Tech Problem Aggregator

antivirus and spyware scanner shut down computer

Q: antivirus and spyware scanner shut down computer

I run Zone Alarm Internet Security Suite. Never had any problems. I also run Spyware guard. No problems there either. On a weekly basis I run, Spybot, Adaware, Hijack This, and A2 Squared. Once a month I do a Trend-Micro online scan. My computer stays clean.
Right now I can run Zone Alarm and/or Spyware Guard active protection and I can do anything I want on my computer, Internet, online games, emails, word processing, anything. As soon as I run any of the mentioned scanners, they make it haft way through and my computer shuts itself down. It powers itself off. The only thing that is different about the computer is that Dec. 26th I added a router to my desk top for my kids laptops and a USB hub 2.0. All works fine. This problem started on Dec. 27th. My computer will run fine night and day, but soon as I run a scanner, it powers down If this isn't where I should post this question please tell me where it is better suited Thanks

A: antivirus and spyware scanner shut down computer

6 more replies
Answer Match 81.06%

Hello, I was sent here from the Am I Infected Forum by garmanma. Topic referenced is here: http://www.bleepingcomputer.com/forums/t/260361/requesting-virus-help-malware-greenav-and-rootkit-etc/ ~ OBPrior to posting in that forum. I tried to run MBAM, Spybot, Spyunter. The programs would not run at all, I would get an error stating I didn't have appropriate permissions. I downloaded the DDS.scr file and tried to execute a scan. The scan screen popped open for about one second and closed....every program that I try to run will either not run at all, or if it does run, it will close a few seconds into the scan then shut down. If I try to run it again, I'll get an error saying I don't have permission to run that file.I have tried online scans from Bitdefender, Microsoft's OneCare, and one more (forgot the name)...but every online scan shuts down the entire browser. Also, on occasion I get a fake page saying that the webpage I requested has been blocked due to my infections, and links to me to a page regarding GreenAV. I could not run most of the tools in the preparation guide, even after renaming them. However, in the other forum I was able to run a couple of scans before the programs shut down. I was requested to start a new topic here and post the logs that I have. Thanks in advance:I was instructed to download "peek.bat" and run that program and also RootRepeal. The results from both are listed below:Peek.bat Log:Volume in drive C is SQ004214P01Volume Serial Number i... Read more

A:Rootkit and Spyware Problems: Antispyware/Antivirus/Rootkit Scanner programs all shut down when executed...

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

3 more replies
Answer Match 75.6%

Hi White Knights, Good Guys and Gals,

My PC was attacked, likely through Internet Explorer today, since I haven't downloaded anything. The following are is the list of Malware that XP Security Center has notified:

=email-worm.win32.netsky.q
=rootkit.win32.agent.pp
=backdoor.win32.kbot.al
=net-worm.win32.mytob.t
=net-worm.win32.dipnet.d
=virus.win32.hala.a
=trojan.downloader.js.multi.ca
=virus.win32.gpcode.ak

and Trojan Remover has identified
c:\windows\system32\vacinit.dll

and Mcafee
NTROSKRN... (rootkit trojan)

The program "Protection Systems" continues to pop up prompting me to buy along with random IExplorer bombs despite having removed it from programs. The system regularly freezes when I employ anti-malware programs.

I have attempted to use in normal and safe operating mode (Mcafee from safe command prompt)
=Mcafee VirusScan Enterprise (halts early in operation, Identifies NTROSKRN and 11 cookies)
=Stopzilla (Halts early in operation)
=Malwarebytes(fails to open even with changed name)
=Rooter Malware Finder (Eric_71) (operates results indeterminant)
=Trojan Remover (Runs. results indeterminant)

I am not in a good position to format the PC (in the wilderness).

Any advice what is preventing these malware programs from operating?

Thanks, and happy to repay the favor particularly if you like homebrew since PC wars arent my specialty!

Lookingtree

DDS (Ver_09-06-26.01) - NTFSx86
Run by Iamcomputer at 20:41:08.59 on Wed 07/15/2009... Read more

A:Unknown Attack Disables Malware Scanner/Antivirus/Spyware Scanner

Hi, lookingtree Welcome.Please read and follow all these instructions very carefully.Please download ComboFix from Here or Here to your Desktop.**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**If you are using Firefox, make sure that your download settings are as follows:Tools->Options->Main tabSet to "Always ask me where to Save the files".During the download, rename Combofix to Combo-Fix as follows:

It is important you rename Combofix during the download, but not after.Please do not rename Combofix to other names, but only to the one indicated.Close any open browsers.Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------Close any open browsers. WARNING: Combofix will disconnect your machine from the Internet as soon as it startsPlease d... Read more

2 more replies
Answer Match 63%

Deckard's System Scanner v20071014.68Run by Administrator on 2008-06-27 12:34:58Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 4 Restore Point(s) --4: 2008-06-27 16:35:07 UTC - RP11 - Deckard's System Scanner Restore Point3: 2008-06-27 15:48:31 UTC - RP10 - Removed Funhouse2: 2008-06-27 15:46:01 UTC - RP9 - Last good restore point1: 2008-06-27 15:45:43 UTC - RP8 - System CheckpointBacked up registry hives.Performed disk cleanup.Total Physical Memory: 383 MiB (512 MiB recommended).-- HijackThis (run as Administrator.exe) ---------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:39:30 PM, on 6/27/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Fi... Read more

A:Infected With-warning! Spyware Detected On Your Computer! Install An Antivirus Or Spyware Remover To Clean Your Computer

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Click Start -> Control Panel -> Add Remove Programs and uninstall this program:My Web Search (Zwinky) ==============Please download the OTMoveIt2 by OldTimer. Save it to your desktop. Please double-click OTMoveIt2.exe to run it. Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\lphc9h7j0e33t
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system\\NoDispBackgroundPage
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system\\NoDispScrSavPage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\Wallpaper
C:\WINDOWS\system32\lphc9h7j0e33t.exe
C:\WINDOWS\system32\blphc9h7j0e33t.scr
Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.Click the red Moveit! button.A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.Close OTMoveIt2If a f... Read more

2 more replies
Answer Match 63%

Hi all, my background changed to what is in the title saying Warning, spyware detected on yoru computer install antivirus or spyware to clean computer. I tried searching for solutions on google and already tried spyware doctor and spyware bot. When those didnt work I downloaded Hijackthis and ran it. The following is the long. Any help is greatly appreciated especially in layman's terms as I am not the most computer savvy. Thanks again. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:57:22 PM, on 7/18/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\ibmpmsvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Funk Software\Odyssey Client\odClientService.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Connected\AgentSrv.EXEC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\m... Read more

A:Changed Background To Warning Spyware Detected On Computer Please Install Antivirus Or Spyware To Clean Computer

Hi kb1171,First, we need to backup your registry:Please go to Start > RunPaste in the following line:regedit /e c:\registrybackup.regClick OK.It won't appear to be doing anything, that's normal.Your mouse pointer may turn to an hour glass for a minute.Please continue when it no longer has the hour glass.Registry FixPlease open up an instance of Notepad.Click on: Start, thenAll Programs, thenAccessories, thenNotepadCopy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad
REGEDIT4

[-HKEY_CURRENT_USER\Software\Classes\CLSID\{eec00589-90e6-4a27-b81f-61c7b2616351}]

[-HKEY_CURRENT_USER\Software\Classes\PROTOCOLS\Filter\text/html]Save it as "All Files" and name it RemoveFilter.reg. Let the location be your desktop.Navigate to your desktop.Double click RemoveFilter.regA window will prompt you to Merge RemoveFilter.reg with the Windows Registry, this is normal. Choose Yes/Ok.Upgrading Java:Download the latest version of Java Runtime Environment (JRE) 6 Update 7.Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".Click the "Download" button to the right.Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".Click on Continue.Click on the link to download Windows Offline Installation (jre-6u7-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun ... Read more

1 more replies
Answer Match 63%

My sister brought me her computer to fix it for her, said it was running really slow. When I first started the computer up and logged into Windows, I found a blue screen with a warning on it, "Warning Spyware Detected On Computer Please Install Antivirus Or Spyware To Clean Computer". I knew then that she had gotten some malware somewhere. I had to press ctrl-alt-delete and manually run the explorer bar, and then I got an error stating that Windows Explorer has encountered a problem and needs to close. I have been working around this and have searched the internet for ways to fix this malware problem. I have downloaded Malwarebytes' Anti-Malware and ran that, removing over 270 Trojans. But to no avail, the blue screen with the warning is still there and you still have to run explorer.exe manually. Here are my Deckard's System Scanner logs.Deckard's System Scanner v20071014.68Run by Michele McClure on 2008-07-19 12:35:38Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --55: 2008-07-19 17:36:06 UTC - RP1529 - Deckard's System Scanner Restore Point54: 2008-07-18 23:22:30 UTC - RP1528 - System Checkpoint53: 2008-07-10 18:11:37 UTC - RP1527 - System Checkpoint52: 2008-07-09 17:48:43 UTC - RP1526 - System Checkpoint51: 2008-07-08 17:18:40 UTC - RP15... Read more

A:Background Changed: 'warning Spyware Detected On Computer Please Install Antivirus Or Spyware To Clean Computer' On Blu...

Hello. I am PropagandaPanda (Panda or PP for short) and I will be helping you with your log.I will need some time to look over your computer's log(s). You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here. Please take note of a few guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself. Finally, please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if... Read more

3 more replies
Answer Match 62.58%

Hey everyone, I heard this website is great to ask question and I got a lot of help from you guys before and I can tell you know your stuff. I'm a new member just signed up because I just got a problem that I don't know how to solve.

I have Windows XP and this is a custom made computer so I don't know if that changes anything with fixing it or not. I was surfing online through some forums and then I got a little screen that popped up from my Avast virus protection and it said it found something. I usually don't read it and I usaully choose delete which worked fine up until now. After clicking on delete it would keep on reappearing saying that it found a virus. So I was guessing it I should continue pressing delete. Then a little program came up and I could tell it was a spyware or a virus so I closed it.

When I saw the name I went to add and remove programs to try and to uninstall it. I clicked on it multiple times to uninstall and it said it was succesfull but it wasn't. My screen then turned blue like the blue screen of death but I could still see the desktop and there was something written in the middle which was "Warning! Spyware detected on your computer! Install antivirus or spyware remover to clean your computer" in a box. So I decided to go into the program files and delete this program right away from the source. So I found it and it had a weird name it was like geber gaber. Once I deleted it it didn't look like it was sp... Read more

A:Warning! Spyware Detected On Your Computer! Install Antivirus Or Spyware Remover To Clean Your Computer

Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen, click on the Show Results button to see a li... Read more

11 more replies
Answer Match 62.58%

After running Ad-Aware, Avg, and HouseCall my Desktop is still hijacked. My screen will go completely blue with warning of spyware and a notice that my computer must be restarted and to press F8 to restart. I press F8 and I go back to where I was with all applications still open. I've had a green screen come up with what looked like real time typing going on. The type again says that my computer needs to shut down followed my a message about information code and then a lot of mumbo jumbo nubers and digits until I press F8 or Ctrl Alt Del.Here is my Highjack this log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:17:17 PM, on 8/19/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exeC:... Read more

A:Warning! Spyware Detected On Your Computer! Install An Antivirus Or Spyware Remover To Clean Your Computer.

I went through the reccomended scans - disk cleanup, adaware, spybot, housecall, AVG, then stinger. I've been running a scheduled scan daily with AVG. My computer is still slow. Of course this computer is old. Is that the problem or can I get a little more speed?Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:13:09 PM, on 8/29/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\lxddcoms.exeC:\Program Files\Common Files\Motive\McciCMService.exeC:\WINDOWS\system32\PSIService.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\AT&T\Internet Security Wizard\ISW.exeC:\Program Files\FastAccessDSL\HelpCenter43\bin\sprtcmd.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lexmark 2500 Series\lxddamon.exeC:\PROGRA... Read more

3 more replies
Answer Match 62.58%

I got the message "Warning! Spyware Detected On Your Computer Install An Antivirus Or Spyware remover to clean your computer" on my computer yesterday.Followed instructions provided by this site but still i can see the same problems.Find the attached Logs Produced by DSS.Any Help will be appreciated.

A:Warning! Spyware Detected On Your Computer Install An Antivirus Or Spyware Remover To Clean Your Computer

Hello gables,

Welcome to Bleeping Computer

Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea

2 more replies
Answer Match 59.64%

Hi and thanks for taking the time to review my problem.Have blue wallpaper with yellow/blue centered dialog box states "Warning! spyware detected on your computer, install an antivirus or spyware remover to clean your computer"Desktop - properties - wallpaper - show wallpaper name phcpf6j0egen. I left this and did not try to change it.Other symptoms are full page blue screens with lots of dialog about errors telling me to disable BIOS memory options etc. etc. there may be many such pages - each one different describing different errors (they change quickly so I can not write hardly anything down) then it appears to restart my computer - has windows start up screen, but I think its a fake screen - it not really restarting and I can eventually get back to my desktop, the files I have open, or the web browser.I was surfing the internet when it happened and was tweaking my kerio firewall on my three networked computers, I downloaded a pdf file and took a screenshot of my router - I may have deleted these files although they looked pretty benign to me.I ran kaspersky scan --------------------------------------------------------------------------------KASPERSKY ONLINE SCANNER 7 REPORT Monday, July 21, 2008 Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Monday, July 21, 2008 21:25:34 Records in database: 981617----------------------------------------------------... Read more

A:Blue Wallpaper With Dialog Box: "warning! Spyware Detected On Your Computer. Install An Antivirus Or Spyware Remover T...

Hi
I have resolved above problem. Mod may close/delete this post, unless further info would be of assistance to others.
Found a lot of useful info on BC which helped me fix the problem - basically the tool that has seemed to help me the most was Malwarebytes Anti Malware and I now seem to be malware free (need to do some other scans and checks)
Responsible bugs found Rogue.Multiple, Trojan.FakeAlert, Hijack.Wallpaper, Trojan.Agent
Symptoms resolved: (A) Blue Wallpaper with yellow/blue box stating "Warning! spyware detected on your computer Install an antivirus or spyware remover to clean your computer"
( random Blue Screens of Death with lots of text describing system errors etc. (fake)
© random windows startup screens appearing to restart computer (fake)
(D) redirect while surfing to pc-scanner-online.com (do not paste this in your browser) pop ups urging me to click dialog box in order to scan my computer for security risk (? attempt to infect my PC with "antivirus 2008" ?
(E) random Black Screens of Death (fake)

Felt real good killing those suckers!
Thanks BC
Regards to all, Janice

2 more replies
Answer Match 58.8%

Hi All,
Earlier tonight, we got infected with the Windows Antivirus Pro virus. It seems to be a particularly nasty version. I've already looked through some of the previous posts as well as the guide for help but have not been able to get anything to work. I cannot run any of my antivirus software, including MBAM. Unfortunately, I cannot get my windows task manager to even open up in the first place. Every time I try, it gives me this message: "Application cannot be executed. The file is infected. Please activate your antivirus software." I tried changing the group policy settings but didn't make a difference.

I get the same message when I try to run Regedit.
I have tried using Killbox but it did not work.
I've tried using "fixtm" and "enableTM" but also no help.
I cannot use system restore, and I cannot even boot in safe mode. I get some weird blue screens during boot up saying that the computer is infected and should be restarted.

Right now I am considering running GMER...which I realize is for a different forum. However, I wanted to see if there are any other suggestions before I do that. Or is it even worth it?

Thanks in advance,
choochy

A:Windows Antivirus Pro has shut down my computer

Some types of malware will disable Malwarebytes Anti-Malware and other security tools. If MBAM will not install, try renaming it first.Right-click on the mbam-setup.exe file file and rename it to mysetup.exe.Double-click on mysetup.exe to start the installation.If that did not work, then try renaming and changing the file extension. <- click this link if you do not see the file extensionRight-click on the mbam-setup.exe file, rename it to mysetup and change the .exe extension to .scr, .com, .pif, or .bat.Then double-click on mysetup.scr (or whatever extension you renamed it) to begin installation.If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files.Right-click on mbam.exe, rename it to myscan.exe.Double-click on myscan.exe to launch the program.If that did not work, then right-click on the file and rename it to winlogon.exe.If that still did not work, then try renaming and change the .exe extension in the same way as noted above.Double-click on myscan.scr (or whatever extension you renamed it) to launch the program.If using Windows Vista, refer to How to Change a File Extension in Windows Vista.

1 more replies
Answer Match 58.38%

Hello, I have a problem with some spyware that got installed by my younger sibling on the family desktop. I was able to get rid of some of it but i still have the adware icon in the taskbar popping up.
The files that were a problem were part of the netproject spyware...i think i was able to get rid of the files that were being active which were the scit.exe and scm.exe files. The icon that's left in the taskbar is pretty much neutral right now cuz i disabled and deleted IE, but it's still annoying and im pretty sure there's still something in it.

Thanks in advance and i really appreciate the help.
Here is the HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:32:49 PM, on 2/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe
C:\Program Files\Dell Photo AIO Printer 942\dlbubmon.exe
C:\Program Files\Lexmark 5400 Series\lxctmon.exe
C:\Program Files\Lexmark 5400 Series\ezprint.exe
C:\Program Files\Commo... Read more

A:Please Help...spyware scanner trojan is slowing my computer

Welcome to TSG

Please download SmitfraudFix
to your Desktop.
Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
 

1 more replies
Answer Match 57.54%

I've had a problem with my laptop since installing Bitdefender Antivirus 2009.
When I go to turn off my computer in the usual manner, start-turn off computer-turn off, the sequence works fine, but when you see "Windows is shutting down", it just stays there and it never completely turns off. I have to push the power button to turn it off. Also, if I select restart, it does the same thing, never restarts.
I'm running Windows XP Home with all the latest updates on a Fujitsu Lifebook with a 1.8Ghz pentium processor, with 2gb of memory.
If anybody has any idea how to correct this please let me know, Thanks.
 

A:After installing Bitdefender Antivirus 2009 computer will not shut off

here are 2 website to look at ,maybe they can help you.

http://www.theeldergeek.com/shutdown_issues_in_xp.htm

http://www.aumha.org/win5/a/shtdwnxp.php
 

1 more replies
Answer Match 57.12%

I found new icons on my desk top. The look like something from Mircosoft but I know they are not. It keeps tell me that I am infected and that I have to download Ultimate Antivirus 2008 and takes me to a site that looks like a MSN page. I can not get to my control panel and it would not let me complete the ZoneAlarm install.

Here is the Active Scan Report:;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-08-12 11:43:25
PROTECTIONS: 2
MALWARE: 25
SUSPECTS: 2
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
McAfee Internet Security Suite 2007 8.1 No Yes
McAfee VirusScan Plus 12.1 No No
;===================================================================================================================================================================================
MALWARE
Id Description ... Read more

A:Advanced Antivirus Icon, Programs Shut down Computer gets Stuck

I posted this on 8/12 with no reply. Thanks for your help.

4 more replies
Answer Match 55.44%

Hello, New to the forums I had search and been trying everything to get rid of this problem. I found the sight through one of my searches. I am some what new to this so please bare with me. Of course I ran my scans, spybot, ad aware, norton 360. Ran hijack this and will post the log, in the process of running pandasecurity.

Windows xp pro
service pack 2

Right now my desktop back ground is blue with the box in the middle that says " warning! spyware detected on your computer! install an antivirus or spyware remover to clean your computer"

I have tried the right click desktop/ properties/ but I do not have the desktop tab!
I have themes/ appearance/ settings thats it.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:19:00, on 8/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\Program Files\Common Files\Symantec Shared ... Read more

A:Warning! Spywre Detected On Your Computer! Install An Antivirus Or Spyware Remover To Clean Your Computer

Hello bamflee84,

Welcome to Bleeping Computer

Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea

2 more replies
Answer Match 54.18%

Greetings. I have 2 pc's running Windows XP Home SP2. Both yesterday started running sluggish and both had F-Prot file protection get "turned off" by itself. The only clue I have is the event viewer shows that on one PC F-Prot noted CVE-2006-1309 in a temp file and on the other it was CVE-2006-3590. I downloaded the patches and ran them (one PC wasn't patched, the other was). When I ran Spybot 1.62, sometimes it gets all the way through running and then closes itself without giving a report or option to clean the PC. Safe mode is no better. I've run ATF-Cleaner to clean out dead files, I also ran SD Fix which just changed out my hosts file from the one that Spybot put in. I also ran GMER and nothing. The Hijack This log the PC with the CVE-2006-3590 vulnerability that wasn't patched is posted below. Any help is greatly appreciated.

Dave

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:36:48 PM, on 3/28/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe
C:\WINDOWS\System32\svchost.exe
C:\P... Read more

More replies
Answer Match 54.18%

i am getting a new computer and i have had very bad luck in the past with antivirus and spyware/malware protection. what should i use and do to fix this when i get my new computer?
 

A:what antivirus and spyware should i use to be safe on a new computer

6 more replies
Answer Match 53.76%

Hello Guys,

I've recently come across some kind of screen saver which took over my screen saver and changed it to a new screensaver which says "spyware detected on your computer, install antivirus"

I've professional version of McAfee and also SEAdaware but still nothing has worked so far. I've seen other posts on this forum which have been thorough in helping with this problem so I am asking for help.

Thank you very much in advance.

A:Spyware! Detected On Your Computer Instal Antivirus

Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Acan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to se... Read more

1 more replies
Answer Match 53.76%

i have laptop 1.6 m 2gb of ram 6800 nvidia graphic cardrecently after burning this movie on my external dvd drive i unplug the power cable and on the next restart my computer is acting really slow. the cpu usage used to reach 0 when it is on idle. now it never reaches 0. the lowest is around 8%my audio and video stuttered.the intro to window xp music stutter. mp3, dvd player, and programs. please helpi tried resetdma doesnt help.scan on zonealarm, nod32, spy sweeper and fix whatever that are there. problems still exist.here is my log,Logfile of HijackThis v1.99.1Scan saved at 7:48:00 PM, on 12/4/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exe... Read more

A:Help! Computer Slow I Can Almost Guarantee Is Not Spyware Or Antivirus

somehow do a research on google. i do msconfig and do seletive startup and uninstall secondary ide drive. after the restart everything was good again. my cpu usage reach 0% when idle. no more stuttering run as good as before. then i start in normal mode again and it worked perfectly.then i tried to burn dvd movies on my external dvd copy when it is finished i unplugg the power cord of the dvd drive before shutting it down. this morning same things happened. i'm sure it has to do with the external dvd writer.now i tried to recover it with earliers steps but somehow this time it is not working. i uninstall system mechanic here is my latestt log. any help will do please.Logfile of HijackThis v1.99.1Scan saved at 9:19:42 PM, on 12/4/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Dell\... Read more

2 more replies
Answer Match 52.92%

PLEASE HELP!!! I have Windows XP prof. A couple weeks ago I noticed my CA anti-virus was not opening automatically as usual and I would have to manually open it. Then when trying to do a CA scan the whole system froze. So we turned off the computer for the night and retried the scan the next day. It was successful but found nothing. Then when doing a scheduled scan it froze again and since then has froze everytime whether we do the scan or it's automatic. Then when trying to burn a DVD the system froze. We tried to watch SNL Youtube videos and it froze. When it freezes ctrl+alt+del doesn't work so we have to hold the button down and manually turn it off. I've been reading a lot of threads and tried avast, malawarebytes, superantispyware(which I can now not remove??), spybot, spywareblaster,Ad-aware, etc and each and everyone of then freezes during a scan with the exception of Ad-aware. I disable the others while doing a scan with one and I try them in both normal and safe mode but they all still freeze during the scan. I'm frustrated that I can't even get through a whole scan to see what's wrong. I've been able to remove some infections if I stop the scans and remove right then but then when I restart a scan it'll still freeze before the end of the scan. One thing that I've removed 3 times now is MyWay.MyWebSearch. It's as if the virus knows it's going to be found and before it can it freezes my computer up!!! I would rea... Read more

More replies
Answer Match 52.92%

Hi allI had posted my first post in security/am i infected?what to do section. Below is the link to topic.My original post in Wheather my computer infected?With the help of another member of bleeping computer, it has been confirmed that i have active rootkit and which is not allowing me to run many anti-virus/anti-spyware application like Malwarebytes,RootRepeal with file scan , Combo-fix ,Sdfix ( Safe mode is broken).Here is the logs i collected with RootRepeal .ROOTREPEAL ? AD, 2007-2009==================================================Scan Start Time: 2009/08/29 14:29Program Version: Version 1.3.5.0Windows Version: Windows XP SP3==================================================Drivers-------------------Name: ACPI.sysImage Path: ACPI.sysAddress: 0xF8821000 Size: 187776 File Visible: - Signed: -Status: -Name: ACPI_HALImage Path: \Driver\ACPI_HALAddress: 0x804D7000 Size: 2189056 File Visible: - Signed: -Status: -Name: ACPIEC.sysImage Path: ACPIEC.sysAddress: 0xF8C8C000 Size: 11648 File Visible: - Signed: -Status: -Name: aeaudio.sysImage Path: C:\WINDOWS\system32\drivers\aeaudio.sysAddress: 0xF835C000 Size: 96576 File Visible: - Signed: -Status: -Name: afd.sysImage Path: C:\WINDOWS\System32\drivers\afd.sysAddress: 0xEBE8D000 Size: 138496 File Visible: - Signed: -Status: -Name: agp440.sysImage Path: agp440.sysAddress: 0xF88D0000 Size: 42368 File Visible: - Signed: -Status: -Name: atapi.sysImage Path: atapi.sysAddress: 0xF87BB000 Size: 96512 File Visible: - Signed: -Status: ... Read more

A:Active Rootkit on computer --Not able to run any antivirus/anti-spyware

Hello lovenil,which is not allowing me to run many anti-virus/anti-spyware application like Malwarebytes,RootRepeal with file scan , Combo-fix ,Sdfix ( Safe mode is broken). You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Please read Combofix's Disclaimer. *********************This is a nasty Rootkit! We will need to take this cleanup in phases. You are not clean until I tell you so - even if it appears that everything is running fine!Let's begin....==========Step 1Please save this file to your desktop. Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here. "%userprofile%\desktop\win32kdiag.exe" -f -r==========Step 2Please do this: Click on the Start button, then click on Run... In the empty "Open:" box provided, type cmd and press EnterThis will launch a Command Prompt window (looks like DOS). Copy the entire blue text below to the clipboard by highlighting all of it and pressing Ctrl+C (or after highlighting, right-cl... Read more

18 more replies
Answer Match 52.08%

i need a real time spyware scanner for free. I also need a virus scanner (realtime) avast, avg, or antivir? Does anybody have suggestions?
 

A:real time spyware spyware scanner? (free)

16 more replies
Answer Match 51.66%

(continued from title) ..clean your computer.
F-secure found Trojan-downloader.wim32.small.ywc.

Desktop shows blue background with boxin middle. Top part yellow and bottom part blue with message stated above.
Was using out of date McAfee and got this virus. Unistalled McAfee and installed F-secure through Charter High speed internet service (free). Went through the 5 steps. Windows said no updates needed during that step.

Deckard's System Scanner v20071014.68
Run by Kim on 2008-07-27 12:16:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
8: 2008-07-27 16:16:48 UTC - RP8 - Deckard's System Scanner Restore Point
7: 2008-07-26 18:46:38 UTC - RP7 - psc 7.03 build 116 Installation
6: 2008-07-26 17:00:21 UTC - RP6 - Removed TurboTax ItsDeductible 2006
5: 2008-07-26 16:59:41 UTC - RP5 - Removed TurboTax ItsDeductible 2005
4: 2008-07-26 16:58:47 UTC - RP4 - Removed WexTech AnswerWorks


-- First Restore Point --
1: 2008-07-26 16:46:47 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Kim.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:18:51 PM, on 7/27/2008
Platform: Windows XP SP... Read more

A:Warning! Spywar detected on your computer. Install antivirus or spyware remover to..

Bump!

4 more replies
Answer Match 51.66%

I have free Antivira and free Spybot Search & Destroy on my computer, but my computer is still constantly sacked by bugs. I've gotten to the point where I wonder if the antivirus and anti-spyware software is just slowing my system down without giving me any benefit or protection. These days, my entire Windows XP operating system is slower than ever.

I keep getting sacked by the following cookies/trackers, adware, etc. Even if I wipe them out by doing a Spybot Search & Destroy, they are back within minutes of Internet use.

BURSTMEDIA
Cookie:[email protected]

CASALEMEDIA
Cookie:[email protected]

DOUBLECLICK
Cookie:[email protected]

FASTCLICK
Cookie:[email protected]

MEDIAPLEX
Cookie:[email protected]
Cookie:[email protected]

RIGHT MEDIA
Cookie:[email protected]

http://search.dailygamingupdates.com/redorbit_ron.html


In addition to the redorbit pest, I get something called crackle, and other browser hijackers as well. My antivirus and antispyware doesn't seem to do the job.

Any suggestions?

A:Computer slowed down in spite of antivirus and anti-spyware; sacked by bugs; help

Hi and Welcome,

Please do the following:

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.Disable any script blocking protection
Double click dds.pif to run the tool.
When done, two DDS.txt's will open.
Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.


NEXT




Download GMER Rootkit Scanner from here to your desktop. It will be a randomly named executable. Double click the exe file.
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.



Click the image to enlarge it


In the right panel, you will see several boxes that have been checked. Ensure the following are unchecked IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and attach it in reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

5 more replies
Answer Match 49.56%

Hello anybody,

I have noticed that my Malwarebyte's Pro is sometimes shut off fully or partially. This sometimes occurs when I shut Windows down and sometimes when I am out browsing on the net. But this does not happen often, just occasionally.

I do have another virus scanner-Avast. I noticed when I had ZoneAlarm, it would shut Malwarebyte's down only when I shut the computer down, but being shut down on the net is puzzling to me. Again, this is rare but I thought someone would have an answer for this peculiar behavior.

I no longer use ZoneAlarm, but now use Avast and Malwarebyte's Pro.

Thanks for anybody's time.

A:Malware scanner being shut off-fully or partial at times

I've never heard of that behavior before....you might try asking here:
https://forums.malwarebytes.org/index.php?showforum=41

9 more replies
Answer Match 48.72%

Something happened to my computer today, I keep getting these pop ups for virus scanners, scholarships, Loans, ETC... The pop ups are ridiculous yet but i hope to prevent that from happening again.
I have attached the files requested for support... Thank for your help..


DDS (Version 1.0) - NTFSx86
Run by Noel at 20:57:02.57 on Fri 11/21/2008
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.858 [GMT -6:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\WMP54GS Wireless Network Monitor\WLService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Noel\Local Settings\Temp\snapsnet\dPI191065.exe
C:\WINDOWS\system32\prunnet.exe
C:\WINDOWS\Explorer.EXE
c:\windows\system32\dwwnw6... Read more

A:So many Antivirus scanner pop ups...

can no one help? I have pop- ups for holdaysavings.com and rebaterating.com... please help

Here is my HiJackThis.log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:30:09 PM, on 11/21/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WMP54GS Wireless Network Monitor\WLService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Noel\Local Settings\Temp\snapsnet\dPI191065.exe
C:\WINDOWS\system32\prunnet.exe
c:\windows\system32\dwwnw64r.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\bm9lbA\command.exe
C:\WINDOWS\system32\rcntosdl.exe
C:\WINDOWS\system32\dPI19\dPI19... Read more

3 more replies
Answer Match 48.72%

I have been having some problems with norton antivirus and want to uninstall it. Unfortunately im having problems uninstalling it(see this post for more details...reply No 2). Now im planning to get a new antivirus. Can anyone tell me a good n FREE antivirus and where i can download it from?
Also, i need one where you can DOWNLOAD THE UPDATE FILES and not just download it through the program by UPDATING it(like McAfee). Can someone give me the link to download the updates also?
 

A:Antivirus scanner

16 more replies
Answer Match 48.72%

HOW TO REMOVE Alpha Antivirus / Personal Antivirus/ anti-spyware (please scroll to the bottom for my answers)

Hi,

I've seen a lot of posts on here asking how to remove Alpha Antivirus / Personal Antivirus/ anti-spyware but with no replies. im guessing this is because not everyone can reply to Malware Removal questions because of spammers.

I've had a lot of experiance with removing Personal Antivirus, as a lot of my clients PCs have come in infected with it. This week, i was subject to a rogue cousin of of Personal Antivirus called Alpha Antivirus.

I havn't seen any posts up here explaining how to remove it, so i thought I'd offer my services.

To remove Personal Antivirus:
I simply downloaded the freeware malwarebytes from www.malwarebytes.org after which, you obviously need to scan with another free program spy-ware tool such as Ad-Aware SE Pro. It's free to use for non-commercial use, but it often buggs you to buy it. its also no the best around in todays terms (it was a few years ago) but it still did the job in this case nicely

To remove Alpha Antivirus
Alpha was a bit tougher. To remove Alpha follow the above and simply downloaded the freeware malwarebytes from www.malwarebytes.org

HOWEVER running Adaware SE Personal didnt fix the problem for me this time and i had to upgrade to a much better Freeware Spyware cleaner such as SuperAntiSpywareCleaner http://www.superantispyware.com/or the like (please note, although SuperAntiSpyware cleaner ... Read more

A:Alpha Antivirus / Personal Antivirus/ anti-spyware

Thanks for the info. I am sure it will help people in the future.
 

2 more replies
Answer Match 48.3%

i've had some problems with my mcafee antivirus and had to uninstall it....

which is better...mcafee antivirus or panda antivirus?/??

whats the difference in the two???also....what is the difference in panda antivirus titanium and planda antivirus platinium 7.04??which of the two is better?

thanks.....
 

A:which is a good antivirus scanner?

16 more replies
Answer Match 48.3%

Hello,

I need some helps. The problem I'm currently having is a suspicious software called AKM Antivirus 2010 pro is automatically installed on my computer somehow...it disables everything on the computer from start running...I tried add or remove programs and it pops up alert saying it's infected...I've tried Hijack this and try to produce a log, but it couldn't start. I've also tried ComboFix and it couldn't run either, I even tried save ComboFix and rename it to Combo-Fix and run from there and it still couldn't get going.

The only thing I got going is RSIT, which I run in the safe mode and produced the following log, please take a look on the two logs I pasted. I tried ComboFix in the safe mode, but it couldn't run...

I am kinda running out of options, so please help me and let me know what I need to do now...

Thanks much!!


Info:

info.txt logfile of random's system information tool 1.04 2010-05-08 14:51:25

======Uninstall list======

-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe"
AC3Filter (remove only)-->C:\Program Files\AC3Filter\uninstall.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Fla... Read more

A:Need spyware/virus/trojan removal help (AKM Antivirus 2010 pro spyware)

Alright, somehow I got HijackThis to run in the safe mode and I pasted and attached the log. I still couldn't get comboFix to run...also tried to install Kasperskey Internet Security 2010 in the safe mode, but got denied and said Administrator set rules not to run this, I guess it's the malware doing the trick...

Someone please take a look on these logs and give me some helps...

Thanks!


HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:51:10 PM, on 5/8/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Thunder5.7.6.426-Lite-Final\ComDlls\TDAtOnce_Now.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: ADC PlugIn - {77DC0Baa-3235-4ba9-8BE8-aa9EB678FA02} - C:\Program Files\adc32.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Thunder5.7.6.426-Li... Read more

17 more replies
Answer Match 48.3%

I just received my new "Dell DeskTop with Windows XP installed.
When I installed my HP 870Cse printer, the installation went fine.
After a couple of days I then installed the software for my "HP Scanner 5100C and then I shut the machine down per instructions, and then disconnected the printer, and connected the Scanner to the same port. When I rebooted the machine it booted up to the desktop screen and then after a few seconds a blue screen message came up advising me that it had shut down to prevent any damage to the machine.

The message is as follows:
A PROBLEM HAS OCCURED.
DRIVER_IRQL_NOT_LESS_OR_EQUAL

TECHNICAL INFORMATION.
STOP: 0X000000D1 (0X00000000,0X00000002,0X00000001,OXF39285AC)
SHARSHT7. SYS - ADDRESS F36A35AC BASE AT F36A35AC, DATE STAMP 00000000
BEGINNING DUMP OF PHYSICAL MEMORY
PHYSICAL MEMORY DUMP COMPLETE
CONTACT SYS. ADMINISTRATOR OR TECHNICAL SUPPORT GROUP

I went into control panel and changed the "IRQL setting from: use this IRQ to use any available IRQ, but it did not help.
The natural assumption is to think that there is something wrong with the scanner or the cable. I disconned the scanner and installed it on my old computer and it works perfectly. I then reinstalled it on the new computer and I still have the same problem. I cannot contact a live person at Dell. All I get is a lot of menus, none of which pertain to my problem.
I would appreciate any help that anyone could provide me on this matter.

Thank You Very Much,

Recaged
[ema... Read more

A:Blue Screen shut down after installing HP Scanner 5100C WindowsXP, on a new Dell 8200

16 more replies
Answer Match 47.88%

i am currently infected with virtumonde/vundo, and i've gone through a lot to try and remove it, but now i've decided to just give up and reformat my computer to get rid of it.
before i used avira for my antivirus. however this didn't seem to protect against virtumonde. after i erase my hard drive, i plan on actually buying antivirus software.
i read that Spyware Doctor with Antivirus is especially good for protecting against virtumonde/vundo, but then i've read that NOD32 Antivirus seems to be one of the best overall.
i'm wondering which would be better. also, if i got either of these, would i still be able to run spybot, malwarebytes, superantispyware, and so on?
also, if i do get NOD32 Antivirus, should i get ESET NOD32 Antivirus 4 or ESET Smart Security 4.
also, if there is antivirus software that you think is better than either of these, PLEASE recommend it!.
thank you!

A:NOD32 Antivirus vs Spyware Doctor with Antivirus

Both of these are good AVs, but there's really no reason to pay when you have free AVs which are just as good. Microsoft Security Essentials, Avast and AntiVir are the top free AVs.

1 more replies
Answer Match 47.88%

Thanks to my friend I was tricked into going onto that ***.antivirus-scanner.com site (added *'s so other members don't do the same)

I have only had one popup but I thought I still better come here.

Thanks for any replies.

DDS.txt


DDS (Ver_09-12-01.01) - NTFSX64
Run by Harley at 0:21:06.14 on Tue 16/02/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_16
Microsoft Windows 7 Professional 6.1.7600.0.1252.61.1033.18.4095.1986 [GMT 10:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Wind... Read more

A:infected by http://***-antivirus-scanner.com/

Sorry that was actually coded, I'm not sure why the code removed itself. It wouldn't let me edit my first post.

1 more replies
Answer Match 47.88%

I can't believe this

OK, I was on my Pesario notebook OS XPSP2 searching for some info when all of a sudden Antivirus 2009 Web Scanner pops up from nowhere. It scans my computer and tells - "ANTIVIRUS 2009 WEB SCANNER DETECTED DANGEROUS SPYWARE ON YOUR SYSTEM" AND DETAILED THE FOLLOWING:-
SPYWARE I.E MONSTER.B SPY CRITICAL
ZLOB.PORNADVERTISER.XPLISIT SPY HIGH
TROJAN.INFOSTEALER.BANKER.S TROJAN MEDIUM

Another Pop-up menu then opened which suggested I run Anitivus 2009 installer to fix the problem. The terms and conditions could not be viewed so i exited everything. I've scanned with AVG 8.0 and found this.

Documents & Settings:\tdb\Cookies\[email protected][1]txt
Infection - Found Tracking Cooking Revsci
Result - Potentially Dangerous object

Documents & Settings:\tdb\Cookies\[email protected][1]txt:\revsci.net.2df99d79
Infection - Found Tracking Cooking Revsci
Result - Potentially Dangerous object


Documents & Settings:]\tdb\Cookies\[email protected][1]txt:\revsci.net.44927ec
Infection - Found Tracking Cooking Revsci
Result - Potentially Dangerous object

Documents & Settings:]\tdb\Cookies\[email protected][1].txt:\revsci.net.e9dbeb91
Infection - Found Tracking Cooking Revsci
Result - Potentially Dangerous object


Needless to say any help with this I would very thankful. I'm speaking with you from another computer also. Thanks again for any help.


tdb/Trina

A:Antivirus 2009 Web Scanner/Results

To get Expert Help with malware removal:

I recommend that you read this article… ( Simply, click on the links to be re-directed.)

"Having problems with spyware and pop-ups? First steps;
IMPORTANT - Read This Before Posting For Malware Removal Help

Please follow the instructions very carefully; then, post all the requested logs and information; as instructed, in the
HiJackThis Log Help Forum.
http://www.techsupportforum.com/secu...this-log-help/

Please ensure that you create a new thread in the HiJackThis Log Help Forum;
not back here in this one.

When carrying out The 5 Steps,
IMPORTANT - Read This Before Posting For Malware Removal Help

if you cannot complete any of them for whatever reason, just continue on with the next one until they are all completed.
However,it is extremely important to make mention of the fact that you could not complete any of the steps in your post to HiJackThis Log Help Forum.
http://www.techsupportforum.com/secu...this-log-help/

where an Analyst will assist you with other workarounds.

Once done, please be patient, as the Security Team Analysts are usually very busy; one of them will answer your request as soon as they can.

9 more replies
Answer Match 47.88%

Lets check you !! I think all of them great, but other people choose the best

A:Antivirus/Internet Security/Scanner

I also use SUPERAntispyware in the 3rd section. I had to put Avira in as a vote in the 2nd. I use no suites but it required a vote to finish.

4 more replies
Answer Match 47.88%

Last night, at around 10pm Hawaii time on July 18th, something or someone emailed all of the contacts on my AOL contacts list an email that contained a link to a website. I was unaware of this until a few hours later on July 19th when I checked my email and found over a dozen emails that said the email that was send was undeliveable or the receipient was out of office. One of the emails was from a friend who told me that I had an email bug and that someone had hacked into my email account and was the one that sent all the random emails. Since it was late (around 2am or so), I decied to wait until it was later to start checking it out.

I began scanning my computer maybe around 11am with Norton Internet Security 2012 or 2013. It's whatever is the lastest version that is on the shelf, so more than likely, it's the 2012 version. An hour later, it picked up that there was a virus on my computer. The scanner labeled it as tdlfix.exe (Trojan.Gen) and that it had resolved it. I ran a few additional scans using a combination of Norton Power Eraser, which picked up no risks, and then I used Malwarebytes Anti-Malware to see if it could pick up anything. No luck there. Sometime around 1:20pm, I then decided to email my friend back with an update on my situation when Norton Auto-Protect picked up a0254131.exe (Trojan.Gen) and removed it. I then ran two full scans with Norton IS. It would run for less than ten minutes each time and then cut off saying that it was comple... Read more

A:Trojan.gen detected by antivirus scanner

Hello, please run this next.Please download TDSSKiller.zip and and extract it.Run TDSSKiller.exe. Click on Change Parameters Put a check in the box of Detect TDLFS file system Click Start scan.When it is finished the utility outputs a list of detected objects with description.
The utility automatically selects an action (Cure or Delete) for malicious objects.
The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click ContinueLet reboot if needed and tell me if the tool needed a reboot.Click on Report and post the contents of the text file that will open.

Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log has a name like: TDSSKiller.Version_Date_Time_log.txt.NowPlease download aswMBR ( 511KB ) to your desktop.Double click the aswMBR.exe icon to run itClick the Scan button to start the scanOn completion of the scan, click the save log button, save it to your desktop and post it in your next reply.And some system info...Please download MiniToolBox, save it to your desktop and run it. Checkmark the following checkboxes: Flush DNS Report IE Proxy Settings Reset IE Proxy Settings Report FF Proxy Settings Reset FF Proxy Settings List content of Hosts List IP configuration List Winsock Entries List last 10 Event Viewer log List Installed Programs List Users, Partitions and Memory size.Click Go and post the... Read more

20 more replies
Answer Match 47.88%

My problem is similar to that described and solved in the following thread: http://forums.techguy.org/malware-removal-hijackthis-logs/771722-wounded-eagle.html

Computer has slowed down significantly since picking up the malware yesterday. IE pop-ups continuously appear. "Pro Antivirus Scanner" proceeds to do a real time scan of my computer. Then it insists I should download their software in order to fix the problem.

I know that this is an increasingly common problem and that its solution is very involved. I would be extremely grateful for anyone willing to help me work through this problem. Thanks!

Hijack log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:02:15 PM, on 12/19/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device... Read more

A:Pro Antivirus Scanner/2009 malware

16 more replies
Answer Match 47.04%

Is there some antivirus that is
1. Bootable from USB (I know there are CD images, which are not preferable at least because they can't save updated signatures even if I install them to USB - which I'm usually too lazy to do anyway)
2. Is free (in my personal case benefit from it is hardly worth the trouble of running, let alone of paying for it).
3. Can update its signatures (and, much preferably, save them so the next update takes less time).

The closest way I can see is installing ClamAV on my bootable linux flash.

But, there are numerous reasons to prefer it exactly that way (rootkit scanning, for example), so I'd be surprised if it wasn't done in easy-to-use way yet.

A:USB-Bootable, free, updateable antivirus scanner?

Norton 360 can, but it's paid !

5 more replies
Answer Match 47.04%

I just got the above in a pop up box under what looks likes the offical MS Security Warning and Logo,

:- listing 2 spywares and 1 trojan

I can't close it or click on the "Ignore" tab - it just opens the download install box : AV2009Install_880182.exe

If I download/intsalled - would it infect my computer ?

And if it is - how do I get rid of it please.?
I run XP Professional

Many thanks
Nat

More replies
Answer Match 47.04%

Hi, I am on a work laptop and require your expertise in removing a virus from my computer. I was on Google image search, clicked on one of the images and the next thing you know my McAfee Virus scanner was going haywire. I remember seeing a couple java windows opening on the website. Then it was pop-ups for fake anti-virus software appeared and there wasn't anything I can do to get rid of them. Even when the pop-ups aren't seen, the computer performance is horrible now, and other programs fail to open due to memory resources and/or network resources.

I am sure I made a mistake along the way since I am relative novice when it comes to computers. Unfortunately, since this is a work laptop, I don't have administrator privileges on it.

Any help you could provide would be greatly appreciated. Thank you in advance.

- paul

(Ver_10-11-10.01) - NTFSx86 NETWORK
Run by pedwards at 13:33:04.23 on Wed 11/10/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3572.2818 [GMT -5:00]

AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
D:\Documents and Settings\pedwards\Loca... Read more

A:Infected with fake Antivirus Scanner worm

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic and do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for postin... Read more

2 more replies
Answer Match 47.04%

OK, I was on my Pesario notebook OS XPSP2 searching for some info when all of a sudden Antivirus 2009 Web Scanner pops up from nowhere. It scans my computer and tells - "ANTIVIRUS 2009 WEB SCANNER DETECTED DANGEROUS SPYWARE ON YOUR SYSTEM" AND DETAILED THE FOLLOWING:-
SPYWARE I.E MONSTER.B SPY CRITICAL
ZLOB.PORNADVERTISER.XPLISIT SPY HIGH
TROJAN.INFOSTEALER.BANKER.S TROJAN MEDIUM

I closed it out and didn't run or click on anything not a thing. I was told I needed to run PandaScan and bring the results over here. Sadly, I don't know how to send an attachment. I'm a novice so, its on my other notebooks I'v typed out the results. Thank your for any assistance you can give me.

Analysis 2008 -08-08 00:40:06
PROTECTIONS: 1
MALWARE: 1
SUSPECTS: 0
;*******************************************************
PROTECTIONS
DescriptionVersionActiveUpdate;=======================================================
AVG Anti virus Free8.0YesYes;=======================================================
MALWARE
Id
00167642
Description
Cookie.COM.com
Type
TrackingCookie
Active
No
Severity
0
Disinfectable
Yes
Disinfected
No
Location
C:\Documents
;=======================================================
SUSPECTS
Sent Location
;=======================================================
;=======================================================
VULNERABILITIES
$dSeverityDescription;=======================================================
S0184379MEDI... Read more

More replies
Answer Match 47.04%

Hi. 
 
Recently, every time I run my antivirus scanner (AVG AntiVirus 2013), it reports that I have several dozen medium-level threats that aren't removed automatically. Most recently, it has found 87 of these threats, and I have been unable to remove them using AVG. The number varies anywhere from 50 to 90. 
 
Since this is not the first time I've run into this type of problem, I've taken the liberty going running DDS. The txt file is below. 
 
I'd be really grateful if someone helped me out with this again. 
 
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 9.0.8112.16506
Run by Christine at 22:26:23 on 2013-09-21
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.2.1033.18.2045.681 [GMT -4:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ================
.
C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spo... Read more

A:AntiVirus Scanner warns about potential threats

Hello cang I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", th... Read more

20 more replies
Answer Match 47.04%

http://www.bleepingcomputer.com/forums/t/519120/bit-defender-running-numerous-in-background-high-memory/
 
Previous thread that sent me here above.
 
I can't for the life of me remember when this program was ever downloaded - though could be my son/daughter whos on mindcraft a bit.....
For some reason computer goes very slow due to low memory. Windows task manger usualy bring up 4-6 sessions of bitdefender antivirus scanner working in the background - some with large memory usuage (200,000-800,000 K). I can try deleting them - and they always come back.
I can't find the program in my installed programs to try and remove - but does show up on my start-up program list - and I uncheck it, but same thing.
 
Any help would be greatly appreciated...
 
Thanks
 
Eric
 
 
Attached DDS below.
 
Thanks
 
Eric
 

A:BitDefender Antivirus Scanner running in background X4+

Did I post this in the right section?

11 more replies
Answer Match 47.04%

My computer recently received the gift of this virus:AntiVirus Soft: http://www.precisesecurity.com/rogue/antivirus-soft/Luckily my twin sister's boyfriend has a degree in Computer security so he ran ComboFix and gave me a few things to download.Prior to the attack I had Spyware Doctor, Malware Bytes, and AVG 9.0 installed and I ran them every few days.AntiVirus Soft made me unable to open any of these and tried to prompt me to buy a new antivirus. Needless to say, I didn't.So after my computer was somewhat fixed, I installed COMODO Internet Security as well as Microsoft Security Essentials. They are both running at startup and it takes forever for Firefox to open (1-3+ minutes) and everything lags more than before the virus.After the huge fiasco was over I scanned my computer with Microsoft Security Essentials and it came up with this:Exploit:Java/CVE-2008-5353.CTrojan:Java/Selace.MIt removed these items.I then scanned with Malware Bytes and it came up clean.Still, my computer lags way more and I can't re-install Jasc Paint Shop Pro 9 (which wouldn't open so I removed it) because of a 1311 Data1.cab error. It also won't let me open Frostwire and prompts something about quarantines or firewalls when I try to.I now have both COMODO and Microsoft Security Essentials running at start up. My friend says it is bad to have more than one running at once- so which do I choose? I am completely stupid when it comes to this. Haha.One website says:"1. Make sure you have an Antivirus... Read more

A:Which free antivirus/firewall/antispyware scanner is best?

Personally, I would recommend using either Avira AntiVir Free/Personal edition or avast! for an antivirus program, just be sure that you only have 1 anti-virus program installed on your machineFor a firewall I would recommend Comodo, please note that the Comodo firewall installation also includes an Anti-virus program, if you decide to choose another anti-virus (not Comodo), then please be sure to only install the firewall, you will be prompted during installation if you want to install just the firewall, or the firewall and the anti-virus.The on-demand anti-malware scanners I recommend are Malwarebytes Anti-Malware and SUPERAnti-Spyware.For additional protection, SpywareBlaster is a great program to protect you from visiting malicious sites, and blocking tracking cookies. Note that SpywareBlaster isn't an actively running program. You download it, run it once, and then make sure you update it every week or 2 and you will always be protected. It works by tweaking some IE and Firefox settings to block tracking cookies and provide additional protection.

11 more replies
Answer Match 47.04%

Hi, first time here,

I am running Windows 7 Home Premium. 32 and 64 bit. I have Norton security suite that comes with my Comcast subscription. I scan pretty frequently and I also use CCleaner which works great. I am not having any problems with my computer right now but I have in the past. Something not only got past Norton it also was able to disable Norton. I got it going again fairly quickly but my computer wasn't the same. I did a complete restore and it has been fine. For some reason I still feel like there is something going on in my computer which there may not be. I've noticed some files that looked suspiscious but I can never know for sure so I won't change anything. One time I noticed 3 extra users and I was sure I was infected until I found out Nvidia adds these for updating.
My question is that when I was looking at the files in my registry, I clicked on internet settings then zone and the list expanded to about a page and a half of files with names having to do with sex and porn. They all had the arrow to open a sub folder with on every one was www. I ran Norton and superspyware and a search. Nothing is detecting these files. Any suggestions?

Thanks,
Ron

A:spyware scanner

Hello,I will be helping you with your problems. Please be patient while I assist you.Some points for you to keep in mind while I am helping you to make things go easier and faster for both of us Please do NOT run, install or uninstall any programs, unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post. Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process. Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the Watch Topic Butt... Read more

28 more replies
Answer Match 47.04%

(win xp)
I'm looking for a spyware scanner similar to the OLD ad-aware, that just scans and does NOT keep running.
Which programs could I use?

with these properties:
-light program
-scan only
-free to use
 

A:spyware scanner?

6 more replies
Answer Match 47.04%

Hi All I have a machine that is spyware'd bad. Adaware & Spybot will not update and do not find anythig when they scan. I think they have been comprimised. I cannot go anywhere on the web that is a antivirus site or a anti spyware site. I get redirected to a search results page of whatever site I was trying to surf to and if I click on any of the search results it just opens another browser window with the same search results. I also cannot boot into safe mode. I get the BSOD before it fully boots up. Thank you for any help you can give me! Here is my highjackThis log.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:37:20 PM, on 10/31/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\A... Read more

A:Help spyware's bad cannot go to any antivirus/anti spyware sites

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. First let's get a more detailed log so we can determine the best plan of attack for you.Please download OTViewIt by OldTimer to your desktop.Double click on the OTViewIt.exe icon on your desktop. Check the Scan All Users checkbox and leave Use Whitelist checked. Set the File Age to 30 days.Click on the Run Scan button. Two reports that are located in the same location as OTViewIt will open.OTViewIt.txt <-- Will be opened
Extra.txt <-- Will be minimizedCopy and Paste the logs into your next reply.

6 more replies
Answer Match 46.62%

I used using Malwarebytes to remove it and it found and deleted the files infected. However, when I restarted the computer the same messages popped up for the malware saying I need to install virus protection it made my computer unstable and removed access to task manager and control panel and start menu programs. Started giving me all sorts of warning messages which I didnt click on.The only way I can use the computer is if I remove the affected files with Malwarebyes EACH time they occurr. When the malware triggers I cant even get past the welcome screen of windows as it just hangs there forcing me to go into safe mode or last known working cofiguration. Obviously Malwarebytes isnt getting rid of it completely as it comes back after a restart of the machine, but at least it lets me use the computer properly in the mean time.I'm using WinXP and here are my logs which were done after removing the infection (but it will come back again if i restart)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 16:37:57, on 11/09/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.20583)Boot mode: NormalRunning processes:E:\WINDOWS\System32\smss.exeE:\WINDOWS\system32\winlogon.exeE:\WINDOWS\system32\services.exeE:\WINDOWS\system32\lsass.exeE:\WINDOWS\system32\Ati2evxx.exeE:\WINDOWS\system32\svchost.exeE:\WINDOWS\System32\svchost.exeE:\WINDOWS&... Read more

A:I Need To Remove The Ms Antivirus 2008 Fake Virus Scanner

Hello boco77 Welcome to the BC HijackThis Log and Analysis forum. I apologize for the delay however we are all volunteers and it gets very busy around here. I will be assisting you from here on out.I ask that you refrain from running tools other than those we will ask you to while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Please perform the following:Please do an online scan with Kaspersky WebScannerClick on Kaspersky Online ScannerYou will be prompted to install an ActiveX component from Kaspersky, Click Yes.The program will launch and then begin downloading the latest definition files:Once the files have been downloaded click on NEXT
Now click on Scan SettingsIn the scan settings make that the following are selected:Scan using the following Anti-Virus database:Extended (if available otherwise Standard)
Scan Options:Scan Archives
Scan Mail BasesClick OKNow under select a target to scan:Select My ComputerThis will program will start and scan your system.The scan will take a while so be patient and let it run.Once the scan is complete it will display if your system has been infected.Now click on the Save as Text button:Save the file to your desktop.Copy and paste that information in your next post. Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
Double click on RSIT.e... Read more

3 more replies
Answer Match 46.62%

Read more: Test comparison - Which is the best free online antivirus scanner?

Some of our readers asked us to test the most popular free antivirus scanners found online. Since such scanners are useful in providing a good second opinion, without having to install a fully-featured security product, we thought it is worthwhile to evaluate such products. We?ve tested the 10 most popular online security scanners and, although it took quite a bit of work, we now have some exciting results to share with you. Don?t hesitate to read this article and find which are about the best free online antivirus scanners for Windows:

The online antivirus scanners being tested
To choose the products included in this test, we used the finalists of our Digital Citizen Awards 2016 - The best Windows security product of the year!. For all the vendors, we searched to see if they also offer a free online security scanner. Unfortunately, not all of them do, and out of those who do, not all of them are good.

The products we ended up including in this comparison are, alphabetically ordered, the following: Bitdefender QuickScan, Comodo Cloud Antivirus, ESET Online Scanner, F-Secure Online Scanner, Kaspersky Security Scan, McAfee Security Scan Plus, Norton Security Scan, Panda Cloud Cleaner and Trend Micro HouseCall.

Overview of the results

If you are looking for a good online antivirus scanner, then Panda Cloud Cleaner is probably the best you can get. Then, ESET Online Scanner comes as a close ... Read more

A:Test comparison - Which is the best free online antivirus scanner?

I can confidently say ESET Online Scanner is one of, if not, the number 1 online scanner. Anyone who doesn't use ESET real-time software, I suggest giving it a try.
 

1 more replies
Answer Match 46.62%

I woke up this morning to more than 300 email scanning little windows. I restarted and they didn't come back until this afternoon. This afternoon and evening they are going non stop, I don't even have an email program open. They appear to be saying I am trying to send pornographic emails out and they are being blocked from sending the SPAM. I have disabled the outgoing scanner, but cannot find a virus that is causing it. I have updated Norton and run several times today and nothing is coming up. Help please.
Jessica

Here is my Hijack this log:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 7:48:16 PM, on 3/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\LxrSII1s.exe
C:\Program Files\Common Files\Micro... Read more

A:Symantec Email Scanner problem on Norton AntiVirus

bump--it's been more than 4 days since this has been posted.

Jessica

1 more replies
Answer Match 46.62%

i have done a bunch of cleaning on this computer for someone and have managed to get it back online... but just need someone to glance at the hjt for me.. thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 500 PM, on 2/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Athan\Athan.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\AOL\1131078266\ee\aolsoftware.exe
c:\program files\common files\aol\1131078266\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1131078266\ee\aolsoftware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:... Read more

A:hjt log, keep on getting spyware scanner popup thanks

moving back up...
soproc.exe error on startup,,, and ie opens up with fake virus scanner...

1 more replies
Answer Match 46.62%

Is this a good program? And should it stay, or should I just get Spywareblastar, and Spy_bot S&D?

Thank You
 

A:Bazooka Spyware Scanner?

I had never heard of Bazooka before, but it looks nice. Spybot Search & Destroy detects a lot more spyware though, I wouldn't get rid of it for Bazooka.
 

3 more replies
Answer Match 46.62%

Greetings:I am somewhat new to this. I have always been able to solve the few problems I have with AdAware or Spybot. This time though, I am stumped. I installed HiJackThis and have looked through it to the best of my knowledge, but can't find anything. It seems like it all started when I accidently installed YourSiteBar. I have used their removel program but I still get popups. Here is my HiJack log. Any help would be most appreciated.Logfile of HijackThis v1.99.1Scan saved at 9:16:15 PM, on 10/26/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\RioMSC.exeC:\Program Files\Norton AntiVirus\SAVScan.exeC:\Program ... Read more

A:Help ... No Spyware Scanner Has Helped Me!

Sorry for the delay. If you still need help with your log please post a brand new HJT log as a reply to this topic and I will help you clean it up as necessary.

1 more replies
Answer Match 46.62%

Has anyone used the online scanner at Spywareinfo.com?

here

I'm looking for an online scanner that can be truested (to compliment Antivirus.com)


Thanks

A:Online Spyware Scanner

Hi, Guy!

I haven't used the application, but I do trust x-block. I also don't think that Mike Healen would get involved in anything second-rate.

The reason that I haven't introduced the service here is that I think recommending it is akin to "giving a man a fish".

When folks download Ad-aware, or Spybot, or both, set the configurations and run their scans, they have now been taught to do that properly. They can do it over and over again, weekly, we hope, with the only "outside" support being updates.

Also, with Spybot Free set to immunize or Ad-aware 7.0, they get some actual protection.

A ounce of prevention is worth a pound of cure.

1 more replies
Answer Match 46.62%

I think I have something. When I do a scan with panda, avast, ad-aware and spyware blaster the PC shuts down :(

Below is the log, hope you can help!

Thanks!


Code:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 00:27:13, on 21/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\LVCOMSX.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DeeP125\CoodClip\CoodClip.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Pr... Read more

More replies
Answer Match 46.62%
Answer Match 46.2%

I was in the middle of scanning my computer of viruses/spywares, when NAV suddenly started popping small windows about scanning outgoing emails. Mail icons lined up along the notification area of the taskbar which read like emails about porn and symantec was, I guess, scanning them.

Here was what I did, I right-clicked on the notification area of the taskbar and chose Properties. Clicked on Customize on the Notification area and saw at the Past Items - Symantec Email Scanner (Hide when inactive). I then opened my NAV, clicked on Options, chose Email, and unchecked Scan outgoing email "permanently" to stop it.

What do I do now? Could this be a mass-mailing virus/spyware?


Here is my current log file:
------------------------------

Logfile of HijackThis v1.99.0
Scan saved at 7:43:25 AM, on 1/22/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\Program Files\RAMpage\RAMpage.exe
F:\Program Files\Adobe\Adobe Acrobat 5.05\Distillr\AcroTray.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - f:\program files\adobe\adobe acrobat 5.05\Acrobat\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [RAMpage] "C:\Program Files\RAMpage\RAMpage.exe" R=400 T=4 P="C:\Program Files\RAMpage\RAMpa... Read more

A:Symantec Email Scanner problem on Norton AntiVirus 2005

Make sure to update Windows and Internet Explorer at http://windowsupdate.microsoft.com.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that Display the contents of System Folders' is checked. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Restart your computer. After we are finished with your log file and verified that it's clean, you may turn it back on an... Read more

12 more replies
Answer Match 46.2%

I keep on getting fake virus scan internet pages opening up - under the name "Antivirus 2010" - claiming i have hundreds of viruses which i can only remove by buying their software. Whever i go onto websites, i often get rediverted to the "fake scanning" pages, along with dodgy search engines, and not the website i want.How do i remove this? no other anti-malware softwares are picking the infection up.. and i'm getting desperate.here is the DDS log:also please see attached.DDS (Ver_10-10-10.01) - NTFSx86 Run by Angela at 17:27:44.76 on 09/10/2010Internet Explorer: 8.0.6001.18943Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.44.1033.18.3326.2094 [GMT 1:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Windows\system32\lsm.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\... Read more

A:How to locate + destroy "Antivirus 2010" - fake virus scanner

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

2 more replies
Answer Match 46.2%

DDS (Ver_09-05-14.01) - NTFSx86
Run by Compaq_Administrator at 14:10:26.82 on Tue 06/02/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.1284 [GMT -4:00]

AV: Verizon Internet Security Suite Anti-Virus *On-access scanning disabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
FW: Verizon Internet Security Suite Firewall *disabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program F... Read more

A:had antivirus popup my antivirus/spyware won't run

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 46.2%

Well, I was scanning my computer with Panda's ActiveScan, and I've been found with over 2,000 spyware. Yes, I've found 30 before, or 130 before, but over 2,000....it seems a bit much. (And this is after having used CleanUp!) I did what (I assume) I should, ran HijackThis, and here's my results. Thanks in advance for the help.

Logfile of HijackThis v1.99.1
Scan saved at 0421:12, on 23.02.06
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\System32\TPWRTRAY.EXE
C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\EZSP_PX.EXE
C:\Program Fi... Read more

A:Solved: Over a Thousand Spyware, Says My Scanner

15 more replies
Answer Match 46.2%

I still can't get rid of that annoying raze spyware desktop.
The windows system I run is XP.
I tried running the ewido program following all the instructions on this site, and still I can't get rid of the raze spyware desktop.

The desktop is a red background with a flashing black pop-up.
If you have any new ideas or info on a new way to get rid of this, please e.m. me at my address.

Thanks for your time.
 

A:I tried the ewido scanner, still can't get rid of raze spyware

11 more replies
Answer Match 46.2%

I am wondering if there is any free (good) portable anti-spyware scanner because i want to make sure that my normal scanners are doing their job, and I don't feel like installing anything extra. I am using windows vista.
 

More replies
Answer Match 46.2%

What is the best and free spyware and virus scanners for Windows XP?
 

A:Best Free Virus and Spyware scanner?

10 more replies
Answer Match 46.2%

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:09:42 AM, on 7/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Spyware Doctor\pctsTray.e... Read more

More replies
Answer Match 46.2%

IE pops up with "this page cannot be displayed" or just fake "you're computer may be infected" type messages... Then AVG pops up saying "threat detected"... When I run AVG or MalwareBytes, I get nothing... I just want to know how to make it stop
 

More replies
Answer Match 46.2%

Does anyone know of a good program, ( freeware ) for the above mentioned?
chuck
 

A:Spyware, Malware Scanner, Cleaner.

Hi chuck, there's a few choices to consider....

MalwareBytes https://www.malwarebytes.org/

SuperAntispyware: http://www.superantispyware.com/

AdwCleaner: http://www.bleepingcomputer.com/download/adwcleaner/
 

2 more replies
Answer Match 46.2%

Folks,I have been trying off and on for 2 weeks to clean this machine. It is my brother in laws computer and used by his kids to play many on-line games. It came to me with a BSOD which I recovered from by removing Antivirus XP malware using Malwarebytes Anti malware. I subsequently cleaned about 30 infections off the machine. I have scanned it with AVG Free, Malwarebites, Spybot S&D, Ad-Aware, House call and Bit defender (online). Still It has a browser highjacker in both Firefox and IE v8. I am getting repeated virus alerts from AVG concerning iastor.sys and one concerning kxdiypod.sys. I have tried to replace iastor.sys by renaming it and copying a new version. Every time I mess with it, I get another AVG alert and it replicates itself. Please help!DDS (Ver_10-03-17.01) - NTFSx86 Run by Michele at 17:54:04.18 on Sat 04/24/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.202 [GMT -4:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) Copyright Information 0============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exesvchost.exesvchost.exeC:\Program Files\AVG\... Read more

A:Exploit Rogue Spyware scanner

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

17 more replies
Answer Match 46.2%

What's a good free spyware scanner that comes , already dowloaded with a certain amount of basic definitions already on it?. Kind of like what Avast does for antivirus.

The reason I ask is that I have a friend that can't get online with her NetZero dialup and I want to eliminate the problem being related to spyware. In other words, I want a scanner that doesn't need to be updated right anyway and just might find something.

By the way...could a virus or malware stop someone from connecting on a dialup connection? When I use the Netzero software it connects briefly to the internet but then the modem shuts down. I don't think it's a modem problem either because I queried the modem just fine and was actually able to connect with a connection I made myself from the new connection option in Windows 2000. However I could not get anything to come up on IE.

I also could not get online by using the Internet Connection Wizard. The one that connects you, using an 800 number. It also was cut off by the modem.
 

More replies
Answer Match 46.2%

Hi, please help, been getting popups for free spyware scanners, did a bitdefender scan and it managed to move 5 virus infected files, but I still get popups from 'myprivacyguard' and 'Adwareremover2007'. Bitfender also detected and blocked Trojan.Agent.BHO.N, Trojan.Agent.ABSG, Trojan.Downloader.Agent.YNQ, Adware.Agent.NAV, Trojan.Downloader.Agent.YNU in the file http://www.thenetworkcom.com/fast-update/upd_cb.zip, how can this file be removed?This is my Trendmicro HijackThis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 17:44:44, on 28/10/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16544)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\ehome\ehtray.exeC:\WINDOWS\AGRSMMSG.exeC:\WINDOWS\eHome\ehmsas.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Acer\Empowering Technology\eDataSecurit... Read more

A:Popups For Free Spyware Scanner

cl0ud,Welcome to the forum, you have multiple infections on this system. Lets do a few things.Download ComboFix from Here or Here to your Desktop.Double click combofix.exe and follow the prompts.When finished, it shall produce a log for you. Post the Combofix log and a HiJackthis log in your next replyNote: Do not mouseclick combofix's window while its running. That may cause it to stallOpen HijackThis > Do a System Scan Only, close your browser and all open windows including this one, the only program or window you should have open is HijackThis, check the following entries and click on Fix Checked.Some of these may be goneR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =O2 - BHO: MSVPS System - {6EB10F79-5E53-4F76-B146-409EFCDCB957} - C:\WINDOWS\movctrlfqd.dll (file missing)O3 - Toolbar: The nssfrch - {DF0ACE0C-4A3F-4A1F-8676-BA16DEB23C70} - C:\WINDOWS\nssfrch.dllO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO21 - SSODL: bxsbang - {7C244A7A-44CC-4104-8133-40430C7AF562} - C:\WINDOWS\bxsbang.dllO21 - SSODL: ocgrep - {598370DE-4746-4951-B4F6-85459895E243} - C:\WINDOWS\ocgrep.dll (file missing)We need to make sure all hidden files are showing :Click Start.Op... Read more

2 more replies
Answer Match 46.2%

My computer has randomly shut down and or restarted in the last week or so and now it is really slow and antivirus XP 2008 popups/program flood the computer
have ran spybot and lavasoft ad-aware and avg

Logfile of HijackThis v1.99.1
Scan saved at 10:28:20 PM, on 8/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\pphc1swj0e3a5.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://xcelco.on.ca
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://xcelco.on.ca
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.antivirus-xp-08.com/buy/e84633b9e08b91446f79cca023da60ed
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: 38.113.174.32 ads.sup.com
O1 - Hosts: 38.113.174.32 dehp.myspace.com
O1 - Hosts: 38.113.174.32 demr.myspace.com
O1 - Hosts: 38.113.174.32 desk.myspace.com
O1 - Hosts: 38.113.174.32 delb.myspace.com
O1 - Hosts: 38.113.174.32 view.atdmt.com
O1 - Hos... Read more

A:(HJT log) Random shut down now antivirus xp 2008

7 more replies
Answer Match 46.2%

hi, everyone am i lucky to discover this site? virus has taken over my pc for 2 week now, it switch of all antivirus including notion. it also deactivated task manger & hibernation menu. kind ly help

A:virus shut down every antivirus i load

Hello. Read http://www.bleepingcomputer.com/virus-remo...alware-tutorialI think it's best for your computer, to threat that infection. Just follow the steps on http://www.bleepingcomputer.com/forums/topic34773.html (Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help). When post your (Hijackthis log +) DDS Log: Do not post it at this topic or this forum but on http://www.bleepingcomputer.com/forums/forum22.htmlBe patient, it's very busy at this forum. A professional expert will view your logs and will help you with that problem. Do not use tools (like ComoFix) without professional experience/helper.Good luck.

1 more replies
Answer Match 46.2%

Thanks for the help you provide!
I have Windows 7 Pro, SP 1, 64-bit OS.

Problems seemed to start when I updated Java and/or Avast. I have an automatic updater that pops up and says new version of Java is available, so I clicked on it to install (not sure if this pop-up is a virus I clicked on or is normal?). I had Java 6 Update 26, and it said I should update to Java 6 Update 32. Got an error trying to install it: Error 25099: Unzipping core files failed. It uninstalled my old version, but the new version install failed.

At the same time, my Avast Antivirus expired --> could've sworn I had 2 days before expiring, but when I looked it had already expired, so my computer was left unprotected for about half a day and while attempting the Java install above. I updated Avast to new version and ran full scan:
AVAST SCAN RESULTS - THREATS DETECTED:
- C:\Users\Me\AppData\Local\temp\3B8.tmp --> Win32:Ma10b-EL[Cryp]
- C:\Users\Me\AppData\Local\temp\ms0cfg32.exe --> Win32:Carberp-ABK[Trj]
- C:\Users\Me\AppData\LocalLow\Sun\Java...\Test.class --> Java:CVE-2012-0507-CB[Expl]
- C:\Users\Me\AppData\LocalLow\Sun\Java...\Msgs.class
- C:\Users\Me\AppData\LocalLow\Sun\Java...|>a.class
- C:\Users\Me\AppData\LocalLow\Sun\Java...|>u.class
- C:\Users\Me\AppData\LocalLow\Sun\Java...|>z.class
- C:\Users\Me\AppData\LocalLow\Sun\Java...|>FcPred.class

I moved all above threats to the Avast Chest and then ran an Avast Boot-time Scan. These are the results, showing some ... Read more

A:Browsers Disabled, Antivirus Shut Off

Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

It appears that you have two antivirus programs installed and running, Ad-Watch and avast!.

While this may seem like better protection, they can actually conflict with one another and cause system instability or even system hangs.

Please choose one to keep and uninstall the other via Programs and Features in your Control Panel.

------------------------------------------------------

Check for additional security risks: Please download CKScanner? by askey127 and save to your desktop.
Double-click on CKScanner.exe and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File. You will be prompted, just click OK.
Post the contents of ckfiles.txt in your next reply. It is located on your desktop.
------------------------------------------------------

Please download aswMBR.exe to your desktop. Double-click aswMBR.exe to run it.
When prompted to download the latest Avast! virus definitions, please choose Yes
Click the Scan button to start scan.
Wait unti... Read more

12 more replies
Answer Match 45.78%

Hi,

(Feel free to move this post if you decide it's in the wrong catagory. I'm posting it here though cause I believe, based on the number of visitors to this forum, this is where it'll get the most attention)


Quote:




7 July 2008, 13:40
Panda online virus scanner updated

Panda Security has updated its ActiveScan online virus scanner, fixing two critical vulnerabilities. According to a security advisory by Karol Wiesek, a buffer overflow could be triggered in the update function for an ActiveX control (as2guiie.dll) for Internet Explorer, allowing injection and execution of malicious code. In addition, it was also previously possible to install arbitrary CAB files on a system using crafted websites.




This came from this link in the online ZDNet article titled Approximately 800 vulnerabilities discovered in antivirus products, dated July 7, 2008. They're both an interesting read with the latter article describing the onslaught of malicious code security programs and people, including these TSF volunteers, deal with. In short the article is stating that even antivirus programs themselves are vulnerable to viruses, so be extra diligent with security updates, surfing and file-sharing habits. I always knew that not every virus is stopped by an antivirus program; that was just a given: it's impossible to be 100% protected. But this came as a surprise...


Quote:




During the past few months, specialists..... Read more

More replies
Answer Match 45.36%

My stepson's computer, running W2K SP4, is infected with something that keeps popping up malware alerts and IE or firefox windows. Right now, for example, on my screen I have a security warning about Trojan.W32.Looksky, a dialog box asking me to click OK to start SecurePCCLeaner, an IE window offering to download Trojan&Spyware scanner, another IE window also offering securePCCLeaner, and a firefox tab offering a download called "privacyprotector". The computer is almost unusable. Any help is appreciated.
Thanks

Logfile of HijackThis v1.99.1
Scan saved at 8:15:48 PM, on 9/11/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\PcCtlCom.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\tmproxy.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\SOUNDMAN.EXE
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\PcScnSrv.exe
C:\Program Files\X3watch\x3watch.exe
C:\Program Files\Trend Micro\Internet... Read more

A:Solved: Trojan&Spyware scanner - popups

11 more replies
Answer Match 45.36%

Hello,
I am having a problem within my Window7 OS. I removed a "Java solace k" virus in 06/2010 but am still having issues with redirects from my browser and fake security scanners telling me of a security breach within my system. Any assitance would be greatly appreciated.

buhdabless

A:malware/spyware and fake security scanner

Hello please try this approach.Reboot into Safe Mode with Networking How to enter safe mode(XP)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode with Networking using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. >>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
If nothing happens or if the tool does not run, please let me know in your next replyDo not reboot your computer after running rkill as the malware pro... Read more

5 more replies
Answer Match 45.36%

Hi, I have pro system scanner and spyware remover 2009 on my system. I have run Super anti spyware and Malwarebyte's anti malware. They did remove a trojan at one point but the infection continues. I'm on a pc with xp pro sp2. Please help.
Thank You sotasteve

A:pro system scanner and spyware remover 2009

Let's run another pass with MBAM, update itPlease download ATF Cleaner by Atribune & save it to your desktop.Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox browser click Firefox at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser click Opera at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".Please download Malwarebytes Anti-Malware (v1.34) and save it to your desktop.alternate download link 1alternate download link 2If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will... Read more

9 more replies
Answer Match 45.36%

My son downloaded some videos on how to fix his car from You Tube and since then my laptop has been getting worse and worse. I ran Sammsoft ARO and Malware. I have since taken both off my computer thinking that might help. I have AVG, but it comes up with nothing when I scan. I keep getting the threat alert scaneriche.cz.cc/scan/dim_sp2/free as the file name and Exploit Rogue Spyware Scanner (type 140) as the Threat name.
I found a post about rkill on a random site and downloaded rkill, but every time I try to run it my computer goes to blue screen with a loooong message and then reboots automatically.
When I try to use the internet, I am directed to different sites that I don't want.
Help!!

A:Exploit rogue Spyware Scanner (type 140)

Hello kathym and welcome to BC.

We're so sorry about the delay, do you still need help?

4 more replies
Answer Match 45.36%

I've recently acquired the false Zinaps malware "remover," and i'm trying to get rid of it. I've reasd that its really recent, so my previous scanners probably will not do the job. Could I get some help?

The lower task bar "notifies" me constantly with a yellow triangle with an exclamation mark. It reads "Windows has detected spyware infection. It is recommended to use special antispyware tools to prevent data loss. Windows will now download and install the most up-to-date antispyware for you."

By the way, this is Windows XP

Also, my computer's been excruciatingly slow recently (even before Zinaps), so if you could help me take care of those too?
 

A:Zinaps rogue spyware scanner 7.0 removal

Here's the HiJackThis log

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 3:21:54 PM, on 6/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\VMware\VMware Player\hqtray.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\P... Read more

1 more replies
Answer Match 45.36%

I'm infected with a Fake spyware scanner by the name of Zinaps 7. Can you help me get rid of it?

Thanks.
 

A:Help me delete Zinaps 7 rogue spyware scanner

Welcome to TSG

Please click Here to download HijackThis to your desktop.

Click the Download button. When the Trend Micro HJT install box appears, double click on the HJTInstall.exe. Click on Install.

It will be installed by default here: C:\Program Files\Trend Micro\HijackThis

A shortcut to the application will also be placed on your Desktop.

The program will open automatically after installation.

You can double-click the icon that was placed on the Desktop to run subsequent HijackThis scans or you can use the icon inside the folder. The folder HijackThis is where you will find the HJT logs that you save. When you use the application to remove anything, you will also find the backup copies made by HJT inside this folder.

Close all other windows except HijackThis.

Click on "Do a system scan and save logfile" When the log pops up in Notepad, copy and paste that file back here.

Do NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required.
 

1 more replies
Answer Match 45.36%

I am looking for a program that I can install on a centralized server and run scans from single client machines. I am not aware of anything that will let me do this. I have about 300 machines and need something besides installing on 300 machines. I would like to hear all suggestions on ways to handle this task.
 

A:Spyware scanner that runs from centralized location

6 more replies
Answer Match 45.36%

I recieved a threat alert on my AVG 8.0 that I had something called Exploit Rogue Spyware Scanner type 621. I ran the AVG Scan and it showed nothing. I ran Adaware and all it found were some tracking cookies. I started getting redirected when browsing with internet explorer and I down loaded Mozilla because the pop ups and redirects became so bad I couldn't use My Internet Explorer to get to any place for help... This is My HighJackThis Log.... I do not know why all My AVG Scans come back that everything is fine. Please can You Help me... I have No Idea What this is.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:26:49 PM, on 3/21/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpe... Read more

More replies
Answer Match 45.36%

Referred here from: http://www.bleepingcomputer.com/forums/t/206430/pro-system-scanner-and-spyware-remover-2009/ ~ OBI was referred to this forum by DaChew from the Am I Infected forum. I'm running windows xp pro sp2. The pro system scanner and spyware remover 2009 are popping up frequently and being very invasive, sometimes locking my computer. Here are the required logs. Thank you for your help. DDS (Ver_09-02-01.01) - NTFSx86 Run by Steve at 15:04:38.03 on Fri 02/27/2009Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_12Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1918.1457 [GMT -5:00]============== Running Processes ===============C:\WINDOWS.0\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS.0\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS.0\system32\spoolsv.exeC:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS.0\system32\svchost.exe -k imgsvcC:\Program Files\Webroot\Spy Sweeper\SpySweeper.exeC:\Program Files\Webroot\Washer\WasherSvc.exeC:\WINDOWS.0\system32\wscntfy.exeC:\WINDOWS.0\system32\userinit.exeC:\WINDOWS.0\Explorer.EXEC:\WINDOWS.0\RTHDCPL.EXEC:\Program Files\ImagePrint\spool\mux\muxd.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\WINDOWS.0\System32\spool\DRIVERS\W32X86\3\E_S5I0O2.EXEC:\Program Files\DNA\btdna.exeC:\WINDOWS.0\system32\ctfmon.exeC:\Program Files\HP\Digital... Read more

A:pro system scanner and spyware remover 2009

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for p... Read more

2 more replies
Answer Match 45.36%

alright so out of no where today my computer is infected with the "you need to download this program to protect your computer from viruses, spyware, etc." crap.

i have been working at it for the past hour and cant seem to find out why it wont let me run any sort of removal programs.

i went into my registry deleted the the files there, deleted all the temp files, and it still wont budge.

i need some help here, im researching into it, but any help here is definatley appreciated.

-chris

extra information :

backdoor.win32.kbot.al - keeps popping up and others like it

A:every sort of spyware scanner refuses to open!

Try scanning with this:http://www.free-av.com/en/products/12/avir...cue_system.html

16 more replies
Answer Match 45.36%

Hi i have Norton Antivirus on my laptop im looking for a spyware scanner like spybot witch one is good and compatible with windows vista
thanks
 

A:Solved: A Good Free Spyware Scanner

8 more replies
Answer Match 45.36%

My Computer is:
Lenovo Thinkpad 6460-7EU
Windows XP Pro SP 2 (5.1.2600.2765)
All Updates and Optional Updates Applied
3GB RAM
83GB Free Space on HD (56%)
Intel Core 2 Duo T7300 @ 2.00 Ghz
Symantec Corporate Antivirus 10.0.0.359 (with updates through 22 Apr 2008)
Windows Defender (updated)
Microsoft Malicious Recovery Tool (March 2008)

I have a corporate laptop that had the following symptoms:
1. A link to Viruswebprotect.com kept poping up to initiate a scan
2. "error cleaner" kept popping up
3. "privacy protector" kept popping up
4. "Spyware&Malware Protection" kept popping up
5. A Task Tray icon for "trusted anti-vrus" was present

I found a previous post regarding these exact same symptoms, so instead of posting my initial findings I went ahead with the cleanup, but found even more than the original poster afterwards. The other viruses were Symantec Defined as "Trojan.Vundo" and "downloader.Zlon!gen.2".

After around 12 hours of cleaning I think I have repaired the problem fully and would like to post my HiJackThis Log for your expert opinion:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:36:26 AM, on 4/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\W... Read more

A:viruswwebprotect plus other popup spyware scanner stuff

Here is my combofix log:
ComboFix 08-04-22.5 - User1 2008-04-23 9:57:28.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2060 [GMT -4:00]
Running from: C:\Documents and Settings\User1\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\User1\g2mdlhlpx.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\rs.txt
C:\WINDOWS\rtqmekwg.exe
C:\WINDOWS\system32\khfCTmnL.dll
C:\WINDOWS\system32\LnmTCfhk.ini
C:\WINDOWS\system32\LnmTCfhk.ini2
C:\WINDOWS\system32\oacqcncs.ini
C:\WINDOWS\system32\qoMFurop.dll
C:\WINDOWS\system32\scncqcao.dll
C:\WINDOWS\system32\uxdfpmto.dll

.
((((((((((((((((((((((((( Files Created from 2008-03-23 to 2008-04-23 )))))))))))))))))))))))))))))))
.

2008-04-22 07:52 . 2008-04-22 07:52 21,361 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-04-22 07:52 . 2008-04-22 07:52 21,361 --a------ C:\WINDOWS\AegisP.sys
2008-04-22 07:52 . 2008-04-22 07:52 13,984 --a------ C:\WINDOWS\AegisP.inf
2008-04-22 07:52 . 2008-04-22 07:52 10,640 --a------ C:\WINDOWS\AegisP.cat
2008-04-22 07:49 . 2008-04-22 07:49 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Intel
2008-04-22 07:49 . 2008-04-22 07:49 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Intel
2008-04-22 07:49 . 2008-04-22 07:49 <DIR> d... Read more

1 more replies
Answer Match 44.94%

Hi, today I decided to try ZoneAlarm's free firewall. Before I could download it, the website strongly recommended I run they're "free" online spyware scanner.
I did so, and this is what it spit out:
Blackbox - Keystroke Logger

GUID - {0863A990-95FD-11D1-B777-00001C1AD1F8}

File Name - C:\Program Files\Tecnomatix\Common\DWSBC36.OCX

RegistryKey - HKEY_CLASSES_ROOT\CLSID\{0863A990-95FD-11D1-B777-00001C1AD1F8}

GUID - {3BD2C94F-049E-11D1-B66A-00001C1AD1F8}

RegistryKey - HKEY_CLASSES_ROOT\CLSID\{3BD2C94F-049E-11D1-B66A-00001C1AD1F8}

GUID - {5B238A07-94F7-11D1-B776-00001C1AD1F8}

RegistryKey - HKEY_CLASSES_ROOT\CLSID\{5B238A07-94F7-11D1-B776-00001C1AD1F8}

GUID - {679C8412-93B8-11D1-B773-00001C1AD1F8}

RegistryKey - HKEY_CLASSES_ROOT\CLSID\{679C8412-93B8-11D1-B773-00001C1AD1F8}

ProgID - Dwsbc36.Subclass.6

GUID - {7F5E3525-F816-11D0-B64C-00001C1AD1F8}

RegistryKey - HKEY_CLASSES_ROOT\CLSID\{7F5E3525-F816-11D0-B64C-00001C1AD1F8}

Desaware Spyworks - Hacker Tool

GUID - {2C704DBB-9C46-11D1-B784-00001C1AD1F8}

File Name - C:\Program Files\Tecnomatix\Common\DWSHK36.OCX

RegistryKey - HKEY_CLASSES_ROOT\CLSID\{2C704DBB-9C46-11D1-B784-00001C1AD1F8}

GUID - {2C704DBC-9C46-11D1-B784-00001C1AD1F8}

RegistryKey - HKEY_CLASSES_ROOT\CLSID\{2C704DBC-9C46-11D1-B784-00001C1AD1F8}

GUID - {2C704DBD-9C46-11D1-B784-00001C1AD1F8}

RegistryKey - HKEY_CLASSES_ROOT\CLSID\{2C704DBD-9C46-11D1-B784-00001C1AD1F8}

ProgID - dwshk36.WinHook.6

GUID - {389B19B9-... Read more

More replies
Answer Match 44.94%

Hello, i suspect this all happened a few days ago when a friend attempted cracking a software program for me. Which he did do, but I see I am paying for it. The day it was cracked AVG detected a trojan downloader, I don't remember the name since i dismissed it.(Had gotten them before with no problem.) But I still ran avg scans in normal and safe mode and deleted all files it showed as a threat. About 4 days later after no problem my computer started acting sluggish all of a sudden, the next day AVG detected a new threat "Exploit Spyware Scanner" through the web alert I believe it was and told me the infected file and process was IEXPLORE.EXE, which was odd since I had deleted internet explorer a long time ago. I finally found it in program files and attempted to delete it but it wouldnt let me. The files I was able to delete from the IEXPLORE.EXE folder would come back the second I deleted them so I gave up and started looking for help. Around this time I started getting popups mostly spyware/adware removal related while firefox was inactive. The site I went to suggested running SuperAntiSpyware removal program, so I did. Out of 50 minutes of scanning it has found these problems:
Adware.Vundo/Variant-PrintDlgExW 9 files
Adware.Vundo/Variant 2 files
Trojan.Downloader-NewJuan/VM 2 files
Adware.Hotbar/ShopperReports(low risk) 24 files
Adware.Zango/Shopping Report 137 files
Adware.Vundo Vairant 7 files
Trojan.Vundo-Variant/NextGen-Six 4 files
Trojan Vundo Variant... Read more

A:Exploit Spyware Scanner/Vundo & Trojan infection

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. Please download Trend Micro - HijackThis. Do a new scan with Trend Micro - HijackThis and post it in your next reply. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instructed to do so! Let me know if any of the links do not work or if any of the tools do not work. Tell me about problems or symptoms that occur during the fix. Do not run any other programs or open any other windows while doing a fix. Ask any questions that you ... Read more

2 more replies
Answer Match 44.94%

Today when I turned the PC on, I noticed my NIS icon was missing from the taskbar, so I opened the program and several things were turned off. I don't know how that happened nor can I figure out how to turn them back on. I'm on WinME running NIS2005. I've been keeping updated with Live Update, but can no longer upgrade NIS because still using WinME. This past weekend the grandkids were here and I found a new flashing icon on the taskbar that I couldn't get rid of, so I went back to a previous restore point. All seemed well yesterday, but today NIS is not working. Here's my HJT log - can anyone help me?
Logfile of HijackThis v1.99.1
Scan saved at 7:23:33 PM, on 7/31/2007
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY\ISSVC.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\ALUSCHEDULERSVC.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\S... Read more

A:NIS problem - Firewall, Outbreak Alert, Antivirus shut off

7 more replies
Answer Match 44.94%

Just finished cleaning up computer after major spyware/malware infestation. It took a whole week, and I ended up learning a lot! Have Norton Internet Security 2005, Spybot, Adaware SE, Spysubstract installed. Finally got rid of Adware.EliteBar A,B,C, Adware.Virtumonde, Adware.Binet, Spyware.Webhancer and numerous other pesky problems. My problem now is that my computer will not shut down, restart, or log off, and I think it's related to a Norton file, ccApp.exe. Also, Outlook Express is running really sluggishly. How do I resolve this problem? The Symantec website wasn't any help. I'm so proud of myself that I wrestled this beast to the ground, and I just want to finally get back to normal -- whatever that is! By the way, I really appreciate the help you guys give us techno-challenged users. My Hijackthis log is attached.

A:Can't shut down after spyware removal....

Remove this file from your drive..

O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvhau32.exe

copy and paste a new log here when done.Please dont attatch it.

10 more replies
Answer Match 44.94%

I have some nasty little bugger in my computer wont let me run any spyware programs and will shut down IE. I tried to run the DDS file but it would always stall. However I was able to run the rootkit scan.I am running windows xp media editionROOTREPEAL ? AD, 2007-2009==================================================Scan Start Time: 2009/08/22 13:16Program Version: Version 1.3.5.0Windows Version: Windows XP Media Center Edition SP3==================================================Drivers-------------------Name: Image Path: Address: 0x00000000 Size: -2141828160 File Visible: - Signed: -Status: -Name: 1394BUS.SYSImage Path: C:WINDOWSsystem32DRIVERS1394BUS.SYSAddress: 0xB80C8000 Size: 57344 File Visible: - Signed: -Status: -Name: ACPI.sysImage Path: ACPI.sysAddress: 0xB7F79000 Size: 187776 File Visible: - Signed: -Status: -Name: ACPI_HALImage Path: DriverACPI_HALAddress: 0x804D7000 Size: 2150400 File Visible: - Signed: -Status: -Name: afd.sysImage Path: C:WINDOWSSystem32driversafd.sysAddress: 0xA70C5000 Size: 138496 File Visible: - Signed: -Status: -Name: AGRSM.sysImage Path: C:WINDOWSsystem32DRIVERSAGRSM.sysAddress: 0xB607B000 Size: 1094944 File Visible: - Signed: -Status: -Name: arp1394.sysImage Path: C:WINDOWSsystem32DRIVERSarp1394.sysAddress: 0xA8F54000 Size: 60800 File Visible: - Signed: -Status: -Name: atapi.sysImage Path: atapi.sysAddress: 0xB7E35000 Size: 96512 File Visible: - Signed: -Status: -Name: audstub.sysImage Path: C:WINDOWSsystem32DRIVERSaudstub.sysAddress: 0... Read more

A:IE and Anti-spyware shut down

Anyone?

6 more replies
Answer Match 44.52%

Have tried to delete this but have been unable to. Tried to delete with change or remove programs, and through searching files. have run many spyware scanners, have got norton antivirus, adaware, spy doctor, run house call and a few others. none have got rid of it.Popup message coming up at bottom right hand side of screen, blinks between a cross and question mark when the message is not there. Message reads 'System Alert - System has detected a number of active spyware applications that may impact on the performance of your computer . Click the icon to get rid of unwanted spyware by downloading an up-to-date antispyware solution.'Logfile of HijackThis v1.99.1Scan saved at 8:02:58 PM, on 6/14/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC... Read more

A:Annoying Safety Alert - Sends Me To Spycrush.com (spyware Scanner)

Welcome to the BleepingComputer HijackThis Logs and Analysis forum adar Download SmitfraudFix (by S!Ri), to your desktop.Double click on Smitfraudfix.cmdSelect option 1 ? Search, by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy and paste the content of that report into your next reply.*IMPORTANT* Do NOT run any other options until you are asked to do so!***************************Please download Combofix and save to your desktop:http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exeNote: It is important that it is saved directly to your desktop Close any open browsers. Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the entire contents of C:\ComboFix.txt into your next reply. Note: Do not mouseclick combofix's window while it's running. That may cause the program to freeze/hang. Also post a new Hijackthis log please.

2 more replies