Tech Problem Aggregator

i have norton antivirus 2007 and i do the scan and everything gets fix except for the downloader misleadapp, i went thru the removal process about 3 times and nothing happens to it

what do i do??

thank you
david

13 more replies

ogfile of Trend Micro HijackThis v2.0.2Scan saved at 10:55:32 AM, on 12/19/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exeC:\WINDOWS\system32\hkcmd.exeC:\Program Files\WildTangent\Apps\CDA\GameDrvr.exeC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXEC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exeC:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Viewpoint\Common\ViewpointS... Read more

Hi,Open HijackThis, click Config, click Misc ToolsClick "Open Uninstall Manager"Click "Save List" (generates uninstall_list.txt)Click Save, copy and paste the results in your next post.-------------

2 more replies

Hi!
I'm totally new here and I'll be honest, I registered because of this virus that keeps popping up. I've searched the forum and found similar problems but I figured that this kind of thing should be dealt with individually.

Okay, I have Symantec as my antivirus program and recently I have this pop-up every minute of having found a virus named Downloader.MisleadApp. It says also that all actions taken have failed (Clean, Quarantine, Access).

I'm new with programs such as HiJackThis and I would deeply appreciate it if you could instruct me step by step.

Thanks in advance and Happy New Year!

9 more replies

The malware window invites me to download a 'fix' , which I have not done---

Unable to repair file

Object name --- ...\install-d2hhDR2ZXI-a2V5aW4-a2V5aw...

Thanks in advance for any help

More replies

I have the trojan downloader.misleadapp at. I am running symantec antivirus through my college and until I have a clear virus can my computer is in quarentine. I have it down to 2 instances. when I try to delete them quarenteen them or clean them it telles me I am successful but then when I close out the page they are still there

This is my log

SmitFraudFix v2.315

Scan done at 17:34:35.05, Mon 04/21/2008
Run from G:\SmitfraudFix
OS: Microsoft Windows [Version 6.0.6000] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\Windows\system32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe

More replies

i don't think my norton can get rid of this. can anyone help?

... is there anyway to post an image here?

how can i post an image of my norton security history page?

1 more replies

Please could someone tell me the best way to remove downloader.misleadapp.exe from my computer? I've tried searching for help on this, but seem to be going round in circles!

More replies

I am unable to launch IE from the computer that has the infection. Thanks for any help you can provide so I can be the hero to my daughter's sister-in-law. Following is the HiJackThis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:51:53 PM, on 4/27/2008Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\ibmpmsvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\Documents and Settings\All Users\Application Data\ifwzejox\idwdsrih.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exeC:\WINDOWS\System32\RunDll32.exeC:\Program Files\ThinkPad\Utilities\TpKmapMn.exeC:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exeC:\PROGRA~1\ThinkPad\UTILIT~1... Read more

I should have mentioned -- Task Manager will not launch -- "disabled by your administrator" it says.

4 more replies

HELP!!

What location was it found in

2 more replies

hello, im new to the forum so tell me if i do something wrong, anyway..
i started the computer in safe mode and did a virus scan as it said on the symantec website, i also did a spyware scan with spyware doctor but neither of them found anything!
how do i delete this major pain in the *** without reinstalling windows?
Norton antivirus constantly finds and deletes .exe files but it doesnt seem to slow down the virus at all!

heres my HiJackThis log
Code:
Logfile of HijackThis v1.99.1
Scan saved at 19:01:17, on 2007-11-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE

More replies

I have been trying to fix this for two days now and it just seems to come back again and again. My father recently got the Virus Heat virus/trojan. And I have busted that but now the downloader.misleadapp/downloader is still around. The thing seems to recreate itself as a UNP*different numbers*.tmp file.

Here's my current HiJack Log...

Logfile of HijackThis v1.99.1
Scan saved at 10:44:23 PM, on 3/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\NavNT\vptray.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\lexpps.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alarm Clock 4 Free\AlarmClock.exe
C:\Program Files\stickies\stickies.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

More replies

Running on XP.
I realized my computer was infected with something when all of a sudden it started running advertisements in the background.
So I did a Norton scan.
It found 6 results. Won't let me remove or quarantine.
Only gives me the option to "review" but that doesn't do anything.
Ideas? I'm stuck.

1 more replies

Will start off describing the problem and what I have tried to do to fix it.

I noticed that my Norton 360 had stopped working and popups kept appearing flashing about viruses/security risks on my computer, I get my internet from a Wanadoo live box via a wireless connection - the computer was connected to the network but not getting the internet connection.

I booted into safe mode, where all the above features work! Started a scan with Norton which told me I had downloader.misleadapp trojan. I followed the symantec (and agreed with by some other sites) removal procedure, disable system restore, run full virus scan, run regedit removal tool on virus registry entries. Didn't work!

I then ran the app Smitfraudfix after carefully prepping the PC and reading the instructions, which rather amazingly appears to have fixed the popup problem once booting into normal mode, also after running a 'vundo' (which appears to go hand in hand with downloader.misleadapp) removal role this also found some viral entries. However Norton is still not booting on startup and I still can't get onto the internet except in safe mode. At a loose end now after having exhausted the usual find problem, google problem, fix problem approach!! Hope some kind people with more expert knowledge might be able ot get me out of this fix!

Dell Latitude X1, Intel Pentium M 1.1ghz... Read more

More replies

i have norton antivirus 2007 and i do the scan and everything gets fix except for the downloader misleadapp, i went thru the removal process about 3 times and nothing happens to it

what do i do??

thank you
david

Its a trojan. repost in the Malware section for help

1 more replies

Hi all,

Here is the Hijackthis log:
------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 17:38:57, on 02/11/2007
Platform: Windows XP SP2 (WinNT 5.... Read more

More replies

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:47:28 AM, on 11/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE

More replies

hijackthis_report_of_jan_29.txt   12.91KB

3 more replies

Hi Forums Techguy,

I have been hit with a virus. downloader.misleadapp! how do i get rid of it? It has file name udefender_setup[1].exe

I have tried everything from updating Java to current version to deleting BHO files. Here is my highjack log. Many thanks in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:26:17, on 31/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MSN Messenger\usnsvc.exe

I've managed to fix it. I had to delete all the HKCU and HKLM lines but thats not the important ones. The important ones I tried are:

O2 - BHO: MSVPS System - {F4CF814F-970F-405D-A42C-0CE06EB97373} - C:\WINDOWS\mxduo.dll
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O21 - SSODL: wmpdev - {77E9E8C0-DEF3-4459-ACEB-093328D030A2} - C:\WINDOWS\wmpdev.dll
O21 - SSODL: wmphost - {7A6146DD-38A5-4B4C-ADBE-31EEC529D063} - C:\WINDOWS\wmphost.dll

My logic was that even though I didnt know what each one exactly does, the worst case scenario would be a total reinstall which isn't too much of a problem for me as I just reinstalled my computer two days ago. I tried does lines above and hey presto the computer isn't hijacked anymore! Hope this is of help to anyone. However I must comment that my boot up time has slowed and if there is any way this can be speeded back up again, I would welcome any advice and recommendations you can give me. Many thanks in advance!

Regards,
Alan.

1 more replies

Hi and welcome to TSG,

Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

1 more replies

I keep getting reports from Norton of downloader.misleadapp viruses that are quaranteened but cannot be removed. their numbers have slowly increased and I'm concerned, but can't find how to remove them. I'm operating windows XP on a Dell laptop. Here is my HijackThis log. Thanks for the help.

Logfile of HijackThis v1.99.1
Scan saved at 7:19:23 AM, on 10/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Apoint\Apoint.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe ... Read more More replies Answer Match 41.58% My pc has been infected by this virus and is going nuts there was pop ups everywhere, i have managed to get rid of the pop ups now, but Norton can't get of the virus completely and Symantecs suggestions haven't worked. Help paul A:download.misleadapp cant remove - can anyone help? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:41:14, on 19/09/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Java\jre1.6.0\bin\jusched.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Windows\ehome\ehtray.exe C:\Windows\System32\spool\drivers\w32x86\3\E_FATICDE.EXE C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe C:\Program Files\Common Files\Symantec Shared\SecurityHistory\mcui32.exe C:\Program Files\Internet Explorer\IEUser.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLo... Read more 1 more replies Answer Match 41.58% I am currently having trouble removing the Downloader.MisleadApp mailware virus. To remove this I have used Notan Internet Security 2008 and Adware 2008 both in normal and safe mode. This mailware virus has also downloaded a misleading mailware virus (AntiVirus 2008) off another website. Another thing I have tryied to do is look in the registry editor and have found nothing. This mailware was picked up by Nortan Internet Security 2008 doing a routine scan. My System Information Windows XP Home Edition Sp2 ACER PC AMD Sempron Processor 3000+ 1.81 GHz 704 RAM Trend Micro Hijack This No Longer Needed Please can you help me solve this problem and get rid of the mailware for good. I have now done an online scan on the Trend Micro website and it has picked up the following mailware: Tro_FakeAler.VL Tro_FakeAV.NN JaveSteam.AA Now I don't know wether these are the same mailware just called different names from the ones I picked up using Nortan Internet Security 2008. A:Help removing Downloader.MisleadApp I have been looking for other forum topics to do with removing the downloader.MisleadApp and they have not helped me with removing the mailware. 3 more replies Answer Match 41.58% I've scanned my computer several times using ad-aware, superantispyware, spybot, norton antivirus and vundofix. however, everytime i boot my computer to normal mode, i always get warning messages regarding Dowloader.MisleadApps like: mevqvvvb3.exe, ucleaner_FOYGq2JV9B[1].exe, udefender_FOYGq2JV9B[1].exe, and ufixer_FOYGq2JV9B[1].exe. I also get the fake security center pop-up balloon on my taskbar along with every boot.my HJT log is as follows:Logfile of HijackThis v1.99.1Scan saved at 3:37:50 AM, on 6/17/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton AntiVirus\IWP\NPFMntor.... Read more A:Downloader.misleadapp Infection Hello dopamine and welcome to BleepingComputer!My name is Johannes and I will be dealing with your log today.Please note that comments are made in green, links are in red and important things are outlined by using the blue color.Please also take note of the following:I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.The fixes are specific to your problem and should only be used for this issue on this machineThe process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.If you don't know, stop and ask! Don't keep going on.Please reply to this thread. Do not start a new topic.Please give me some time to look over your log and I will get back to you as soon as possible.Thanks,Johannes 16 more replies Answer Match 41.58% Ok this is the third time I have tried to post this problem and each time I get knocked out because my computer hits a popup wanting me to download winantivirus pro 2007.... Anyway Norton has detected that I have a virus called downloader.misleadappp I have tried to follow their instructions for removal but it won't work.... HELP!! I have an E-Machine AMD running windows XP Home ed. Sorry this isn't as informative as I would like to make it but I want to get it posted!! Thanks A:Solved: Downloader.misleadapp 9 more replies Answer Match 41.58% I've got a little nasty problem called Downloader. MisleadApp, and I've tried everything. I am not a professional though, so hopefully a good person out there can help me. Symptoms: -Corporate Symantec Norton AntiVirus Cannot Remove It. -Annoying pop-up of Windows antivirus. -Has triggered Norton to pop-up everytime it does, and identify it, everytime. -When I X out of the Norton and Windows antivirus screens, every so often, a misspelled: Warning! Potential Spyware Operation! Click YES OR NO to download spyware stopper window pops up. Now, I have tried to do what Symantec said, but when I attempt to disable System Restore for my Win XP, it says: This operation has been cancelled due to restrictions placed on this computer. Please contact system administrator. It will not even allow me to enter the properties under My Computer. So, if anyone can help me, I would be very grateful, after spending nearly eight hours on this. Here is my HiJack This log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:00:25 PM, on 9/14/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGR... Read more A:Trojan - Downloader. MisleadApp!!! Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 6:13:32 PM, on 9/14/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\shell.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\NavNT\vptray.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\DellSupport\DSAgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\NavNT\defwatch.exe C:\Program Files\NavNT\rtvscan.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dlcccoms.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\gus\Local Settings\Temporary Internet Files\Content.IE5\K7H4TBFA\HiJackThis_v2[1].exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_U... Read more 3 more replies Answer Match 41.58% Well it appears that after getting rid of downloader.misleadapp once, it has come back again. Same issue with Norton pop-up coming up over and over again. Any help would be appreciated (again)! Hijackthis log: Logfile of HijackThis v1.99.1 Scan saved at 11:48:46 AM, on 09/01/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\WINDOWS\sys... Read more A:downloader.misleadapp has returned - help please! bump, still needing help on this 2 more replies Answer Match 41.58% Norton computer scan says my computer has been infected with Downloader.misleadapp but that it is unable to fix it. Went to symantic site and followed their instructions to no avail. Our business is run off this computer so I'm really in a mess. The following is my log. Please, can you help?: Logfile of HijackThis v1.99.1 Scan saved at 6:57:15 AM, on 8/31/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe C:\WINDOWS\arservice.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe ... Read more A:Downloader.MisleadApp Help Needed Download http://downloads.andymanchesta.com/RemovalTools/SDFix.exe and save it to your Desktop. Double click SDFix.exe and it will extract the files to %systemdrive% (Drive that contains the Windows Directory, typically C:\SDFix) Please then reboot your computer in Safe Mode by doing the following : · Restart your computer · After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; · Instead of Windows loading as normal, the Advanced Options Menu should appear; · Select the first option, to run Windows in Safe Mode, then press Enter. · Choose your usual account. · Open the extracted SDFix folder and double click RunThis.bat to start the script. · Type Y to begin the cleanup process. · It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot. · Press any Key and it will restart the PC. · When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. · Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt (Report.txt will also be copied to Clipboard ready for posting back on the forum). · Finally paste the contents of the Report.txt back on the forum with a new HijackThis log ================ Download Superantispyware (SAS) free home version http://www.superantispyware.com/superantispywa... Read more 3 more replies Answer Match 41.58% Hi, I've been trying to remove my downloader.misleadapp virus. I tried to have Norton antivirus fix it, but it wouldn't. I looked at the Symantec website and looked at their instructions, which encouraged you to let the antivirus program do the actual deleting. Since that didnt work, I traced my file, and found was in my Temporary Internet folder. So, I went into safe mode and deleted all the files in my temporary internet folder, rebooted in normal mode and ran the scan again. It came up fine. I then followed Symantec's final step to try to trace the file in my registry. However computer illiterate I may be, I looked at all the files in my registry (and even googled the names of each item in the registry) and all of them could be explained as nonthreatening. The only one I couldn't explain is an entry that reads "(Default) (value not set)". My computer seems to be running normally again at this point, and save for the above "(Default)" entry, I can't find anything abnormal about it. Is it possible that, having nabbed the virus shortly after obtaining it, along with having it in my temporary internet folder, it was really just that easy to clean up??? Or is there likely something lurking still? Thanks in advance, -=k HJT LOG: Logfile of HijackThis v1.99.1 Scan saved at 12:56:18 AM, on 10/27/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\Sy... Read more More replies Answer Match 41.58% My Norton Antivirus software keeps detecting downloader.misleadapp on my system and I cannot quarantine and delete the file infected with this virus. Does anyone know how I can remove this virus from my system completely? I did see some messages in a techguy support form regarding HijackThis to download and install to run a scan and then send a copy of the log. I have not done this yet as wanted some advice first. Please let me have an urgent reply. Thanks, Nick A:Does anyone know how to remove downloader.misleadapp? My Norton Antivirus Software detects the Downloader.MisleadApp virus everytime I run a scan of my computer and cannot quarantine or delete the file in which this virus is detected. Does anyone know how I can remove this virus from my system? 1 more replies Answer Match 41.58% I keep getting random exe,s on this machine and redirections to V.3m-feed.com Plus Norton keeps asking for .exe,s for access to the web. I run panda but it wouldnt let me print the log out. It reported 58 spyware. When i got a virus warning it reported Downloader.MisleadApp Can anyone help me with this? Thanks Glen Deckard's System Scanner v20071014.68 Run by Glen on 2008-02-27 08:41:18 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- -- Last 3 Restore Point(s) -- 3: 2008-02-27 08:32:14 UTC - RP3 - Deckard's System Scanner Restore Point 2: 2008-02-26 20:37:52 UTC - RP2 - Software Distribution Service 3.0 1: 2008-02-25 22:43:15 UTC - RP1 - System Checkpoint Backed up registry hives. Performed disk cleanup. -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2008-02-27 08:46:38 Platform: Windows XP Service Pack 2 (5.01.2600) MSIE: Internet Explorer (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\system32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr... Read more A:Pop ups and exe's and redirect to v.3 & Downloader.MisleadApp Please visit this webpage for instructions for downloading and running ComboFix: http://www.bleepingcomputer.com/comb...o-use-combofix Please ensure you read this guide carefully and install the Recovery Console first. The Windows Recovery Console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware. If you have any questions along the way, STOP and ask them before proceeding. Post the log from ComboFix when you've accomplished that, along with a new HijackThis log. It does not appear as though DSS was allowed to download and install HijackThis. To produce a HijackThis log for your next reply, please do this: Please download HijackThis to your desktop Alternate link Double-click on the file you just downloaded. Click on the "Unzip" button to install. It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis Upon install, HijackThis should open for you. Should it not open, navigate to C:\Program Files\Trend Micro\HijackThis and double click on HijackThis.exe 1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'. 2. If you don't get the intro screen, just hit Scan and then click on Save log. 3. Post the hijackthis.log file here. Do not fix anything in HijackThis since they may be harmless. -----------------------------------------------------------------------... Read more 1 more replies Answer Match 41.58% Hi, My PC is having a virus it points me to download anti-malware. Here is the attached hijackthis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:01:39 PM, on 11/7/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Safe mode Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://in.rediff.com/index.html R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.tataindicom.com/data/ R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\qzidjucs.dll O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [S3Trayp] S3Trayp.exe O4 - HKLM\..\Run: [cc45f220] rundll32.exe "C:\WINDOWS\system32\bemxarnr.dll"... Read more More replies Answer Match 41.58% My husband left to Iraq 3 days ago.. and now I have this annoying virus. How do i get rid of it..symantec said it was deleted but i still have these annoying p opups and the desktop background as well as icons.. HELP PLEASE!! A:Downloader.misleadapp Virus Hi brandie831, first welcome to BC..Try these scans and see if it clears. If not Follow the HiJackThis posting instructionsActiveScanSuperAntiSpyware - Run this scan in Safe Mode.How to start Windows in Safe ModePreparation Guide for use before posting a HijackThis Log 3 more replies Answer Match 41.58% My computer problem has gone from annoying to detrimental. My nephew is a gamer and I believe he was trying to use some kind of keygen. I have no logs to post because at this time I am unable to properly log into my computer. Initially I received the popup near my taskbar saying: Warning! Security Report Message: Your computer is infected! It is recommended to start spyware cleaner tool. My Desktop image was a huge warning and my browser would constantly show words and pages telling me to clean my PC and directing me to a website to purchase software. I looked it up and it appeared to be the Downloader.MisleadApp. I attempted to clean it, but I was unable to use or update my Webroot Spy Sweeper. I received various errors which I believe came from the virus. I tried various methods to clean my system and eventually used a portable version of AVG and concentrated on my windows/system32 folder (especially the confog folder) because this is where it appeared the virus was. Now, when I begin my Windows XP I am presented with nothing but my desktop image. No icons, no taskbar, no start button. nothing. Ctrl-Alt-Delete gives me the error: Task Manager has been disabled by your administrator. I am also unable to login as an administrator, getting a message like: Unable to Log You on Because of an Account Restriction. Trying safe mode hasn't fully worked as I am not able to delete certain files, or my system gives me a warning and then shuts down after 60 seconds. I'm ... Read more A:Downloader.MisleadApp? Vundo? Both? Trying safe mode hasn't fully worked as I am not able to delete certain files, or my system gives me a warning and then shuts down after 60 seconds.What certain files are you referring to? Can you access and remain in Safemode w/networking? Even if you can only access safemode, we have tools that you can burn or download to a thumb drive 1 more replies Answer Match 41.58% Can someone direct me step by step how to remove this virus? My Norton Antivirus 2006 has told me it is a 'Downloader.MisleadApp' Virus (it couldn't delete it). Subsequent scans have revealled no threats. I have followed instructions on their website on how to remove it (i have deleted one or two files as identified) but this has been unsuccessful. Looking on this forum i have seen other threads on mislead viruses. Mine seems to be slightly different. Additional problems include: -constant system tray notices and pop-ups telling me i have viruses, trojan horses, spyware, malware...etc -my internet is behaving strangely. The second i connect, my Norton Antivirus starts coming up telling me something is trying to change my homepage. I always click 'Don't change my home page.' My google toolbar has disappeared. My homepage loads as 'http://pageforsafety.com.' This webpage (and all the system tray notices and pop-ups) are trying to get me to download the same two antivirus/spyware packages. The whole thing is done up to look like it is coming from Windows XP but I know that Windows would not persistently provoke me to download things from the web. It is driving me crazy hence I have registered here and am currently writing this from a different computer! Thank you for your help. More replies Answer Match 41.58% Symantec Antivirus keeps popping up and telling me it has deleted a Downloader.MisleadApp about every 2-3 minutes. So it is quite annoying. The file it deletes is always in the C:\Windows\Temp directory and it has a 10 digit random number file name with an exe extension. I have ran Housecall TrendMicro, ad-aware, and the symantec antivirus, but to no avail. Here is my HJT log: Code: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:12:21 AM, on 7/16/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\NDAS\System\ndassvc.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\Program Files\Intel\Wireless\Bin\RegSrvc.... Read more A:Downloader.MisleadApp removal help Still getting them. =( log for Dr. Web-cureit: Code: APQCF.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp;Trojan.Fakealert;Deleted.; ltogytud.exe;C:\Documents and Settings\SROlson7730\Local Settings\Temp;Trojan.DownLoader.26570;Deleted.; StreetAtlas8.vbs;D:\Program Files\FMA 2\sframework\plugins;Probably SCRIPT.Virus;; Log for Fixwareout: Code: Username "SROlson7730" - 07/16/2007 13:10:34 [Fixwareout edited 2007/07/05] »»»»»Prerun check Successfully flushed the DNS Resolver Cache. System was rebooted successfully. »»»»» Postrun check HKLM\SOFTWARE\~\Winlogon\ "System"="" .... .... »»»»» Misc files. .... »»»»» Checking for older varients. .... »»»»» Current runs (hklm hkcu "run" Keys Only) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TabletWizard"="C:\\WINDOWS\\help\\SplshWrp.exe" "TabletTip"="\"C:\\Program Files\\Common Files\\microsoft shared\\ink\\tabtip.exe\" /resume" "Snippet"="\"C:\\Program Files\\Microsoft Experience Pack\\Snipping Tool\\SnippingTool.exe\" /i" "SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe" "SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe" "ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE... Read more 2 more replies Answer Match 41.58% Was away on holiday for a couple of weeks and I return to find my PC in an absolute mess with massive slowdown, constant poo-ups, etc. I have my little brother to thank for that! Basically I think the problem is to do with this Downloader virus, or so Norton tells me. Here is my log if anybody could be kind enough to look at it for me, thank you very much in advance. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:40:32, on 03/07/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe C:\Program Files\Google\Com... Read more A:Downloader.MisleadApp trojan It now appears to me that virtumonde.dll is a factor here. I have done various clean-ups, but virtumonde.dll always seems to return - although my PC does seem to be a little bit faster now. Any input would be very much appreciated. Apologies for bumping this post after a couple of days, I am just dreading the prospect of a reformat. 1 more replies Answer Match 41.58% My husband just went to Iraq 3 days ago.. and now i have HUGE annoyance and got a virus somehow! Can anyone tell me how to get rid of it. Symantec says its been deleted..but it is still there!! and acting up badly! I am not too too smart on computer but do know a little! please help!! Brandie A:downloader.misleadapp virus HELP duplicate being dealt with here http://forums.techguy.org/security/597354-nice-if-someone-helped-me.html 1 more replies Answer Match 41.58% I've been working on my mothers computer off and on for a few weeks now to resolve a slow running issue. I did a system restore and it runs fairly well but the downloader.misleadapp trojan comes up during a norton scan and will not remove. I've seen step by step instructions for other peoples problem of the same type but they seem quite specific as far as what to remove. Here is an HJT log and thanks in advance for your help. Logfile of HijackThis v1.99.1 Scan saved at 02:41:37, on 3/11/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18372) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe c:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\HP\HP... Read more More replies Answer Match 41.58% My Symantec anti-virus told me I had been infected with download.misleadapp. Now when ever I open IE 7 I get re-directed to the following url homesecuresite.com/security/xp/ I have download the latest version of HJT and here is the output of the scan - ------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:38:13 PM, on 9/25/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Symantec AntiVirus\SavRoam.exe C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe c:\WINDOWS\system32\ZuneBusEnum.exe C:\Program Files\Windows Live\Messenger\usnsvc.e... Read more More replies Answer Match 41.58% On a work computer, not sure how it got there. Computer owner says there was an icon on the desktop out of place, so he clicked it to drag on the desktop to an organized spot, and it popped up another icon, both of which he moved to the Recycle Bin and emptied. He doesn't remember the titled of the icon, but that started the Windows pop-up saying "Windows has detected a spyware infection...It is recomended to use special antispyware tools...Windows will now download...click here to protect". Clicking that in the tool tray does nothing. Have run Ad-aware and Spybot, which only found tracking cookies to fix. Symantec has the file in quarantine, Filename = "ticket_983992.zip", Origination Location = "Mail System", dated 8/18/08, although today is the first time we've seen the pop-ups (which may correlate with clicking the Desktop icon to drag). No change so far to computer performance (although we aren't opening apps until sure there's no risk of data corruption), IE homepage hasn't changed, etc, just the Windows pop-up. in the lower right tool tray. Concerned with various software containing business information re: malware keyloggers, damage to system info, etc. HJT log is below: ___________ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:20:50 PM, on 8/28/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\... Read more A:Downloader.MisleadApp infection bump. 3 more replies Answer Match 41.58% Thanks in advance for any assistance you can give. I'm pretty frustrated... Wow - most stubborn little thing I've yet to get off my computer. When using IExplorer, started getting lots of pop ups suggesting that I have inappropriate material on my computer and "Would you like to install AdvancedCleaner...", and then another popup encouraging "Download MalwareAlarm for FREE now..." and a "MicroSoft Visual C++ Runtime Error -- Buffer Overrun Error" (see attachment called stupidvirusstatements.pdf). Then IE really starts to run slow. I start using Firefox, but similar popups begin to occur. I have Norton's Internet Security and ran it several times after getting several messages that attacks were occuring but being blocked (see attachment of security history called norton_security_history.pdf). Trojan Vundo supposedly was removed; said it could not resolve downloader misleadapp. I tried to do some research and found a site that recommended recommended SmitFix (sp?). I ran that, but popups still occurred. Next, I went to Norton site looking for information on downloader misleadapp. Very vague instructions when it came to fixing registry key, so I then researched more. Ran MicroTrend online scanner which then told me I had Trojan Vundo. It said it had repaired all others issues but could not removed two .dll files in my system32 folder -- one called dcvokxou.dll and one called excgcvyy.dll. After trying to manually remove these, but f... Read more A:continual pop ups - vundo? and misleadapp? Hello and Welcome to TSF. I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible. Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription. Please be patient with me during this time. 10 more replies Answer Match 41.58% First time here. My Norton just found the virus, but I am not able to fix or remove it. I have Windows xp. I can follow instructions pretty well if they are not too hard! I would appreciate any help. Thank you. A:downloader.misleadapp virus bump 2 more replies Answer Match 41.58% Hi I've been having a problem with Norton giving me a pop-up about downloader.misleadapp being on my system and that it has been deleted. It gives me an "Ok" button to push, I'll click it, and there'll be another pop-up with the same message but with a slightly different filename. This happens _over_ and _over_ until it finally stops for a little while. Any help would be greatly appreciated! Here's my HijackThis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:51:29 AM, on 8/22/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDO... Read more A:Solved: Please help with downloader.misleadapp! 8 more replies Answer Match 41.58% My Internet Explorer is taking almost a minute to react and open. When it finally does open, it takes a while to load. Then I get many pop ups and a lot of messages prompting me download a spyware removal software, etc. I have Norton Antivirus 2008, and it notified me that Auto-protect has detected Downloader.MisleadApp and that it blocked it. Then it notified me another two times after it but instead of fully saying "Downloader.MisleadApp", it just said "Downloader". So I tried going through norton to fix this but nothing has worked. I feel the problem is getting worse and worse with time. I am running Windows Vista Home Premium. PLEASE help me remove this virus and fix my computer. Thank you in advance... A:please help me remove Downloader.MisleadApp Welcome to TSG Please download ATF Cleaner by Atribune. This program is for XP, Windows 2000, and Vista Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. If you use Firefox browser Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browser Click Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. Click Exit on the Main menu to close the program. For Technical Support, double-click the e-mail address located at the bottom of each menu. =========================================== Please download Malwarebytes Anti-Malware from Here or Here Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select Perform Quick Scan, then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Resta... Read more 1 more replies Answer Match 41.58% I have Norton, but it did not block this virus from my computer. I went to an online chat and the "analyst" said the only way to remove is to pay$99.99 to their tech support team to remove it for me... I find this hard to believe, can anyone help?

6 more replies

Norton antivirus has switched off Autoprotect and e-mail scanning and despite all my efforts will not let me turn them on, on checking the ' virus reports ' it says that Downloader.MisleadApp was detected and removed at about the same time, when I do a full system scan no virus are found. Can anyone tell me if this virus could have altered the settings and if so what can i do to remedy the situation ?

16 more replies

ive tried getting rid of the Downloader.MisleadApp virus through Norton Antivirus and it wouldn't delete so i followed the directions it suggested by deleting it through safe mode but that also didn't work what else should i do? i would really appreciate your help!

thanks

9 more replies

I have Symantec Antivirus for real time protection and about every 2 or 3 minutes it pops up and says that it has detected and removed a Downloader.MisleadApp. The files it removes are always in the C:\Windoes\Temp directory and have 10 random numbers with an exe for the file extension.

I have not actually seen any windows from the trojan and I do not know what its name is since it is always cleaned before I see it. I also have no idea what the program/process is that would be creating them, which is the bigger problem.

Here is my Deckard scan log:

Deckard's System Scanner v20070711.54
Run by SROlson7730 on 2007-07-17 at 11:12:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.

-- Last 1 Restore Point(s) --
1: 2007-07-17 16:13:02 UTC - RP1 - System Checkpoint

Backed up registry hives.

Performed disk cleanup.

-- HijackThis (run as SROlson7730.exe) -----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:18:03 AM, on 7/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe

bump!

19 more replies

Symptoms: Popup dialog boxes indicating that security on the system is compromised and offering to supply anti spyware software. Websites mount spontaneously; for spyware removal tools.

I have run various spyware scanners: spybot, avgas
I have Norton A/V 2007. It occasionally detects one of the two malwares in the title. (I've run it both in normal and safe mode).

OS: XP Home SP2
Brower: IE7

Hijackthis v2 log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 8:39:59 PM, on 11/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Quicken Online Backup\AgentSrv.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\windows\system\hpsysdrv.exe

One more piece of info. On system reboot, the following dialog box appears:
The module cannot be found.

4 more replies

So it seems that I've been simultaneously infected with both the Downloader.MisleadApp and Trojan.Perfcoo trojans. I've run Ad-Aware and I've tried using Norton 3 times (normally, in safe mode, and with system restore disabled) going by symantec's directions, and that has not helped. I've also searched through forums to try using any information from anyone else with similar problems, but that has not helped either. I downloaded HijackThis, and though it downloaded and installed on my computer, it won't open--even in safe mode. Anyway, any assistance in removing these trojans would be very helpful. Thank you.

I also can't get ComboFix to work either. Any help would be sweet...

2 more replies

Hi Everyone...I started off getting infected with the "Downloader" virus. Followed Symantec rules to be rid of it, and I think I am, but it opened up a whole new can of worms! I'm not an idiot, but I'm not an expert either and have followed some directions to get rid of alot that climbed aboard. Problems I know have are...to click a link on a page...usually times out, doesn't load, I can no longer connect to the Symantec website (which has my backup registry) because of an add on somewhere? The writing and pagelayout, along with everything to do with the display of moniter/webpages/etc is very small, some graphics don't load, and God know what else!! VERY FRUSTRATED! I have run Norton, Adaware, Ewido, SuperantiSpyware, cleaned all temp files and such and below is my Hijackthis report. I do not know what to delete from this to get things back to normal. Sorry for all my idiocy here, but would appreciate any and all help you could give me.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:54:33 PM, on 9/21/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exec:\Program Files\Common Fil... Read more

I also seem to be unable to connect with my registry. It seems to have disappeared. My control panel disappeared also, but i fixed that part. Thanks...

2 more replies

I just started getting this alert message that my computer may be at risk and should d/l a certain virus detection program... My norton caught it but did not remove it.. can someone help to get rid of it..? thanks..RussP.. I have included a HiJackThis log file to help..

Logfile of HijackThis v1.99.1
Scan saved at 4:25:05 AM, on 11/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.... Read more

More replies

Last night QuickScan found hacktool.rootkit and downloader.misleadapp on my computer. I tried to clean and permanently delete them, but it showed up again today. I have WindowsXP sp2. Here's my hijack log. Thanks!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:15:34 PM, on 11/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

More replies

Hi there,
I`d appreciate some help removing that nasty virus called Download.MisleadApp from my Notebook (Win XP Home, Centrino 1,7, 512 MB, 3 1/2 years old).
My Symantec virus scanner found it, but can not remove it. I found another thread where it was apparently successfully removed so I thought you might be able to help me as well.
The problem is that at the moment, though I can boot the PC, I can´t do anything when the desktop has been loaded. I can´t event open Win Explorer. Nothing happens when I click the Start-Button. The only thing I can do is press Ctrl-Alt-Del to see the Task Manager and then shut down the PC again.
What I did is download all the Tools that were mentioned in the other thread, but as I can´t do anything on the infected PC I can´t start them. Maybe it´s possible to use them from a USB-Stick or copy them to the hd when I start Win in safe mode?
Thanks, Björn

Update:
but I got this error message:

OK I´ve finally managed to install Hijackthis (downloaded a different setup.exe from another site). Hope somebody is able to help me now! Here´s the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:24:16, on 22.04.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Apache Group\Apache2\bin\Apache.exe
C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programme\Apache Group\Apache2\bin\Apache.exe
C:\Programme\FRITZ!DSL\IGDCTRL.EXE
C:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\DTSRVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\MySQL\bin\mysqld.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe

2 more replies

I've done an incredibly stupid thing and downloaded a crack keygen. Yes, incredibly stupid. Now that I've admitted it, I don't necessarily feel any better. I've been battling virus threats for two days now. I have run ATF Cleaner, ComboFix, HijackThis and Symantec's FixVundo Tool.

I greatly appreciate the effort of your forum to help me. Thank you very much.

I'm posting the logs from both ComboFix and Hijack here:

ComboFix:
ComboFix 07-11-30.3 - Joi Brooks 2007-12-01 6:04:42.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.242 [GMT -5:00]
Running from: C:\Documents and Settings\Joi Brooks\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-11-01 to 2007-12-01 )))))))))))))))))))))))))))))))
.

2007-12-01 06:01 . 2007-12-01 06:01 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-01 04:53 . 2007-12-01 06:09 7,374 --ahs---- C:\WINDOWS\system32\adggh.ini2
2007-12-01 04:52 . 2007-12-01 06:10 7,374 --ahs---- C:\WINDOWS\system32\adggh.ini
2007-11-29 21:57 . 2007-11-29 21:58 335,968 --a------ C:\WINDOWS\system32\hggda.dll
2007-11-29 09:30 . 2007-11-29 09:30 102,912 --a------ C:\WINDOWS\system32\drvvih.dll
2007-11-29 09:26 . 2007-11-29 09:26 35,840 --a------ C:\WINDOWS\system32\gebbcdc.dll
2007-11-29 09:25 . 2007-11-29 09:25 <DIR> d-------- C:\Program Files\yzudexmv
2007-11-29 09:25 . 2007-11-29 09:25 <DIR> d-------- C:\Program Files\Unezyuxj
2007-11-28 17:50 . 2007-11-28 17:50 <DIR>... Read more

attached is the log from panda activescan

4 more replies

Separate question is that I know I have a lot of extra crap on my computer that it came with, but I don't know of a good system cleanup type software that is safe. Suggestions for that would be welcome as well.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:20:38 PM, on 2/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\Explorer.EXE
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe

More replies

Hi everyone. Im running Norton Internet Security on my comp and Antivirus2009,Downloader.Misleadapp and Trojan Virantix.C wont seem to be removed. It says that they cant be removed from an unsupported file and i really jsut want these things gone. i ran hijack this on a friends recommendation and if any one could help me i would be so happy.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:02:33 PM, on 11/10/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exeC:\WINDOWS\system32\svchost.exeC:\Pr... Read more

2 more replies

Running PC with Windows XP

Picked up host of problems recently, Norton did not prevent infection but did identify Trojan.Vundo, Trojan.Adclicker, and Downloader.MisleadApp upon scan, removing those three particular files. Host of other problems remained, including disablement of System Restore function and Google popup problem. About half of restart attempts gave "Windows - No Disk" error with code 75b6bf7c repeated three times. One time (after successful restart) the "blue screen of death" appeared with the message "DRIVER_IRQL_NOT_LESS_OR_EQUAL". System would randomly freeze or restart itself within an hour or two of any successful restart.

I have run Malwarebytes' anti-malware scan which found and removed 30-odd infected files, most in the registries. Google popup issue has vanished; system appears basically stable now (not freezing up or randomly restarting itself since). System Restore now at least restarts the computer (previously, hitting the "Next" button produced no response whatsoever). However, regardless of which date is selected for the restore, I am told that the system cannot be restored to that date.

I'm not sure if the anti-malware scan completely "cleaned" the computer so here are my DDS logs:
DDS (Version 1.1.0) - NTFSx86
Run by marques at 21:50:16.03 on Sun 01/04/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.113 [GMT -6:00]

AV: Norton Internet ... Read more

10 more replies

I am having a big problem with a virus that Norton AV identifies as "Downloader.MisleadApp". Norton picked it up but whenever I click on OK it comes up with another window - the files are all located in c:\windows\temp and the \quarantine folder of Norton AV - this evening i found there are slightly over 250000 .tmp files in this folder, all 32kb in size.

I would really appreciate someones help to remove this please. Thanks!

Here is a Hijackthius log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:12:01, on 03/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe

A:experts, pleeease help removing misleadApp virus

eddie

1 more replies

Ok, been trying to figure this for the last 2 days.

I was unfortunately attacked with the AntiVirus XP 2008 'fake' Anti Virus programme.

The only way I could stop this thing from popping up and over running my laptop was to go into my registry and remove all files to do with this programme.

After a restart I thought everything was solved, till I did a full system scan with Norton.

3 virus' were found, but I cannot remove them. The only message that shows is:
1 x 'AntiVirus2008 cannot be removed from an unsuported file'

The only option I get for those is to 'Review' them.

Anyway, thanks for hearing my ramblings, any help (as long as it isn't too complicated) in removing these problems will be greatly aprechiated.

Thanks

Hi and welcome to TSG,

Please do not start more than one post for the same issue.

I'm closing the others. Please continue here:

Also, please review the sticky post at the top of the forum for the proper protocol when posting for assistance.

1 more replies

The windows installer continues to run upon each startup. Once the installer has been cancelled, it will pop-up again when you run a new program, such as internet explorer. Automatic updates and symantec antivirus are both up to date. Also, symantec will catch a virus named "downloader.misleadapp" and will quarantine the file, but not clean it.DDS.txt logDDS (Ver_09-03-16.01) - NTFSx86 Run by HP_Owner at 13:13:41.37 on Sun 04/12/2009Internet Explorer: 7.0.5730.13Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.134 [GMT -4:00]AV: Windows Live OneCare *On-access scanning disabled* (Updated)FW: Windows Live OneCare Firewall *disabled*============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\WINDOWS\SOUNDMAN.EXEC:\WINDOWS\ALCWZRD.EXEC:\WINDOWS\ALCMTR.EXEC:\PROGRA~1\Symantec\SAV8\vptray.exeC:\Program Files\QuickTime\qttask.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exeC:\Program Files\LSI SoftModem\agrsmsvc.exeC:\PROGRA~1\Symantec\SAV8\DefWatch.exeC:\WIND... Read more

2 more replies

Running Symantec AV in safe mode and prompts that it quarantines and deletes. Still getting the popup window from symantec with repeated instances upon restart.Deckard's System Scanner v20071014.68Extra logfile - please post this as an attachment with your post.---------------------------------------------------------------------------------- System Information ----------------------------------------------------------Microsoft Windows XP Professional (build 2600) SP 2.0Architecture: X86; Language: EnglishCPU 0: Intel® Core™2 Duo CPU T7300 @ 2.00GHzCPU 1: Intel® Core™2 Duo CPU T7300 @ 2.00GHzPercentage of Memory in Use: 34%Physical Memory (total/avail): 2007.23 MiB / 1309.59 MiBPagefile Memory (total/avail): 3899.48 MiB / 3313.2 MiBVirtual Memory (total/avail): 2047.88 MiB / 1926.42 MiBC: is Fixed (NTFS) - 74.53 GiB total, 59.75 GiB free. D: is CDROM (No Media)E: is Removable (FAT32)\\.\PHYSICALDRIVE0 - Hitachi HTS541680J9SA00 - 74.53 GiB - 1 partition \PARTITION0 (bootable) - Installable File System - 74.53 GiB - C:\\.\PHYSICALDRIVE1 - Kingston DataTraveler 2.0 USB Device - 3.8 GiB - 1 partition \PARTITION0 - Unknown - 3.8 GiB - E:-- Security Center -------------------------------------------------------------AUOptions is set to notify before download.Windows Internal Firewall is disabled.FirstRunDisabled is set.FW: Sygate Security Agent v4.6 (Sygate Technologies, Inc.)AV: Symantec AntiVirus Corporate Edi... Read more

Welcome to the BleepingComputer Forums. Since it has been a few days, please post a new Deckard's System Scanner which includes the HijackThis log. Please see Preparation Guide for use before posting about your potential Malware problem. Thank you for your patience.If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

3 more replies

Hey Tech Support members and admins my name is Matt!
Okay so my problem for today would be the following:
Stupid Virus that won't allow me to play games like (WoW or FlyFF)
Please If you could help me that'd be of great assistance.
HiJackThis Log :
Logfile of HijackThis v1.99.1
Scan saved at 6:40:54 PM, on 12/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SonicWALL\SonicWALL VPN Client\IreIKE.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\SonicWALL\SonicWALL VPN Client\IPSecMon.exe
C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe

Bump!!!!!!!

3 more replies

Hi, I seem to have several infections. I have run spybot, adaware, and Norton AV, Housecall and Stinger and they keep reappearing. They are (some may be redundant) Virtumonde (virtumonde.SecCenter, Virumonde.Crack), scprot4.exe, Downloader.MisleadApp, Zlock.uc, Win32.small.Ir, UltimateCleaner, UltimateFixer. And spybot doesn?t seem to like ranavotu.dll and srgfgrev.sll. I am running Windows XP with service pack 2. My Internet Explorer has started crashing frequently so I was unable to do two of the online virus scansI have 2 hard drives and an external HD. All system files are on C drive.Here is the HiJackThis logLogfile of Trend Micro HijackThis v2.0.2Scan saved at 11:10:33 AM, on 12/17/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Ahead\InCD\InCDsrv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shar... Read more

Hello Bill,Welcome to Bleeping Computer Fasten your seat belt Bill. This one might take a bit to get rid of. It's not an easy one usually. 1. Download this file - combofix.exe2. Double click combofix.exe & follow the prompts.3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.Note:Do not mouseclick combofix's window while it's running. That may cause it to stall.Thanks,tea

3 more replies

Hi
I have encountered a virus I cannot remove from my laptop.

PC: Dell latitude 610
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Anti virus: Symantec

This problem arose on the 21 December 2007.
I have run the antivirus including full disk scan a numner of times.

From this I have deduced the issue could be related to the following:
- BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\qudjdrrg.dll

This entry is flagged by the antivirus but not removed - and I cannot delete the entry manually [says it is in use].

The virus launches randomly it seems, though it appears every time I start a program/game [WoW] within 5 minutes of launching it.

=========================================================
Symptoms [NOTE - the english is accurate to the error messages]:

Warning message on start up
A potential problem has been detected and Windows has been shutdown buugy application to prevent damage to your computer.
*****WXYZ.SYS - Address F73120AE base at C00000, DateStamp 36b072A3
Kernel Debugger Using: COM2 (Port 0x28f, Baud rate 192000)

Dump of numerous.tmp files into the C:// directory [currently these are in the My documents folder an cannott be deleted]
At present there are over 2000 of these entries [name = Pos2039.tmp]
When I try to delete them I get a new error message:

A:MisleadApp virus on Win XP laptop - cannot remove (Moved from Windows XP)

www.bleepingcomputer.com
www.forospyware.com
www.geekstogo.com

2. Double click on ComboFix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that & a fresh Hijackthis (not DSS) log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

2 more replies

I'm a newbie to this forum. I've got several virus/malwares on my computer which Norton Antivirus 2007 is unable to remove. Any idea how I can get them off? Perhaps I should add a couple of additional points of information...

1) I turned off my restore point function
2) I entered Safe Mode and ran the virus scan, but nothing was detected

I know they are still there because they come up as unresloved issues in the quarantine log, and I keep getting random pop ups asking me to download anti-virus software.

I should also mention that SafeMode is not working properly for my computer: it repeatedly pops up the message asking if I want to continue in safe mode. Each time it does this, the window that I have open closes, making it difficult to navigate. I was finally able to run the scan through task manager's run function and typing:
navw 32\L

I've seen elsewhere that posting HijackThis Logs help, so I'm posting mine below.

Logfile of HijackThis v1.99.1
Scan saved at 10:59:42 AM, on 10/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe

16 more replies

Hello...
Several issues, all started yesterday.
* getting system warnings (!) on taskbar, looks "official", but it is not.
* Getting System Messeges "Security warning" of viruses etc, and asks me to install software
* IE has a "new" toolbar called "Security Toolbar 7.1"
* IE window keeps on popping up with "savetheinformation.com" as website

A friend adviced running Spyware Doctor, it found several things, and fixed it. Combofix was also run, and seemed to stop the Norton messges, but others are still there. Log file of combofix is below. (dont know how to have it in here, so I am copy-pasting it).

Your help will be much much appreciated. Thank you!

Jay

ComboFix 07-11-08.1 - Sotzing 2007-11-07 14:52:13.1 - NTFSx86
Running from: C:\Documents and Settings\Sotzing\Desktop\ComboFix.exe
* Created a new restore point
.

Unable to gain System Privileges

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\Sotzing\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Sotzing\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Sotzing\Favorites\Online Security Guide.lnk

More replies

I hope you can help me. My computer has a virus. I noticed my computer running very slow and sometimes when I am on the internet, pop-ups are constant and can even hear ads and I didn't click on anything. I have Norton and the security history says 2 separate warnings:

Action taken says Blocked, status says Blocked and recommended action says resolved-no action

This happens every time I turn on the computer and go on the internet for the first time. It interfers with me going on the internet. My security is constantly saying that "A recent attempt on your computer was blocked". It sometimes even closes me out of the internet giving me no reason at all. I found your forum and followed the steps along with my logs which are attached and the main.txt is below. I hope you can help me out. I would greatly appreciate it.

Deckard's System Scanner v20071014.68
Run by Wendy on 2008-05-26 14:20:53
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.

-- Last 1 Restore Point(s) --
1: 2008-05-26 18:20:58 UTC - RP1 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis Clone --------------------------------------------------... Read more

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Quote:

C:\Documents and Settings\Wendy\Local Settings\Temporary Internet Files\Content.IE5\TC2RSO0I\dss[1].exe

It's important to "Save" the files, usually to desktop. They are easier to find, and won't be lost in the temporary file cleaning many of our tools perform.

P2P - I see you have P2P software ( Limewire ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your m... Read more

19 more replies

Welcome to the BleepingComputer HijackThis Logs and Analysis forum. My name is Richie and i'll be helping you to fix your problems.Apologies for the late response,as i'm sure you can appreciate we are absolutely snowed under with logs.If you still require help,please post a new Hijackthis log into your next reply.

9 more replies

My computer is laging and moving very slowly. Symantec Antivirus keeps finding and quarantine Downloader.MisleadApp. on a daily basis. Spyhunter (free version) found several cookies and one Tojan.Dropper file. Not sure if these are responsible for computer issues or not. Hoping someone can PLEASE help me. Have posted and receive much help resolving previous problems.

HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:44:11, on 3/2/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\WINDOWS\system32\ctfmon.exe
c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\WinZip\WZQKPICK.EXE

2 more replies

Background of the PC:

the system was bought about 4 years ago and my sister used to download files from kazaa with it, but then they said it crashed, and it's never been used until this summer when I did system recovery to it.

The Problems:

-As soon as it was connected to the internet, malwares attacked (especially the online security guide and live safety center), but it doesn't do that anymore now. I tried following suggestions of other sites on how to clean up the pc of these nasties but I think it just got worse...

-The installed Norton Antivirus keeps picking up Trojan.Vundo, Adware.Ezula, and Downloader.MisleadApp via Autoprotect at varying risk levels. When I do full system scans, the system is said to be 'secure' except for a tracking cookie it picks up.

-Internet browsing remarkably slowed down over the months. Random pages pop up while browsing. Start ups and shutdowns are also very slow.

-Before, as soon as the pc is connected to the internet, the desktop icons and taskbar just vanish, but recently, it seems as if it just refreshes

-Recently, a page would just pop up then a window would say 'Internet Redirection you are about to be redirected to a new internet site', or if I open 3 IE windows, one would freeze up, then if I close the page that's not responding, all of the IE windows close.

So, I did:

Step #1: none of the listed programs were found on the add/remove programs

Step #2: panda scan:

Hi astonishia01

I apologize for the delay getting to your log. The helpers here are all volunteers and we have been very busy here lately. If you are still having malware problems, I will be glad to help.

Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding. Please ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.

===============================================

Unless otherwise stated, they should be stored in same directory as the HiJackThis program.

=================

and save it to your desktop.

**Note: It is important that it is saved directly to your desktop**

===============================================

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

===============================================

Double click on combofix.exe & follow the prompts.When finished, it will produce a report for you.

1 more replies

Pop ups are going off all over the place recommending I download spyware, etc... I have not since I believe this may be the prodding this virus wants. Also, it took control of my desktop display and added some short cuts to my desktop.

Help!!!

Paul
My logfile is:

Logfile of HijackThis v1.99.1
Scan saved at 1:45:18 AM, on 7/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-... Read more

16 more replies

Hi, I've tried everything to get rid of this stupid infection! I've tried things from Avast, to Spybot Search and Destroy, to Ewido, to removal tools...It would remove it, but it would always come back. The computer was also infected with this thing called Bestselling Antivirus virus, where I had popups coming up advertising virus protection. It installed some kind of security tool bar. It also put some kind of thing in the tool bar that would blink and say that the computer was infected with a trojan/worm and would popup over and over again, till I finally some how removed both of those infections. Well, at least I think it is removed... The computer though is still infected with this trojan.vundo, Downloader, and Downloader.MisleadApp well, that's what her Symantec antivirus autoprotect says, and it won't go away, no matter what I use. Also, the random popups that keep popping up are annoying (like before, but not as bad)..Any help would be appreciated on here, my sister needs her laptop for school work, but she can't use it because it's all messed up.-------------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:39:27 PM, on 10/21/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\... Read more

Sorry for a repost, please don't delete my thread. I really need help getting rid of this infection!!

I see that people are looking at my post, but no replies

It's really annoying and it won't go away, and my sister really needs her laptop for her school work, but can't use it because it keeps acting up.

6 more replies

I have been trying to get rid of this for days. I found a thread in your forums from july 2007 about the 'Downloader.misleadapp' virus. It was nearly exactly my problem. so I followed the thread as far as i could with out having the benifit a tech checking my logs... did everything else though. Think I might have missed some stuff in the logs due to my newness to this.

I'll post logs from combofix and hijackthis in a second message.

thank you.

More replies

Norton picks these up as viruses. It appears to delete them. When i go to yahoo mail, it has problems opening up mail, and then tells me that my computer may be infected. It wants me to run some type of scan program. How do I remedy all of this. My virus defs are up to date. This particular time it wants to run "winxdefender". HELP!!

16 more replies

i downloaded a thing i thought was safe but turns out my mcafee site advisor and mcafee software let a trojan get on my computer. it the TrojanDownloader:WIN32/zlob.ZWC. microsoft malicious software tool detects it but wont remove it. mcafee dont detect it at all.

Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

1 more replies

I opened a file from AIM, and now all these programs are trying to modify my computer. All help would be appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 8:10:06 PM, on 9/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\WINDOWS\system\wcisvc.exe
C:\Program Files\AIM\aim.exe
C:\Documents and Settings\Yolkavich\Desktop\HijackThis.exe

R3 - URLSearchHook: AOLTBSearch ... Read more

More replies

system running : windows XP professional with sp3

okay, as the title implies, while surfing the internet a tab appeared in the firefox window that said "Updating..." but never showed/displayed anything. After that, I noticed the windows start/tool bar had changed from the XP theme version to the classic version. Then i noticed that there was no network connectivity. When I tried to look up what was wrong, the properties, rename, and delete options have been disabled from the right-click menu.
I received a message that there was attempt to update registry but whatever was done was restored, then my PC reboot.
what I've done so far:
I tried to boot using the windows xp CD but nothing happens. Windows eventually boots up, but I don't get any options to run repair or anything.
Used CA anti-virus for scan and found nothing (did this again in safe mode and still found nothing)
I did a search to see if I could find what was modified, it shows that all user accounts including a Helpassist?? account have been updated in some form or fashion so i don't know what else to do

I see svchost.exe, services.exe, and system taking up 50% of CPU occasionally but not sure what to make of that.

to get the internet started I tried to turn on some network services but all failed due to 'timeout'

Please let me know any ideas, or how to get started on trying to fix this problem.

thanks,
homero
other pcs are connected to the internet just fine.

any ideas? anyone? a starting point?

2 more replies

I took advantage of the student offer of Windows 7 and last night downloaded windows 7. I thought that because my laptop was 64 bit capable I could do a clean install to it from the download, which I now obviously realise was a mistake.

Does anyone know how I can change this download for a 32 bit version?

Thanks

Why can't you install 64bit? Have you tried and got an error?

2 more replies

alright so i would say i am pretty computer literate at least for 16 you put me in my whole high school i would pry be second best, here is my HJT file i cant find nothing but i can tell you my problem the quick launch bar is messed up i open it an nothing is there it opens but just lines come and regedit says its in use by another program and task manager wont open

View attachment 32453

Clear these three items in HJT and rescan:

O2 - BHO: (no name) - {3745D43B-4A84-485D-8EE9-BC6D0401DBF6} - C:\WINDOWS\system32\vtUkIBqR.dll
O2 - BHO: (no name) - {4F96CCB9-01EC-419E-AAEA-C2C913F2A236} - C:\WINDOWS\system32\byXRkIYS.dll
O20 - Winlogon Notify: byXRkIYS - C:\WINDOWS\SYSTEM32\byXRkIYS.dll

If they are still present, then download MalwareBytes Anti-Malware and while you are there grab the RogueRemoverFree as well. FileASSASSIN is under More Tools in Anti-Malware, and can actually delete the files while in use. Run that if the files wont delete or keep showing up in HJT. Make sure you update MalwareBytes before you do a full scan

7 more replies

Hello

I have setup every application to "ask me before checking for updates",

Even when I am not using any brower, email or any opther application, I notice that my lights on my modem are blinking quite fast... that is something is being downloded. It has been going on for quite sometime.

How do I find out what is being downloded (or uploaded)?

I use
toshiba laptop
window 7 prof
IE9
MS office 2010
Internet secuirity (antivirus, etc ...) from Bell
Thank you very much

And you have no browser open? And check for new email only infrequently?

You could try disconnecting from the modem and see if any program complains.

In Network Connections right click on your connection and select Status. Watch the Bytes sent and received to get an idea of the upload vs download and how much.

3 more replies

I downloaded a program yesterday and ran it but nothing happened. Then I read comments on a video of it and someone said it was most likely a RAT and another guy saying it was probably a virus. I can provide the file if that will help. I don't want a RAT.

1 more replies

Is there a way to find out just how much in total the Get Windows 10 app has downloaded it so far?

There's no way to know that when Windows 10 hasn't been officially released yet. Maybe at a later date.

41 more replies

hello my coputer is windos vista and the problem is everery time that i try to downloading anything i cant because there is a box that say "you current security setting do not allow this file to be downloaded" plis i really need help michael

More replies

I just purchased a new HP desktop, INtel core 2 Quad processor, 64 bit performance with 8gb of ram, 1 Terrabyte hard drive. It came with Vista home premium 64 bit edition. I had previously purchased Vista Ultimate for a laptop that no longer works. When I downloaded Vista Ultimate I put in the 32 bit instead of the 64.....I am not able to do a restore to go back to the way I purchased it. I am not very computer savvy. Can anyone please help??? Thank you. And what would be the down fall for keeping the 32 bit installed (somone had told me I wouldn't be using the full capicity of the computer) Thanks again.

Originally Posted by cmb1966

I just purchased a new HP desktop, INtel core 2 Quad processor, 64 bit performance with 8gb of ram, 1 Terrabyte hard drive. It came with Vista home premium 64 bit edition. I had previously purchased Vista Ultimate for a laptop that no longer works. When I downloaded Vista Ultimate I put in the 32 bit instead of the 64.....I am not able to do a restore to go back to the way I purchased it. I am not very computer savvy. Can anyone please help??? Thank you. And what would be the down fall for keeping the 32 bit installed (somone had told me I wouldn't be using the full capicity of the computer) Thanks again.

32bit will only see 4gigs of ram and usually only be able to use abt 3.3 its also a bit slower depending on how you use it. when changing from one OS format (32bit) to another (64bit) it has to be a clean install.

Now about restoring you may have a backup there and available but since you are 32 bit and it isnt you cant use it. If you were to reinstall vista 64 it probably be available

7 more replies

More replies

Think i accidently downloaded something or not, Over the past week it has been getting slower and ie has now been hanging up. here is a dss log and thank you:Deckard's System Scanner v20071014.68Run by Gil on 2008-06-09 22:07:02Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --28: 2008-06-10 02:07:21 UTC - RP513 - Deckard's System Scanner Restore Point27: 2008-06-10 00:51:33 UTC - RP512 - System Checkpoint26: 2008-06-04 03:16:24 UTC - RP511 - Software Distribution Service 3.025: 2008-06-03 21:13:28 UTC - RP510 - Software Distribution Service 3.024: 2008-06-03 02:32:27 UTC - RP509 - Software Distribution Service 3.0-- First Restore Point -- 1: 2008-03-13 20:18:23 UTC - RP486 - System CheckpointBacked up registry hives.Performed disk cleanup.Total Physical Memory: 448 MiB (512 MiB recommended).-- HijackThis (run as Gil.exe) -------------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:10:47 PM, on 6/9/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC: ... Read more

2 more replies

So I downloaded something and although avast said it blocked a trojan/virus, I just want to sure my PC is safe/clean. Think you guys can help me out?

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 7:10:11 PM, on 2/5/2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18163)

FIREFOX: 42.0 (x86 en-US)
Boot mode: Normal

Running processes:
C:\Users\Gene\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe

2 more replies

So far I like it. However, I do a lot of photos and cannot figure out how to set up a new folder and organize them. Any advice ? Thank you

10 more replies

Hey.
I have had some problems with my computer, and know I have tried my best. Someone told me to download Hijack and then post my log here. Could someone please take a look at it-, If there's something more to be done, please let me know.

Thanks

Logfile of HijackThis v1.98.2
Scan saved at 21:57:56, on 11.10.2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
C:\Programfiler\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programfiler\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Programfiler\Nokia\Nokia PC Suite 5\DataLayer.exe
C:\Programfiler\Fellesfiler\Nokia\NCLTools\NclTray.exe
C:\PROGRA~1\ELEKTR~1\OPTISK~1\Amoumain.exe
C:\Programfiler\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
C:\Programfiler\Fellesfiler\Nokia\Services\ServiceLayer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\bcmwltry.exe

It's a program that can restore your internet connection if it's lost after the NewDotNet uninstall.

Uninstall NewDotNet via Start-Control Panel-Add or Remove Programs.

If that fails, then follow the instructions below:

From a computer that has Internet access, click on the following link:

NewDotNet uninstaller

Insert the floppy disk into the floppy drive of the computer that needs to have our software uninstalled from.

Click on Start.

Click on Run.

In the Open window type, A:\uninstall6_22.exe.

Click on the OK button.

Re-start the computer.

http://www.newdotnet.com/

Uninstall:

MyWay or MyWebSearch

Twaintech

Restart the computer.

Download and save these freeware/donationware programs to a permanent folder. Remember to check for updates and run them weekly.
***NOTE***A new version of Ad-aware has been released.
***ALSO***A new version of SpyBot's been released (v1.3...it's no longer in beta). If you have been using 1.2 you can install right over it. If you downloaded and used 1.3 beta it is suggested you remove it and reboot prior to installing.