with Downloader.misleadapp but that it is unable to fix it. Went to symantic site and followed their instructions to no avail. Our business is run off this computer so I'm really in a mess. The following is my log. Please, can you help?:

Logfile of HijackThis v1.99.1
Scan saved at 6:57:15 AM, on 8/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
... Read more

A:Downloader.MisleadApp Help Needed

Download http://downloads.andymanchesta.com/RemovalTools/SDFix.exe and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
· Restart your computer
· After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
· Instead of Windows loading as normal, the Advanced Options Menu should appear;
· Select the first option, to run Windows in Safe Mode, then press Enter.
· Choose your usual account.
· Open the extracted SDFix folder and double click RunThis.bat to start the script.
· Type Y to begin the cleanup process.
· It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
· Press any Key and it will restart the PC.
· When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
· Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
· Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
================

Download Superantispyware (SAS) free home version

http://www.superantispyware.com/superantispywa... Read more

3 more replies
Answer Match 41.58%

Hi,
I've been trying to remove my downloader.misleadapp virus. I tried to have Norton antivirus fix it, but it wouldn't. I looked at the Symantec website and looked at their instructions, which encouraged you to let the antivirus program do the actual deleting. Since that didnt work, I traced my file, and found was in my Temporary Internet folder. So, I went into safe mode and deleted all the files in my temporary internet folder, rebooted in normal mode and ran the scan again. It came up fine. I then followed Symantec's final step to try to trace the file in my registry. However computer illiterate I may be, I looked at all the files in my registry (and even googled the names of each item in the registry) and all of them could be explained as nonthreatening. The only one I couldn't explain is an entry that reads "(Default) (value not set)".

My computer seems to be running normally again at this point, and save for the above "(Default)" entry, I can't find anything abnormal about it. Is it possible that, having nabbed the virus shortly after obtaining it, along with having it in my temporary internet folder, it was really just that easy to clean up??? Or is there likely something lurking still?

Thanks in advance,
-=k

HJT LOG:

Logfile of HijackThis v1.99.1
Scan saved at 12:56:18 AM, on 10/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\Sy... Read more

More replies
Answer Match 41.58%

My Norton Antivirus software keeps detecting downloader.misleadapp on my system and I cannot quarantine and delete the file infected with this virus.

Does anyone know how I can remove this virus from my system completely?

I did see some messages in a techguy support form regarding HijackThis to download and install to run a scan and then send a copy of the log. I have not done this yet as wanted some advice first.

Please let me have an urgent reply.

Thanks,

Nick
 

A:Does anyone know how to remove downloader.misleadapp?

My Norton Antivirus Software detects the Downloader.MisleadApp virus everytime I run a scan of my computer and cannot quarantine or delete the file in which this virus is detected.

Does anyone know how I can remove this virus from my system?
 

1 more replies
Answer Match 41.58%

I keep getting random exe,s on this machine and redirections to V.3m-feed.com
Plus Norton keeps asking for .exe,s for access to the web. I run panda but it wouldnt let me print the log out. It reported 58 spyware.
When i got a virus warning it reported Downloader.MisleadApp

Can anyone help me with this?
Thanks
Glen


Deckard's System Scanner v20071014.68
Run by Glen on 2008-02-27 08:41:18
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 3 Restore Point(s) --
3: 2008-02-27 08:32:14 UTC - RP3 - Deckard's System Scanner Restore Point
2: 2008-02-26 20:37:52 UTC - RP2 - Software Distribution Service 3.0
1: 2008-02-25 22:43:15 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-02-27 08:46:38
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr... Read more

A:Pop ups and exe's and redirect to v.3 & Downloader.MisleadApp

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first. The Windows Recovery Console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

If you have any questions along the way, STOP and ask them before proceeding.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

It does not appear as though DSS was allowed to download and install HijackThis. To produce a HijackThis log for your next reply, please do this:

Please download HijackThis to your desktop

Alternate link

Double-click on the file you just downloaded.
Click on the "Unzip" button to install. It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis

Upon install, HijackThis should open for you.

Should it not open, navigate to C:\Program Files\Trend Micro\HijackThis and double click on HijackThis.exe

1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'.
2. If you don't get the intro screen, just hit Scan and then click on Save log.
3. Post the hijackthis.log file here. Do not fix anything in HijackThis since they may be harmless.

-----------------------------------------------------------------------... Read more

1 more replies
Answer Match 41.58%

Hi,

My PC is having a virus it points me to download anti-malware.

Here is the attached hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:01:39 PM, on 11/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://in.rediff.com/index.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.tataindicom.com/data/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\qzidjucs.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [S3Trayp] S3Trayp.exe
O4 - HKLM\..\Run: [cc45f220] rundll32.exe "C:\WINDOWS\system32\bemxarnr.dll"... Read more

More replies
Answer Match 41.58%

My husband left to Iraq 3 days ago.. and now I have this annoying virus. How do i get rid of it..symantec said it was deleted but i still have these annoying p opups and the desktop background as well as icons.. HELP PLEASE!!

A:Downloader.misleadapp Virus

Hi brandie831, first welcome to BC..Try these scans and see if it clears. If not Follow the HiJackThis posting instructionsActiveScanSuperAntiSpyware - Run this scan in Safe Mode.How to start Windows in Safe ModePreparation Guide for use before posting a HijackThis Log

3 more replies
Answer Match 41.58%

My computer problem has gone from annoying to detrimental.
My nephew is a gamer and I believe he was trying to use some kind of keygen.
I have no logs to post because at this time I am unable to properly log into my computer.
Initially I received the popup near my taskbar saying: Warning! Security Report Message: Your computer is infected! It is recommended to start spyware cleaner tool.
My Desktop image was a huge warning and my browser would constantly show words and pages telling me to clean my PC and directing me to a website to purchase software.
I looked it up and it appeared to be the Downloader.MisleadApp. I attempted to clean it, but I was unable to use or update my Webroot Spy Sweeper. I received various errors which I believe came from the virus.
I tried various methods to clean my system and eventually used a portable version of AVG and concentrated on my windows/system32 folder (especially the confog folder) because this is where it appeared the virus was.
Now, when I begin my Windows XP I am presented with nothing but my desktop image. No icons, no taskbar, no start button. nothing.
Ctrl-Alt-Delete gives me the error: Task Manager has been disabled by your administrator.
I am also unable to login as an administrator, getting a message like: Unable to Log You on Because of an Account Restriction.
Trying safe mode hasn't fully worked as I am not able to delete certain files, or my system gives me a warning and then shuts down after 60 seconds.
I'm ... Read more

A:Downloader.MisleadApp? Vundo? Both?

Trying safe mode hasn't fully worked as I am not able to delete certain files, or my system gives me a warning and then shuts down after 60 seconds.What certain files are you referring to? Can you access and remain in Safemode w/networking? Even if you can only access safemode, we have tools that you can burn or download to a thumb drive

1 more replies
Answer Match 41.58%

Can someone direct me step by step how to remove this virus? My Norton Antivirus 2006 has told me it is a 'Downloader.MisleadApp' Virus (it couldn't delete it). Subsequent scans have revealled no threats. I have followed instructions on their website on how to remove it (i have deleted one or two files as identified) but this has been unsuccessful.

Looking on this forum i have seen other threads on mislead viruses. Mine seems to be slightly different. Additional problems include:

-constant system tray notices and pop-ups telling me i have viruses, trojan horses, spyware, malware...etc

-my internet is behaving strangely. The second i connect, my Norton Antivirus starts coming up telling me something is trying to change my homepage. I always click 'Don't change my home page.' My google toolbar has disappeared. My homepage loads as 'http://pageforsafety.com.' This webpage (and all the system tray notices and pop-ups) are trying to get me to download the same two antivirus/spyware packages.

The whole thing is done up to look like it is coming from Windows XP but I know that Windows would not persistently provoke me to download things from the web. It is driving me crazy hence I have registered here and am currently writing this from a different computer!

Thank you for your help.
 

More replies
Answer Match 41.58%

Symantec Antivirus keeps popping up and telling me it has deleted a Downloader.MisleadApp about every 2-3 minutes. So it is quite annoying. The file it deletes is always in the C:\Windows\Temp directory and it has a 10 digit random number file name with an exe extension. I have ran Housecall TrendMicro, ad-aware, and the symantec antivirus, but to no avail.

Here is my HJT log:

Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:12:21 AM, on 7/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NDAS\System\ndassvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Intel\Wireless\Bin\RegSrvc.... Read more

A:Downloader.MisleadApp removal help

Still getting them. =(
log for Dr. Web-cureit:

Code:
APQCF.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp;Trojan.Fakealert;Deleted.;
ltogytud.exe;C:\Documents and Settings\SROlson7730\Local Settings\Temp;Trojan.DownLoader.26570;Deleted.;
StreetAtlas8.vbs;D:\Program Files\FMA 2\sframework\plugins;Probably SCRIPT.Virus;;

Log for Fixwareout:

Code:
Username "SROlson7730" - 07/16/2007 13:10:34 [Fixwareout edited 2007/07/05]

»»»»»Prerun check

Successfully flushed the DNS Resolver Cache.


System was rebooted successfully.

»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
»»»»» Misc files.
....
»»»»» Checking for older varients.
....

»»»»» Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TabletWizard"="C:\\WINDOWS\\help\\SplshWrp.exe"
"TabletTip"="\"C:\\Program Files\\Common Files\\microsoft shared\\ink\\tabtip.exe\" /resume"
"Snippet"="\"C:\\Program Files\\Microsoft Experience Pack\\Snipping Tool\\SnippingTool.exe\" /i"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE... Read more

2 more replies
Answer Match 41.58%

Was away on holiday for a couple of weeks and I return to find my PC in an absolute mess with massive slowdown, constant poo-ups, etc. I have my little brother to thank for that!

Basically I think the problem is to do with this Downloader virus, or so Norton tells me.

Here is my log if anybody could be kind enough to look at it for me, thank you very much in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:40:32, on 03/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Google\Com... Read more

A:Downloader.MisleadApp trojan

It now appears to me that virtumonde.dll is a factor here. I have done various clean-ups, but virtumonde.dll always seems to return - although my PC does seem to be a little bit faster now. Any input would be very much appreciated.

Apologies for bumping this post after a couple of days, I am just dreading the prospect of a reformat.
 

1 more replies
Answer Match 41.58%

My husband just went to Iraq 3 days ago.. and now i have HUGE annoyance and got a virus somehow! Can anyone tell me how to get rid of it. Symantec says its been deleted..but it is still there!! and acting up badly! I am not too too smart on computer but do know a little! please help!!
Brandie
 

A:downloader.misleadapp virus HELP

duplicate being dealt with here
http://forums.techguy.org/security/597354-nice-if-someone-helped-me.html
 

1 more replies
Answer Match 41.58%

I've been working on my mothers computer off and on for a few weeks now to resolve a slow running issue. I did a system restore and it runs fairly well but the downloader.misleadapp trojan comes up during a norton scan and will not remove. I've seen step by step instructions for other peoples problem of the same type but they seem quite specific as far as what to remove. Here is an HJT log and thanks in advance for your help.

Logfile of HijackThis v1.99.1
Scan saved at 02:41:37, on 3/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP... Read more

More replies
Answer Match 41.58%

My Symantec anti-virus told me I had been infected with download.misleadapp. Now when ever I open IE 7 I get re-directed to the following url
homesecuresite.com/security/xp/
I have download the latest version of HJT and here is the output of the scan -
------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:38:13 PM, on 9/25/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Windows Live\Messenger\usnsvc.e... Read more

More replies
Answer Match 41.58%

On a work computer, not sure how it got there. Computer owner says there was an icon on the desktop out of place, so he clicked it to drag on the desktop to an organized spot, and it popped up another icon, both of which he moved to the Recycle Bin and emptied. He doesn't remember the titled of the icon, but that started the Windows pop-up saying "Windows has detected a spyware infection...It is recomended to use special antispyware tools...Windows will now download...click here to protect". Clicking that in the tool tray does nothing.

Have run Ad-aware and Spybot, which only found tracking cookies to fix. Symantec has the file in quarantine, Filename = "ticket_983992.zip", Origination Location = "Mail System", dated 8/18/08, although today is the first time we've seen the pop-ups (which may correlate with clicking the Desktop icon to drag).

No change so far to computer performance (although we aren't opening apps until sure there's no risk of data corruption), IE homepage hasn't changed, etc, just the Windows pop-up. in the lower right tool tray.

Concerned with various software containing business information re: malware keyloggers, damage to system info, etc.

HJT log is below:

___________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:20:50 PM, on 8/28/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\... Read more

A:Downloader.MisleadApp infection

bump.

3 more replies
Answer Match 41.58%

Thanks in advance for any assistance you can give. I'm pretty frustrated... Wow - most stubborn little thing I've yet to get off my computer.

When using IExplorer, started getting lots of pop ups suggesting that I have inappropriate material on my computer and "Would you like to install AdvancedCleaner...", and then another popup encouraging "Download MalwareAlarm for FREE now..." and a "MicroSoft Visual C++ Runtime Error -- Buffer Overrun Error" (see attachment called stupidvirusstatements.pdf). Then IE really starts to run slow. I start using Firefox, but similar popups begin to occur. I have Norton's Internet Security and ran it several times after getting several messages that attacks were occuring but being blocked (see attachment of security history called norton_security_history.pdf). Trojan Vundo supposedly was removed; said it could not resolve downloader misleadapp. I tried to do some research and found a site that recommended recommended SmitFix (sp?). I ran that, but popups still occurred. Next, I went to Norton site looking for information on downloader misleadapp. Very vague instructions when it came to fixing registry key, so I then researched more. Ran MicroTrend online scanner which then told me I had Trojan Vundo. It said it had repaired all others issues but could not removed two .dll files in my system32 folder -- one called dcvokxou.dll and one called excgcvyy.dll. After trying to manually remove these, but f... Read more

A:continual pop ups - vundo? and misleadapp?

Hello and Welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please be patient with me during this time.

10 more replies
Answer Match 41.58%

First time here. My Norton just found the virus, but I am not able to fix or remove it. I have Windows xp. I can follow instructions pretty well if they are not too hard! I would appreciate any help. Thank you.
 

A:downloader.misleadapp virus

bump
 

2 more replies
Answer Match 41.58%

Hi I've been having a problem with Norton giving me a pop-up about downloader.misleadapp being on my system and that it has been deleted. It gives me an "Ok" button to push, I'll click it, and there'll be another pop-up with the same message but with a slightly different filename. This happens _over_ and _over_ until it finally stops for a little while. Any help would be greatly appreciated!

Here's my HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:51:29 AM, on 8/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDO... Read more

A:Solved: Please help with downloader.misleadapp!

8 more replies
Answer Match 41.58%

My Internet Explorer is taking almost a minute to react and open. When it finally does open, it takes a while to load. Then I get many pop ups and a lot of messages prompting me download a spyware removal software, etc. I have Norton Antivirus 2008, and it notified me that Auto-protect has detected Downloader.MisleadApp and that it blocked it. Then it notified me another two times after it but instead of fully saying "Downloader.MisleadApp", it just said "Downloader". So I tried going through norton to fix this but nothing has worked. I feel the problem is getting worse and worse with time. I am running Windows Vista Home Premium. PLEASE help me remove this virus and fix my computer. Thank you in advance...
 

A:please help me remove Downloader.MisleadApp

Welcome to TSG

Please download ATF Cleaner by Atribune.

This program is for XP, Windows 2000, and Vista
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click

No at the prompt.

If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program. For Technical Support, double-click the e-mail address located at the bottom of each menu.

===========================================

Please download Malwarebytes Anti-Malware from Here or Here
Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform Quick Scan, then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Resta... Read more

1 more replies
Answer Match 41.58%

I have Norton, but it did not block this virus from my computer. I went to an online chat and the "analyst" said the only way to remove is to pay $99.99 to their tech support team to remove it for me... I find this hard to believe, can anyone help?
 

A:Anyone know how to remove Downloader.MisleadApp ?

6 more replies
Answer Match 41.58%

Norton antivirus has switched off Autoprotect and e-mail scanning and despite all my efforts will not let me turn them on, on checking the ' virus reports ' it says that Downloader.MisleadApp was detected and removed at about the same time, when I do a full system scan no virus are found. Can anyone tell me if this virus could have altered the settings and if so what can i do to remedy the situation ?
 

A:Solved: Downloader.MisleadApp

16 more replies
Answer Match 41.16%

ive tried getting rid of the Downloader.MisleadApp virus through Norton Antivirus and it wouldn't delete so i followed the directions it suggested by deleting it through safe mode but that also didn't work what else should i do? i would really appreciate your help!

thanks
 

A:Solved: help! how do i get rid of the Downloader.MisleadApp virus!

9 more replies
Answer Match 41.16%

I have Symantec Antivirus for real time protection and about every 2 or 3 minutes it pops up and says that it has detected and removed a Downloader.MisleadApp. The files it removes are always in the C:\Windoes\Temp directory and have 10 random numbers with an exe for the file extension.

I have not actually seen any windows from the trojan and I do not know what its name is since it is always cleaned before I see it. I also have no idea what the program/process is that would be creating them, which is the bigger problem.

Here is my Deckard scan log:


Deckard's System Scanner v20070711.54
Run by SROlson7730 on 2007-07-17 at 11:12:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2007-07-17 16:13:02 UTC - RP1 - System Checkpoint


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as SROlson7730.exe) -----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:18:03 AM, on 7/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WI... Read more

A:Downloader.MisleadApp removal w/ Deckard log

bump!

19 more replies
Answer Match 41.16%

Symptoms: Popup dialog boxes indicating that security on the system is compromised and offering to supply anti spyware software. Websites mount spontaneously; for spyware removal tools.
Cannot download file attachments from yahoo email

I have run various spyware scanners: spybot, avgas
I have Norton A/V 2007. It occasionally detects one of the two malwares in the title. (I've run it both in normal and safe mode).

OS: XP Home SP2
Brower: IE7

THANK YOU IN ADVANCE FOR YOUR HELP !!

Hijackthis v2 log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 8:39:59 PM, on 11/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Quicken Online Backup\AgentSrv.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WIND... Read more

A:downloader.misleadApp or trojan.vundo or both. Help Please !

One more piece of info. On system reboot, the following dialog box appears:
Cannot load dmynpfgl.dll.
The module cannot be found.

4 more replies
Answer Match 41.16%

So it seems that I've been simultaneously infected with both the Downloader.MisleadApp and Trojan.Perfcoo trojans. I've run Ad-Aware and I've tried using Norton 3 times (normally, in safe mode, and with system restore disabled) going by symantec's directions, and that has not helped. I've also searched through forums to try using any information from anyone else with similar problems, but that has not helped either. I downloaded HijackThis, and though it downloaded and installed on my computer, it won't open--even in safe mode. Anyway, any assistance in removing these trojans would be very helpful. Thank you.

A:Downloader.MisleadApp & Trojan.Perfcoo

I also can't get ComboFix to work either. Any help would be sweet...

2 more replies
Answer Match 41.16%

Hi Everyone...I started off getting infected with the "Downloader" virus. Followed Symantec rules to be rid of it, and I think I am, but it opened up a whole new can of worms! I'm not an idiot, but I'm not an expert either and have followed some directions to get rid of alot that climbed aboard. Problems I know have are...to click a link on a page...usually times out, doesn't load, I can no longer connect to the Symantec website (which has my backup registry) because of an add on somewhere? The writing and pagelayout, along with everything to do with the display of moniter/webpages/etc is very small, some graphics don't load, and God know what else!! VERY FRUSTRATED! I have run Norton, Adaware, Ewido, SuperantiSpyware, cleaned all temp files and such and below is my Hijackthis report. I do not know what to delete from this to get things back to normal. Sorry for all my idiocy here, but would appreciate any and all help you could give me.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:54:33 PM, on 9/21/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exec:\Program Files\Common Fil... Read more

A:Infected "downloader.misleadapp" Winsoc?

I also seem to be unable to connect with my registry. It seems to have disappeared. My control panel disappeared also, but i fixed that part. Thanks...

2 more replies
Answer Match 41.16%

I just started getting this alert message that my computer may be at risk and should d/l a certain virus detection program... My norton caught it but did not remove it.. can someone help to get rid of it..? thanks..RussP.. I have included a HiJackThis log file to help..

Logfile of HijackThis v1.99.1
Scan saved at 4:25:05 AM, on 11/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.... Read more

More replies
Answer Match 41.16%

Last night QuickScan found hacktool.rootkit and downloader.misleadapp on my computer. I tried to clean and permanently delete them, but it showed up again today. I have WindowsXP sp2. Here's my hijack log. Thanks!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:15:34 PM, on 11/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Symantec... Read more

More replies
Answer Match 41.16%

Hi there,
I`d appreciate some help removing that nasty virus called Download.MisleadApp from my Notebook (Win XP Home, Centrino 1,7, 512 MB, 3 1/2 years old).
My Symantec virus scanner found it, but can not remove it. I found another thread where it was apparently successfully removed so I thought you might be able to help me as well.
The problem is that at the moment, though I can boot the PC, I can´t do anything when the desktop has been loaded. I can´t event open Win Explorer. Nothing happens when I click the Start-Button. The only thing I can do is press Ctrl-Alt-Del to see the Task Manager and then shut down the PC again.
What I did is download all the Tools that were mentioned in the other thread, but as I can´t do anything on the infected PC I can´t start them. Maybe it´s possible to use them from a USB-Stick or copy them to the hd when I start Win in safe mode?
Thanks, Björn

Update:
I managed to start Win Explorer via the command line in Task Manager. Tried to run Hijackthis setup, which I downloaded here http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
but I got this error message:

 

A:Help needed removing Download.MisleadApp

OK I´ve finally managed to install Hijackthis (downloaded a different setup.exe from another site). Hope somebody is able to help me now! Here´s the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:24:16, on 22.04.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Apache Group\Apache2\bin\Apache.exe
C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programme\Apache Group\Apache2\bin\Apache.exe
C:\Programme\FRITZ!DSL\IGDCTRL.EXE
C:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\DTSRVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\MySQL\bin\mysqld.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\ATI ... Read more

2 more replies
Answer Match 41.16%

I've done an incredibly stupid thing and downloaded a crack keygen. Yes, incredibly stupid. Now that I've admitted it, I don't necessarily feel any better. I've been battling virus threats for two days now. I have run ATF Cleaner, ComboFix, HijackThis and Symantec's FixVundo Tool.

I greatly appreciate the effort of your forum to help me. Thank you very much.

I'm posting the logs from both ComboFix and Hijack here:

ComboFix:
ComboFix 07-11-30.3 - Joi Brooks 2007-12-01 6:04:42.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.242 [GMT -5:00]
Running from: C:\Documents and Settings\Joi Brooks\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-11-01 to 2007-12-01 )))))))))))))))))))))))))))))))
.

2007-12-01 06:01 . 2007-12-01 06:01 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-01 04:53 . 2007-12-01 06:09 7,374 --ahs---- C:\WINDOWS\system32\adggh.ini2
2007-12-01 04:52 . 2007-12-01 06:10 7,374 --ahs---- C:\WINDOWS\system32\adggh.ini
2007-11-29 21:57 . 2007-11-29 21:58 335,968 --a------ C:\WINDOWS\system32\hggda.dll
2007-11-29 09:30 . 2007-11-29 09:30 102,912 --a------ C:\WINDOWS\system32\drvvih.dll
2007-11-29 09:26 . 2007-11-29 09:26 35,840 --a------ C:\WINDOWS\system32\gebbcdc.dll
2007-11-29 09:25 . 2007-11-29 09:25 <DIR> d-------- C:\Program Files\yzudexmv
2007-11-29 09:25 . 2007-11-29 09:25 <DIR> d-------- C:\Program Files\Unezyuxj
2007-11-28 17:50 . 2007-11-28 17:50 <DIR>... Read more

A:Trojan.Vundo and Downloader.MisLeadApp

attached is the log from panda activescan

4 more replies
Answer Match 41.16%

Can someone please help me with this issue? I have Norton and everytime I open a browser, I get a blank page and an Downloader.Misleadapp error.

Separate question is that I know I have a lot of extra crap on my computer that it came with, but I don't know of a good system cleanup type software that is safe. Suggestions for that would be welcome as well.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:20:38 PM, on 2/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\Explorer.EXE
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls... Read more

More replies
Answer Match 40.74%

Hi everyone. Im running Norton Internet Security on my comp and Antivirus2009,Downloader.Misleadapp and Trojan Virantix.C wont seem to be removed. It says that they cant be removed from an unsupported file and i really jsut want these things gone. i ran hijack this on a friends recommendation and if any one could help me i would be so happy.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:02:33 PM, on 11/10/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exeC:\WINDOWS\system32\svchost.exeC:\Pr... Read more

A:Antivirus2009,Downloader.Misleadapp,Trojan.Virantix.C

Hello! My name is Sam and I will be helping you. I will do my best to communicate clearly to you so that we can resolve your issues as quickly as possible. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to fix your computer. Please communicate freely with me about how your computer is reacting and behaving as we work through this process.Please download random's system information tool (RSIT) and save it to your desktop.Double click on RSIT.exe to run it.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

2 more replies
Answer Match 40.74%

Running PC with Windows XP

Picked up host of problems recently, Norton did not prevent infection but did identify Trojan.Vundo, Trojan.Adclicker, and Downloader.MisleadApp upon scan, removing those three particular files. Host of other problems remained, including disablement of System Restore function and Google popup problem. About half of restart attempts gave "Windows - No Disk" error with code 75b6bf7c repeated three times. One time (after successful restart) the "blue screen of death" appeared with the message "DRIVER_IRQL_NOT_LESS_OR_EQUAL". System would randomly freeze or restart itself within an hour or two of any successful restart.

I have run Malwarebytes' anti-malware scan which found and removed 30-odd infected files, most in the registries. Google popup issue has vanished; system appears basically stable now (not freezing up or randomly restarting itself since). System Restore now at least restarts the computer (previously, hitting the "Next" button produced no response whatsoever). However, regardless of which date is selected for the restore, I am told that the system cannot be restored to that date.

I'm not sure if the anti-malware scan completely "cleaned" the computer so here are my DDS logs:
DDS (Version 1.1.0) - NTFSx86
Run by marques at 21:50:16.03 on Sun 01/04/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.113 [GMT -6:00]

AV: Norton Internet ... Read more

A:Vundo, Adclicker, and Downloader.MisleadApp infection

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the ... Read more

10 more replies
Answer Match 40.74%

I am having a big problem with a virus that Norton AV identifies as "Downloader.MisleadApp". Norton picked it up but whenever I click on OK it comes up with another window - the files are all located in c:\windows\temp and the \quarantine folder of Norton AV - this evening i found there are slightly over 250000 .tmp files in this folder, all 32kb in size.

I would really appreciate someones help to remove this please. Thanks!

Here is a Hijackthius log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:12:01, on 03/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOW... Read more

A:experts, pleeease help removing misleadApp virus

Closing duplicate, please reply here:

http://forums.techguy.org/malware-removal-hijackthis-logs/646923-downloader-misleadapp-problem.html

eddie
 

1 more replies
Answer Match 40.74%

Ok, been trying to figure this for the last 2 days.

I was unfortunately attacked with the AntiVirus XP 2008 'fake' Anti Virus programme.

The only way I could stop this thing from popping up and over running my laptop was to go into my registry and remove all files to do with this programme.

After a restart I thought everything was solved, till I did a full system scan with Norton.

3 virus' were found, but I cannot remove them. The only message that shows is:
2 x 'Downloader.MisleadApp cannot be removed from an unsuported file'
1 x 'AntiVirus2008 cannot be removed from an unsuported file'

The only option I get for those is to 'Review' them.

Anyway, thanks for hearing my ramblings, any help (as long as it isn't too complicated) in removing these problems will be greatly aprechiated.

Thanks
 

A:Downloader.MisleadApp cannot be removed from an unsupported file

Hi and welcome to TSG,

Please do not start more than one post for the same issue.

I'm closing the others. Please continue here:

http://forums.techguy.org/malware-r...1420-help-please-post6141795.html#post6141795

Also, please review the sticky post at the top of the forum for the proper protocol when posting for assistance.
 

1 more replies
Answer Match 40.74%

The windows installer continues to run upon each startup. Once the installer has been cancelled, it will pop-up again when you run a new program, such as internet explorer. Automatic updates and symantec antivirus are both up to date. Also, symantec will catch a virus named "downloader.misleadapp" and will quarantine the file, but not clean it.DDS.txt logDDS (Ver_09-03-16.01) - NTFSx86 Run by HP_Owner at 13:13:41.37 on Sun 04/12/2009Internet Explorer: 7.0.5730.13Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.134 [GMT -4:00]AV: Windows Live OneCare *On-access scanning disabled* (Updated)FW: Windows Live OneCare Firewall *disabled*============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\WINDOWS\SOUNDMAN.EXEC:\WINDOWS\ALCWZRD.EXEC:\WINDOWS\ALCMTR.EXEC:\PROGRA~1\Symantec\SAV8\vptray.exeC:\Program Files\QuickTime\qttask.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exeC:\Program Files\LSI SoftModem\agrsmsvc.exeC:\PROGRA~1\Symantec\SAV8\DefWatch.exeC:\WIND... Read more

A:Windows installer problems, downloader.misleadapp

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until ... Read more

2 more replies
Answer Match 40.74%

Running Symantec AV in safe mode and prompts that it quarantines and deletes. Still getting the popup window from symantec with repeated instances upon restart.Deckard's System Scanner v20071014.68Extra logfile - please post this as an attachment with your post.---------------------------------------------------------------------------------- System Information ----------------------------------------------------------Microsoft Windows XP Professional (build 2600) SP 2.0Architecture: X86; Language: EnglishCPU 0: Intel® Core™2 Duo CPU T7300 @ 2.00GHzCPU 1: Intel® Core™2 Duo CPU T7300 @ 2.00GHzPercentage of Memory in Use: 34%Physical Memory (total/avail): 2007.23 MiB / 1309.59 MiBPagefile Memory (total/avail): 3899.48 MiB / 3313.2 MiBVirtual Memory (total/avail): 2047.88 MiB / 1926.42 MiBC: is Fixed (NTFS) - 74.53 GiB total, 59.75 GiB free. D: is CDROM (No Media)E: is Removable (FAT32)\\.\PHYSICALDRIVE0 - Hitachi HTS541680J9SA00 - 74.53 GiB - 1 partition \PARTITION0 (bootable) - Installable File System - 74.53 GiB - C:\\.\PHYSICALDRIVE1 - Kingston DataTraveler 2.0 USB Device - 3.8 GiB - 1 partition \PARTITION0 - Unknown - 3.8 GiB - E:-- Security Center -------------------------------------------------------------AUOptions is set to notify before download.Windows Internal Firewall is disabled.FirstRunDisabled is set.FW: Sygate Security Agent v4.6 (Sygate Technologies, Inc.)AV: Symantec AntiVirus Corporate Edi... Read more

A:Trojan.fakeavalert And Downloader.misleadapp Infection

Welcome to the BleepingComputer Forums. Since it has been a few days, please post a new Deckard's System Scanner which includes the HijackThis log. Please see Preparation Guide for use before posting about your potential Malware problem. Thank you for your patience.If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

3 more replies
Answer Match 40.32%

Hey Tech Support members and admins my name is Matt!
Okay so my problem for today would be the following:
Downloader.MisleadApp
Stupid Virus that won't allow me to play games like (WoW or FlyFF)
Please If you could help me that'd be of great assistance.
HiJackThis Log :
Logfile of HijackThis v1.99.1
Scan saved at 6:40:54 PM, on 12/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SonicWALL\SonicWALL VPN Client\IreIKE.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\SonicWALL\SonicWALL VPN Client\IPSecMon.exe
C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe
C:\Program Fil... Read more

A:Removing: Downloader.MisleadApp(Calling all Admins! and Seniors!)

Bump!!!!!!!
 

3 more replies
Answer Match 40.32%

Hi, I seem to have several infections. I have run spybot, adaware, and Norton AV, Housecall and Stinger and they keep reappearing. They are (some may be redundant) Virtumonde (virtumonde.SecCenter, Virumonde.Crack), scprot4.exe, Downloader.MisleadApp, Zlock.uc, Win32.small.Ir, UltimateCleaner, UltimateFixer. And spybot doesn?t seem to like ranavotu.dll and srgfgrev.sll. I am running Windows XP with service pack 2. My Internet Explorer has started crashing frequently so I was unable to do two of the online virus scansI have 2 hard drives and an external HD. All system files are on C drive.Here is the HiJackThis logLogfile of Trend Micro HijackThis v2.0.2Scan saved at 11:10:33 AM, on 12/17/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Ahead\InCD\InCDsrv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shar... Read more

A:Virtumonde, Scprot4.exe, Win32.small.ir,downloader.misleadapp

Hello Bill,Welcome to Bleeping Computer Fasten your seat belt Bill. This one might take a bit to get rid of. It's not an easy one usually. 1. Download this file - combofix.exe2. Double click combofix.exe & follow the prompts.3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.Note:Do not mouseclick combofix's window while it's running. That may cause it to stall.Thanks,tea

3 more replies
Answer Match 40.32%

Hi
I have encountered a virus I cannot remove from my laptop.

PC: Dell latitude 610
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Anti virus: Symantec

This problem arose on the 21 December 2007.
I have run the antivirus including full disk scan a numner of times.

From this I have deduced the issue could be related to the following:
- BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\qudjdrrg.dll

This entry is flagged by the antivirus but not removed - and I cannot delete the entry manually [says it is in use].

The virus launches randomly it seems, though it appears every time I start a program/game [WoW] within 5 minutes of launching it.

=========================================================
Symptoms [NOTE - the english is accurate to the error messages]:

Warning message on start up
Your system could become unstable
A potential problem has been detected and Windows has been shutdown buugy application to prevent damage to your computer.
*****WXYZ.SYS - Address F73120AE base at C00000, DateStamp 36b072A3
Kernel Debugger Using: COM2 (Port 0x28f, Baud rate 192000)

Dump of numerous.tmp files into the C:// directory [currently these are in the My documents folder an cannott be deleted]
At present there are over 2000 of these entries [name = Pos2039.tmp]
When I try to delete them I get a new error message:
Sysfader: IEExplorer.EXE - Potential Application... Read more

A:MisleadApp virus on Win XP laptop - cannot remove (Moved from Windows XP)

www.bleepingcomputer.com
www.forospyware.com
www.geekstogo.com

1. Please choose from any of the above links. Download the file & Save it to Desktop.

2. Double click on ComboFix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that & a fresh Hijackthis (not DSS) log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

2 more replies
Answer Match 40.32%

I'm a newbie to this forum. I've got several virus/malwares on my computer which Norton Antivirus 2007 is unable to remove. Any idea how I can get them off? Perhaps I should add a couple of additional points of information...
I tried using Norton's suggestions to remove the Downloader.MisleadApp, but have been unsuccessful.

1) I turned off my restore point function
2) I entered Safe Mode and ran the virus scan, but nothing was detected

I know they are still there because they come up as unresloved issues in the quarantine log, and I keep getting random pop ups asking me to download anti-virus software.

I should also mention that SafeMode is not working properly for my computer: it repeatedly pops up the message asking if I want to continue in safe mode. Each time it does this, the window that I have open closes, making it difficult to navigate. I was finally able to run the scan through task manager's run function and typing:
navw 32\L

I've seen elsewhere that posting HijackThis Logs help, so I'm posting mine below.

Logfile of HijackThis v1.99.1
Scan saved at 10:59:42 AM, on 10/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon... Read more

A:Solved: Downloader.MisleadApp, Trojan.Vundo and W32.Virut.W

16 more replies
Answer Match 40.32%

Hello...
Several issues, all started yesterday.
* My antivirus (Norton) has been picking up Downloader.MisleadApp
* getting system warnings (!) on taskbar, looks "official", but it is not.
* Getting System Messeges "Security warning" of viruses etc, and asks me to install software
* IE has a "new" toolbar called "Security Toolbar 7.1"
* IE window keeps on popping up with "savetheinformation.com" as website

A friend adviced running Spyware Doctor, it found several things, and fixed it. Combofix was also run, and seemed to stop the Norton messges, but others are still there. Log file of combofix is below. (dont know how to have it in here, so I am copy-pasting it).

Your help will be much much appreciated. Thank you!

Jay

ComboFix 07-11-08.1 - Sotzing 2007-11-07 14:52:13.1 - NTFSx86
Running from: C:\Documents and Settings\Sotzing\Desktop\ComboFix.exe
* Created a new restore point
.

Unable to gain System Privileges

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\Sotzing\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Sotzing\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Sotzing\Favorites\Online Security Guide.lnk
C:\WINDOWS\cookies.ini
C:... Read more

More replies
Answer Match 39.9%

I hope you can help me. My computer has a virus. I noticed my computer running very slow and sometimes when I am on the internet, pop-ups are constant and can even hear ads and I didn't click on anything. I have Norton and the security history says 2 separate warnings:

Auto-Protect has detected Downloader.MisleadApp
Auto-Protect has detected Trojan.Adclicker

Action taken says Blocked, status says Blocked and recommended action says resolved-no action

This happens every time I turn on the computer and go on the internet for the first time. It interfers with me going on the internet. My security is constantly saying that "A recent attempt on your computer was blocked". It sometimes even closes me out of the internet giving me no reason at all. I found your forum and followed the steps along with my logs which are attached and the main.txt is below. I hope you can help me out. I would greatly appreciate it.

Deckard's System Scanner v20071014.68
Run by Wendy on 2008-05-26 14:20:53
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-05-26 18:20:58 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone --------------------------------------------------... Read more

A:Computer Slow & Steady Pop-Ups/Downloader.MisleadApp & Trojan.Adclicker

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------


Quote:




C:\Documents and Settings\Wendy\Local Settings\Temporary Internet Files\Content.IE5\TC2RSO0I\dss[1].exe




It appears as though you chose "Run" instead of "Save" when it came to downloading dss.exe

It's important to "Save" the files, usually to desktop. They are easier to find, and won't be lost in the temporary file cleaning many of our tools perform.


P2P - I see you have P2P software ( Limewire ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your m... Read more

19 more replies
Answer Match 39.9%

Hi,I have Win XP SP2 installed on my laptop (home computer). I use Symantec 10 (corporate edition) for antivirus and firewall. also, i have Ad-adware installed. My login has got admin priviliges. Looks like my system is infectedf with some a virus (possible downloader.misleadapp). been wokring on this nonstop since last 10 hours now. everytime i scan, i find something, fix it ,all is well but on restart my world looks topsy turvy. I have great expections from this forum that help will flow in or else looks like formating of my hard disk is inevitable (lot of personal data at stake). Thought, Hijackthis log is attached, i think it will be helpful if i can expain how my system is currently behaving.couple of days ago, my browser started redirecting to some unknown sites (for 50-60% of sites i visit), where it used to ask me to download some anti spyware tools. Also, a popup used to show up askingme to download spy shredder. I immeditely scanned my system using Ad-adware. scan results showed 2 critical window objects a) disabletaskmgr disableregistrytools. thats when i figured out my taskmgrr and registry tools are disabled and give error message "registry editing hasbeen disabled by your admin". Then i started anti-virus scan but it was not starting either giving some scan engine error (never saw such error before). I restarted my system in safe mode and this time my anti virus scan worked. again, when scan was done, it showed "downloader.misleadapp" as the... Read more

A:Taskmgr, Registry Tools Disabled - Possibly Downloader.misleadapp

Welcome to the BleepingComputer HijackThis Logs and Analysis forum. My name is Richie and i'll be helping you to fix your problems.Apologies for the late response,as i'm sure you can appreciate we are absolutely snowed under with logs.If you still require help,please post a new Hijackthis log into your next reply.

9 more replies
Answer Match 39.48%

My computer is laging and moving very slowly. Symantec Antivirus keeps finding and quarantine Downloader.MisleadApp. on a daily basis. Spyhunter (free version) found several cookies and one Tojan.Dropper file. Not sure if these are responsible for computer issues or not. Hoping someone can PLEASE help me. Have posted and receive much help resolving previous problems.

HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:44:11, on 3/2/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\WINDOWS\system32\ctfmon.exe
c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\... Read more

A:Help! Slow and laging Computer. Downloader.MisleadApp and Trojan.Dropper found

still waiting for some help.....Please!
 

2 more replies
Answer Match 38.64%

Background of the PC:

the system was bought about 4 years ago and my sister used to download files from kazaa with it, but then they said it crashed, and it's never been used until this summer when I did system recovery to it.

The Problems:

-As soon as it was connected to the internet, malwares attacked (especially the online security guide and live safety center), but it doesn't do that anymore now. I tried following suggestions of other sites on how to clean up the pc of these nasties but I think it just got worse...

-The installed Norton Antivirus keeps picking up Trojan.Vundo, Adware.Ezula, and Downloader.MisleadApp via Autoprotect at varying risk levels. When I do full system scans, the system is said to be 'secure' except for a tracking cookie it picks up.

-Internet browsing remarkably slowed down over the months. Random pages pop up while browsing. Start ups and shutdowns are also very slow.

-Before, as soon as the pc is connected to the internet, the desktop icons and taskbar just vanish, but recently, it seems as if it just refreshes

-Recently, a page would just pop up then a window would say 'Internet Redirection you are about to be redirected to a new internet site', or if I open 3 IE windows, one would freeze up, then if I close the page that's not responding, all of the IE windows close.

So, I did:

Step #1: none of the listed programs were found on the add/remove programs

Step #2: panda scan:

Incident ... Read more

A:constant popups, antivirus picks up trojan.vundo, adware.ezula, downloader.misleadApp

Hi astonishia01

I apologize for the delay getting to your log. The helpers here are all volunteers and we have been very busy here lately. If you are still having malware problems, I will be glad to help.


Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding. Please ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.


IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.

===============================================

Additional Downloads

Please download these additional files/programs. Do not run them until instructed to do so.
Unless otherwise stated, they should be stored in same directory as the HiJackThis program.

=================


Download ComboFix


Alternate Link

and save it to your desktop.

**Note: It is important that it is saved directly to your desktop**

===============================================

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

===============================================

Double click on combofix.exe & follow the prompts.When finished, it will produce a report for you.
Please post the "... Read more

1 more replies
Answer Match 35.7%

Please help me rid this virus from my computer. It's called downloader.misleadapp.

Pop ups are going off all over the place recommending I download spyware, etc... I have not since I believe this may be the prodding this virus wants. Also, it took control of my desktop display and added some short cuts to my desktop.

Help!!!

Paul
My logfile is:

Logfile of HijackThis v1.99.1
Scan saved at 1:45:18 AM, on 7/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-... Read more

A:Solved: HELP, I've got "dowloader.misleadapp" virus

16 more replies
Answer Match 35.7%

Hi, I've tried everything to get rid of this stupid infection! I've tried things from Avast, to Spybot Search and Destroy, to Ewido, to removal tools...It would remove it, but it would always come back. The computer was also infected with this thing called Bestselling Antivirus virus, where I had popups coming up advertising virus protection. It installed some kind of security tool bar. It also put some kind of thing in the tool bar that would blink and say that the computer was infected with a trojan/worm and would popup over and over again, till I finally some how removed both of those infections. Well, at least I think it is removed... The computer though is still infected with this trojan.vundo, Downloader, and Downloader.MisleadApp well, that's what her Symantec antivirus autoprotect says, and it won't go away, no matter what I use. Also, the random popups that keep popping up are annoying (like before, but not as bad)..Any help would be appreciated on here, my sister needs her laptop for school work, but she can't use it because it's all messed up.-------------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:39:27 PM, on 10/21/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\... Read more

A:Trojan.vundo, Downloader, Downloader.misleadapp Infection

Sorry for a repost, please don't delete my thread. I really need help getting rid of this infection!!

I see that people are looking at my post, but no replies

It's really annoying and it won't go away, and my sister really needs her laptop for her school work, but can't use it because it keeps acting up.

6 more replies
Answer Match 35.7%

I have been trying to get rid of this for days. I found a thread in your forums from july 2007 about the 'Downloader.misleadapp' virus. It was nearly exactly my problem. so I followed the thread as far as i could with out having the benifit a tech checking my logs... did everything else though. Think I might have missed some stuff in the logs due to my newness to this.

please help me.

I'll post logs from combofix and hijackthis in a second message.

thank you.

More replies
Answer Match 33.6%

Norton picks these up as viruses. It appears to delete them. When i go to yahoo mail, it has problems opening up mail, and then tells me that my computer may be infected. It wants me to run some type of scan program. How do I remedy all of this. My virus defs are up to date. This particular time it wants to run "winxdefender". HELP!!
 

A:Solved: Downloader and Downloader.MisleadApp

16 more replies
Answer Match 29.82%

i downloaded a thing i thought was safe but turns out my mcafee site advisor and mcafee software let a trojan get on my computer. it the TrojanDownloader:WIN32/zlob.ZWC. microsoft malicious software tool detects it but wont remove it. mcafee dont detect it at all.
 

A:HELP PLEASE i downloaded and cant get rid of it

* Click here to download HJTsetup.exe.
Save HJTsetup.exe to your desktop.

Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
 

1 more replies
Answer Match 29.82%

I opened a file from AIM, and now all these programs are trying to modify my computer. All help would be appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 8:10:06 PM, on 9/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\WINDOWS\system\wcisvc.exe
C:\Program Files\AIM\aim.exe
C:\Documents and Settings\Yolkavich\Desktop\HijackThis.exe

R3 - URLSearchHook: AOLTBSearch ... Read more

More replies
Answer Match 29.82%

system running : windows XP professional with sp3

okay, as the title implies, while surfing the internet a tab appeared in the firefox window that said "Updating..." but never showed/displayed anything. After that, I noticed the windows start/tool bar had changed from the XP theme version to the classic version. Then i noticed that there was no network connectivity. When I tried to look up what was wrong, the properties, rename, and delete options have been disabled from the right-click menu.
I received a message that there was attempt to update registry but whatever was done was restored, then my PC reboot.
what I've done so far:
I tried to boot using the windows xp CD but nothing happens. Windows eventually boots up, but I don't get any options to run repair or anything.
Used CA anti-virus for scan and found nothing (did this again in safe mode and still found nothing)
I did a search to see if I could find what was modified, it shows that all user accounts including a Helpassist?? account have been updated in some form or fashion so i don't know what else to do

I see svchost.exe, services.exe, and system taking up 50% of CPU occasionally but not sure what to make of that.

to get the internet started I tried to turn on some network services but all failed due to 'timeout'

Please let me know any ideas, or how to get started on trying to fix this problem.

thanks,
homero
other pcs are connected to the internet just fine.

A:pop up downloaded something

any ideas? anyone? a starting point?

2 more replies
Answer Match 29.82%

I took advantage of the student offer of Windows 7 and last night downloaded windows 7. I thought that because my laptop was 64 bit capable I could do a clean install to it from the download, which I now obviously realise was a mistake.

Does anyone know how I can change this download for a 32 bit version?

Thanks

A:Downloaded 64 bit but need 32 bit

Why can't you install 64bit? Have you tried and got an error?

2 more replies
Answer Match 29.82%

alright so i would say i am pretty computer literate at least for 16 you put me in my whole high school i would pry be second best, here is my HJT file i cant find nothing but i can tell you my problem the quick launch bar is messed up i open it an nothing is there it opens but just lines come and regedit says its in use by another program and task manager wont open

View attachment 32453
 

A:Downloaded something bad help please

Clear these three items in HJT and rescan:

O2 - BHO: (no name) - {3745D43B-4A84-485D-8EE9-BC6D0401DBF6} - C:\WINDOWS\system32\vtUkIBqR.dll
O2 - BHO: (no name) - {4F96CCB9-01EC-419E-AAEA-C2C913F2A236} - C:\WINDOWS\system32\byXRkIYS.dll
O20 - Winlogon Notify: byXRkIYS - C:\WINDOWS\SYSTEM32\byXRkIYS.dll

If they are still present, then download MalwareBytes Anti-Malware and while you are there grab the RogueRemoverFree as well. FileASSASSIN is under More Tools in Anti-Malware, and can actually delete the files while in use. Run that if the files wont delete or keep showing up in HJT. Make sure you update MalwareBytes before you do a full scan
 

7 more replies
Answer Match 29.82%

Hello

I have setup every application to "ask me before checking for updates",

Even when I am not using any brower, email or any opther application, I notice that my lights on my modem are blinking quite fast... that is something is being downloded. It has been going on for quite sometime.

How do I find out what is being downloded (or uploaded)?

I use
toshiba laptop
window 7 prof
IE9
MS office 2010
Internet secuirity (antivirus, etc ...) from Bell
Thank you very much
 

A:How do I know what is being downloaded?

And you have no browser open? And check for new email only infrequently?

You could try disconnecting from the modem and see if any program complains.

In Network Connections right click on your connection and select Status. Watch the Bytes sent and received to get an idea of the upload vs download and how much.
 

3 more replies
Answer Match 29.82%

I downloaded a program yesterday and ran it but nothing happened. Then I read comments on a video of it and someone said it was most likely a RAT and another guy saying it was probably a virus. I can provide the file if that will help. I don't want a RAT.

A:May have downloaded a RAT. Don't know what to do.

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware (MBAM) to your desktop.NOTE. If you already have MBAM 2.0 installed scr... Read more

1 more replies
Answer Match 29.82%

Is there a way to find out just how much in total the Get Windows 10 app has downloaded it so far?

A:How much of W10 downloaded?

There's no way to know that when Windows 10 hasn't been officially released yet. Maybe at a later date.

41 more replies
Answer Match 29.82%

hello my coputer is windos vista and the problem is everery time that i try to downloading anything i cant because there is a box that say "you current security setting do not allow this file to be downloaded" plis i really need help michael

More replies
Answer Match 29.82%

I just purchased a new HP desktop, INtel core 2 Quad processor, 64 bit performance with 8gb of ram, 1 Terrabyte hard drive. It came with Vista home premium 64 bit edition. I had previously purchased Vista Ultimate for a laptop that no longer works. When I downloaded Vista Ultimate I put in the 32 bit instead of the 64.....I am not able to do a restore to go back to the way I purchased it. I am not very computer savvy. Can anyone please help??? Thank you. And what would be the down fall for keeping the 32 bit installed (somone had told me I wouldn't be using the full capicity of the computer) Thanks again.

A:Downloaded 32 bit instead of 64 bit HELP

Originally Posted by cmb1966


I just purchased a new HP desktop, INtel core 2 Quad processor, 64 bit performance with 8gb of ram, 1 Terrabyte hard drive. It came with Vista home premium 64 bit edition. I had previously purchased Vista Ultimate for a laptop that no longer works. When I downloaded Vista Ultimate I put in the 32 bit instead of the 64.....I am not able to do a restore to go back to the way I purchased it. I am not very computer savvy. Can anyone please help??? Thank you. And what would be the down fall for keeping the 32 bit installed (somone had told me I wouldn't be using the full capicity of the computer) Thanks again.



32bit will only see 4gigs of ram and usually only be able to use abt 3.3 its also a bit slower depending on how you use it. when changing from one OS format (32bit) to another (64bit) it has to be a clean install.

Now about restoring you may have a backup there and available but since you are 32 bit and it isnt you cant use it. If you were to reinstall vista 64 it probably be available

7 more replies
Answer Match 29.82%

i downloaded the Quick Lanch Button but everytime after full download completed, it says network error...

More replies
Answer Match 29.82%

Think i accidently downloaded something or not, Over the past week it has been getting slower and ie has now been hanging up. here is a dss log and thank you:Deckard's System Scanner v20071014.68Run by Gil on 2008-06-09 22:07:02Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --28: 2008-06-10 02:07:21 UTC - RP513 - Deckard's System Scanner Restore Point27: 2008-06-10 00:51:33 UTC - RP512 - System Checkpoint26: 2008-06-04 03:16:24 UTC - RP511 - Software Distribution Service 3.025: 2008-06-03 21:13:28 UTC - RP510 - Software Distribution Service 3.024: 2008-06-03 02:32:27 UTC - RP509 - Software Distribution Service 3.0-- First Restore Point -- 1: 2008-03-13 20:18:23 UTC - RP486 - System CheckpointBacked up registry hives.Performed disk cleanup.Total Physical Memory: 448 MiB (512 MiB recommended).-- HijackThis (run as Gil.exe) -------------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:10:47 PM, on 6/9/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC: ... Read more

A:Think I Downloaded Something, Help

Hello and welcome to BleepingComputer I don't see any malware there.Some points:Do you have a bought license for Norton? Or did you get it for free? The reason I'm asking is, it's a really heavy app for an antivirus. You can install a better antivirus that's waaaay lighter and easier for the computer, and takes less ram and actually is more efficient too.So, I recommend uninstalling Symantec's products and installing AntiVir (That's the promotion license for AntiVir Premium -- 6 months for free. You can get their free edition here) or Avast! instead.Another valid point: when did you install Service Pack 3? There has been several flaws with it.. Some people have really bad problems with SP3, I seem to be one of the lucky ones with no issues. Did you notice the problems after installing it?Also have a read through THIS TOPIC.Finally.....Click Start >> Run and paste in:"%userprofile%\desktop\dss.exe" /daftClick OK.Click OK to the prompt from Deckard's System Scanner.Click Scan.Checkmark every entry found.Click Fix.Let me know how you get on.

2 more replies
Answer Match 29.82%

So I downloaded something and although avast said it blocked a trojan/virus, I just want to sure my PC is safe/clean. Think you guys can help me out? 
 
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 7:10:11 PM, on 2/5/2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18163)
 
FIREFOX: 42.0 (x86 en-US)
Boot mode: Normal
 
Running processes:
C:\Users\Gene\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Gene\Downloads\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Softwar... Read more

A:downloaded something...

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Download Malwarebytes' Anti-Malware from HereDouble-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).The scan may take some time to finish,so please be patient.If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Log... Read more

2 more replies
Answer Match 29.82%

So far I like it. However, I do a lot of photos and cannot figure out how to set up a new folder and organize them. Any advice ? Thank you
 

A:Just downloaded W10.

10 more replies
Answer Match 29.82%

Hey.
I have had some problems with my computer, and know I have tried my best. Someone told me to download Hijack and then post my log here. Could someone please take a look at it-, If there's something more to be done, please let me know.

Thanks

Logfile of HijackThis v1.98.2
Scan saved at 21:57:56, on 11.10.2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
C:\Programfiler\Norton AntiVirus\navapsvc.exe
C:\Programfiler\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programfiler\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Programfiler\Nokia\Nokia PC Suite 5\DataLayer.exe
C:\Programfiler\Fellesfiler\Nokia\NCLTools\NclTray.exe
C:\PROGRA~1\ELEKTR~1\OPTISK~1\Amoumain.exe
C:\Programfiler\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
C:\Programfiler\Fellesfiler\Nokia\Services\ServiceLayer.exe
C:\Programfiler\Musikk\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\bcmwltry.exe
C:\Programfi... Read more

A:Just downloaded HJ.

Download LSP Fix

LSP Fix download link

It's a program that can restore your internet connection if it's lost after the NewDotNet uninstall.

Uninstall NewDotNet via Start-Control Panel-Add or Remove Programs.

Restart your computer.

If that fails, then follow the instructions below:
PROCEDURE 4 (Download Uninstall from New.net):

From a computer that has Internet access, click on the following link:

NewDotNet uninstaller
Download and save uninstall6_22.exe to a 3-½ floppy disk.

Insert the floppy disk into the floppy drive of the computer that needs to have our software uninstalled from.

Click on Start.

Click on Run.

In the Open window type, A:\uninstall6_22.exe.

Click on the OK button.

Re-start the computer.

http://www.newdotnet.com/


Uninstall:

MyWay or MyWebSearch

Twaintech

Restart the computer.

Download and save these freeware/donationware programs to a permanent folder. Remember to check for updates and run them weekly.
***NOTE***A new version of Ad-aware has been released.
***ALSO***A new version of SpyBot's been released (v1.3...it's no longer in beta). If you have been using 1.2 you can install right over it. If you downloaded and used 1.3 beta it is suggested you remove it and reboot prior to installing.
Ad-aware SE download

Configure Ad-aware
First in the main window look in the bottom right corner and click on "Check for updates now." then click Connect and download the latest reference files.... Read more

1 more replies
Answer Match 29.82%

downloaded IE9, but cant find it did search, found an empty folder but that all thats marked IE, toshiba laptop running mozilla firefox 3.6

A:ie downloaded but not there

When you say downloaded, if you've kept your Vista updates up to date you should have SP2 and IE9. Go to your Windows Updates and install and check in restore hidden updates for more installations.

3 more replies