Tech Problem Aggregator

Help downloaded malware program from phishing site

Q: Help downloaded malware program from phishing site

Hello, I downloaded a program from http://phyxer.info/ and the real site is phyxer.org. I downloaded the program from the phishing site and installed it, when I clicked on it, nothing happened so I went to googe and typed in the name and then was directed to the real site where it had news of a spoof site.

So what i've done so far is: i'm currently running a scan using nod32, I emailed the program to nod and kaspersky as well as the author of the original software at phyxer.org, and ran hijack this. Here is the log, what should I do guys any help is appreciated.
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 2:39:44 PM, on 4/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\csrss.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Home Server\WHSTrayApp.exe
C:\Program Files\Windows Home Server\WHSConnector.exe
C:\Program Files\Port Explorer\PortExplorer.exe
C:\Program Files\Maxthon\Maxthon.exe
C:\Program Files\Eset\nod32.exe
C:\Program Files\Mozilla Thunderbird Beta 2\thunderbird.exe
C:\Documents and Settings\Ryan\Desktop\HiJackThis_v2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank" class="invilink">http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="invilink">http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: BrowserHelper Class - {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Program Files\Windows Home Server\WHSDeskBands.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: Home Server Banner - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [system] C:\WINDOWS\csrss.exe
O4 - Global Startup: Windows Home Server.lnk = ?
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe

--
End of file - 6771 bytes

A: Help downloaded malware program from phishing site

here is an image of port explorer with nothing but nod32 and basic startup programs running, note: whsconnect is windows home server so thats nothing to worry about.

2 more replies
Answer Match 76.44%

Hi,
My PC has somehow gotten infected with a piece of Malware that causes IE8 to redirect my personal security credential login to Ebay to another phishing site that is asking for all sorts of personal information as a "verification" to continue into Ebay. I have no idea how this got on my machine but I need help badly to get it off. Can anyone help me?

Thanks

A:IE8 Redirect Malware to Phishing Site INFECTION [Moved]

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

14 more replies
Answer Match 70.98%

Hey.
I'm currently running windows 7. I came across a fake kmspico site from "TeamDaz" and it promptly filled my computer with unwanted programs and other crap. I uninstalled the unwanted programs, ran malware bytes and junkware multiple times but the problem persists.
The symptoms are super slow google chrome, occasional pop ups of reimage plus, downloaded unwanted programs by itself days after initial download and after I ran malware removal, random folders and files created with things like .dll files and winsec.exe.
I tried deleting some of these files in this folder it created and nothing happened but the rest of the files refused to be deleted because they are apparently running.
Would appreciate any help, still a newbie with computers

A:Downloaded malware from fake kmspico site

Oh and forgot:
I have processes such as fchk.exe and i0swzera.exe that are running but I have no idea what they are, never seen them before, and can't close them.
I closed one of them through command prompt (winsec.exe) but these new ones popped up

2 more replies
Answer Match 61.74%

HelloI received an email that was asking to answer a survey. I accidentally clicked on the link and closed the window that popped up immediately. I think it's a phishing website or something. Here is what the mail looked like. The way it was typed is pretty odd (as shown in the encircled words).I just wanna know if my password got hacked or I'm infected with a virus or something else since I clicked on the link.Need help. Thanks! Anybody willing to click the link for me? haha

A:Phishing Site?

You can check out the link here:http://www.explabs.com/You broke one of the golden rules of computing safety. Maybe two. Don't open an email if you don't recognize the sender or if it is suspect. NEVER click on a link in an email or IM unless you have verified where it will take you. You can use the link above or copy and paste the link into Google and see what the results say. Suggest you scan with whatever security programs you have.

10 more replies
Answer Match 60.9%

Hi,
  I found a phishing web site, where do I report it?
I was in FF, and went to yahoo.com and searched for "news".
The first URL was an ad, something like:
Latest news ...... today.com
This sends you to a page saying that your computer is infected and
to call 888-535-2763
 
When I do the same in IE11, I do not find the phishing link.
 
Where can I report this?
I tried the yahoo web site, but could only see reporting phishing email.

A:where do I report a phishing site

Hi,
 
On Firefox Open the Help menu > Report Web Forgery

0 more replies
Answer Match 60.9%

Accidentally I clicked a phishing site(sony04.t35.com). Now I'm not able to access facebook. That site has probably put a malware,trojan or a spyware on my PC. I use Eset Smart Security as an antivirus software,but it finds nothing when I scan my PC. Pls reccomend me a software to remove that malware or tell me something else that can help me solve this problem. Thanks.
 

More replies
Answer Match 60.9%

I believe my pc has contracted a bit of malware. I've run kapersky, avg and avast!, each one picked up a couple of things here and there, but one problem still persists. Whenever I restart (and periodically thereafter) firefox directs me to update.windowssettings.org/2/update.php, which is immediately identified by avg as a web forgery.

The machine isn't particularly slow and otherwise is running normally, but this consistent phishing is annoying me and I'd like to clean it out.
g

A:Annoying Phishing Site

Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list ... Read more

3 more replies
Answer Match 60.9%

hello,
one of my sites is view by Microsoft as a phishing site : it's a WordPress site, with security content scanner (wordfence).. it didn't find any malware...
Google Tools for webmaster says that this site is healthy...
we only have some troubles with Microsoft SmartScreen... do you know were i could find informations why our site was calssified as a phishing site ? any equivalent to Google webmaster Tools on Microsoft Smartscreen ?
thanks in advance..
Nico

More replies
Answer Match 60.9%

Hi guys,

To make it clearer, I would call the sites which I downloaded my stuffs from as the following:
I.Forum 1
1.User A - uploaded his files on Megaupload, Rapidshare and Hotfile(I doubt these filesharing sites have any problems)
a.Many forum users downloaded his stuff and not a single post of reporting any CRC error related issues. So the integrity of the files should not be doubted. If the files are perfectly OK for everyone else, it has got to be me.
b.ALL the stuffs I downloaded from him(uploaded on MU, RS & HF) are extracting fine until about one month ago. Every piece I downloaded failed to extract since then.
*All are done with same computer and same connection. Exact same conditions.
2.User B - Exact same scenario. Post his stuffs on his own blog as well.
3.Basically, every RAR file I download now have CRC error.
II.Forum 2
This forum has their own download server. Stuffs I download here are still miraculously working!
In case you doubt the size of the files. RAR files downloaded from Forum 2 work fine even when they are 300M. Whereas RAR files from Forum 1 always fail, smallest single file being 150M. Smallest divided(.part01.rar files) are 90M.
The contents of the files are different.
Forum 1 - Every type of file.
Forum 2 - Only music and images. (.ape, .jpg, .png, .mp3 etc)
Detail:I only have problem extracting the large files(>90M) from the RAR archives downloaded from MU,RS,HF(Forum1). Though RAR archives downloaded from foru... Read more

A:Downloaded RAR files CRC failed from site A but not site B

Problem unsolved.
Though I've found an alternative solution by repairing the archives. Extracting perfectly for every file. I'm guessing it's an internet issue.
Older RAR archives without recovery record cannot be recovered!
Urgently need software which repairs CRC errors.(Softwares which can repair .part.rar files!
 

1 more replies
Answer Match 60.48%

The other day, I tried to log in to my bank account and was redirected to a phishing site. When I asked my wife about it, she said she thought she might have downloaded a virus. I run Avast AntiVir and Comodo Firewall. I've scanned with AntiVir, Malwarebytes, Security Essentials, CCleaner and none have been able to detect anything or resolve the problem.

If anyone can help me it would be much appreciated. I can provide whatever logs are requested. Thanks!

A:Chase.com redirects to a phishing site! Please help!

Call the bank, make sure your account is closed from internet access / protect your info with the bank over the phone or in person before doing anything with the PC!!

I've had this happen to me and didn't realize what happened till my account was drained

ok so, with that squared away... all those programs come up with 0 infections - but the website still tries to redirect?

I would go into safe mode and try to scan from there, Malwarebytes first, then the rest, FULL SCANS too, don't just do the Quick runs

3 more replies
Answer Match 60.48%

Forget Phishing
must see link... Are you safe from Attackers????

A:Must See Site, Its about Phishing and Now the new Cybercrime... Whaling

Good! Let the scum fight each other

Tom

1 more replies
Answer Match 60.48%

Hello,

I am pretty sure that someone got in to my computer... I was sent 2 phishing web pages and didn't know it before I entered my pasword. First it changed MY IE to view all orginals then I had a Driver Crash that was what MS said after my computer shut off by it's self. it was sent to me on YAHOO IM so I have changed all my passwords and deleted the program and redownloaded I have not used it yet until I'm told I am clean. My firewall was diabled and I followed all the steps listed on this page:http://windowsxp.mvps.org/sharedaccess.htm it also sent me to this site:http://aumha.org/a/quickfix.php and I followed the cleaning steps... Also My AVG/ewindo keeps getting disabled.

AdAware SE found Adaware.pop (which is my popcap game I play on MSN) and it also found win32.trojan.downloader and some cookies

I also Got windows defender if found: Possible host file hijack C:\windows\system32\drivers\etc\hosts and Hijacker.Allstar Hklm\software\microsoft\windows\CurrentVersion\expolorer\sharedTaskScheduler\\{03b1c4d9-bc71-8916-38ad-9dea5d213614}

I have bolded the things that I am unsure about on my HJT log and added the ? after thanks for helping !!!!!

Logfile of HijackThis v1.99.1
Scan saved at 2:16:23 PM, on 11/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS... Read more

A:Infection??? HIJACKERS/phishing site HELP!!!!

********
3:34 PM: | Start of Session, Wednesday, November 29, 2006 |
3:34 PM: Spy Sweeper for MSN started
3:34 PM: Sweep initiated using definitions version 810
3:34 PM: Starting Memory Sweep
3:55 PM: Memory Sweep Complete, Elapsed Time: 00:21:46
3:55 PM: Starting Registry Sweep
3:58 PM: Registry Sweep Complete, Elapsed Time:00:02:16
3:58 PM: Starting Cookie Sweep
3:58 PM: Found Spy Cookie: 2o7.net cookie
3:58 PM: [email protected][2].txt (ID = 1957)
3:58 PM: Found Spy Cookie: adlegend cookie
3:58 PM: [email protected][1].txt (ID = 2074)
3:58 PM: Found Spy Cookie: pointroll cookie
3:58 PM: [email protected][1].txt (ID = 3148)
3:58 PM: Found Spy Cookie: adtech cookie
3:58 PM: [email protected][2].txt (ID = 2155)
3:58 PM: Found Spy Cookie: falkag cookie
3:58 PM: [email protected][1].txt (ID = 2650)
3:58 PM: Found Spy Cookie: ru4 cookie
3:58 PM: [email protected][2].txt (ID = 3269)
3:58 PM: [email protected][1].txt (ID = 1958)
3:58 PM: Found Spy Cookie: questionmarket cookie
3:58 PM: [email protected][2].txt (ID = 3217)
3:58 PM: Found Spy Cookie: serving-sys cookie
3:58 PM: [email protected][2].txt (ID = 3343)
3:58 PM: Found Spy Cookie: websponsors cookie
3:58 PM: [email protected][2].txt (ID = 3665)
3:58 PM: [email protected][1].txt (ID = 2074)
3:58 PM: Found Spy Cookie: specificclick.com cookie
3:58 PM: [email protected][1].txt (ID = 3400)
3:58 PM: Found Spy Cookie: tacoda cookie
3:58 PM: [email protected][2].txt... Read more

3 more replies
Answer Match 59.64%

Hello.Today I tried to log onto Paypal, and i was taken to fake PP site that looked exactly like the actual one. I ended up sending my personal info with credit card, etc and spent all day canceling the account at PP, my credit card, filing complaints with the Social Security Dept, Federal Trade Commission and so on....very fun day, indeed.I've certainly become more informed on phishing today, and have never had any kind of problem like this before. It sounds like most of the time, these types of things happen with email links, but I just typed in the PP addy to get there. I do have virus protection, but I've also ran Adaware Pro 2008, and Malewarebytes, neither finding much.When I still try to go to PP, it takes me to <hxxps://www.paypal.com/us/> which I now know is not the official site...but it looks like it in every detail. Quite amazing but diabolical to say the least.If anyone can figure this out, I'd greatly appreciate it.Here are the two files/logs you wanted:DDS (Ver_09-03-16.01) - NTFSx86Run by Brian Weber at 23:10:34.18 on Mon 04/06/2009Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.356 [GMT -4:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupC:\WINDOWS\Explorer.EXEsvchost.exesvchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.ex... Read more

A:Fake Paypal Site - Phishing - Unsure Of Cause?

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructio... Read more

2 more replies
Answer Match 59.64%

My son was looking for a Remington Field Shotgun & Quihoo TSE popped up & stated it was a Phishing site. A false positive perhaps.?
 

A:Remington.com Found by Quihoo 360 TSE As A Phishing Site.?

marg said:





My son was looking for a Remington Field Shotgun & Quihoo TSE popped up & stated it was a Phishing site. A false positive perhaps.?Click to expand...


it's a false positive
 

4 more replies
Answer Match 59.64%

my computer is being redirected when I try to log in to ebay or aol email to a site that looks like aol or ebay but wants my credit card number and atm pin. I have a copy of hijack this I am uploading. Also my computer runs very slow, especially when I am on the net.Thank youRussell

A:Internet redirects aol and ebay to phishing site

Hello rkrplus1 Welcome to the BC HijackThis Log and Analysis forum. I will be assisting you in cleaning up your system.I ask that you refrain from running tools other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond the your topic and facilitate the cleaning of your machine.Please keep in mind that we have a large backlog of users just like yourself waiting to be helped so try to be as timely as possible in your replies. Since we do this on a part-time voluntary basis we are limited on how many logs we can respond to and keep open due to time restraints. If you have to be away or can't answer for some other reason just let me know. Thank you for your understanding.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.In order to better assist you I will need the following:Download DDS and save it to your desktop from here or here.Disable any script blocker, and then double click dds.scr to run the tool. When done, DDS will open two (2) logs: DDS.txt Attach.txtSave both reports to your ... Read more

19 more replies
Answer Match 59.64%

So tried to log onto my internet banking today and didnt realised I was being phished. The site covered its tracks so well that even now, it looks like the real Lloyds TSB site - only clue is that the memorable information link asks for the whole memorable information rather than a select three characters.

In the past I've never been caught out and am a little miffed that I have this time.

The bank has frozen my internet banking but now I have to find the culprit on my PC. Can you help? heres a copy of the DDS log.

Many thanks

N.
---------
DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Nick at 16:20:11.33 on 28/12/2010
Internet Explorer: 8.0.6001.18999
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.44.1033.18.1790.571 [GMT 0:00]

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\sy... Read more

A:Caught out by a clever phishing site, where is the culprit?

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic and do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for postin... Read more

2 more replies
Answer Match 59.64%

How do you report a phishing site with Microsoft Edge?
You can open the site from Edge Settings with IE11 then in IE11 use safety / smart screen, but within edge I do not see a way of reporting the site directly from the edge browser.

More replies
Answer Match 59.64%

Here is the problem I am having.

A client has a PC with IE 6 on it. When he tries to log onto AOL, Bank of America, ING Direct, and any other number of financial sites, he gets to a page saying something to the effect of that company making changes, and they need his Credit Card #, ATM Pin, etc. Basically all that information that most places will tell you they will never ask you for online or via email.

Problem is, most of them are using https and the URLs are all correct. It is not being redirected to a different url. I have confirmed that the URL that shows in IE is correct.
Tried upgrading to IE7, still got same problem. Tried system restore back to before the problem existed, this did not fix it. Ran every major Antivirus, antispyware, antimalware, rootkit finder, BHO finder, etc that I could find, none of them found anything.

Other systems on this LAN work OK. If I browse to the same sites in Mozilla firefox on this same PC, that works OK. I tried a few other browsers, they all worked. Just IE has the problem.

I installed a peice of software called Proxomitron, its a software proxy. I set up Internet Explorer to use this Proxy software, and with that running, I can access these sites in IE.

So, my conclusion is that there is something on the system hijacking the HTTP requests from IE. Problem is, I dont know enough about how IE works to really troubleshoot that any further. Anyone have any suggestions?

I did try to delete all the folders that have to ... Read more

A:AOL and financial sites redirect to phishing site

Bump 1

I have some new information on this as well.

I made a full backup image of the HD using Acronis so I could restore to a virtual PC to troublehshoot. Basically, I could not restore to a virtual PC, and ended up having to restore to an HP system because the OEM OS wouldnt let me restore to anything else. I used Acronis Universal restore to restore onto dis-similar hardware.

If I restore both the C: partition and the MBR, I cant boot, get bsod. If I then boot to a windows CD into recovery console and run the fixmbr command to rebuild the MBR I can get into windows, but at that point, I can not reproduce the error. I can browse right to these sites and log on with no problems. If I restore just the C: partition, I also do not get the problem.

I am unable to reproduce the problem on another PC. I do not know if that means the problem is in the MBR, or of its just a coincidence. The only difference between the original PC and my Restored Image of that PC on another system is the MBR, and I had to install NIC and Video drivers for the PC I restored to.

Not sure if this is relevant information, but this problem is not going away, so I am jumping at anything that might help.

4 more replies
Answer Match 59.22%

A fake Customs and Excise email is going around asking you to download a file. Something to do with tax credits i think

Warning this is a phishing site as confirmed by HM customs and Excise only 10mins before posting this thread

Pressing download may result in page 'expired message'
 

A:WARNING Fake Customs and Excise phishing site

Cheers Triplex

I have WOT installed on PC and Laptop, its pretty good at picking out these scamming sites

http://www.mywot.com/

 

3 more replies
Answer Match 59.22%

Almost every page I goto this page pops up that says:
This website has links to the resources which are reported as phishing websites
Internet Explorer has determined that this website has links to the resources which are reported as phishing websites. Phishing websites impersonate other sites and attempt to trick you into revealing personal or financial information.
Here are my specs.:
Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft Windows XP Professional, Service Pack 2, 32 bit
Processor: Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz, x86 Family 6 Model 15 Stepping 6
Processor Count: 2
RAM: 1013 Mb
Graphics Card: Mobile Intel(R) 945GM Express Chipset Family, 128 Mb
Hard Drives: C: Total - 152374 MB, Free - 132785 MB;
Motherboard: Intel Corporation, MPAD-MSAE Customer Reference Boards, Not Applicable, Not Applicable
Antivirus: McAfee VirusScan, Updated: No, On-Demand Scanner: Enabled

Should I do the Hijackthis next and give you those logs first or should I do something else?
Thanks
 

More replies
Answer Match 59.22%

Having certificate problems when browsing on a particular site. Possible phishing problem."This Is Probably Not The Site You Are Looking For!"Im on Windows Xp Home SP3.I'm trying to deposit money on a pokersite and im having errors on my PC. I can access the site from my wireless laptop and even my iphone, but i prefer to do my banking on my PC.On my PC, I log into a secure poker site. I dont click on a bookmark but actually type out the link on the address bar (cashier.lockpoker.eu). Within the site, there is a deposit link that you go to if you want to deposit money (duh lol). However, when I click on the link to get there, im getting a certificate error on all three internet browsers i try (firefox, safari, chrome). Again I can access the deposit link on my Laptop and iPhone, but I cant do it on my PC.Here are the message I received from the three browsers:From Mozilla---------------------------------------This Connection is UntrustedYou have asked Firefox to connect securely to processor6.realtimegaming.com, but we can't confirm that your connection is secure.Normally, when you try to connect securely, sites will present trusted identification to prove that you are going to the right place. However, this site's identity can't be verified.What Should I Do?If you usually connect to this site without problems, this error could mean that someone is trying to impersonate the site, and you shouldn't continue.Technical Detailsprocessor6.realtime... Read more

A:Having certificate problems when browsing on a particular site. Possible phishing problem.

Hello, let's get a look and see if we can find something.Please download MiniToolBox, save it to your desktop and run it. Checkmark the following checkboxes: Flush DNS Report IE Proxy Settings Reset IE Proxy Settings Report FF Proxy Settings Reset FF Proxy Settings List content of Hosts List IP configuration List Winsock Entries List last 10 Event Viewer log List Installed Programs List Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware and save it to your desktop.Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet and double-click on the renamed file to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.Malwarebytes will automatically start and you will be asked to update the program before performing a scan.If an update is found, the pro... Read more

16 more replies
Answer Match 59.22%

original problem was posted here: http://www.bleepingcomputer.com/forums/topic454346.htmlIt couldnt be solved so I was directed this way.This is the gist of the situation:I'm trying to deposit money on a pokersite and im having errors on my PC. I can access the deposit page from my wireless laptop and even my iphone (wifi mode), but i prefer to do my banking on my PC.Here's the detailed descriptionI just joined a new Online Poker site (lockpoker.eu) and installed their poker program on my computer. I signed up an account and tried out the program (using play money) and everything worked well so I decided to deposit some Real Cash into it. Thats when I ran into the problem. When i would try to click on the deposit link inside the program I would get a certificate error on the deposit page. i tried multiple times and always get the same results. I figured theres something wrong with the deposit link within the program. Luckily there was another option. I can just go directly to the LockPoker.eu website and deposit from there (cashier.lockpoker.eu). So i log into the site successfully and discover the deposit link. I click on the link and still get the certificate errors. I tried using three different browsers (Firefox, Safari, Chrome) and i basically got the same certificate errors. I'll copy and paste the errors from my original post here. I also took screen shots of the errors that i have attached.From Mozilla---------------------------------------This Connection ... Read more

A:Possible phishing problem. Having certificate problems when browsing on a particular site.

*****BREAKTHROUGH****

Late last night, i dont know why, but i checked to see if there were any updates on my Comodo Firewall. and sure enough there was. so i updated it and it updated itself super quick (like it was downloaded and ready to install a single 1KB file or something cause it was quick) and it asked me to restart. so I restarted. I felt that the update was so quick that i went back and clicked update again. and there was yet another update. this time it took a little longer. and i restarted it again.

it was late so i set a virus scan and went to bed.

when i got up this morning, i saw that i had no viruses (as expected) and went to check my posts. i decided to click on http://www.realtimegaming.com/ and i am now able to access it. I went on cashier.lockpoker.eu and clicked on the deposit link and im able to access it now. i went to my poker program logged on and clicked on the deposit link and im able to access it now.

my firewall was COMODO Internet Security (Version: 5.5.64714.1383) and now its COMODO Internet Security (Version: 5.10.228257.2253)

Does this mean i was being phished by my firewall all this time? should i be worried? ive been online banking for quite sometime?

3 more replies
Answer Match 58.38%

Hey everyone, I'm hoping I can get some help because I cannot get this resolved after trying many things.Sorry if the title is not accurate, I named it Facebook Phishing because I did a google search and someone with the same problem named it that.
 
 Just yesterday I noticed that when I wake my computer up from sleep mode, or just restart or boot up my computer, my google chrome opens 10-20 tabs attempting to reach Facebook links. Here are a couple examples:  htt  ps://fbcdn-photos-a-a.akamaihd.net/hphotos-ak-prn1/test-favela.html?529354585 ht tps://fbcdn-sphotos-a-a.akamaihd.net/hphotos-ak-prn1/test-favela.html?509812954 I have run malware bytes and norton anti virus to no avail, I have cleared cookies, changed Facebook passwords, rolled back my computer a day, and went to msconfig and disabled a facebook updater on start up.  I really have no idea what to do, and google searches bring back nothing. I saw one other post on the mozilla firefox forums with the problem I have, but the answer was just go to a spyforum for help.  Please help. Thank you.
 
UPDATED WITH DDS AND MBAM LOGS:
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16576  BrowserJavaVersion: 10.21.2
Run by Chris at 13:33:34 on 2013-05-20
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6069.3293 [GMT -4:00]
.
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Wind... Read more

A:Help: Facebook phishing site? Opens tons of tabs on start up

Updated with logs.

26 more replies
Answer Match 58.38%

Trend Micro threat analysts recently unearthed spammed messages that purported to have come from Trend Micro. Targeting trusted organizations is not an uncommon technique, used by cyber criminals when carrying out spam campaigns. In this case, the phishing URL and domain are already inaccessible.



Read more -
Spoofed Trend Micro Email Leads to Phishing Site | Malware Blog | Trend Micro

More replies
Answer Match 54.6%

I downloaded Windows 7 from Microsoft's website with the student discount. I downloaded it to a Toshiba laptop which had a Windows 7 Starter version and it was supposed to be an upgrade, but it was giving me error messages so I went ahead and downloaded the whole system from scratch erasing the prior system completely. It asked me for a product key but because I didnt have one I hit X and continued. Now it keeps asking me for a product key, but how can i get one if i didnt download it from a disk, i got it from the site directly??? thanks for the help!!!

A:Downloaded Win 7 from site, no product key

I believe that they send out an email showing that you bought it as a student discount and then send out a second one with the cd-key.

2 more replies
Answer Match 53.76%

Can someone here refer me to a good technical or semi-technical explanation of how phishing-malware attacks work? I was reading recently that some big gummint installation was hit with such an attack, and tho I understand the phishing part, I'd like to learn more about how simply going to a site can result in malware getting installed on your computer without you downloading and then installing it.

I'm not too worried about my own situation, since I use Firefox with Scriptblock and have set Firefox to deny automatic installation of downloaded software. But I'm intrigued at how this is done.

A:How does phishing/malware work?

Phishing is an Internet scam that uses spoofed email and fraudulent Web sites which appear to come from or masquerade as legitimate sources. The fake emails and web sites are designed to fool respondents into disclosing sensitive personal or financial data which can then be used by criminals for financial or identity theft. The email directs the user to visit a web site where they are asked to update personal information such as passwords, user names, and provide credit card, social security, and bank account numbers, that the legitimate organization already has. Spear Phishing is a highly targeted and coordinated phishing attack using spoofed email messages directed against employees or members within a certain company, government agency, organization, or group. These fraudulent emails and web sites, however, may also contain malicious code which can spread infection. Phishing, sometimes referred to as brand spoofing or carding, was derived from "fishing", the idea being that bait is thrown out with the hopes that some will be tempted into biting. It is essentially an old con game updated to take advantage of new technology.Recognize phishing scams and fraudulent e-mailsEmail and web scams: How to help protect yourselfHow Not to Get Hooked by a ‘Phishing’ ScamConsumer Advice: How to Avoid Phishing ScamsHow to Avoid Phishing ScamsPayPal's Phishing GuideTips on how to avoid phishingThe golden rule to avoid being phished is to never ever click... Read more

8 more replies
Answer Match 53.76%

Hi everyone! Im new in using Forum site but I need some help. I can't remove/change the home page of my IE which is "www.redtube.com". My IE is also running thru "Sowar Browser" which is unusual. I downloaded many anti-virus and malware removal softwares such as spybot, A-square, AVG, threatfire, etc. but I still can't remove it. Spybot can detect it but the homepage kept coming back even I removed it by spybot. Can anyone advice me how to remove it totally?

Thanks

A:Phishing & Malware Problem

Welcome to BleepingComputer.Open Spybot Search and Destroy and suspend the Teatimer function - if enabled.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continu... Read more

1 more replies
Answer Match 53.76%

Thank you for considering my problem and any help you can give me. I have XP professional operating system and Earthlink DSL internet service which includes Protection Control Center (7.0.1.325) antivirus software. PCC is regularly alerting me that there is "Hidden Data Sending" riskware using the process "C;\windows\system32\svchost.exe". When I first saw the message I did a complete scan (using PCC) which found two trojans that I deleted. This did not stop the alerts. When an alert happens and I try to quarantine the process I get an "access denied" message. I am able to click on "Deny" to prevent the operation from being completed and get the following details:Process C:\WINDOWS\System32\svchost.exe (PID: 1224) is trying to send data using a trusted application.Intended address:http://94.228.209.202/Data:xurl=http://94.228.209.202/PkC4qZOl7i3MAEo3f758a7195c898f2abdf44eec340f2a8d35g&xref=http://christmastreemall.com/result.php?Keywords=new+jersey+dui+lawyer&r=1ed461e47880cc0cc941129d51e9b228e256446597e51f518c28bc1a895ced98a7c48dbd201fcfe4c78757f2e33b1055&Submit=GoWhen these alerts happen I cannot complete any other task until I click on "Deny" and eventually other applications such as Internet Explorer start acting strangely, slowing down or not responding.I was able to attach a DDS.txt file but was unable to upload dds.scr, possibly because it is 514k, thus exceeding your 493k m... Read more

A:svchost phishing malware

Hello Eldon2Welcome to BleepingComputer ==========================Download OTL to your desktop.Double click on OTL to run it. When the window appears, underneath Output at the top change it to Minimal Output.Under the Standard Registry box change it to All.Under Custom scan's and fixes section paste in the below in boldnetsvcs%SYSTEMDRIVE%\*.*%systemroot%\*. /mp /sCREATERESTOREPOINT%systemroot%\system32\*.dll /lockedfiles%systemroot%\Tasks\*.job /lockedfiles%systemroot%\System32\config\*.sav %systemroot%\system32\drivers\*.sys /90%systemroot%\system32\Spool\prtprocs\w32x86\*.dllCheck the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.====================Download the following GMER Rootkit Scanner from HereDownload the randomly named EXE file to your Desktop. Remember what its name is since it is randomly named.Double click on the new random named exe file you downloaded and run it. If prompted about the Security Warning and Unknown Publisher go ahead and click on RunIt may take a minute to load and become available.If it gives you a warnin... Read more

11 more replies
Answer Match 53.76%

Hi all,

I am using Windows Vista Home premium. In the past few months I have noticed that my internet web surfing has functioned less efficiently, with slower web page loading and often "the page cannot be displayed" and I have to refresh a few times before the page loads. This happens for every website I visit. When I click the back button, I sometimes see weird addresses which I didnt even go to. I suspect these are phishing, malware or spying tools. And on MSN messenger, I have been hit with the Acai Berry virus, where my account constantly send messages regarding Acai Berry pills to my contacts. Most recently, my facebook account was infected as well, sending out messages about weight loss stuff.

I have constantly scanned my computer with my McAfee virus scan, as well as Malwarebytes anti malware scan. Both revealed no threats found.

Hope you guys can help,
Thanks

A:Think my com is hit with malware, phishing stuff

Update mbam and run a FULL scanPlease post the results==========================ATFPlease download ATF Cleaner by Atribune & save it to your desktop.Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox browser click Firefox at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser click Opera at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".------------------------------------SAS, may take a long time to scanPlease download and scan with SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then ... Read more

2 more replies
Answer Match 53.76%

Hey, 
 
Yesterday I ran into a phishing scam, but I think I took the right measures in protecting myself.
Someone told to come to this site, so I'm not 100% I should be posting this here. 
I'm running Windows 8.1
 
This is a log from HiJackThis.
 
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 9:40:23 PM, on 6/16/2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)
 
FIREFOX: 31.0 (x86 en-US)
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairHID.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
... Read more

A:Possible Phishing Problem (malware)

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Lets check it out.Download the version of this tool for your operating system.Farbar Recovery Scan Tool (64 bit)Farbar Recovery Scan Tool (32 bit)and save it to a folder on your computer's Desktop.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.===p.s.HijackThis is no longer supported.I suggest your remove it Using the Add/Remove programs applet.Use the Farbar tool from now on to report problems.<<<>>>

2 more replies
Answer Match 53.76%

I am also getting the same issue mentioned in this thread...

http://forums.techguy.org/virus-other-malware-removal/940938-ibank-barclays-co-uk-interfering.html

Started about an hour ago, only effects IE. It injects its own fake html after the end </html> tag. Looks like a pritty sophisticated phishing attempt and I have been unable to locate any new files on my machine that may be causing it.
 

More replies
Answer Match 53.34%

If I download a Zip file from a website using Firefox 4, or3, the resulting opened file is gibberish. If I do it with explorer 8 or 9 it is fine.
Visible differences are that in opening the file downloaded with explorer it becomes a PDF file and opens sensibly. In explorer the file to be downloaded is SG33V10.zip and this becomes becomes SG33V10.pdf.In Firefox the downloaded file has added a 1.htm to the zip ending and than makes a mess of opening it -the file to be downloaded is SG33V10.zip and on downloading this becomes SG33V10.zip-1.htm which on opening is rubbish

Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft® Windows Vista™ Home Premium , Service Pack 2, 32 bit
Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz, x64 Family 6 Model 23 Stepping 10
Processor Count: 2
RAM: 3325 Mb
Graphics Card: NVIDIA GeForce 9600 GT, 512 Mb
Hard Drives: C: Total - 59999 MB, Free - 14500 MB; D: Total - 408575 MB, Free - 394532 MB;
Motherboard: Shuttle Inc, FG33, V10, 0
Antivirus: Kaspersky Internet Security, Updated and Enabled
 

A:Firefox 4(or 3) does not open zip file downloaded from web site

8 more replies
Answer Match 53.34%

Hi! I downloaded a small website using HTTrack...it saved html files in a directory structure.But the no. of distinct files is naturally huge...I need some kind of zipping/merging/combining utility which will give me one single file in place of whole bunch of html files (& folders).Why combine? It would be neat

A:Merging site pages downloaded using HTTrack

Did you try the HTTrack forum?

2 more replies
Answer Match 53.34%

Hmmmmmm, I'm not running av shield. I surfed to a site with SRWare Iron 5 Alpha. I got a popup dialog warning me the site had some nasties. Here's the thing though, in Options the protection for Phishing and Malware was not enabled!!

Makes me wonder if a) Phishing/Malware protection is enabled no matter the state of the check box. Or b) some moron thinks it's funny for his site to pop up stupid dialogs?

I'd ask on SRWare Forum but even on the English forum all the controls and instructions are in German.

edit: oh and I just remembered. In the download status bar there was some kind of crap like it was trying to download something. I killed the browser and ran a virus scan as quickly as possible so I don't remember the site or what any of the download thingies were.

Scan came up clean but it is weird.

edit2: come to think of it, I think it was just some stuff in the status bar. Nothing downloaded. Just seems strange.

More replies
Answer Match 52.92%

I downloaded Imgburn and installed, without antivirus software installed. Got bombed with adware,tried to uninstall, the allow this program to make changes to the computer box came up, I clicked yes on at least one. I then realized that was probably a bad idea, and used Revouninstall.
 
I ran AVG, malware bytes anti-malware,adwcleaner, and hitman.
 
I then tried to download a different cdburner. AVG caught something, I ran adwcleaner, and when I restarted, the internet didn't work. So I couldn't use hitman and malwarebytes.  It seemed like I was in as a different use with more permissions. It took a long time to reboot. Fortunately,  I was able to use hitmans reset point to get internet function back. I also uninstalled a lot of these programs, since more than antivirus can cause problems
 
I also ran Zemana anti malware and reset chrome.So that's about what happened.
 
Mostly it seems ok, but I wanted to see if I was clean. I haven't used the machine much, though, it was late last night when I did a lot of this.
 
Thanks in advance
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-10-2015 02
Ran by Weber (administrator) on WEBER-PC (25-10-2015 14:49:04)
Running from C:\Users\Weber\Downloads
Loaded Profiles: Weber (Available Profiles: Weber)
Platform: Windows 7 Ultimate (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery S... Read more

A:Downloaded Imgburn,other, from site, Uninstalled Play thru Player, etc.

Hello CPU_HDD,my name is Jo and I will help you with your computer problems.Please follow these guidelines:Logs can take a while to research, so please be patient.Read and follow the instructions in the sequence they are posted.print or copy & save instructions.back up all your private data / important files on another (external) drive before using our tools.Do not install / uninstall any applications, unless otherwise instructed.Use only that tools you have been instructed to use.Copy and Paste the log files inside your post, unless otherwise instructed.Ask for clarification, if you have any questions. Stay with this topic til you get the all clean post.My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.***Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.Vista / Windows 7/8 users right-click and select Run As Administrator.A Notepad document should open automatically called checkup.txt; please post the contents of that document.***Please download Malwarebytes Anti-Rootkit and save it to your desktop.Be sure to print out and follow the instructions provided on that same page.Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.Scan your system for malwareWith some infections, you may see two messages boxes.'Coul... Read more

29 more replies
Answer Match 52.5%

All security companies and researchers spend a massive amount of time documenting and alerting about phishing scams, malware attacks and delivery methods. It is a constant catch up where the ?good guys? are 1 or 2 steps behind the ?bad guys? and unlike the movies, the guy in the white hat doesn?t always come out the winner.

The bad actors always find a way to stay one step ahead. This is especially true with phishing and they continually innovate and find methods to deliver their ?product ? to you.

A phishing attack needs an initial approach to the victim, normally an email saying something like ? update your bank or PayPal account? like these examples:
read more:
http://myonlinesecurity.co.uk/phishing-malware-and-the-abuse-of-legitimate-services/
 

More replies
Answer Match 52.5%

Started with redirects. Then I ran Hitman and it found a random, 7-letter exe file in system32. However, once it is removed, a new one replaces it seconds later. Now websites start putting up a phishing form that you have to fill out to access the sites that asks for credit card number, social security number, name, address, etc. I can't use these sites until I get rid of this thing. I downloaded Microsoft Security Essentials and ran that and it immediately placed the file in "Excluded files and locations." When I removed it, it got flagged as a Trojan, but then a new file just immediately replaced it in the folder, and the "Excluded files and locations." Have no idea what else I can do to get rid of this thing, but am desperate to do so as soon as possible so I can use my banking sites again.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 10.5.1
Run by Jonathan at 13:52:33 on 2012-09-13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3071.1505 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
... Read more

A:Redirects, Websites Phishing, Respawning Malware

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the ... Read more

35 more replies
Answer Match 52.5%

Seems like a zero hour threat, widespread here in the UK. I received this at 1159am today. Ocado is a very popular online shopping delivery service based here in UK.
Already been confirmed as a threat
 
Am trying to post a snipped copy of the email, but having difficulties uploading
 
http://sanesecurity.blogspot.co.uk/2015/10/your-receipt-for-todays-ocado-delivery.html

A:19.10.2015 Email Phishing Scam/malware UK

robby501, Would you be able and allowed to post the headers of the email using bbcode such as the example below? hello world!This code is written by using the following in the source code view.[code=auto:0]hello world![/code]

3 more replies
Answer Match 52.5%

http://www.downloadsquad.com/2010/0...-beware-malware-tries-and-succeeds-to-extort/
Now they are holding pirates up with a fake lawsuit notice...


http://torrentfreak.com/malware-extort-cash-from-bittorrent-users-100411/

ICCP Foundation claims to be an international company operating out of Switzerland. They say they are &#8220;committed to promoting the cultural and economic benefits of copyright&#8221; while assisting their partners to fight &#8220;copyright theft around the world&#8221;.

In fact what they really do is operate a scam to extort money from BitTorrent users....Click to expand...
 

A:New Phishing malware targets Torrent users

11 more replies
Answer Match 52.08%

Popup ad audio is heard even when browers are closed. One look on the task mangager shows several instances of Google Crome (which I never use and appear to be the source of the popup ad audio) being used and taking up a majority of the CPU. When I open a new window an extra one pops up with an ad.
 
DDS LOG FILE
 
 
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6001.18000  BrowserJavaVersion: 10.21.2
Run by trace at 12:34:03 on 2013-10-20
Microsoft® Windows Vista™ Ultimate   6.0.6001.1.1252.1.1033.18.1918.364 [GMT -4:00]
.
AV: avast! antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: avast! antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Progra... Read more

A:Family member downloaded nasty bug on livestreaming site. (more inside)

Please do this next:  You have more than one antivirus (AV) program running.  Your logs show both avast! and Avira running.  Running more than one AV program does not offer any more protection and often causes conflicts and slow downs with your computer.  Please remove one of the AV applications via Control Panel > Programs > Uninstall a program.  Download TDSSKiller.zip and extract TDSSKiller.exe to your desktop
Execute TDSSKiller.exe by doubleclicking on it.
when the window opens, click on Change Parameters
under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
click OK
Press Start Scan
If Malicious objects are found then ensure Cure is selected.  Important - If there is no option to "Cure" it is critical that you select "Skip"
Then click Continue > Reboot now
Once complete, a log will be produced in c:\. It will be named for example, TDSSKiller.2.7.1.0_19.01.2012_17.24.26_log.txt
Post that log, please.
Please include the following in your next post:
TDSSKiller log
 

21 more replies
Answer Match 52.08%

these are the instructions I followed:Uninstall itclick on this link ? and then select run.http://www.malwarebytes.org/affiliates/2...INSTALL IT TO YOUR DESKTOP, update it, then run a full scan and remove everything it finds.some viruses will try to disable it so if malwarebytes will not start up then go into the folder it is in and rename the mbam file to XXX then double click on the file you just renamed to start it up.after you have used malwarebytes then do this on-line scan.to make sure you have nothing else hiding away.http://www.bitdefender.com/scan8/ie.htmlpreferably in safe mode with networking.it's important you install it on your desktop so you can easily get into the folder and change the name of the mbam file.and viruses do not always look on the desktop for it.OR you can try the on-line scan first.This seemed to have helped but I still can't run Malware bytes and my computer redirects websites I try to get into sometimes. I installed Norman Malware cleaner is this is what it said:Removed 5 of these ( deleted file:C:/windows\system.32\UACqfqboedxvctjti.dat)in red appeared- To many infections/an unexpected error (Please contact support):C\Windows\system32\UACqfqboedxvctjtit.dat (infected with Text/Td.ss.A)File marked for defered cleaning (reboot required) c:\windows\Temp\UAC314c.tmp(infected with W32\FakeAlert.NEUI clicked quit afer it finished scanning and it prompted me to reboot computer automatically. I ... Read more

A:The computer at work is infested with PAV. I downloaded Malware bytes anti-Malware but it still won't scan

Hello it appears you are heavily infected with rootkits. They are interfereing with removal.You need to run HJT/DDS.Please follow this guide. go and do steps 6 and 7 ,, Preparation Guide For Use Before Using Hijackthis. Then go here HijackThis Logs and Virus/Trojan/Spyware/Malware Removal ,click New Topic,give it a relevant Title and post that complete log.Let me know if it went OK.

1 more replies
Answer Match 52.08%

New wave of phishing attacks serves malware to PCs and Macs








By Ed Bott
March 23, 2012, 5:24am PDT


Summary: Malware distributors have launched a new wave of attacks aimed at taking over unpatched PCs and Macs. They look like routine messages from a bank or a social network, but instead of phishing for passwords, they?re serving up malware.


In the past few weeks, I?ve noticed an alarming increase in fraudulent email messages coming to some old, well-established email addresses of mine.


It?s not just the quantity of messages that?s noteworthy, it?s the quality as well. This particular wave of attacks includes some attacks that are frighteningly real looking. And they?re being used to serve up a toxic brew of malware to unprotected systems.


Consider these two examples of messages I received this week. The first appears to be a fraud alert from American Express:


It has all the right logos, and the wording has the same professional tone and grammatical accuracy I would expect of a legitimate communication from American Express. Unlike many phishing messages, this one made me look much more closely, and I suspect that the click-through rate was higher than most such attempts.



see full report

A:New wave of phishing attacks serves malware to PCs and Macs

I received a message from "Bank of America" on my answering machine telling me about my new account. I don't have an account with "BofA"!!

2 more replies
Answer Match 52.08%

Hello, I would realy appreciate some help with removing a tough problem from my CPU. Regardless of using IE or Mozilla, if attempt o log-on to my ebay, or banking site I getredirected or pop-up to a "confirm Identity" screen asking for my credit card, ssn, ect.I have included the required logs for your analysis (below). Thanks much in advance for the work you do helping us misarabes ***NOTE: I will leave my workstation at 3:30 CST, and not return until Monday 14MAR11 at 07:30Kind regards, BodeBookSmartsDDS.txt.DDS (Ver_11-03-05.01) - NTFSx86 Run by rclitherow at 12:20:34.94 on Fri 03/11/2011Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.1321 [GMT -6:00].AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}.============== Running Processes ===============.C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exesvchost.exesvchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\syst... Read more

A:Phishing/Malware: Banking info screen appears

Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far. Upon completing the steps below another staff member will review your topic an do their best to resolve your issues. If you have already posted a DDS log, please do so again, as your situation may have changed. Use the 'Add Reply' and add the new log to this thread. Thanks and again sorry for the delay. We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scr DDS.pifDouble click on the DDS icon, allow it to run. A small box will open, with an explaination about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that... Read more

24 more replies
Answer Match 51.66%

I see a lot of these things started happening yesterday. Unfortunately, It also attacked my computer. Since i can't find a reliable straight answer and i understand because it's still a new kind of Virus, I'ma take chances and ask for help here because it's really affecting my computer.There's alot of problems:First let me throw it out there i have IE7.So let's start:1. There's 2 running iExplorers in the task manager under System so is it a malware/virus or is it normal? I use safari and not IE since it's slow. Haven't used IE since 2008 or something.2. The Microsoft phishing thing. I remember before it all started, i got an error and i kinda read it and it said "Comino.exe has been terminated" Kinda thing. After then, there's been background clicking noises and advertisement.3. I did some scans and found some virus and i deleted all i can find, cleaned my temp folders, did scans. I have Malware bytes, Spybot, Avg. Although i removed all i can find, the problem still persists.Here's my DDS scanDDS (Ver_10-03-17.01) - NTFSx86 Run by at 14:33:38.35 on 07/12/2010 MonInternet Explorer: 7.0.5730.13Microsoft Windows XP Professional 5.1.2600.3.932.81.1033.18.510.37 [GMT -5:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunch... Read more

A:Microsoft Phishing Popup/Sound/iExplore Malware Virus

Hello EelaiiWelcome to BleepingComputer ==========================Download OTL to your desktop.Double click on OTL to run it. When the window appears, underneath Output at the top change it to Minimal Output.Under the Standard Registry box change it to All.Under Custom scan's and fixes section paste in the below in boldnetsvcs%SYSTEMDRIVE%\*.*%systemroot%\tasks\*.*%systemroot%\*. /mp /sCREATERESTOREPOINT%systemroot%\system32\*.dll /lockedfiles%systemroot%\Tasks\*.job /lockedfiles%systemroot%\System32\config\*.sav %systemroot%\system32\drivers\*.sys /90%systemroot%\system32\Spool\prtprocs\w32x86\*.dllCheck the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.====================Download the following GMER Rootkit Scanner from HereDownload the randomly named EXE file to your Desktop. Remember what its name is since it is randomly named.Double click on the new random named exe file you downloaded and run it. If prompted about the Security Warning and Unknown Publisher go ahead and click on RunIt may take a minute to load and become av... Read more

1 more replies
Answer Match 50.4%

Which Internet Security Suites or Anti-Malware will you prefer is the best in terms of "Web Browsing Protection" and why???
Thank you guys for participating and sharing your opinions
 

A:Malicious Web URL Blocking (Malware, Trojan, Rootkit, Phishing, Adware, Worm, Spyware, ... etc)

Kaspersky and Eset have very fast and great web shield.
 

35 more replies
Answer Match 49.98%

Hi!
 
I`ve downloaded and registered program but can`t find it anywhere on computer
need help

A:downloaded program

What's the program?

1 more replies
Answer Match 49.98%

I downloaded a wolf3d from utorrent it is resident on my desk top and when I click on it a command box apears and at the top it says C:\docume~1\minemi~1\desktop\wolf3d.exe. I try to delete it ands it says cannot delete wolf3d:it is being used by another person or program. Close any programsthat might be using the file and try again. here is the log from dss Deckard's System Scanner v20071014.68
Run by Mine Mine on 2008-06-13 08:00:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Mine Mine.exe) -------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:01:17 AM, on 6/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\Godlike Developers\RAM Saver Pro\ramsaverpro.exe
C:\Program Files\Spybot - Search & D... Read more

A:downloaded program

Thanks but i figured it out myself. Just took me a while to figure it out after being up for almost 48 hours. Brain wasn't functioning. But I got it.

1 more replies
Answer Match 49.98%

i want to make sure i have no more spyware and that i dont have a virus. i downloaded a program from my nephew and it caused my puter to run up and down up to 100% cpu. when trying to fix this problem i downloaded some applications: hijack this, malwarbytes, and a couple other... i also want to make sure that i dont have too much spyware/antivirus software that will compete with each other. i am new to the internet and i ask in advance to please forgive me if i did not explain my prob correctly. i read all the facts and followed the instr. for this post. hope i did so correctly.Logfile of random's system information tool 1.04 (written by random/random)Run by Valentin Bernacho at 2008-12-15 04:39:43Microsoft Windows XP Home Edition Service Pack 3System drive C: has 32 GB (46%) free of 68 GBTotal RAM: 502 MB (19% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 04:39:48 a.m., on 15/12/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18241)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exeC:\Program Files\Java\jre6\bin\jqs.... Read more

A:downloaded a program that used 100% cpu

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable a... Read more

2 more replies
Answer Match 49.98%

I bought Easy Hi Qrecorder program a few years ago. It worked fine. I had to re-download to a new computer as the other had crashed.

I use XP home edition.The Easy Hi Q recorder is reputable, from Roemer Software. I redownloaded it to the next computer which had been recently cleaned out of my son's user account and all his programs and files.

The Easy Hi Q downloads fine and installs. But when I click on the execute file to start it, I get "DWGTrueView 2010 wanting to install instead, which was part of an Autocad program my son had, for mapping. I can't seem to get rid of this mix up. Then of course it can't find the "source" file from that autocad program since it has been deleted for months. I also tried a clean disk and defragmented after deleting all my sons files.
I just want my Easy Hi Q recorder to work properly and open up.

I just tried an XP repair using the XP disk. Still no change. And it took all afternoon to do this.
 

A:Downloaded program comes up as another

Hiya and welcome to Tech Support Guy

Sorry for the lateness in a reply, but these forums are very busy

Are you still having this problem? If so, it may not be virus related, but we can have a look just in case:

can you do the following:

http://forums.techguy.org/virus-other-malware-removal/943214-everyone-must-read-before-posting.html

Regards

eddie
 

1 more replies
Answer Match 49.14%

Hi

may i ask you why my legit windows 8.1 pro 64bit full updated doesn't warn me anymore when i run a program downloaded form the net ?

for example if i download a program like process hacker under w7 i have a window like this
under w8.1 i haven't it
and i have never changed any settings

thanks

A:why no warning when i run a program downloaded ?

Windows 8 uses the SmartScreen filter to perform an application reputation check, and it now does system wide (not just when downloading programs with Internet Explorer like it did before).






In Windows 7 when launching these downloaded applications, you get the following notification:


In Windows 8, SmartScreen will only notify you when you run an application that has not yet established a reputation and therefore is a higher risk:


The user experience for applications with an established reputation is simple and clean: you just click and run, removing the prompt you would have seen in Windows 7.




Source: Scroll down to "Microsoft SmartScreen for Internet Explorer and now for Windows too":
Protecting you from malware - Building Windows 8 - Site Home - MSDN Blogs

8 more replies
Answer Match 49.14%

I tried to install the free version of Spamfighter, but when it came to activation I got a message saying it was impossible to connect to the server and to check my connections which are good. I tried another similar type program called Bullguard and got the same result. I ran anti virus programs and tried again without success. I then tried a cd burner program, and had no problem installing and running the app. I am running xp pro sp3. Any ideas?

A:Activate downloaded program

Why...did you decide to try to install malware-defense programs...at this time?

What other such programs (e.g., firewall, AV, etc.) are currently installed on your system?

What is the link from which you downloaded said program?

Can you go to Windows Update and successfully check for critical updates?

Louis

1 more replies
Answer Match 49.14%

I need help with trying to load a google earth and Itunes on to my computer.When I download the programs on to my laptop then double click on the icons to download the program it start up going through it`s normal process but then the process stops and a message comes up which says:

THIS INSTALLATION PACKAGE COULD NOT BE OPENED-VERIFY THAT THE PACKAGE EXISTS AND THAT YOU CAN ACCESS IT, OR CONTACT THE APPLICATION VENDOR TO VERIFY THAT THIS IS A VALID WINDOWS INSTALLER PACKAGE

I have downloaded both program on a different computer then saved it to cd but even this did not work it came up with the same message

A:Can Not Load Program That Is Downloaded From The Net

With Vista it's a good idea to right click on the installer and select "Run as administrator".

I've installed the latest version of iTunes on several computers without any problems.
Google Earth, OTOH, fought me tooth and nail before I got it installed - not a real pleasant experience. It took a lot of googling to get it to work correctly!

5 more replies
Answer Match 49.14%

Hi guys, I downloaded a torrent program and it had imbeded spyware. I uninstalled it again but i'm not sure that I got rid of the extra spyware.
I am running vista

Here's my log :
Logfile of HijackThis v1.99.1
Scan saved at 1:14:19 PM, on 2/02/2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Toddler Keys\Toddler Keys.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Lindsay\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = htt... Read more

A:Downloaded program with spyware

I dont see any signs of malware in the log.Its fine.

1 more replies
Answer Match 49.14%

I have a Downloaded Program File entry, that has "unknown status", no creation date, and it says "none" under Last Accessed.

It does claim to be 4kb's in size.

This program file has no name, but instead, is a grouping of numbers and letters, all enclosed in parenthese..{}.

Highlighting it, and right clicking it only brings up the properties of the entry.

It cannot be deleted either from the keyboard, or from the menu...File>delete..Edit>cut.

The properties of this entry show it to be an Active X control, (with no creation date, no access date and no status. It does not appear to be damaged...it does not say that there are any damaged files associated with it).

I dont feel comfortable giving you the codebase http address, because Im not sure if it turns into a link that anyone can access. But I will tell you that it includes the words; fpdownload, macromedia, polarbear, ultrashim.cab

Using my search bar to go to that location brings me to a folder, with an apparent program that has yet to be installed.

There are 3 icons in this cab folder...a .dll icon, a configuration/notepad icon with the name "erma", and the remaining icon is an INSTALL icon.

Clicking on any of these icons brings up a command to "extract", or copy.

I do vaguely remember going to macromedia.com, (adobe.com) a couple of weeks ago, and downloading and installing the adobe flash player and the shockwave player. I seem to remember that when I first began us... Read more

A:Downloaded Program Files,

http://www.sophos.com/security/blog/2008/02/1075.htmlQUOTE SOPHOS:"Ultrashim.cab is normally a valid Macromedia Flash filename, and is a very good example of why you can?t trust files based on name alone. It?s pointed to in a similar way to last time so that it appears that Flash is asking you to download an update. But don?t be fooled, you definitely don?t want this ?update?."Submit it to jotti's virusscan or virustotal.com. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis. Post back with the results.http://virusscan.jotti.org/http://www.virustotal.com/metodos.html

3 more replies
Answer Match 49.14%

Hi. I have downloaded a legal program but don't understand how to install it. The instructions said to extract the rar file which I've done but no joy. The instructions seem to assume some knowledge! I have the following files: an nfo file, 21 files named *.r00, *.r01 etc, an sfv file and a rar file which I have extracted...there are now a bin file and a cue file in an extracted files folder. What on earth do I do next? Please can someone help me with step by step instructions for a complete dummy !! Thanks.
 

A:Installing a downloaded program

Hello Rubi. I am a little confused with what kind of file you want help with so I am providing the instructions regarding the *.bin and *.cue files.

How Do I Use or Open Bin, Cue, or ISO Files?

If you are looking for instructions on extracting the *.rar and *.r01 files, then please go here.

Hope that helps.

-- Goku
 

3 more replies
Answer Match 49.14%

Hi,

In Internet Explorer, when I look at:
Tools->Internet Options->General Tab, Browsing History, Settings->View Objects
a window pops up titled C:\WINDOWS\Downloaded Program Files. I came across this while trying to resolve another problem....which will be in another post and has nothing to do with this post.

The status of one of the files is "Damaged" and I have no idea if it should be deleted and reinstalled or deleted and not reinstalled, or just left alone. It also states the install date was on 4/29/05 (which would be before I purchased this HP Pavilion laptop--I purchased it after September 2005). The last access date for the program states today, 12/7/07.
Here is the program file description:
{49232000-16E4-426C-A231-62846947304B}
Under Properties is the following info:
ActiveX Control
80KB
Status: Damaged
Code Base: http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab

Would this damaged program be affecting the performance of my laptop? Since it's been installed since I've owned it, I wouldn't know if the performance is slower than it should be or not, or why the laptop is accessing a damaged file (and what happens when it does access this damaged file???)

Any info would be greatly appreciated....
 

A:Damaged Downloaded Program---what to do?

9 more replies
Answer Match 49.14%

Currently having issues with recent internet download program removals.
The weather channel desktop 6 when attempting to remove in 'add or remove programs' I get the following message: wise uninstall
Could not open INSTALL.LOG file.
Another issue with:
Play 7 Wonders 2 in 'add or remove programs' the following popup appears - Fatal Error! Missing required resource!
Try to reinstall EXEtender.exe from your service providers website.
Reinstallation is not going anywhere with these two programs
Unsure where these programs came from, if they are safe downloads or what kind of junk they carry with them, but I am not having much luck in removing them.
Laptop specs as follows:
Dell Latitude D630 X-86 based PC running windows xp pro service pack 3 build 2600
Anyone know how I can get past this problem?
Charlie

A:Downloaded Program Removals

Hi Charlie -Try these few programs first, also list your Antivirus and any other Antimalware programs you use -Please download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Delete.Confirm each time with Ok.Your computer will be rebooted automatically. A text file will open after the restart.Please post the content of that logfile with your next answer.You can find the logfile at C:\AdwCleaner[S1].txt as well.Please download Junkware Removal Tool to your desktopJunkware Removal Tool by thisisu•You may need to shut down your protection software now to avoid potential conflicts.•Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.•The tool will open and start scanning your system.•Please be patient as this can take a while to complete depending on your system's specifications.•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.•Post the contents of JRT.txt into your next message.Also try to find the program via Windows Explorer under your C: drive or Installed Programs and Right Click delete it there -Thanks -

7 more replies
Answer Match 49.14%

i recently downloaded a program which i now want to remove. it gave me an uninstall option which when clicked brings up a blank window and nothing happens. when i try to uninstall through the control panel the same blank window appears.

Any suggestions?
 

A:removing a downloaded program

10 more replies
Answer Match 49.14%

I use a program (downloaded from the internet) which has become a problem.
It has been OK, but when I updated it to the newer version, it made my startup and shutdown, real slow.
I have uninstalled the program and wiped all traces of it.
My PC then ran as fast as new.
Am I allowed, in this Forum, to say the name of the program?

A:Downloaded program is problematic

I'd say so? Would help us to identify any common problems with said program. Maybe when you installed the new version, it added itself to the programs that start on boot. Could be something there.

9 more replies
Answer Match 49.14%

I have two programs in this folder , one of which is my antivirus(norton) and the other is Download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab. I ran an hijack this log about a week ago and it did not show up on the log. Ikeep a log to compare readings, this scan it showed up on the hjt log. Are these programs already installed and can be deleted from the folder?
 

A:Downloaded program files?

The Norton one will be your update ActiveX,
The Flash is macromedia ActiveX control.

Both can be deleted,

However when you next update Norton it will be reinstalled, and by deleting the shockwave control will mean you will not be able to view some websites properly

Both are legitimate controls and can be safely left on your system
 

1 more replies
Answer Match 49.14%

i have tried to download some anti virus software from CNET and half way through a window pops up asking me which program i want to use to run the software - i have no idea - help
 

A:which program to use to run downloaded software

apologies - more specifically - i am trying to run a piece of software downloaded from microsoft called microsoft security essential - a window pops up asking me to "choose which program you want to use to open this file" - help !
 

2 more replies
Answer Match 49.14%

called mgi video wave, it was a trial demo. Well now the trial is up, I rarely used it, I'm a newbie so can someone tell me how I get rid of the program and all its files? Since it was a trial demo if I decide to try it again at a later date, can I download the free trial again? Thanks for any suggestions....Cindoo
Hope I put this post in the right place.
 

A:(Solved) Downloaded a program

7 more replies
Answer Match 49.14%

I downloaded a program from what appeared to be a trusted site, but it seems to have infected my computer. It keeps redirecting me when I'm on in chrome and it shuts it down sometimes. Any help would be appreciated. Thank you.

A:I downloaded a program that seems to be adware

Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.* Double-click mbam-setup.exe and follow the prompts to install the program.* At the end, be sure a checkmark is placed next to Update Malwarebytes' Ant... Read more

23 more replies
Answer Match 49.14%

I downloaded Norton Internet Security from the Net. Tried to install it but ran into a problem so I want to do an XP Home System Restore to a date earlier than the download. Doing so will lose all the recent downloaded Internet files so I need to find the NIS download file and burn it to CD before doing the restore. The desktop icon properties show the path but Windows Explorer only shows four temporary Internet folders, I think it creates new ones for each session, and I cannot find earlier ones. I've tried "show hidden files" but without success and have run a search in Explorer as well.

Any suggestions on how I can find older downloaded Internet files?

A:Where does IE6 put the downloaded program files?

Where the download is saved depends on your browser settings and whether you selected a folder at the time.
If you can remember the name of the downloaded file (or part of it) you can do a search for that file. If you cannot remember go back to the download site and follow the links to download and at some stage the filename will be visible.

4 more replies
Answer Match 49.14%

hello team i notice i have some damaged downloaded program files. Please see attachment. Is there anything i can delete there, and what can i do to fix the damaged ones? Im always trying to clean up unneccessary files, and programs etc. I dont know much but remember the list there was smaller. I do have 2 screenshots from the past if needed but this list got big quick, and seems to have lotsa damaged files?

A:Downloaded program files

You will need to be more specific as to what program this is in reference to .
Also if you could supply the other screen shots that would be of help also.

cheers

11 more replies
Answer Match 49.14%

Hi I have just started using windows 10 on a new PC. I have tried to download an anti virus program. It downloads and installs (well it appears to) but the program is not there when finished. Not in the programs lists or on 'remove programs' either. I cant find any way of searching the PC like I did in XP or Vista 'search for all files and folders'. Is this option still there hidden away to make things more difficult? I am at the end of my tether with this. Any help would be appreciated thanks.

A:missing downloaded program.

.Did your new pc come with an antivirus already installed
Also check as Windows Defender might already be activated and windows firewall may be blocking it

0 more replies
Answer Match 48.72%

My computers are both running Win 7 64-bit. I am thoroughly confused when it comes to placing programs that I download into their proper folders: That is, program files (x86) vs program files. I have read stuff on this, but still confused. for the most part, even when a dl'd program suggests being installed into PF, I, for whatever reason, place it into PF (x86). Although I have read that placing the program into the wrong folder may cause the program not to work properly, so far I have not had this problem...nor any other problems that I am aware of. Could someone please set me straight on this issue?

A:Program Files or Program Files (x86)-Where to place downloaded program

I let the installer put it where it is supposed to.

If I trust the software I trust they know best where it should be installed/placed.

If I can't trust the software maker why am I downloading/installing their program?

4 more replies
Answer Match 48.72%

first of all if i am in the wrong section , my apoligies.if you could tell me the correct section, i will delete and repost. Also i have a post already on games not working,if the two are linked, i will also remove this post.

My question is do i need to delete and replace the damaged programsand how.

Or can i just delete them.


my problem is as follows,
start/control panel/internet properties/browse history/settings/downloaded program files.

creative software autoupdate: damaged
creative software autoupdate support package: damaged
get_atlom class: damaged
MUWebcontrol class: installed
NVIDIA smart scan: damaged
System requirments lab class: damaged
Trend Micro activex scan agent 6.6:installed
Windows live safety center base module: damaged
WUWEB control class: installed

A:Downloaded program files damaged

Hello and welcome to TSF

Sorry for the long delay to answer your thread, we have been very busy lately

This looks like failed ActiveX downlaods too me

Please tyr this

Open up Internet Explore, click Tools, Internet Options, click on the tab Security and underneath 'Security Level for this Zone' put it on Medium.
Then click on the tab Privacy and under 'settings' put it on Medium. Click Apply then Ok.

1 more replies
Answer Match 48.72%

I only do what the voices in my head tell me to do...Click to expand...



All of the Downloaded Program Files on my WinXP were listed as "damaged". So... I went off road and just simply deleted the file...the Downloaded Programs File, not each seperate file, as I had some type of error when I tried to do so, I believe something about the file was being used somewhere else, to close everything and try again, but would not delete no matter what I closed down.

Now, go figure, there is no longer a Downloaded Program File on the system.

My question is...does this return when there are new files that are downloaded for use? Or???? This is sounding more and more like an X-Files case...should have not cancelled the show!

Thanx for your time and help!! Hopefully I will get it some day!!
 

More replies
Answer Match 48.72%

Hi All,

Win7Pro.

I'm using Blink Personal antivirus. Blink uses a program called "SyncItGUI" to download updates for Blink. I'm using the MS Resource Monitor and its showing that SyncItGUI is downloading a lot of data. I live in India so I have limited bandwidth. Is there a tool that will log how much total SyncItGUI is downloading? It runs in the background. The Resource Monitor just shows the current rate of download (i.e. the download speed). I want to know how much it downloads in total. Any tools can do this? I did an internet search and didn't find anything. I also looked at the Windows logs and didn't find anything. Thanks,

Advait

A:Tool to log how much total a program has downloaded?

NetLimiter - The Ultimate Bandwidth Shaper

I've never tried it, just saw it on lifehacker and noticed it does provide info for individual applications.

2 more replies
Answer Match 48.72%

My wife has her separate user account in Windows 10 and I have mine. She needed to download Jobulator for her work. It asked for my password since I am listed as administrator. While she was signed on her account via Windows 10, she downloaded Jobulator. Now, when I sign on to my account I see her program listed and sitting on my screen. It stays on top of other windows and in reality I don't need or require the program. If I delete if from my main Windows screen will it delete it from her use? Thanks for the help.
 

More replies
Answer Match 48.72%

Installation support file version 2007,11,28 in the Downloaded Program Files has been damaged, due to which my pc is showing unexpected errors, is there any way to solve this problem..
should i delete it or do something else, kindly help me..

A:damaged downloaded Program Files

Installation support file has been damaged, version 2007,11,28,1
Program file\yahoo\common\Yinsthelper.dll
due to this i am not able to install yahoo messenger and my pc is also showing some unexpected problems..
kindly help me..

1 more replies
Answer Match 48.72%

Hello,
While searching for programs/files to remove that I no longer use I opened my downloaded Programs file and found "Adult Links". (Yes my husband visits those sites) Anyhow, when I try to remove it, a box comes up with the following: "These program files are currently being used by one or more programs. Please close some programs and try again. You may have to restart Windows" I closed all programs except "Explorer and systray" and restarted, but it just won't go away. I've been trying for a couple of weeks now. Also if someone knows how to remove it, could there possibly be a way to block it from coming back?

I'd really appreciate any and all suggestions.
Thank you
Yvonne
 

A:Cannot remove a downloaded file/program

Post the scan log from HijackThis
Unzip somewhere to keep and run hijackthis.exe - press Scan - the Scan button changes to a Save Log button
Save, and then copy and paste the entire log here.
Dont' choose to fix anything yet - most entries will be harmless
 

1 more replies
Answer Match 48.72%

Good evening everyone---

First, I will state that I'm using WinXP Home and IE6...

I was wondering if anyone could please tell me how to get the files within the C:\Windows\Downloaded Program Files folder to appear? It used to display all the active x controls and plugins that I had downloaded, but now it shows zero items? However when I right click on the folder and choose properties it says it contains 6 files. They also do not appear under add/remove programs in control panel.

I would like to get these files to appear, so that I can right click on them and choose the remove option.

If it isn't possible to get these items to appear, is there some command I can execute in order to remove/unregister these active x controls/plugins?

Much Thanks in advance!
 

A:Removing Downloaded Program Files?

8 more replies
Answer Match 48.72%

Hi,
I'm following the directions for removing the locked computer ransomware which says I need to download the appropriate version of Hitmanpro for the machine it will be used to repair.  I'm downloading it onto my good 64 bit machine so I can get it onto a USB drive as indicated.  Unfortunately, when I download the 32 bit version and try to run it so I can do that, I get an error message that the program has detected my machine is 64 bit, and I must go back to their website and download the "correct" 64 bit version.  Is there any way around this?

A:Hitmanpro won't let me use 32 bit program downloaded to 64 bit machine

You went here
http://www.bleepingcomputer.com/download/hitmanpro/
Download 32 bit.. SAVE it
copy that to the USB
Now insert that into the 32 machine and run it.

1 more replies
Answer Match 48.72%

I have a Downloaded Program File entry, that has "unknown status", no creation date, and it says "none" under Last Accessed.
It does claim to be 4kb's in size.

This program file has no name, but instead, is a grouping of numbers and letters, all enclosed in parenthese..{}.

Highlighting it, and right clicking it only brings up the properties of the entry.

It cannot be deleted either from the keyboard, or from the menu...File>delete..Edit>cut.

The properties of this entry show it to be an Active X control, (with no creation date, no access date and no status. It does not appear to be damaged...it does not say that there are any damaged files associated with it).
The "codebase" has an entry that I cannot put in here because it give access to my computer, and this program, (I think.)
Using my search bar to go to that location brings me to a folder, with an apparent program that has yet to be installed.

There are 3 icons in this cab folder...a .dll icon, a configuration/notepad icon with the name "erma", and the remaining icon is an INSTALL icon.
Clicking on any of these icons brings up a command to "extract", or copy.

I do vaguely remember going to macromedia.com, (adobe.com) a couple of weeks ago, and downloading and installing the adobe flash player and the shockwave player. I seem to remember that when I first began using my new computer with the vista OS, that these needed to be updated or installed to run so... Read more

More replies
Answer Match 48.72%

Hi.
I have an HP Pavilion running Vista home premium.

When I am cleaning my computer out at the end of the day, I open up internet options and "veiw objects", which brings up my DOWNLOADED PROGRAM FILES folder.

In there are 3 or 4 active x files.

But 1 in particular has a status of DAMAGED.

Vista is different in that I cannot just delete this damaged file, like I could in XP, or in earlier windows versions.

All I can do is right click it, which brings up a "properties" link.

This damaged file is an active x file, and the "code base" reads like this:

http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp dot cab (I changed this to read 'dot com' because it appears to be a direct hyperlink to my computers files...and I dont know if anyone could click on this and open my files...so, i added the dot com)

The link takes me to a gp[1] file that looks like it originates from my adobe illustrator installation, and inside this file are several Adobe GetPlus application files, a .dll and a .ocx active x file.

Here is the explorer folder trail to this GetPlus folder that is apparently corrupted.

(Razzell2)Computer>AdobeIllustrator>AppData>Local>Microsoft>Windows>
Temporary Internet Files>Low>Content IE.5>PO6ALQ9S>gp[1] (which appears to be a cab file, as it has that icon that looks like a two drawer blue file cabinet with the bottom drawer half open).

This thing was created 11/2006, but I cannot remember if tha... Read more

A:Downloaded Program Files, Damaged

Get KILLBOX.EXE at http://killbox.net/
 

2 more replies
Answer Match 48.72%

Hi
I have a desk top PC with Windows XP SP3 and use IE 8. When I clicked on Tools> Internet Options.>General Tab>Browsing History>Settings and then View Objects I found there were 17 entries with one dating back to 2005. Some entries are associated with programs that have long since been removed. Of the 17 files listed 10 were shown as "Installed" in the Status column while 6 were shown as"Damaged" and 1 as "Unknown".
Some of the "Damaged " files have either "none" in terms of size or "none" shown as a creation date.
Can anyone tell me whether or not it is safe to delete these entries?
I would appreciate any advice
Thank you.
NONIC

A:C:\WINDOWS\Downloaded Program Files

Hi -Have you attempted to go - Start > Programs > Accessories > System Tools > Disk Cleanup ?? Wait while it loads (can take a few minutes)Tick the boxes in there and click OK > OK - This removes many older built up files Now run Defrag (also in the same area System Tools) and see if many are removed -

11 more replies
Answer Match 48.72%

HELLO,
MY PROBLEM, WHICH COULD BE CHALLENGING.
I PURCHASED KASPERSKY INTERNET SECURITY 2010. IT DOWNLOADS BUT IT WILL NOT INSTALL. AFTER I GO THROUGH THE CONTRACTS A WINDOW SHOWS UP HEADED INSTALLMENT IN PROGRESS, AND BELOW THAT IT SAYS The PROGRAM FEATURES YOU SELECTED ARE BEING INSTALLED. A BAR CHART IN THE WINDOW SHOWS THE PROGRESS. wHEN THE BARGRAPH IS AT MAX, THE PROGRAM LOCKS UP CANT SHUT IT IUFF, IHADD TO TAKE THE BATTERY OUY FOR A FEW SECONDS SO THAT I COULD REBOOT. A KASPERSKY TECH SENT ME SEVERAL LINKS THAT HE WANTED TO LOK AY BUT AFTER GOING IN CIRCLES HE SAID IT IS A MICROSOFT ISSUE, I PAID $90 ON THAT PROGRAM, BUT I THOUGHT OF YOU GUYS BEFORE I REQEST MY MONEY BACK, CAN YOU HELP? I AM ON STRESS LEAVE FROM WORK AND I AM STILL RECOVERING 4 HRS AFTER DEALING WIRH THAT TECH. HE CONFUSED THE HELL OUY OF ME.
ROGER NORTHALL
 

A:Solved: Cant install program downloaded off the net

10 more replies
Answer Match 48.72%

Running down a dream....Click to expand...


I have "Damaged" downloaded program files, all of them at this status. What the heck could cause this? And what are these files in the first place? I have copied them prior to this damaged thing, on floppy disks. Do not know what the heck to do with the copies, but have them.
1-What are these "downloaded program files" and what do they mean to me, my system?
2-What could have caused them all to show as "damaged" in the status of each file? How do I figure out what caused this so it does not repeat itself? (had only 1 prob that day, with install of Microsoft updates?). Really think I should find out if I did something naughty that system did not approve of, so I can apologize to it and fix it up so it is happy with me again.
3-How do I use the copies of these files, if I need to, and do the "out with the old, in with the new" dance...how do I install the new files back into the system and get the damaged ones out?
Thanx for you help, again...have a great day!!
 

A:Damaged Downloaded Program Files?? What's this all about??

Downloaded program files are ActiveX controls and Java programs that are downloaded automatically from the Internet when viewing certain pages. They are temporarily stored in the Downloaded Program Files folder on your hard disk.

These can include perfectly legitimate applications, like Macromedia Flash player, Quicktime player, the Google toolbar installer, and the like, but also spyware.

The best way to view them is as follows:

Go to Internet Options > Temp Internet Files > Settings > Show Objects.

If any of them are damaged, right click them, and choose Remove from the context menu.

You'll just be prompted to download them again whenever Windows or an application needs them.

Cheers,
 

1 more replies
Answer Match 48.72%

hey whats up guys, i recently stumbled across a virus scanner on the internet that told me i had viruses on my computer and so i followed the instructions and it ended with "you have 20 viruses on your pc, please buy me now to get rid of them for only 69.99" and i was like uh no thanks already have a virus scanner. now this program will NOT GO AWAY, i cant get rid of it and its DRIVING ME F-ING CRAZY. it just keeps popping up and now i cant even pull up my ctrl alt delete end process thing. someone please HELP this thing is driving me CRAZY!!!!!!!!!! (pulls out all hair) i tried to download the hijackthis thing and post it but it wont even let me do that HEEEELP !!!!!!!!!!!
 

A:downloaded program locked down pc and wont go away HELP!!

bump
 

3 more replies
Answer Match 48.72%

Hi..I'm looking for some advice here..I cannot remove a program that was downloaded from bearshare. I've tried restarting in safe mode, going into deleting the program, but it keeps asking me to insert the disk I originally downloaded from--and I don't have it.

A:Can't Remove Program Downloaded From Bearshare

Short Answer: Download, install, and use the trial version of Uninstall Plus! You can download it from HERE. This program can often succeed at uninstalling programs that otherwise are stubborn to remove.Long Answer: Using peer to peer websites is one of the top ways computers get infected. You have to ask yourself "Why would someone give me something of value (such as music) for free?" The answer is that bundled with the free something is a malicious something that you don't want on your computer. My guess is that you are experiencing other buggy behavior from this computer as well. If so, chances are good that you are infected. If you believe you are infected, then consider posting a High Jack This! log in the HJT forum here at Bleeping Computer. To find out more, read the Preparation Guide found HERE. It is very important that you follow ALL of the instructions found within before actually posting the log.

2 more replies
Answer Match 48.72%

Hi.I have an HP Pavilion running Vista home premium.When I am cleaning my computer out at the end of the day, I open up internet options and "veiw objects", which brings up my DOWNLOADED PROGRAM FILES folder.In there are 3 or 4 active x files.But 1 in particular has a status of DAMAGED.Vista is different in that I cannot just delete this damaged file, like I could in XP, or in earlier windows versions.All I can do is right click it, which brings up a "properties" link.This damaged file is an active x file, and the "code base" reads like this:http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp dot cab (i did not put the . in there because it creates a hyperlink.)The link takes me to a gp[1] file that looks like it originates from my adobe reader installation, and inside this file are several Adobe GetPlus application files, a .dll and a .ocx active x file.In fact, I believe this all began with an adobe reader automatic update, that installed adobe reader from 9.0, to 9.1.I have removed, uninstalled adobe reader 9.1, and reinstalled it, and i have even installed a lower version of adobe reader (8.5, 9.0), and when I do this, the damaged file changes and is not longer damaged......until I restart my computer, or perhaps it when my browser uses an active x applilcation, I dont know.How does one remove a damaged downloaded program file from Vista?I have deleted that gp1 cab file, but I dont think that is even installed into my computer....(I really do... Read more

More replies
Answer Match 48.72%

I was looking around my PC - internet prop, settings, view objects and found many DL program files. Some are listed more than once installed, same day and version; some status unknown; some total size '0'. Surely some can be deleted - if not all - but?? Surprised the control panels add-remove does not show these programs to be installed??Esp Java runtime enviroment? Where do these programs originate from?? I know the Java program I am running is 1.5.0. updated to 6 but it does not show in this file. Even found some Symantec Script Runner Class and RuFSI Utilit Class files installed created 6/06 but I deleted all AV system a long time ago??
 

A:Solved: Downloaded Program Files

6 more replies
Answer Match 48.72%

I have a default Yoog Search in my Search Engines, i try to remove it and set it as google but it would again default to Yoog. Next thing is I just cannot run 'sybot search & destroy' and doesnt let me open any anti-malware related sites. I cant download any anti malware apps. I am just stuck. I saw a post " Win 2K hijack issue - unable to run malware apps!". I have exactly the same case on my system.

 

More replies
Answer Match 48.3%

I have used Malware bytes removal tool, Superantispyware and Hijackthis without any luck. The tools say they remove the malware but it keeps coming back. Help please!! URL I am redirected to is below.[url=http://remove-spyware201.com/scn1/?engine=%blah blah blah] DON'T GO THERE!!!!!!!!!!!!!DDS (Ver_09-12-01.01) - NTFSx86 Run by Helen.Hanson at 21:41:00.07 on Tue 29/12/2009Internet Explorer: 7.0.5730.13Microsoft Windows XP Professional 5.1.2600.2.1252.61.1033.18.3063.2270 [GMT 9.5:30]AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}============== Running Processes ===============C:\windows\system32\svchost -k DcomLaunchC:\windows\system32\svchost -k rpcssC:\windows\System32\svchost.exe -k netsvcsC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\windows\system32\svchost.exe -k NetworkServiceC:\windows\system32\svchost.exe -k LocalServiceC:\windows\system32\spoolsv.exeC:\windows\System32\SCardSvr.exeC:\windows\system32\svchost.exe -k LocalServiceC:\Program Files\Altiris\AClient\AClient.exeC:\Program Files\Altiris\Altiris Agent\aexnsagent.exeC:&#... Read more

A:Malware redirects Google search to bogus Malware site

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions... Read more

2 more replies
Answer Match 48.3%

Hello, i'm wondering if it is possible to change a open with option back to unknown application on some files. i accidentally clicked open with the picture opener and its stuck on it now. how can i revert this? step by step if possible.

Thank you.

A:How to change a file's open with program to when i first downloaded it

Go to Default Programs in Control Panel open it, select Set your Default Programs. First off you need to know the extension of this file you do not want any program to open, example, jpeg, gif..etc.. Select each program that can open this file and uncheck that extension for it, then would be back to unknown.

0 more replies
Answer Match 48.3%

So I accidentally downloaded an antivirus program that is really a virus.

It really sucks. Internet explorer refuses to work. Task manager has been disabled by the administrator. Any program that operates under windows explorer fails to run properly. This makes it very difficult to use the computer.
What exactly is wrong? Do I need to repair the registry? What if I did not make a backup?
This problem has been plaguing me for a long time. Any help would be greatly appreciated.

Kevin

A:So I accidentally downloaded an antivirus program that is really a virus.

Hello CL Smooth.

Can you tell us the name of the virus you've downloaded?

8 more replies
Answer Match 48.3%

ok here's the deal, I have vista home premium, lately the computer when starting, and sometimes during operation desktop loses icons they go into system32 folder,the program "Hulu" will not run. Also there are some important vista updates that will not install. Can anyone out there give me a little assistance...
 

More replies
Answer Match 48.3%

Hi
I have both HP Photosmart Essentials and HP Photosmart Primier. I inadvertently checked for the Essentials to always open my photos, when I really want Primier. Where do I find that list of 'open with'? I have looked everywhere. Probably in the wrong places.
Thanks for whatever help you can give.
dbl
 

A:Solved: How to change the program downloaded photos goes to

11 more replies
Answer Match 48.3%

Hi Bleeping Computer, 
 
A cracked program was installed onto my computer. I scanned my computer with malwarebytes and got rid of it, but I saw the program listed in the startup tab in the task manager menu. 
 
I disabled it, ran malwarebytes again and the anti-virus said my computer was clean. I still see the cracked program listed and am not sure if my computer is actually clean. 
 
Can you please help me determine if my computer is actually free of malware?
 
Thanks for your time

A:My friend downloaded a cracked program onto my computer

Can you find the program to uninstall from "Programs and Features" or "Add or Remove Programs"?

11 more replies