Tech Problem Aggregator

Infected Files with Adware & Quarantined files with Malawarebytes

Q: Infected Files with Adware & Quarantined files with Malawarebytes

Hello new forum, my name is Becca and I have been advised to post in here.  First, I would like to say thank you for what help I have received, and your patience and guidance.  Ok let me start at the beginning.  Around the end of September or beginning of October my laptop started acting krazy.  I would check for Windows updates and try to download and install them only to have them fail, or all fail but 1 or 2 would go through.  And one day it said I had 61 updates, because it had not updated in over a week.  So I had already been trouble shooting, me reading articles and feed back in MIcrosoft support or or on Microsoft -tech.  Then I notice one day this user “Updatus” came up.  Well there is no one on my laptop ever, just me.  I went back again trouble shooting and went word for word  in this steps found on Microsoft support to remove this account.  I backed up a copy of my registry keys first and then I thought I had this account deleted only for it to be back tomorrow.  The next day, I am changing some settings in control panel and was going to back up some stuff when I get this error message saying I could not back up because files in the Task Scheduler were corrupt or tampered with.  So when I opened the Task Scheduler Ig showed me that HP Active Health Scan (HPSA)was the same error, along with all of these;pc health Analysis, HP Support Solutions, Frame work updates, MC updates_scheduler, Dispatch Recovery Tasks, Windows Parental Controls, Back up Monitor, and Automatic updates.  So I found a link to someone that needed help that was having some of the same issues I was having and I followed the list and instructions to a tee.  First, I opened cmd at start, ran as administrator ran sfc/scannow and it completed stating they found errors but they were able to fix them and the changes would take place after reboot.  But they never were corrected.  So I would continue to read on-line and try and fix different things but with no help.  Then 2 days after my entire system shut me out because of  “Not enough Free Space/Memory.  No c drive, no internet, no windows exe would open it was like having a worthless piece of bleep.  Then my fiance got this Trojan removal file from Norton.  It was on me trouble shooting on Norton that I was introduced to Bleeping Computers forum.  After reading on the forum I installed Malwarebytes, adware, and some others.  Posted forum in Wimdow 7 forum here at Bleeping Computers.  I will post link to that and was suggested to post here.  I am almost ready to restart from factory could really use help please.
 
http://www.bleepingcomputer.com/forums/t/629847/virus-or-not-windows-7-unknown-users-and-crazy-files/?view=getnewpost

A: Infected Files with Adware & Quarantined files with Malawarebytes

Addition.txt 65.07KB
4 downloads
FRST.txt 79.17KB
4 downloads Here are the frst.txt and  the Addition.txt files 

1 more replies
Answer Match 83.58%

I have Mcafee on my system and I think my system is highly infected with malware or virus or both; also, spyware as well. I encountered a problem in which MacAfee says that "Virus Found: The file (name of file) is infected by the New Win32 virus and cannot be cleaned. I was able to do a succesful virus Scan at first and stated that 775 files were infected, many of them .exe. Because of my ignorance, I went ahead and quarantined the files; now they are not usable (i.e. Task Manager, Internet Explorer 7 and other files). Now, here's the twist; I cannot access McAfee Manage Quarantined files from the menu as it states the mcmnhdler.exe file is infected by the NewWin32 virus. It has says the same for the file mghtml.exe. So, I can't have any of these files run.

All of the problems happened after I shared a file off of LimeWire, which I thought was a legit P2P platform.
Some symptoms:
1. I get the error message as stated above for any file that I try to run that has the New Win32 virus. One of the common errors that constantly popups is C:\CENTENN.IAL\AUDIT\xfarwan.exe is infected with the NewWin32 virus and cannot be cleaned. When I try to find the file manually, I cant find it in the location mentioned.
2. I have this red X on a shield icon that in the bottom right of my screen, stating that "Spyware infection has been detected." When I click on it, it asks me if I would like update your security software to install System Live Prot... Read more

A:Please Help .... My System Infected By New Win32 Virus And Mcafee Manage Quarantined Files Is Disabled

I'm sorry to tell you this, but it looks like you already know it. Your system is massively infected.Since you use this computer in your work, I don't think you should try to clean it. When a system has been infested as badly as this one, there is no way to be sure that it is "cured." Even if you remove all visible traces of infection there may be other leftovers that you cannot find.The best solution would be to back up your data, then reformat your C:\ and reinstall Windows, either from your Windows install disk or your computer maker's system recovery disk.If you can burn CDs on the machine you can backup the data that way. Other alternatives would be a USB flash drive or hard drive.If Windows is so messed up that you can't use it for file copying or CD burning, then you have to try other methods. If you have access to another computer you can download and burn the Knoppix live Linux CD, then boot your laptop from it. Here is a link to an online tutorial explaining the basics.Once the Linux CD is running you can mount the hard drive and copy files off it to a flash drive or burn them to CD -- or upload them to an online file storage service, as one fellow mentions in the combox. The Knoppix CD has a lot of network drivers and in most situations will give you access to the Internet.The last alternative is to remove the hard drive from the laptop and install it as a "slave drive" in another PC. That is how a professional repa... Read more

2 more replies
Answer Match 74.34%

I can not desinfected my compurer. I bought PcCillin internet 2006, but I can not install it. A screen notice looks like : "Setup has detected an unsupported platform. Please refer to the document for the list of supported platform." I follow all direcction and instruction sach as: uninstall all antivirus adware protection, I checked all requirement from my computer to install but nothing work. I have pentium III not II, windows XP.

I have a lot of advertisement or screen warning about my computer working freeze crashed and too slowdown , They advisement to install but when I do that I got more viruses and they say I have to buy it to desinfected. This advertaisment appears frecuently.

NOTICE LIKE: "If your copmuter has been running slower than normal or a subject to system crashes freezes and random reboots it may be infected with spyware or Adware.
Ultimate Window Defender may performer free scan of your system
Click OK and download and run Ultimate defner to prevent further problems".

When I try to scan with tren Micro to scan trojans etc.. appear a screen AS: "Access violation at address 04693D87 inModule
"asquared.ocx" Read for address 00000000"

Thanks a lot of
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 2:31:47 PM, 6/19/2006
+ Report-Checksum: C085DAED

+ Scan result:
C:\DocumentsandSettings\Administrator\... Read more

A:Adware Files infected I can't disinfected PLEASE HELP ME

Hi, julmesa

Welcome to TSG.

We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time. Click here Apply the update, reboot, and post a fresh HijackThis log.
 

1 more replies
Answer Match 72.24%

I have Windows 7,i'm handicapped,Panda quarantined system files and when I try to remove Panda it says I will lose my files.I don't have back up,pc already reformatted in April.what will happen if I delete Panda anyway,I only had a free trial with them but they won't go away an they did not protect pc .
 

More replies
Answer Match 72.24%

Hello and thank you for helping me in advance. Here is my story:

about a week ago, I got 4 trojan viruses from what I think is a message board of a website (if name is necessary let me know):

Adware.tvmedia trojan
tvmbho.dll
tvmcore.dll
u117.tmp
u119.tmp

My virus software only announced that they were "detected and deleted". I still ran a virus scan on the whole pc. I ran it again on Safe Mode also. I have 8 "Quarantined files":

tmv.exe
tmv.exe
CS4P028.exe
idx53[1].exe
CS4P028.exe
tmv.exe
CS4P028.exe
tmv.exe

I contacted my virus software tech support (close to useless), who advised me to buy their "spyware" program to get rid of these files. Well, the program got rid of the Adware but the files are still under quarantined.

It seems as thought I have the option of deleting them, but I cannot cleaned them. I was wondering if it is OK to delete.

Thank you so much for your support.

 

A:Quarantined files

Hi and welcome.

Delete.
 

2 more replies
Answer Match 72.24%

Hi all, What should i do here...my vps picked up BKDR_LITMUS.203 and could niether quarantine nor clean it. so what should i do now?
Also should i do anything with the many successfully cleaned viruses on my pc?
thanx
 

A:what to do with quarantined files

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LITMUS.203
 

2 more replies
Answer Match 72.24%

First time posting here so please bear with me. At my office a couple of users workstations were infected with KLEZ.H. I downloaded and ran the fix from f-secure and the computers no longer are infected. However, some infected files were quarantined. Is there a way to repair these? I took one of the files (Adobe Acrobat) out of quarantine and tried to run the KLEZTOOL but it said there was nothing to repair. I then ran NAV which again found the one infected file (Adobe) but could not repair it, so it is again quarantined. Will I ever have use of these files again? Any help and/or suggestions greatly appreciated.
 

A:quarantined files

Welcome to TSG jpjp331

Best to have this as a separate topic, so I've split it off.

In most cases quarantined files can simply be deleted and not restored as long as they are not critical to Windows -- and if Windows is running properly, that is usually the case.

But to be sure we would have to know what the file names are and where they are located.

As for Adobe Acrobat, if it is infected, it is best to remove it through Add/Remove programs rather than "delete" it and install the latest version from Adobe.

http://www.adobe.com/products/acrobat/readstep2.html
 

1 more replies
Answer Match 71.4%

Today I downloaded Avira AntiVir PersonalEdition Classic and Spyware Terminator to replace my Norton Antivirus, which I let go out of date.

Each program scanned and found the following viruses:
Trojan horse TR/Dldr.AEE
Trojan horse TR/Agent.BI

I quarantined the files with the viruses, but I don't know what to do next. For one thing, I don't know what the infected files are normally for, so I don't know whether to delete them. Also, in addtion to the viruses, Spyware Terminator found some malware that I am not sure I have completely removed.

Here is a little more info about the files that contained the viruses:

C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\WINDOWS\iphk.exe
[DETECTION] Is the Trojan horse TR/Agent.BI
[INFO] The file was moved to '47c32804.qua'!
C:\WINDOWS\Downloaded Program Files\counter.inf
[DETECTION] Is the Trojan horse TR/Dldr.AEE
[INFO] The file was moved to '47d029f6.qua'!

Thanks, in advance!
Kwritenow
 

A:I have two Trojan files quarantined--what next?

9 more replies
Answer Match 71.4%

hi there i need help restoring my pictures from my camera. i am really clueless about computers and viruses etc so please explain in 'baby terms' lol...

ok so i connected my camera to pc via usb cable (pretty simple so far) but then ESET NOD32 Antivirus quarantined all the files (reason: Win32/Hider.NAB trojan) and so when i open the drive, its completely empty..

How do i get my pictures out of quarantine without infecting my pc??
 

More replies
Answer Match 71.4%

win 8.1, defender is quarantining files but it doesn't tell me where they are, ms security essentials in 7 would show me where the actual files were. anyway to find out what files it sees as threats.
THANKS FOR ANY HELP

A:defender - quarantined files

Open Windows Defender, click the History tab then View Details.

5 more replies
Answer Match 70.56%

Like the first photo, sometimes Windows Defender shows which file it detected and quarantined. In this case, it's fine.

But, sometimes, it doesn't show what files it detected and quarantined, and shows only perhaps "quarantined" files, and I don't know what were the files! Moreover, like the photo below, if I go to the folders of the addresses, nothing welcomes me.





So how to check?
Thanks!

A:How to know what files are quarantined by Windows Defender

C:\ProgramData\Microsoft\Windows Defender\Local Copy

If nothing shows in there, it was not quarantined would be my guess.

John

1 more replies
Answer Match 70.56%

Hi guys. I ran combofix and it quarantined some files from system32 and MBR_Harddisk0. How do I fix this? Do I just leave it alone?
Is there a way to fix the mbr without deleting it?
 

A:How to remove combofix quarantined files?

Good evening.
While you can leave the files where they are because the file extension disables them so they are safe, you can simply delete them.
 
 

Is there a way to fix the mbr without deleting it?

 
ComboFix may already have dealt with it. I suggest that if you want somebody to take a look at your computer that you follow the instructions here and post accordingly into a new thread and somebody will be along as soon as to help.
 
For tidiness i'll lock this one.

1 more replies
Answer Match 70.56%

Mod Edit: moved to Am I Infected from Vista ~~ boopme
Hi
 
I'm using a Dell XPS PC running Vista Home Premium. After an automatic download and install of Windows Updates from Microsoft on March 11, 2015, many applications have become unusable and shortcuts disabled. On start up the system has many popups stating an inability to open the file or program.The program files and data are still in place. However, many have had quarantine files inserted in the application directories, apparently preventing them from running. Windows Defender shows no quarantined files in its logs . I am not receiving browser redirects. Applications like MS Office , Outlook, etc still seem to work. There do not seem to be signs of an infection. But , given the quarantines, this looks like Microsoft protection on 3rd party applications with which MS is unfamiliar as part of the security updates and patches installed.
 
Please help.
 
Thanks
 
Locksley

A:Quarantined files after Windows Update

I saw something similar recently. Eset Online Scan may confirm what I am thinking is going on.
 
Run the ESET Online Scanner.
Hold down Control and click on this link to open ESET OnlineScan in a new window.
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.
Check "YES, I accept the Terms of Use."
Click the Start button.
Accept any security warnings from your browser.
Under scan settings, check "Scan Archives" and "Remove found threats"
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click List Threats
Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Click the Back button.
Click the Finish button.
NOTE:Sometimes if ESET finds no infections it will not create a log.

3 more replies
Answer Match 70.56%

I was stupid and ran combofix on my own. Having run malwarebytes, MS security Essentials, adwcleaner the laptop i was working on still had some odd behavior. I have used Combofix in the past on other computers without issue but this time it deleted documents, files and programs (combofix itself) from the desktop, My Docs and other locations. They appear to be in c:\Qoobox How do I recover them? I do not want to do anything with this computer until they are recovered. The user will be very upset with it's current state. Please help this fool!
 
I am posting the DDS logs here as directed. Combofix did not appear to create a log file.
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17496  BrowserJavaVersion: 11.25.2
Run by jgrace at 7:22:03 on 2015-01-07
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.4030.1315 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\Rap... Read more

A:Combofix quarantined my data files

Prior to running combofix the following malware programs were run, Malwarebytes Antimalware, MS safety scanner, adwcleaner, followed by malwarebytes again. The last malwarebytes scan found 8 items but locks up so I can not quarantine them (in safe mode). I couldn't scroll the list either but could exit the program. At that point I restarted the computer, I turned off Security Essentials autoprotect and ran Combofix.

60 more replies
Answer Match 70.56%

Hi,
 
I've done a couple of scans now with AdwCleaner (v. 6.020).
It found a few things which is removed and put in quarantine.
However, I want to delete those files now, but cant do that as the program does not give that option.
 
Ive tried to search around on the internet and people suggest to uninstall the program, which will also delete the folder with the quarantined files. However, the program runs directly from my pc with no installation on my PC and can therefore not be uninstalled (i.e. there is no uninstall option inside the program and it cannot be found using CCleaner either).
 
The only thing I can think of is to go to the root (C:adwcleaner) and delete some of the folders there, but I dont know which ones to pick.
 
Please help!
 
A

More replies
Answer Match 70.56%

I ran a full scan of Malwarebyte and it gave many hits such as MySeachDial, Install.Core, Quiknowledge and Superfish. All of these items were put into quarantine. Should I leave them there or should I delete them?Thank you.Brian W

A:Should Malwarebyte quarantined files be removed?

I think you will find that most us (here at least) will opt to remove/delete them."Usually" quarantined items are now out of harms way; and can be left there... But personally I delete anything "quarantined" - so as to remove the pests totally from the system.

5 more replies
Answer Match 70.56%

When I check my zone alarm overview, it tells me how many intruders it has blocked and so on...

It says it has quarantined 27 email messages because of viruses.

Where are these files quarantined?
Is there a way to check them?

thanks
 

A:Zone alarm quarantined files....

6 more replies
Answer Match 70.56%

I run Trend Micro PC-Cillan (for Dell) three times a week. This morning, it came up with 2 threats. Threats names is says is: n/a (not available). In the quarantine folder it says:

Name: ecuinst.exe
File location: Crogram Files\Common Files\AOL\Backup\ACS\Current\comps

Name: A0141517.exe
File location: C:\System Volume Information\_restore{129201EA-BOAC-49B3-96B2-DEB8891E72



When I click "clean" Trend Micro says it is unable to clean, try again after next update.



My question is, can I delete these files instead? Or is there something else I should do? Am I safe by keeping these files in the Quarantine folder?



This is the Hijack This log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 3:58:04 PM, on 7/19/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\CTHELPER.EXE

C:\WINDOWS\system32\CTXFIHLP.EXE

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\Program File... Read more

A:Trend Micro quarantined 2 files

This morning after an update from Trend Micro, I attempted to clean these two files, and it said "no virus found" in both of them. False alarms fixed by the latest update?
 

2 more replies
Answer Match 70.56%

Hello,
My AntiVirus software(Malwarebytes AntiMalware and Norton) has quarantined a few files and registry keys. Should I delete the quarantined files? Or let them stay in quarantine?
examples:
Adware.Deepdive File
Trojan.Vundo.H File
Trojan.BHO Registry Key
... and so on.

Thanks,

A:Quarantined Files/Registry Keys What do I do with them?

When an anti-virus or security program quarantines a file by renaming and moving it into a virus vault (chest) or a dedicated quarantine folder, that file is essentially disabled and prevented from causing any harm to your system. The quarantined file is safely held there and no longer a threat until you take action to delete it. One reason for doing this is to prevent deletion of a crucial file that may have been flagged as a "false positive" especially if the scanner uses heuristic analysis technology. Heuristics is the ability of a scanning program to detect possible new variants of malware before the vendor can get samples and update the program's definitions for detection. Heuristics uses non-specific detection methods to find new or unknown malware which allows the anti-virus to detect and stop if before doing any harm to your system. The disadvantage to using heuristics is that it is not as reliable as signature-based detection (blacklisting) and can potentially increase the chances that a non-malicious program is flagged as suspicious or infected. If that is the case, then you can restore the file and add it to the exclusion or ignore list. Doing this also allows you to view and investigate the files while keeping them from harming your computer. Quarantine is just an added safety measure. When the quarantined file is known to be malicious, you can delete it at any time.

5 more replies
Answer Match 70.56%

Hi, i have followed all the steps you have suggested...with running superantispyware which has returned a log with bunch of qurantined files. I have updated new hj log. What do I do next....which quarantined files can i permanently delete?
 

A:quarantined malware files...which ones to delete?

here is the superantispyware log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/04/2007 at 08:00 PM

Application Version : 3.9.1008

Core Rules Database Version : 3318
Trace Rules Database Version: 1319

Scan type : Complete Scan
Total Scan Time : 01:35:08

Memory items scanned : 503
Memory threats detected : 0
Registry items scanned : 7372
Registry threats detected : 77
File items scanned : 103559
File threats detected : 127

Adware.BusMaster/SafeSurfing
HKLM\Software\Classes\CLSID\{4865F155-CE00-4E93-A414-147844D7C81A}
HKCR\CLSID\{4865F155-CE00-4E93-A414-147844D7C81A}
HKCR\CLSID\{4865F155-CE00-4E93-A414-147844D7C81A}
HKCR\CLSID\{4865F155-CE00-4E93-A414-147844D7C81A}\InprocServer32
HKCR\CLSID\{4865F155-CE00-4E93-A414-147844D7C81A}\InprocServer32#ThreadingModel
HKCR\CLSID\{4865F155-CE00-4E93-A414-147844D7C81A}\ProgID
HKCR\CLSID\{4865F155-CE00-4E93-A414-147844D7C81A}\Programmable
HKCR\CLSID\{4865F155-CE00-4E93-A414-147844D7C81A}\TypeLib
HKCR\CLSID\{4865F155-CE00-4E93-A414-147844D7C81A}\VersionIndependentProgID
C:\WINDOWS\SYSTEM32\TCBLUCUW.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4865F155-CE00-4E93-A414-147844D7C81A}
HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\CommA
HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\CommA#Path

Adware.Mirar/NetNucleus
HKLM\Software\Classes\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}
HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}
HKCR\CLSID\{9A9C9B68-F90... Read more

2 more replies
Answer Match 69.72%

I deleted adwcleaner and then had a horrible thought that the quarantined files would just be released and run rampant through my computer. Any words of knowledge on this?

A:Does deleting adwcleaner also delete the files quarantined by it?

They remain quarantined in
 
C:\Adwcleaner\Quarantine
 
edit: unless of course you have deleted them.

34 more replies
Answer Match 69.72%

Do the quarantined files get deleted with it ?
just want to make sure .

A:What happens when I delete an anti-virus with quarantined files?

If this is the computer being handled  HERE
 
Then  i would wait for nasdaq to finish working his magic with it before making any changes.
 
 
Yes......the quarantine file will be deleted safely when you delete the program.

4 more replies
Answer Match 69.72%

I recently ran a malwarebytes' scan since my computer was running a little slow, and it didnt find anything. Then I ran the ESET online scan and that found some threats but quarantined most of them. The files were winntR1.exe, winnt4.exe, and more of the like. I then ran the HouseCall online scanner and it found some of the same and will not delete them automatically. I'm afraid that if I delete them manually it'll do damage to my system. I already can't click and drag files anymore. I usually try to fix these problems myself and only go to this site as a last resort but I really need help with this problem since I don't know if it could damage my system for good!!! Any help would be appreciated.Here's my HijackThis Log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:43:12 PM, on 8/26/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16876)Boot mode: NormalRunning processes:C:WINDOWSSystem32smss.exeC:WINDOWSsystem32winlogon.exeC:WINDOWSsystem32services.exeC:WINDOWSsystem32lsass.exeC:WINDOWSsystem32svchost.exeC:WINDOWSSystem32svchost.exeC:WINDOWSsystem32svchost.exeC:WINDOWSExplorer.EXEC:WINDOWSsystem32spoolsv.exeC:Program FilesBonjourmDNSResponder.exeC:Program FilesJavajre6binjqs.exeC:WINDOWSsystem32igfxtray.exeC:WINDOWSsystem32hkcmd.exeC:PROGRA~1VERIZO~1SMARTB~1MotiveSB.exeC:Program FilesJavajre6binjusched.exeC:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXEC:winnt_winntR2.exeC:winnt_winnt4.exeC:WINDOWSSystem32... Read more

A:Please Help!! Quarantined files that cannot be removed are messing up my system!!!!

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

23 more replies
Answer Match 69.72%

Hi, One of the techs who helped me a while back, had me use Combo-fix. It worked perfect. I noticed it didn't have to create a Recovery Console. I just saw the file it left today, but I didn't make note of where it was. Is it safe to just let it be? Don't want anyone to accidently RELEASE THE CRACKEN!!! Anyone? Anyone?
 

More replies
Answer Match 69.72%

New to forum and would appreciate help ASAP. Ran ComboFix and should have seeked advice before running. I acted without thinking. AVG blocked a blackhole exploit kit. Therefore, I wanted to do a system restore. Scan process took longer than usual. Scan was deleting folders of concern, but did not try to stop the process by turning off the computer. I feared data would be lost. Startup and Documents is empty, but control panel shows that data is not lost. Everything quarantined and in the Qoobox folder.
I do not know if Combofix's behavior is due to this blackhole kit. I know there have been recent news about blackhole infections with Java 7 and should have installed an older version. Before I try to uninstall and reload ComboFix to restore settings, I need your advice. I will learn from this mistake. AVG's Identity Protection is not active due to the quarantine. I will send any combo logs upon request. I know my labtop does not have much space (37.5 GB) and there is only a small percentage of free space. I'm in the process of fixing this issue.

Branch
YTech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
Processor: Intel(R) Celeron(R) M processor 1.40GHz, x86 Family 6 Model 13 Stepping 8
Processor Count: 1
RAM: 503 Mb
Graphics Card: Mobile Intel(R) 915GM/GMS,910GML Express Chipset Family, 96 Mb
Hard Drives: C: Total - 38146 MB, Free - 3409 MB;
Motherboard: Dell Inc., 0WF351
Antivirus: AVG... Read more

More replies
Answer Match 69.72%

Sirs,

pls. help me i need to recover all my files that is deleted by quarantined in ESET Anti Virus.
all of these files were saved for years and i dont have any backup for this. =(
here's my HJT Log:
Scan Log
Version of virus signature database: 6003 (20110331)
Date: 4/1/2011 Time: 2:12:01 AM
Scanned disks, folders and files: D:\aRum\D jAKE
D:\aRum\D jAKE\IMG_0560.exe - Win32/AutoRun.Agent.AAY worm - cleaned by deleting - quarantined [1]
D:\aRum\D jAKE\IMG_0561.exe - Win32/AutoRun.Agent.AAY worm - cleaned by deleting - quarantined [1]
D:\aRum\D jAKE\IMG_0562.exe - Win32/AutoRun.Agent.AAY worm - cleaned by deleting - quarantined [1]
D:\aRum\D jAKE\IMG_0563.exe - Win32/AutoRun.Agent.AAY worm - cleaned by deleting - quarantined [1]
D:\aRum\D jAKE\IMG_0564.exe - Win32/AutoRun.Agent.AAY worm - cleaned by deleting - quarantined [1]
D:\aRum\D jAKE\IMG_0565.exe - Win32/AutoRun.Agent.AAY worm - cleaned by deleting - quarantined [1]
D:\aRum\D jAKE\IMG_0566.exe - Win32/AutoRun.Agent.AAY worm - cleaned by deleting - quarantined [1]
D:\aRum\D jAKE\IMG_0567.exe - Win32/AutoRun.Agent.AAY worm - cleaned by deleting - quarantined [1]
D:\aRum\D jAKE\IMG_0568.exe - Win32/AutoRun.Agent.AAY worm - cleaned by deleting - quarantined [1]
D:\aRum\D jAKE\IMG_0569.exe - Win32/AutoRun.Agent.AAY worm - cleaned by deleting - quarantined [1]
D:\aRum\D jAKE\IMG_0570.exe - Win32/AutoRun.Agent.AAY worm - cleaned by deleting - quarantined [1]
D:\aRum\D jAKE\IMG_0571.exe - Win32/AutoRun.Agent.AAY worm... Read more

A:Need to recover all my files deleted by quarantined (Eset)

6 more replies
Answer Match 69.72%

While deleting my old internet SP's online protection program (Nortons), I was asked if I wanted the quarantined files deleted too. Thinking "Quarantined Files"...viruses, etc., I clicked "Yes". Now my system does not boot up properly, i.e. NO VIDEO AT ALL!!!!!

There are other issues also, but, I need video to correct them. I'm thinking some of the video driver information was deleted as part of the "quarantined files". My mobo does not have on-board video, so my only connection is on my video cards. I do have several other computers that I may be able to get an older, simpler, video card from.

First question, can I repaire my xp pro enough to get basic video?
Second, would putting in another video card help?
Third, any suggestions would be greatly appreciated.

Thanks for any help.

A:Norton Quarantined Files Deleted - Now No Video

Boot your computer and after the Post Beep, but before the Windows Splash Screen, start hitting the F8 key until you see a boot menu that says Safe Mode, Safe Mode with Networking, Last Good Configuration. Try hitting this last one first. If that doesn't work, reboot and come back here and choose Safe Mode and uninstall the Video driver. Reboot and Windows will start with a basic VGA driver. Then you can install the video driver again for your video card.

2 more replies
Answer Match 69.72%

I have a Dell D-600 with Windows XP (SP-3).I ran Combofix, but when I did, I noticed it taking much longer than normal to run the program (about 4 hours). I knew something was wrong for it taking such a long time, but I was also concerned that if I killed the program while running during mid-process, it might have caused me additional problems, so I let it run it's course.I was extremely dismayed to see when Combofix had finally finished, my computer was now seriously messed up, as many system, program & personal files & folders were deleted and quarantined. Now most programs wouldn't open or run, shortcuts on my desktop wouldn't work, then Windows Internet Explorer wouldn't open as that folder also became a casualty in this. I then tried using System Restore, but it was unsuccessful.I got on bleepingcomputers.com website (borrowed another computer to get online), then searched and reviewed the forums regarding this Combofix bug problem. I found several topics on the problem with Combofix like I have, but the most similar in the criteria was "www.bleepingcomputer.com/forums/topic290138.html" (a copy of this topic is below), which basically said this problem can be fixed by downloading and running a special tool designed for this bug called CFDQ-UsrPrf.exe.Forum posting (topic 290138) ComboFix problems and resolution for legitimate files being deleted:Posted 24 January 2010 - 09:41 PM As many of of you know ComboFix has been pulled due to... Read more

A:Combofix bug had deleted & quarantined my program files

Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. Please take note: If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available. If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far. Upon completing the steps below another staff member will review your topic and do their best to resolve your issues. If you have already posted a DDS log, please do so again, as your situation may have changed. Use the '... Read more

21 more replies
Answer Match 69.72%

Hi. Great group of folks here from what I have seen. Had Artemis,PWS-Zbot.gen.hy, and Generic.dx!b2gn trojans on a laptop. Acer Extensa 5420-5232. Ran Frst and created log file. when I ran the fix later it seems to have quarantined and removed some windows files. I now get, File:Boot\BCD Status:0x0000098 Info: The windows Boot Configuration Data file does not contain a valid OS entry. Even with using a vista disk to use command prompt to repair it shows no OS on the hard drive. The alt F10 does not allow me to reinstall from the hidden partition as it said there is no OS available? Using a unix distro I was able to extrac the documents and photos from the drive (sda 1) . SDA 0 shows empty. Is there any way to relinquish the quarantined items in the program folder FRST on the hard drive in question? Thanks for any help you may be able to give me.

A:FRST Quarantined files needed to start my OS

I have reported this to the Unbootable computers thread. Please wait for a specialist.

Thanks
Roger

6 more replies
Answer Match 69.72%

hey guys, i just did a virus scan with Avira and it said it found a virus and put it into a quarantined folder, but i have no idea where that is? i want to make sure the virus is off the system as i'm worried it's still on it.

i have no idea how these quarantine systems work.

thanks
 

A:Solved: Where does Avira store quarantined files?

7 more replies
Answer Match 69.3%

Hello,

I appear to be infected with some form of Sirefef. It has infected files in the Windows assembly folder (e.g., desktop.ini). I've been through a lot trying to remove this thing on my own with a multitude of tools, but nothing seems to work. It first infected my system when I was using Windows Security Essentials. That program was then infected, so I uninstalled it and reinstalled it. WSE quarantined the virus but was unable to delete it, running in an endless loop of quarantines.

I then uninstalled MSE and tried the ESET online scanner--it found the virus but failed to remove it. After that I tried the Microsoft Safety Scanner. Again, it found the virus but failed to remove it. Now, I currently have a trial of Bitdefender installed. Despite its various tactics, it has been unable to remove the virus, resulting in a quarantine loop similar to the Microsoft Security Essentials.

The virus is characterized by redirecting the browser during Internet searching (it redirects to spam sites, etc.) and similar browser-related problems. The symptoms seem to abate when the files are quarantined, but reappear once the computer reboots and until whatever virus program finds and quarantines the files again.

Unfortunately, I was unable to post a DDS log. I believe that the virus may be stopping the log from generating, or something else on the computer is causing trouble. I saved DDS to the desktop and began the scan. It completed but did not generate text files with the lo... Read more

A:Sirefef Infection, Files Quarantined But Unable to Delete

I was able to ferret out the DDS logs. Since my desktop is saved on the D drive, I imagine that may have caused the issue with them being saved in the temporary folder on the D drive rather than the desktop. They are below. Attach.txtMicrosoft Windows 7 Professional Boot Device: \Device\HarddiskVolume1Install Date: 1/10/2012 9:41:19 AMSystem Uptime: 6/4/2012 10:14:52 PM (0 hours ago).Motherboard: MSI | | P67A-G43 (MS-7673)Processor: Intel® Core™ i5-2500 CPU @ 3.30GHz | SOCKET 0 | 3301/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 74 GiB total, 38.539 GiB free.D: is FIXED (NTFS) - 466 GiB total, 379.093 GiB free.E: is CDROM ()G: is CDROM ().==== Disabled Device Manager Items =============.Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: Realtek PCIe GBE Family ControllerDevice ID: PCI\VEN_10EC&DEV_8168&SUBSYS_76731462&REV_06\4&1AAEAA1B&0&00E6Manufacturer: RealtekName: Realtek PCIe GBE Family ControllerPNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_76731462&REV_06\4&1AAEAA1B&0&00E6Service: RTL8167.Class GUID: Description: SM Bus ControllerDevice ID: PCI\VEN_8086&DEV_1C22&SUBSYS_76731462&REV_05\3&11583659&0&FBManufacturer: Name: SM Bus ControllerPNP Device ID: PCI\VEN_8086&DEV_1C22&SUBSYS_76731462&REV_05\3&11583659&0&FBService: .Class GUID: Description: Internet Access ServerDevice ID: ... Read more

24 more replies
Answer Match 69.3%

After downloading a possibly infected file from the mod nexus for elder scrolls without realizing, I did a malwarebytes check and found three infected files, after they were quarantined I deleted them. My internet then started not responding. I could not connect to any site other than my college homepage, and there are no networks listed as being connected to even though the ethernet is working for all other computers. I complete a FRST scan and attached the results. Any help would be appreciated.
 

More replies
Answer Match 69.3%

When trying to view quarantined files in Windows Defender, error: "The array bounds are invalid." I'm told this may be the result of an infection.
 
 

A:Windows Defender won't allow me to view quarantined files or add exclusions

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===If you have set up this proxy setting and need it I SUGGEST YOU REMOVE IT FROM THE FIX BELOW BEFORE SAVING THE FILE.ProxyServer: [S-1-5-21-2833761558-109576032-3060188747-1001] => http=127.0.0.1:56486;https=127.0.0.1:56486===Remove thi idle Crawler using the Add/Remove Programs applet.Idle Crawler (HKLM-x32\...\EACAAFE5-8EF2-5B46-A569-5A6C2BE6286C) (Version: 154.0.0.1703 - GREYSTONE VENTURES LP) <==== ATTENTION===Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. 
start

CreateRestorePoint:
CloseProcesses:

() D:\Program Files\015\slfhyizrqi32.exe
Startup: C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\priceless_310315.lnk [2015-04-11]
ShortcutTarget: priceless_310315.lnk -> C:\ProgramData\{3bef08e0-4997-b04c-3bef-f08e04992381}\Priceless_310315.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyServer: [S-1-5-21-2833761558-109576032-3060188747-1001] => http=127.0.0.1:56486;https=127.0.0.1:56486
FF user.js: detected! => C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\b4udxpl6.default\user.js [2015-04-10]
FF Extension: HQCinema Pro 2.1V10.04 - C:\Users\Matt\AppData\Roamin... Read more

2 more replies
Answer Match 68.46%

Greetings.A rogue.fakeAV and PUM.Hijack.StartMenu took over my laptop yesterday. I've isolated it in quarantine with Malwarebytes. There are 7 entries total: 4 files, 1 registry value and 2 registry data entries.I was searching for graphics when I got hit with this drive-by download. It shut down and locked me out of my apps, hid my program data files, app data files and all my shortcut links in the desktop/start menus. It used my own anti-virus software screen to try to get me to buy a "component" I "didn't have."Laptop is in safe mode currently. I'm on another computer as I type.I have kids; they constantly download junk and sometimes they get infected. I've dealt with this before; however, this particular is on my primary laptop and I need to proceed carefully. Unlike my children, I have data I can not lose without serious consequences. So here I am, seeking help.The virus executables do not produce google results like they normally do. So, has anyone heard of items:c:\programData\ZuTBB1WK8qdEiQ.exe c:\programData\HVQyGgmxOVolAC.exe c:\users\...\AppData\..\cqimjtkzynyzbmgl[1].exec:\users\...\AppData\...\NNyikPGrHVD4xG.exe.tmp?I know to prolly delete them.My main purpose here is to understand the registry entries these little buggers made on my laptop.I'm confident editing my registry. However, I'm not confident that these registry items are fake and can be d... Read more

A:? Working with Quarantined HKCU Registry Values, Data and Files

It looks like you had this virus - Smart HDDThe virus executables do not produce google results like they normally do. So, has anyone heard of items:c:\programData\ZuTBB1WK8qdEiQ.exe c:\programData\HVQyGgmxOVolAC.exe c:\users\...\AppData\..\cqimjtkzynyzbmgl[1].exec:\users\...\AppData\...\NNyikPGrHVD4xG.exe.tmpThose files look like the main virus files that installed the virus. So they need to be removed carefully.

2 more replies
Answer Match 67.62%

My parents recently complained of their mouse cursor moving on its own. I had them immediately run a boot-time scan with Avast and it quarantined quite a few files related to something called Recipe Hub -- quite possibly a program they downloaded. I didn't check every file, but among the viruses found were the following:

Win32:PUP-gen [PUP]
Win32:FunWeb-K [PUP]
Win32:FunWeb-J [PUP]
Java:Agent-XB [Expl]

The only other step I've had them take is to make sure they are up-to-date with Windows Update. They are now. This issue may have been eliminated but I just want to make sure.

DDS (Ver_2012-11-07.01) - NTFS_x86
Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.9.2
Run by Tom at 15:54:06 on 2012-11-18
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3006.1281 [GMT -6:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Common Fi... Read more

A:Mouse cursor moving on its own, many files quarantined by Avast (PUP-gen, FunWeb, Agent-XB)

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top o... Read more

20 more replies
Answer Match 64.68%

Unwanted encoding messages on opening MSWord files. Inability to open MSExcel files and picture files. Apparently corrupted files?I am having problems opening .doc and .xls and .jpg files in some (but not all) folders in my folder tree, e.g. C:\Documents and Settings\(username)\My Documents\Folder X. However, Folders Y and Z are apparently unaffected. This has arisen only recently.My system is Windows XP (Home), and SP2 upgraded to SP3.MSWORD EXAMPLE:- On opening a Word file (whether from Word or from Windows Explorer) I receive this dialog box;"File Conversion - (filename).doc""Select the encoding that makes your document readable." The already selected button is "Other encoding" and the suggested code is "Japanese". The preview pane shows only an array of characters, all the same.On trying to select the button "Windows (Default)", the preview changes to a continuous array of lower-case xxxxxxx. On returning to the "Other encoding" option and trying "Auto-Select", the selected code returns itself to "Japanese" with the display as already noted above.On returning to the "Other encoding" option and trying "Western European (Windows)", the display reverts to the Windows Default style as already noted above, lines of xxxxxxx. I am unable to open the file.MSEXCEL EXAMPLE:- On opening an Excel file, all I get is an immensely long string of a character in ... Read more

A:Unwanted encoding messages on opening MSWord files. Inability to open MSExcel files and picture files. Apparently corrupted files?

This sounds like it might be a malware infection.

Have you run any scans lately?

Did you download BackUp4All from a reputable source?

6 more replies
Answer Match 63.84%

Hi and thank you for reading me
Several days ago, I launched a in-depth scan with avast! and a few problems popped-up. Most of them were called PUP and were located in my Temporary Internet Files. I found the ones for IE and deleted them but I don't know if Mozilla has its own separate files. Furthermore, one identified as a trojan was located in my Windows Defender scans file (I have the name of the specific infected file if that might help) but I can't find it and even if I did, I don't know what to do with it. Do I just delete it or do I have to do anything else ?
 
Also prior to that scan, I had very bad network connexion problems. I basically couldn't have access to the web for one of those three reasons :
- Home network but no Internet access
- Unidentified network with Internet access
- Unidentified network and no Internet access
Someone suggested that I might be infected so I did the scan. Now after that, my connexion is much better but not flawless, so I'm wondering if those PUP's might have something to do with it.
 
Lastly, I've been trying to download .exe files from several hosting sites and everytime I do, in the last few seconds of my download, Mozilla freezes. Seconds later, the file is supposedly on my computer and what I find instead is a file named trzF636.tmp The problem only ever comes with hosting sites and it's K-I-L-L-I-N-G me !
 
So yeah, those are basically all of my problems and I don't know if I'm really infected because now, when I... Read more

A:Downloads replaced by .tmp files and unable to find some infected files

Hello Lullay  -
First PUP = Potentially Unwanted Program (usually a minor problem or unwanted add-on)
As a rule, you can delete these -
 
"trzF636.tmp" is a randomly named Temporary File that we will now remove.
Please download Temp File Cleaner by Old Timer
Usage Instructions:
Download TFC from the link above and save the file on your desktop.
Close ALL running applications as TFC will terminate them before attempting to clean up the temporary files.
Double-click on the TFC icon - Vista, Win7, & 8, users - Right click and select "Run as administrator"
When the program opens, click on the Start button. 
TFC will terminate the Explorer process and all running applications and then begin the process of cleaning out all of your temp folders.
When done, press OK and reboot your computer and finish the cleanup.
 
- IMPORTANT -
Where are you attempting to download .exe files from, and what are they for ??
 
 
Please download Security Check by Screen317 from HERE
* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.Note: If a security program requests permission to access the Internet, allow it to do so.
 
Thank You -

5 more replies
Answer Match 63.42%

Randomly, my internet browser will close. I can't favorite web pages anymore or delete my favorites. Also, I have a file on my desktop that when I try to delete it says CANNOT READ FROM SOURCE FILE OR DISK. My computer has been running very slowly. Please help!Below is my HJT Log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:28:18 AM, on 4/9/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\WINDOWS\arservice.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exec:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Google\Update\GoogleUpdate.exeC:\Program F... Read more

A:Files Closing, Files Refusing To Delete! Infected!

Hello pray4andrew,Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.Thanks,tea

2 more replies
Answer Match 61.74%

I ran Adware Cleaner trying to get rid of Bing (which it didn't) and now my documents have been quarantined and have a .VIR ending.  I tried to restore my computer to an earlier date but no help.  Advice?

A:Ran Adware cleaner and now docs have been quarantined-help!

The AdwCleaner folder contains sub-folders for Backup and Quarantine. Each of these folders contain sub-folders of the exact location (full path) an entry (file/folder) was removed from so they can be safely restored.If a particular program you recognize and want to keep is detected as a PUP by a security scanner, it usually can be restored from quarantine and added to the exclusion or ignore list.To restore a file in AdwCleaner, run it again.Click Tools > Quarantine manager.A log file of what was removed will open in a new window.Scroll through the list and find the entry you want to restore.Place a check mark in the box next to the entry(s).Click the Restore button..

2 more replies
Answer Match 61.74%

Windows 7 Professional 64 bit with symantec endpoint protection.

Symantec catches and says quarantined but it keeps coming back. Can't seem to get removed for good. Articles on web don't seem to match when I look at removal steps.

[email protected]\skin\popup.css shows up as part of the link caught under firefox section.

System Uptime: 7/26/2012 2:32:35 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 004M98
Processor: Intel® Core™ i7 CPU Q 820 @ 1.73GHz | CPU 1 | 1196/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 463 GiB total, 236.697 GiB free.
D: is FIXED (NTFS) - 2 GiB total, 2.122 GiB free.
E: is CDROM (CDFS)
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Iomega Virtual Ethernet Adapter
Device ID: ROOT\ROOT&VNICDRV\0000
Manufacturer: Iomega
Name: Iomega Virtual Ethernet Adapter
PNP Device ID: ROOT\ROOT&VNICDRV\0000
Service: vNICdrv
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Virtual WiFi Miniport Adapter
Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&2CE2F9CF&0&01
Manufacturer: Microsoft
Name: Microsoft Virtual WiFi Miniport Adapter
PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&2CE2F9CF&0&01
Service: vwifimp
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Descripti... Read more

A:Adware.Crossid keeps poping up as quarantined

Sorry, here is the DDS.txt
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
Run by dmcalhoun at 14:40:17 on 2012-07-26
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8182.4525 [GMT -4:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Symantec Endpoint Protection *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\W... Read more

19 more replies
Answer Match 60.06%

I have Vista Home PremiumWhen I log onto my computer I immediately get a pop up Windows Security Alert from a yellow shield that mysteriously appeared in the system tray. It says that the computer is infected. Then a Security Warning pops up saying 'Application cannot be executed. The file ipodservice.exe (this always changes) is infected. Do you want to activate your antivirus software now?'. It won't go away unless I click yes or no. I always click no. It just keeps popping back up with the name of a different .exe infected. In the lower right hand corner a box with a red bar across the top displays that says Antivirus software alert. INFILTRATION ALERT virus Attack. Your computer is being attacked by an internet virus. It could be a password-stealing attack, a trojan - dropper or dimilar. DETAILS Attack from: 172.248.60.39, port 41170 (this changes) Attacked port: 16594 Threat: Wub32/Buqel.E Do you want to block the attack ?Of course, I select no. These pop ups just keep popping up whether I close them or not. I'm not able to open IE or anything except Outlook Express, but it won't connect to the internet. It won't allow me run any antivirus software (keeps saying the file is infected). I've booted into Safe Mode and manag... Read more

A:Can't open files, get pop up saying .exe files infected

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

19 more replies
Answer Match 59.22%

Hi,I have been using mcafee as my antivirus and thought I was protected from any virus. I noticed that my laptop became slow. I've been having a hard time typing on my keyboard. Cursor is slow/delayed and kept on skipping. There were times when I shut down my laptop, it would turn on by itself. Just the other day, i checked the quarantined items and found w32 conficker worm among other things. I removed them at once. I installed Malware bytes and found trojans and adwares. I also used CCleaner, Eset and Comodo online scanning. I am now using Avast as my antivirus. Kindly check if i am still infected. Here's my Hijackthis log. Thanks a lot!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:33:36 AM, on 1/24/2010Platform: Windows Vista SP2 (WinNT 6.00.1906)MSIE: Internet Explorer v8.00 (8.00.6001.18882)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Toshiba TEMPRO\TemproTray.exeC:\Windows\system32\taskeng.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Alwil Software\Avast5\AvastUI.exeC:\Program Files\Chikka Messenger\Chikka v.4\ChikkaLauncher.exeC:\Program Files\Yahoo!\Messenger\YahooMessenger.exeC:\Program Files\Windows Live\Messenger\msnmsgr.exeC:\Program Files\Skype\Phone\Skype.exeC:\... Read more

A:W32 conficker worm, Trojan Agent K and Adware Ecobar quarantined and removed. What should I do next?

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

18 more replies
Answer Match 57.96%

Good morning Bleeping Computer community,
 
I have the strangest thing happening in my Recent Files list on my Windows 10 computer.  Files with a ZERO byte size, NO create date, NO modify date and with name in Chinese characters appear in the Recent Files list.  This is the third time in 2 weeks I have noticed a batch of such files.  Below, I will paste in the file names that appear.  I tried copying the names into Google Translate, but that did not provide anything I understood.
These files do NOT exist if I browse to my desktop.  They are not it the Recycle Bin either.  I have unchecked all the HIDE options for File Explorer.
 
OS: Windows 10 Home
AV: Avast (purchased)
Make: Lenovo
 
What I have done so far:
1) Scan with Avast.  Nothing
2) Scan with Malware Bytes:  A few PUP that I removed.
 
Since those actions, the most recent batch of them appeared.  It seems a few repeat and here are the file names...
 
1) 㩅瑜牯敲瑮灜屴畊汥⁺敖瑮牵⁡湡⁤楍慣⁨潍牯履畊汥⁺敖瑮牵⁡湡⁤楍慣⁨潍牯⹥癡⹩灪g㈀䴰潯敲愮楶樮杰
2) 㩅瑜牯敲瑮灜屴畊汥⁺敖த... Read more

A:Strange files in Recent Files list. Files have Chinese names and zero byte size.

Welcome to BC !
 
Try the programs below to see if they can find what is causing this.
 
Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the
Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.
After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.
CCleaner - PC Optimization and Cleaning - Free Download
 
Download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Scan button.
When the scan has finished click on Clean button.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.
download Junkware Removal Tool to your desktop.
Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next messag... Read more

11 more replies
Answer Match 57.96%

Hi, 

I've recently upgraded my windows 7 to windows 10 enterprise. I have onedrive account with files synced to cloud, before upgrading i've backed up onedrive files locally in my computer. Some of those files can't be opened after upgrade, formats include
.docx and .xlsx and .png. Most of these files were in direct onedrive main/root folder rather than in subfolders. As i can see those images in subfolders can be opened but not doc and excel files.

How can i view those files again, why have they become corrupt, what could I do in future to prevent these problems

More replies
Answer Match 57.54%

I just got this laptop from a friend and was running adware and it found some stuff if can't delete. I have no idea what they are or if they should be deleted. Any help would be great. thanks so much
Deep scanning and examining files (c
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Locators.com Toolbar Object Recognized!
Type : File
Data : A0097181.1
TAC Rating : 7
Category : Data Miner
Comment :
Object : c:\_RESTORE\TEMP\

Locators.com Toolbar Object Recognized!
Type : File
Data : A0099405.1
TAC Rating : 7
Category : Data Miner
Comment :
Object : c:\_RESTORE\TEMP\

Locators.com Toolbar Object Recognized!
Type : File
Data : A0101659.1
TAC Rating : 7
Category : Data Miner
Comment :
Object : c:\_RESTORE\TEMP\

Dialer Object Recognized!
Type : File
Data : A0135570.1
TAC Rating : 5
Category : Dialer
Comment : Coloumb Dialler
Object : c:\_RESTORE\TEMP\
FileVersion : 1, 0, 0, 6
ProductVersion : 1, 0, 0, 6
CompanyName : Coulomb Ltd
InternalName : comload
OriginalFilename : comload.dll
I-LookUp Object Recognized!
Type : File
Data : INEB.0
TAC Rating : 8
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 1, 0, 0, 3
ProductVersion : 1, 0, 0, 3
ProductName : ineb Module
FileDescription : ineb Module
InternalName : ineb
LegalCopyright : Copyright 2002
OriginalFilename : ineb.DLL
Disk Scan Result for c:\
 

A:adware/restore files

12 more replies
Answer Match 57.54%

I have three adware files on my computer that I simply cannot remove! Please tell me how to get them off of my computer. They are:
C:\\WINDOWS\SYSTEM32\msbe.dll
C:\\WINDOWS\SYSTEM32\mscb.dll
C:\\WINDOWS\SYSTEM32\nvms.dll

When I search for these files and try to delete them it says that access is denied and the file is in use. Thanks for your help!!!
 

A:Remove Adware Files

7 more replies
Answer Match 57.54%

Hi,
 
Adware removed two files, wonder what they were, how I might have got them
 
[-] File Deleted : C:\user.js
 
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\winzipersvc

A:Adware removed two files, wonder what they were, how I got them

Hello cristooo  and welcome to Bleeping Computer.User.js is user-created file but shouldn't be saved where it was located: it should be in a Mozilla profile folder.winzipersvc is a Winzip update file regarded as "adware" by some antiviruses and AdwCleaner.
I hope this answered your question.
Satchfan

0 more replies
Answer Match 57.54%

Hi currently my latest adware scan shows I have no malicious software on my computer, but the scan before that removed the following two items.  I am wondering what they were, how they work, how I might have got them.   Thankyou for any insight.   [-] File Deleted : C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_dsms0mj1bbhn4.cloudfront.net_0.localstorage-journal [-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\Web AssistantEdit: Moved topic from Virus, Trojan, Spyware, and Malware Removal Logs to the more appropriate forum. ~ Animal

A:Adware removed two files, wonder what they were, how I got them

Hello cristoo.
 
The first result is part from the Local Storage in Chrome. This folder is used to save browser data ordered by domain. The domain listed there (hxxps_dsms0mj1bbhn4.cloudfront.net) is related to Amazon CloudFront (a service for content delivery). It might be used by anything, legitimate and bad applications.
 
Web Assistant by Perion Network is an adware that gets installed into your browsers as Browser Helper Object. It may redirect search results, change the default search provider and display advertisments. Such programmes are called potentially unwanted. They come usually bundled with installers or updaters. Keep your eyes open if you are installing a software. Take care to use the custom installation and opt-out of additional offers.
 
Marie

2 more replies
Answer Match 57.54%

I AM GETTING MESSAGE FROM NORTON ANTI VIRUS 2004, I HAVE 38 AT RISK FILES DUE TO AD WARE. MY OPERATING SYSTEM IS WINDOWS XP HOME EDITION- NORTON RECOMMENDS DELETING FILES, BUT THEY'RE NOT DELETING. MESSAGE SAYS, DELETION FAILED. IS THERE ANYTHING ELSE I CAN TRY? AM I DOING SOMETHING WRONG?? PLEASE HELP!
 

A:Cannot Delete Adware Files

Yes, well thats common that Norton can't do anything about adware...I wonder if the have a seperate Adware removal program?

Around here we like to use Adaware and Spybot: Search and Destroy for removing these threats.

You can get both here: http://spywareinfo.com/downloads.php?cat=sp#det or from www.downloads.com just remember to manually update both before doing scans weekly to make sure they are up to date - you'lll see the Update in each program. remove all items found by both.
 

1 more replies
Answer Match 57.54%

Recently I find my PC is getting slower. My firefox shuts down itself frequently, and IE is slow and needs double clicking to work. No major problem here, just adware I think? I ran AVG Anti-Spyware and they found about 12 spyware and I deleted them; but when I ran Panda Antivirus online I was shown 115 Either they are hiding, or they are regenerating?

Please see attached log files? Any suggestion will be appreciated :)

--------------------------
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 3:44:37 PM 24/09/2007

+ Scan result:



:mozilla.15:C:\Documents and Settings\POON\Application Data\Mozilla\Firefox\Profiles\q4kxqqpl.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.22:C:\Documents and Settings\POON\Application Data\Mozilla\Firefox\Profiles\q4kxqqpl.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.53:C:\Documents and Settings\POON\Application Data\Mozilla\Firefox\Profiles\q4kxqqpl.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.48:C:\Documents and Settings\POON\Application Data\Mozilla\Firefox\Profiles\q4kxqqpl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.49:C:\Documents and Settings\POON\Application Data\Mozilla\Firefox\Profiles\q4kxqqpl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.50:C:\Documents and ... Read more

More replies
Answer Match 57.54%

Okay, a couple days ago my Avant browser showed a couple new folders in my bookmarks - "Adult Links" and "Free Adult Content". I didn't add them, and nobody else in my family uses that browser.

I dedided it was good and time to do a scan for sypware and such.

An entire day later, after running both Spy Sweeper and Spybot, I'm still left with a few things that confuse me. Mainly, things that are listed under the HKLM/Run window in Startup Control Panel.

As they appear:

Name: klwr
Path: C:\windows\klwr.exe

Name: OwFkEg
Path: C:\windows\awswdam.exe

Name: tgppdlxyygc
Path: c:\windows\system32\swmmfx.exe

Name: utir
Path: C:\windows\utir.exe

Name: Winsuckz4 driver
Path: no path listed, just says CMLFNUY.EXE

Name: wnuxudyp
Path: C:\windows\wnuxudyp.exe

awswdam.exe shows up in the windows task manager processes as well, none of the others do. I've googled them, just like I did all the other stuff in the processes window that I didn't recognize just by looking at them, and I can't find any info on any of them. Has anyone any idea what this stuff is? I'm afraid to stop it from starting up, in case it's something I need, and afraid to leave it alone, in case it's something bad.

Oh, and in case it helps (since I see at least one of those entries listed in there), here's a hijackthis log:

Logfile of HijackThis v1.96.0
Scan saved at 6:50:39 PM, on 12/21/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Interne... Read more

A:adware and mysteeerious files

11 more replies
Answer Match 57.12%

My husband and i are in a band and are trying to upload our music to a local site. It said we needed mp3 files so we tried coverting our wave file to an mp3 file ( my husband downloaded something that said it could do this) and now we have no sound. The speakers still make little crackling noises like they are still live but we get no sound.

HELP!
 

A:Tried to convert music files from wave files to mp3 files and no NO SOUND WHATSOEVER

Try a different program.

Are you converting from CD, or a wave file on the hard drive?

.
 

3 more replies
Answer Match 57.12%

I want to find a file downloaded by an app but not showing ready in app folder.

More replies
Answer Match 56.7%

I ran superantispyware and it quarantined

Adware.Vundo Variant
Adware.Vundo Variant/Rel
Adware.Vundo/Variant
Adware.Vundo/Variant-PrintDlga
Rogue.Component/Trace
Rootkit.Agent/Gen-SENEKA
Trojan.Downloader-NewJuan/VM
Trojan.Dropper-Cogad
Trojan.Fake-Alert/Trace
Trojan.Vundo-Variant/NextGen

After I turned on my computer today it is giving me errors

Error loading c:\windows\system32\fofajivo.dll &
Error loadins c:\windows\system32\lumafeta.dll which i did notice in the infected files under Adware.Vundo/Variant but there are other .dll files under some of the other infections above.

Then I scanned my entire computer with mcafee and it came up with these 4

GenericDownloader.x
Vundo!grb
DNSchanger.r
GenericFakealert.h

Please Help asap!!

Oh and 1 more question if I use symantec system restore w/out getting rid of these will they still be imbedded somewhere in the system?

A:in serious need of help!!!! Trojan? Adware? Can't find .dll files

Hello and Welcome.


Quote:




if I use symantec system restore w/out getting rid of these will they still be imbedded somewhere in the system?




It's possible, it's also possible that the infection has disabled that function.

If you'd like help removing the malware....

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

1 more replies
Answer Match 56.7%

First up thank you for taking the time to read this post and hopefully acting on it in some way.I'm running windows Vista, unsure of build etc.Symptoms are as in post title: Lots of windows-looking ads telling me I've got viruses and hackers everywhere. My AVG antivirus flaring up telling me that there is a trojan of type generic 18.* and flagging various *.tmp.exe's in my temp folder . Also random icons being created on my desktop, some are links to dummy porn sites, others are called 000troj.exe, 001spam.exe and 003spam.exe.Normally I'd sysrestore -> safemode -> rescan -> delete, but on this occaision I didn't have any restore points (despite updating windows 2 days ago wtf?).I've tried to isolate the problem, but not having much luck. There was also a suspiciously titled exe in my startup folder. It's now gone, but the problems have not diminished.for you're viewing pleasure here's a ms paint mashup of some of the messages I've been getting. Any help much appreciated

A:Adware/Trojan(Generic 18*?) - *.tmp.exe files.

Not a bump, but more data to add and some specific questions.

I got another popup message telling me that "system files were missing" or some such. I thought it was more spam but on this occaision it actually shut down my laptop.

After logging back in Windows explorer seized up immediately and my entire session froze. I still have full normal access in safe mode.

Qs

Even if you have no time to help me through anything; does this remind anyone of a certain virus/malware/ anything? I've had a look at the spyware removal guides on this site but I cannot catagorize the problems I am experiencing - help in this area would be appreciated as the guides in that section appear well-written and I shouldn't have any trouble carrying it out independently if I could successfully pidgeonhole my problem(s?)

Secondly, what is the best diagnostic tool for scanning my system. I take it from the numerous messages around that combofix is no good, but would would anyone reccomend? Also should these programs be run in Safe mode or normal mode?

Again thanks in advance for any help.

2 more replies
Answer Match 56.7%

Hi all,

I definitely have something nasty that I believe just showed up as pop ups started coming up frequently (like

clock work when I'm on IE) only recently. It started when Avast said a file (cbxpfgwu.dll) in system32 had

adware. I tried to put it in the chest but got a message a process was using it, so no luck. I had Avast remove

it on a reboot. It was gone then but a new one (xbfwviuc.dll) was now in system32. This was too suspicious so I

opened msconfig and sure enough, a new start up item ("...xbfwviuc.dll", was now there. I unticked it, of

course. I then decided to do a system restore. Well, what do I find out? All my restore points had been wiped

except for one that was 5 minutes after the timestamp of the original adware infected file Avast had found. I

decided to try an internet search on the latest suspicious file and a few others in system32 that just didn't look

right and were around the same timestamp. That lead me to a combofix log link where it listed FLmSBJlm.ini and

FLmSBJlm.ini2 and mlJBSmLF.dll as being deleted. Since I had all three of those also, I tried to delete them.

The latter gave me the process message while the first two deleted. Was I having some success? Apparently not.

Within seconds these files again showed up in system32 and any self repair efforts on my part ceased as I was

definitely and officially in over my head.

That is the set up to this inquiry. I hope it helps. Following now is t... Read more

A:Nasty Adware in system32? Could be several files.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for p... Read more

2 more replies
Answer Match 56.7%

My husband changed my operating system from Windows ME to Windows XP but did not do a clean install. My Norton Antivirus (Norton System Works) listed six Adware.Hotbar files when it scanned for viruses but said that deletion failed. I took my computer in for a professional clean install of the Windows XP because of other problems and asked that all Adware.Hotbar files be deleted. Only two were deleted. I still have four that my Norton Antivirus will not delete. When I try to delete it by using Norton System Works I am warned that by deleting Hotbar I may cause other programs not to run. My computer is running slower than normal. When I click on "explorer" it takes two or three clicks to get a reponse and then, after four to 8 seconds, it opens three windows instead of one. When I try to open Outlook Express the arrow doesn't change to show that it's responding until I click at least three times. I suspect it's due to the Adware.Hotbar files that I can't delete. Please help. Thank you.
 

A:Adware.hotbar Files That I Can't Delte

8 more replies
Answer Match 56.7%

It first started out with my Internet Explorer not working not responding. AVG detected Adware Generic4.tdy and.sve moves it to vault or deletes it. But comes right back.Here's my HiJack This Log. Please help!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:50:44 AM, on 12/1/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16915)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\Program Files\Cisco Systems\VPN Client\cvpnd.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\system32\PnkBstrA.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\StkASv2K.exeC:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\AVG\AVG8\avgemc.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\SOUNDMAN.EXEC... Read more

A:AVG find Adware Generic4.tdy and .sve files

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No inp... Read more

2 more replies
Answer Match 56.7%

I found some adware programs on my computer - have been able to get rid of most files. Still have some - won't delete.

Here's my Hijack this report detail (is that what you can use?) Any advice appreciated.

Logfile of HijackThis v1.97.7
Scan saved at 12:28:56 PM, on 12/8/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
C:\WINDOWS\SYSTEM\PAL\CSS\RUN32DLL.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TSI\LLWLOAD.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SISTRAY.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\PCTVOICE.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\SURFCONTROL\CYBERPATROL\CPHQ.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE
C:\PROGRAM FILES\SURFCONTROL\CYBERPATROL\CPSERVER.EXE
C:\PROGRAM FILES\SURFCONTROL\CYBERPATROL\CPACTRL.EXE
C:\PROGRAM FILES\SURFCONTROL\CYBERPATROL\CPCCTRL.EXE
C:\PROGRAM FILES\SURFCONTROL\CYBERPATROL\CPKBINST.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGWB.DAT
C:\PROGRAM FILES\NETSCAPE 7\NETSCP.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE... Read more

A:remove adware, vvsn files

16 more replies
Answer Match 56.28%

Hello everyone! My computer is usually trouble-free, but today a multitude of problems suddenly happened.

Avast Home 4.8 (updated at startup today) has been popping up with adware/trojan alerts since I started a Spybot S-D scan. (I just installed and downloaded updates for SSD today.)

The first one was for a Win32.Adware-gen [Adw]. I tried choosing to move it to the virus chest, but it gave me an error "system could not find the file" (I'm just roughly translating from Chinese here). I tried a few times and got the same error, so I gave up and selected 'do nothing'. The error disappeared. (SSD was still running its scan, though it was not responding)

Immediately after that, another warning popped up for Win32.Trojan-gen [Other].

The type is classified as a virus/worm, and the file name given in the warning is: C:\WINDOWS\system32\cdnupins.exe\$INSTDIR\cdnctr.exe
Again, I tried moving it to the chest, but I got the error about not being able to find the file again.

I closed SSD and tried a few times more, to no avail. I opened up Explorer to check, and under C:\Windows\system32, "cdnupins.exe" does not exist (or at least I can't see it).

I'm going to reboot my computer now, plug out the Internet, and do another scan to see if I can get rid of it. But I have a feeling that it will persist.

Also, I can't view hidden files in Explorer. Going to Folder Options > View reveals that my "show hidden files" op... Read more

More replies
Answer Match 56.28%

Ok, I'm bascially computer illiterate. I think my computer is infested with adware. I have run my antivirus and have come up with the following files:istactivex.dll; mediaticketsinstaller.ocx; and ole32ws.dll. Norton is unable to delete these files. I've tried to view the temporary internet files folder, but am unable to access subfolders with the Content.IE5 name. One of the description states: The compressed file istactivex.dll within c:\Documents and Settings\My name\Local Settings\Temporary Internet Files\Content.I#5\C5YJ4DEJ\0006_regular[2].cab is a Adware threat. But I can't find the folder or figure out how to delete it. I've already deleted all files in the temporary internet folder through control panel/internet options. Any suggestions on how to proceed to get rid of this stuff? I've cleaned the computer using Spybot but this still comes up through Norton. Also - what do you know of CWS? Apparently I'm having problems with that too...Thanks!
 

A:Can't find Content.IE5 folder and adware files

10 more replies
Answer Match 56.28%

hi, i made some research on my problems, but i figured out to post it because all issues maybe are specific to a computer to another.

problem: i get popups and unwanted dll files. annoying. i also get recurring "threat eliminated" messages from my AV.

system: i've got xp home, with nod32 (nothing found) and i tried passing ewido (too long) and swdoctor (nothing found)

what i've done: made lots of hjt fixes, some wont go away. i ran comboscan and vundo fix. i reran hjt after. here are my logs:
 

A:Various adware popups, strange dll files all around. Vundo?

comboscan
Code:

ComboScan v20070306.20 run by Jo on 2007-03-25 at 23:16:57
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created ComboScan Restore Point.


-- Last 5 Restore Point(s) --
69: 2007-03-26 03:17:05 UTC - RP309 - ComboScan Restore Point
68: 2007-03-26 00:46:03 UTC - RP308 - Point de vérification système
67: 2007-03-24 23:53:02 UTC - RP307 - Point de vérification système
66: 2007-03-23 22:36:35 UTC - RP306 - Point de vérification système
65: 2007-03-22 22:03:40 UTC - RP305 - Removed Acronis True Image Workstation


-- First Restore Point --
1: 2007-01-21 07:40:24 UTC - RP241 - Point de vérification système


Performed disk cleanup.


-- HijackThis (run as Jo.exe) --------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 23:17:23, on 2007-03-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\s... Read more

3 more replies
Answer Match 56.28%

I'm having a problem. I'm on a dell desktop, running xp professioinal. I've been trying for hours to remove viruses. Anytime I start up superantispyware tells me this, and it keeps updating to a a new one every min or so.
potentially harmful software has been detected:
adware.vundo variant C:\windows\system32\awtqq.dll

it also lists a bunch of processes.... any ideas I've tried scans in safemode with:
superantispyware
symantec antivirus
spybot search and destroy
adaware se

i also tried deleting the files but got errors that it was being used or access denied please help

HERE IS MY HIJACK THIS:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:10:01 PM, on 10/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\NMSSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVi... Read more

A:adware.vundo problem... can't get files deleted

Welcome to TSG
Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

====================================

Download Combofix and save it to your desktop.

**Note: It is important that it is saved directly to your desktop**

-----------------... Read more

1 more replies
Answer Match 56.28%

Ok, I'm bascially computer illiterate. I think my computer is infested with adware. I have run my antivirus and have come up with the following files:istactivex.dll; mediaticketsinstaller.ocx; and ole32ws.dll. Norton is unable to delete these files. I've tried to view the temporary internet files folder, but am unable to access subfolders with the Content.IE5 name. One of the description states: The compressed file istactivex.dll within c:\Documents and Settings\My name\Local Settings\Temporary Internet Files\Content.I#5\C5YJ4DEJ\0006_regular[2].cab is a Adware threat. But I can't find the folder or figure out how to delete it. I've already deleted all files in the temporary internet folder through control panel/internet options. Any suggestions on how to proceed to get rid of this stuff? I've cleaned the computer using Spybot but this still comes up through Norton. Also - what do you know of CWS? Apparently I'm having problems with that too...Thanks!
 

A:Can't find Content.IE5 folder and adware files

10 more replies
Answer Match 55.86%

Hi,

I am running IE8 on Windows 7 (Home Premium 64bit). My Temporary Internet Files folder is C:\Users\<username>\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5. I have enabled Show Hidden Files and Folders and removed the tick for Hide Protected Operating System files.

I've noticed that streamed .wma file appeared as .dat file in the temporary internet folder. I've tried copying it to the desktop and changed the extension to .wma but it will not play at all. I have the same problem in another laptop running Windows Vista. In Windows XP platform, I have no problem retrieving the streamed files as they are saved in the original file format (i.e. .mp3 or .wma) in the Temporary Internet Files folder.

Please advise.

Thank you & regards

A:.wma files appears as .dat files in Temporary Internet Files folder

I'm have difficulty understanding the real problem since I have always set my browsers to delete at the end of a session, I use CCleaner to delete junk (read stuff in the temp folder).

In any case, you can help us by updating your system specs.

UPDATE YOUR SEVENFORUMS SYSTEM SPECS


User CP (3rd item in the top menu bar) |
in left-hand column, under Your Profile, Edit System Spec |


Use Speccy - System Information - Free Download
and/or SIW to gather info for filling in the blanks.

Do me a favor and add the word laptop or desktop to the ?system manufacturer? block.

Use the ?Other Info? block for Optical Reader, Mouse, touchpad, wifi adapter, speakers, monitor

Scroll down and click on the SAVE CHANGES button.

9 more replies
Answer Match 55.86%

I am running windows xp, I cannot access IE or other files on my pc without being redirected to some adware purchase site. It says that my pc is currupted and i must run a scan that i must purchase from them. Every time I say no to buying their service many other tabs open all seeming like they are trying to run a scan of my pc. Fortunately I can still use Firefox. I went to house calls and ran a virus scan it found many viruses and adware ( ex: trojan), I dont remember them but i supposedly got rid of them but i am still having the same problem. The only way i can access IE in in safe mode but i am still limited to what i can do ie: i cant use windows update. after using this program an following the 5 steps I ran the Panda scan and this is the result: Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:57:04 PM, on 9/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R0 - HKCU\Software\Microsoft\In... Read more

A:Help, Can't use IE, or open files in pc w/out being redirected adware purchase site!

Hello and welcome to TSF.

Apologies for the long delay in response. We have a large number of HijackThis logs to handle and it?s taking us longer to catch up. If you haven?t received help elsewhere already and still require assistance please perform the following:Download RSIT by random/random and save it to your desktop.
Double click RSIT.exe to start the tool and click Continue at the disclaimer.
When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized.
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of both here.

Please note that the forum is very busy and if I don?t hear from you in three days this thread will be closed.

2 more replies
Answer Match 55.86%

just like the title says, i get random popups and the exe files for search & destroy and ad-aware are missing.. i ran hijack this and got the following:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:39:04 AM, on 9/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\WinAble\winable.exe
C:\WINDOWS\SYSTEM32\kkdsrngo.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_... Read more

A:random pop ups, spyware/adware programs missing exe files

Hello one9_gt,

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.Open Spybot Search & Destroy.
In the Mode menu click "Advanced mode" if not already selected.
Choose "Yes" at the Warning prompt.
Expand the "Tools" menu.
Click "Resident".
Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
In the File menu click "Exit" to exit Spybot Search & Destroy.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:Download the latest version of Java Runtime Environment (JRE) 6 Update 2 and save it to your desktop.
Scroll down to where it says "Java Runtime Environment (JRE) 6u2...allows end-users to run Java applications".
Click the "Download" button to the right.
Read the License Agreement and then check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation and save the file to your desktop.
Close any programs you ... Read more

5 more replies
Answer Match 54.6%

Hello to all, and thanks in advance.
 
Just ran SAS after spouse was surfing and playing some games. The results were 3 infected files and 1 memory threat in logs. SAS
quarantined the 4 threats and rebooted. I then did a scan with MBAM and it reported no malware. In addition I ran MSE and it did not detect any threats. Lastly I ran MRT and nothing was found.
 
Computer seems to be functioning okay at present. My OS is Win 7x64 sp-1.
 
Please let me know if you need to see the log or if you need DDS.
 
Very apprehensive as I hope this is not a backdoor trojan.
 
Regards............sik

A:Am I Still Infected ? Quarantined Trojan.Agent/Gen-Zbot

Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.* Double-click mbam-setup.exe and follow the prompts to install the program.* At the end, be sure a checkmark is placed next to Update Malwarebytes' Ant... Read more

21 more replies
Answer Match 54.6%

Hi! Truthfully, I don't know much about antivirus programs so I might be concerned about something unnecessary, but I'll thank you for helping me.

I have Symantec Antivirus and it has recently detected a Trojan Horse in a file during an Auto-protect scan.
Then I took the chance to delete what seemingly was the quarantined Trojan infected file. I checked the Quarantine folder and there was nothing in it.

Then I checked Threat History, and the Trojan infected file was recorded there. It said that the status was infected, and that the current location is in quarantine and that it was successfully quarantined. This was the part where I got confused.

Even though I know this is only the history, why would it state that the infected file is quarantined and not deleted? Does it mean that I didn't delete it when I thought I did? The history tells nothing of the file being deleted but only that it was quarantined successfully. However, nothing was in the quarantine folder.

In the history, I already had an incident with a Downloader Trojan Horse in April but it stated that the file was deleted successfully. Wouldn't this also apply to the recent one? The recently infected file was in the original location of C:\SYSTEM~1\_RESTO~1\RP557\ and I thought that maybe it had something to do with system restore.

Am I worrying too much if I think the infected file is "on the loose" and still in my computer? Or maybe that the status of t... Read more

A:Symantec Antivirus Quarantined Infected File

You can remove that file from system restore by deleting all restore points. Then reset a new restore point. Info on how to do that is in the link below. That might also clear up Symantec reporting it in quarantine when it actually isn't.http://www.bleepingcomputer.com/tutorials/windows-xp-system-restore-guide/

2 more replies
Answer Match 54.18%

Hey now heres a dilemma for you.

I have just bought a dvd burner and was looking forward to getting some dvds from the newsgroups. But to my dismay i couldnt extract the multiple rar files from the archieve because it was slightly bigger than 4gb ie i have FAT32 system. I investigated the NTFS option but couldnt do it because i have windows pre installed on a time machine and if i change the system i cant reload windows from the hidden parts of my hdd because the specialised disc will only work in FAT32 knowing to the need of it to support NTFS systems time didnt want to because it kepts the technical support about it down. There are programs about for the xbox to extract iso's from the rar files without extracting the rar files. Then to transfer to the hdd of the xbox in one step. I was wondering does anyone know of any program that will let me extract the contents of an image/iso from rar files. I know its possible because i know of two programs for xbox iso's Called Suxx 1.02 and Craxtion 4. I would appreciated anyyy help given here. Its also difficult to explain the extract iso from rar files in a search engine.... very difficult. Or something that will let me extract the contents of a rar without getting the 4gb limit error.
 

A:Extract image files (img,iso etc..) from rar files without extracting the rar files

This stinks of illegality.
 

1 more replies
Answer Match 53.34%

About a week ago my PC somehow became infected with the Google redirect virus. I started searching for information about how to remove this, downloaded some programs (which may have caused more problems), and eventually discovered that the machine was infected with somewhere around 159 viruses. At first it was still possible to use the computer, but eventually the machine started freezing almost immediately after booting up. Before it came to that extremity, I had managed to download the Combofix program. Although I had read that this was not to be used without expert supervision, my machine had gone so haywire that I was on the verge of erasing the hard drive and losing all files. Before doing that, I decided I might as well try to run Combofix, which remarkably was still able to run despite all the infections/freezing desktop. I ran it in spite of being unable to disable my Symantec anti-virus program, as whenever I would disable it, it would automatically re-enable itself within moments, and I simply could not find a way to disable it. Combofix seemed to fix everything, and the PC was running well again.However, today my weekly antivirus scan alerted me to a large number of viruses, all but one of which it quarantined. The one that was not quarantined is titled atapi.sys.vir. I would be curious to know how my system became this badly infected with so many viruses, and especially how I can delete the atapi virus, and delete all the other viruses which have been qua... Read more

A:Infected with Atapi.sys virus, plus a large number of quarantined viruses

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

61 more replies
Answer Match 52.92%

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 15:22:11, on 05/09/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Sygate\SPF\smc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\WINDOWS\system32\sistray.EXEC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\Program Files\BearShare\BearShare.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exeC:\Program Files\Sly... Read more

A:Infected With Adware Agent Bn (a.k.a Adware/videocach [panda], Adware.win32.agent.ci [kaspersky], Adwar)

Welcome to the BleepingComputer HijackThis Logs and Analysis forum beaverbottoms My name is Richie and i'll be helping you to fix your problems.Download SDFix.exe and save it to your desktop:http://downloads.andymanchesta.com/RemovalTools/SDFix.exe* Double click on SDFix on your desktop,and install the fix to C:\ Please then reboot your computer into Safe Mode by doing the following:* Restart your computer* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;* Instead of Windows loading as normal, a menu with options should appear;* Select the first option, to run Windows in Safe Mode, then press "Enter".* Choose your usual account.* In Safe Mode,go to and open the C:\SDFix folder,then double click on RunThis.bat to start the script.* Type Y to begin the script.* It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.* Press any Key and it will restart the PC.* Your system will take longer that normal to restart as the fixtool will be running and removing files.* When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.* Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt into your next reply.Download Combofix and save to your desktop:Note: It is important that it is saved directly t... Read more

3 more replies
Answer Match 51.24%

Hi guys, just joined cause my computer has got soem issues I think..

Here is the log file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:25:25, on 11-3-2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe
C:\Program Files (x86)\Northstar\SmartCopy\SmartCopy.exe
C:\Program Files (x86)\Northstar\SmartLauncher\SmartLauncher.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files (x86)\D-Link\DWA-140 revB\AirNCFG.exe
C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWow64\Macromed\Flash\FlashUtil10e.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&s=1&o=vp64&d=0210&m=aspire_m7720
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = htt... Read more

More replies
Answer Match 51.24%

Hi I have 24 - 27 infected files on another laptop I am working on cleaning. Before I started It had over 1000. I have disconnected it from the internet, and have ran claimware portable, stinger, and ad-aware. Stinger did not come up with anything, but Claimware left me with 24 infected files the last time I ran it. Ad-aware is comming up clean on smart scan. I also ran some unupdated programs. These programs where Sophos, bitdefender, windows defender and mcafee. These programs locked up or did not do anything. The only reason for only using ad-aware is because it was the only one I could figure out how to update offline through my thumbdrive. After all of that I ran Hijackthis. Here are my questions.Can you help me ID the file and programs involved?Can you tell me easy ways to remove some of them?I just need a list of things and some direction.Here is the Hijack this logLogfile of HijackThis v1.99.1Scan saved at 9:17:48 AM, on 9/20/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5346.0005)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\explorer.exeC:\WINDOWS\system32\NOTEPAD.EXEE:\hijackthis\H... Read more

A:I Have 24 - 27 Infected Files

Hi1. Download this file - combofix.exe2. Double click combofix.exe & follow the prompts.3. When finished, it shall produce a log for you. Post that log in your next replyNote:Do not mouseclick combofix's window whilst it's running. That may cause it to stallSend:- a fresh HijackThis log- combofix report

19 more replies
Answer Match 51.24%

I'm helping my friend remove some trojans and such from his pc, when I came accross two I have no clue how to resolve. Please help. He is running on Windows ME(the buggy windows ). He is stuck using "VET" it's some sort of freeware anti-virus protecter he says.
I had him already scan with HiJacker and I'm now scanning his pc with Spybot, after I just removed System32.exe from his pc.
Anyways, this is what his anti-virus program gives him for info on the viruses, please help.

List of Infected Files
File Name Virus Name
C:\_RESTORE\ARCHIVE\FS132.CAB Keylog-SCLog.gen
C:\_RESTORE\ARCHIVE\FS166.CAB BackDoor-EE
Thanks
 

A:Infected Files Help

welcome to T.S.G

you could try an on-line virus scan here:http://housecall.trendmicro.com/
and scan for trojans here:http://www.anti-trojan.net/en/onlinecheck.aspx

let us know the result
 

3 more replies
Answer Match 51.24%

Hello,

It appears I am infected with some type of virus that at this point appears to have only infected my .jpg files located on my "C" drive. All .tiff, .psd files appear to be fine and my second internal drive "D" has no infection at all. When I look at a folder containing photos all .jpg files have this message, writtrn in white letters on a black background " ASK GOOGLE W32:PEMILU2009" FIND OUT HOW TO GET YOUR PICTURES BACK" I run avast and with the help of the folks on their forum tried using a program called "FireEye" Decrypter but had no success. Other than the obvious problem my PC seems to be running fine.

I run XP Pro, have scanned with MalwareBytes and Avast (free) and would appreciate any and all help you could provide.

Thanks,

John

More replies
Answer Match 51.24%

You have recently resolved my malware issues. I have no more pop ups. Now it seems I have some infected files. One of which is w32/trojan.awkv. I am unable to complete a virus scan. It will begin scanning and then it will stop when I reach 37192 files scanned. When I try to close the program it tells me it is still in progress. I am currently using cox security suite. I hope you can help me
Jenny
 

More replies
Answer Match 51.24%

Upon a recent scan, Bitdefender stated these files were malicious yet could not deal with them. i feel these could be a false flag? Could someone please inform me if they are suspicious?

regards

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusDisableNotify.zip=]sbRecovery.reg Password-Protected Items No action was possible
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusDisableNotify.zip=]sbRecovery.ini Password-Protected Items No action was possible
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisableNotify.zip=]sbRecovery.reg Password-Protected Items No action was possible
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisableNotify.zip=]sbRecovery.ini Password-Protected Items No action was possible
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterUpdateDisableNotify.zip=]sbRecovery.reg Password-Protected Items No action was possible
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterUpdateDisableNotify.zip=]sbRecovery.ini Password-Protected Items No action was possible

Logfile of HijackThis v1... Read more

More replies
Answer Match 51.24%

I am receiving constant pop ups and cannot open any files or run any scans. I have McAfee and Malwarebytes and it will not allow me to start them up. Each pop up keeps saying that a different .exe file is infected. For example, if I double click on Mawarebytes, a Security Warning window pops up which reads "Application cannot be executed. The file mbam.exe is infected. Do you want to activate your antivirus software now?" Another common file that it says is infected is wuauclt.exe. There are a whole bunch of .exe files with different names that it says are infected.

In addition, at the bottom right corner, a window will pop up that reads "Antivirus software alert" and in that window it says "Infiltration Alert your computer is being attacked by an internet virus. It could be a password-stealing attack, trojan - dropper or similar." It gives details for attach from and attached port and threat. One of the threats is BankerFox.A.

Also, this problem has cut off my internet access. If I try to open up IE8, it says Internet Explorer Warning - visiting this web site may harm your computer! If I try to close out of IE8, it goes to an internet page titled "Antivirus Scan." The address bar shows hxxp: //afantispy.com. It wants me to purchase antivirus software.

I have a Norton Antivirus CD that I tried to install but when I pop the CD in, it won't let me run it.

Any suggestions on how to fix this would be greatly appre... Read more

A:Infected exe files

Please do not post active links to malware or possible malware related sites. I have disabled the one(s) you posted so others do not accidentally click on them.Your files are not infected. What you describe are bogus warnings from the malware to make you think they are infected.Please download RKill by Grinler and save it to your desktop.RKill.exe Download LinkRKill.com Download LinkRKill.scr Download LinkRenamed versions if the above do not work:iExplore.exe Download LinkeXplorer.exe Download Link <- this renamed copy may trigger an alert from MBAM...just ignore it.WiNlOgOn.exe Download LinkuSeRiNiT.exe Download LinkDouble-click on the Rkill desktop icon to run the tool.
Vista/Windows 7 users right-click and select Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it still does not work, repeat the process and attempt to use one of the remaining links until the tool runs.Note: You may have to make repeated attempts to use Rkill several times before it will run as some malware variants try to block it.A log file will be created and saved to the root directory, C:\rkill.logCopy and paste the contents of rkill.log in your next reply.-- If you get an alert that Rkill is infected, ignore it. The alert is a fake warning given by the rogue software which attempts to terminate tools that try to remove it. If you see suc... Read more

13 more replies
Answer Match 51.24%

Logfile of HijackThis v1.99.1Scan saved at 1:33:54 PM, on 11/25/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0011)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Perfect Codec\isamonitor.exeC:\Program Files\Perfect Codec\pmsngr.exeC:\Program Files\Perfect Codec\isamini.exeC:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Perfect Codec\pmmon.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exeC:\WINDOWS\system32\crypserv.exeC:\SUPERVOC\PROGRAM\PICPMON.EXEC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\Opera\Opera.exeC:\Program Files\Internet Explorer\iexplore.exeC:\PROGRA~1\WinZip\winzip32.exeC:\DOCUME~1\M... Read more

A:Infected Files

Hi madhuUse this link to get HijackThis.Save it to your desktop and then double-click to run it.It will install the program in c:\program files\HijackThis.Use this HijackThis from now onDownload SmitfraudFix (by S!Ri) to your Desktop.http://siri.urz.free.fr/Fix/SmitfraudFix.zipExtract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.Open the SmitfraudFix folder and double-click smitfraudfix.cmdSelect option #1 - Search by typing 1 and press EnterThis program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.IMPORTANT: Do NOT run any other options until you are asked to do so!

2 more replies
Answer Match 51.24%

Hey All, new to the board, found you by doing a search for a virus solution.

I am getting alot of errors,

shell.exe
drvkid.dll
NT_kernel

Just to name a few,

I also have about 15,000 pos(number).tmp files in my documents.

I need help bad, I have alot of programs and money invested with the work I do.

Any help would be greatly appreciated. I have seen something about hijack this and another program, so I am willing to do what it takes to fix these errors.

As I write this post, I am getting an error bubble pop up saying

A critucal error could occur
STOP:0x000007B (0xf30184, 0x00000, 0xCC0034)
Inaccessible handler or device

Thanks to all.

A:Infected Bad - 15k Pos.tmp Files

Please read and follow all instructions in the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". You may have performed some of these steps already. If you can't perform a step, then skip and continue with the next. In step #9 there are instructions for downloading HijackThis and creating a log. (This is a self-extracting version which will automatically install the current version of HJT in the proper location.) If using Windows Vista, be sure to Run As Administrator.When you have done that, post your log in the HijackThis Logs and Malware Removal forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day. Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. Please include the top portion of the HijackThis log that lists version information. An expert will analyze your log and reply with instructions advising you what to fix. After doing this, we would appreciate if you post a link to your log back here so we know that your getting help from the HJT Team.Please be patient. It may take a while ... Read more

1 more replies
Answer Match 51.24%

Hi, I've ran a scan using Malwarebytes, its found 8 infected files as shown in the screen shot. Just wondering what to do next? Thanks

A:8 Infected files

Hello vista890 and welcome to the forums

Click on the Remove selected button in the bottom-left hand corner. Then run a full scan again and post the results for us please

Tom

more replies
Answer Match 51.24%

DS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16464
Run by Tony at 2:02:08 on 2013-02-27
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8190.6012 [GMT -8:00]
.
AV: Kaspersky PURE 2.0 *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky PURE 2.0 *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky PURE 2.0 *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Users\Tony\AppData\Roami... Read more

A:May be infected, Please look at log files Thanks

I think there is a remote server connected to my computer
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16464
Run by Tony at 2:02:08 on 2013-02-27
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8190.6012 [GMT -8:00]
.
AV: Kaspersky PURE 2.0 *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky PURE 2.0 *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky PURE 2.0 *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Windows\system32\taskhost.exe
C:\Win... Read more

2 more replies
Answer Match 51.24%

I have files infected with shinwow.ab and byte verify ! exploit. How do I remove these from my computer?

A:infected files

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

1 more replies
Answer Match 51.24%

I am supporting a remote user who has an anti-virus program installed (Symantec), but the AV definitions are dated from April, and the live update button is disabled by the administrator.

This tells me that the server is not protected as well as it should be, and I have already sent an estimate to this company for an updated version.

In the meantime, I ran the Symantec Online scan, and it has found over 700 files infected. Most of the files are in the C:\WINDOWS\$ntupdate$ folders, which I know can be deleted, and also in the C:\Windows\ServicePackFiles\i386 folder, which I am not sure if it can be deleted or not.

The online scan did not give me an option to clean/quarantine the files. I am now running a Kaspersky Online scan, and so far it is coming back with similar results.

First, can the C:\Windows\ServicePackFiles\i386 folder be deleted safely? And second, what is the best way to clean these viruses?

I have already run Spybot, and it found spyware that disabled the alerts for AV and Firewall, and removed that, and that is how I was able to get Symantec AV to run.
I don't have an HJT log, but I did run it, and it found "vmmdiag32.exe" and "interceptor.dll". Whenever I try to delete the vmmdiag32.exe file, it regenerates itself, so I know there's something that is still memory resident that is recreating the file. I have even tried creating a 0-byte text file called vmmdiag32.exe, but apparently whatever is recreating the file overwrite... Read more

A:700+ files infected?!?

10 more replies
Answer Match 51.24%

here is what symantec corp told me yesterday. I had to uninstall Norton Antivirus because it wouldn't allow us to do anything. I just recently did a scan, and it came up with all this: (I have dealt with the trojan.vundo before, and already downloaded vundo fix, what can I do for the other stuff?)

82520 files scanned, 37 file(s) infected on your disk drives.

No viruses were detected in memory.
Your computer is free of known threats. Virus Detection does not check compressed files.
Your computer appears safe for now. For real-time protection from viruses, hackers and privacy threats, upgrade to Norton Internet Security?.

No viruses were detected in memory.
Your computer is infected with at least one known virus or Trojan horse.

No viruses were detected in memory.
Your computer is infected with at least one known virus or Trojan horse.

C:\WINDOWS\system32\agamfkcu.dll is infected with Trojan.Vundo
C:\WINDOWS\system32\aiibtoyy.exe is infected with Downloader
C:\WINDOWS\system32\aknbwqry.dll is infected with Trojan.Vundo
C:\WINDOWS\system32\bemsnyon.exe is infected with Spyware.ISearch
C:\WINDOWS\system32\bkomakfa.exe is infected with Downloader
C:\WINDOWS\system32\ebkgioik.exe is infected with Spyware.ISearch
C:\WINDOWS\system32\grdisiyr.dll is infected with Trojan.Vundo
C:\WINDOWS\system32\gwykvdjg.exe is infected with Downloader
C:\WI... Read more

A:37 Infected Files... Gah!

Hi theaussie1, First welcome to BC. You got a lot and I feel we'll still be posting a Hijackthis logBut first lets get some out. Also some of these are info stealers,as such change any financial passwords and all passwords as they may be compromised.Download and scan with AVG Anti-Spyware 7.5 Free in "SAFE MODE". How to start Windows in Safe ModePrint out the AVG Install and Scan Instructions. HEREBe sure to check for the any updates to all these programs after you install them.Download,update and run SUPERAntiSypware, free version Home User . Run This scan in Safe Mode also. If for some reason you can't access safe mode, for now, run them in normal.Now Run Windows Live OneCare Be sure to click ONLY on the grey box below the picture of a wrench ?Full Service Scan?This may take some time especially it it needs to defragment the drive.Please post back with any questions and results...

1 more replies
Answer Match 51.24%

I recently downloaded a screensaver, but some spyware came with the files, and implanted itself in my computer. I deleted the files, my security software still detects the spyware. It tells me that I can't delete the spyware, because the files that it was originally "housed in" are deleted. Any advice???
 

A:need help with infected files

hi, welcome to TSG.

Download hijack this from the link below.Please do this. Click here:

http://www.thespykiller.co.uk/files/hijackthis_sfx.exe

to download HijackThis. Click scan and save a logfile, then post it here so
we can take a look at it for you. Don't click fix on anything in hijack this
as most of the files are legitimate.
 

3 more replies
Answer Match 51.24%

I had a hunch my comp had a few kinks. So first I ran a Kaspersky Webscan. Then I ran HijackThis for good measure.------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Friday, January 25, 2008 9:26:34 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 25/01/2008 Kaspersky Anti-Virus database records: 532950-------------------------------------------------------------------------------Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: trueScan Target - My Computer: C:\Scan Statistics: Total number of scanned objects: 93317 Number of viruses found: 2 Number of infected objects: 6 Number of suspicious objects: 0 Duration of the scan process: 01:45:17Infected Object Name / Virus Name / Last ActionC:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aolstderr.txt Object is locked skippedC:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aolstdout.txt Object is locked skippedC:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aoltsmon.lock Object is locked skippedC:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\cache.db Object is locked s... Read more

A:Infected Files

Welcome to the BleepingComputer HijackThis Logs and Analysis forum. My name is Richie and i'll be helping you to fix your problems.Apologies for the late response,as i'm sure you can appreciate we are extremely busy.If you've already recieved help at another forum and your issues have been resolved,or you're presently recieving help elsewhere then please let us know.If you have not followed the info in the link below prior to posting your log then please do so now:Preparation Guide for use before posting a HijackThis Log:http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/If you still require help,please post a new Hijackthis log into this topic in your next reply.Also post a detailed description of the issues you're experiencing.*Note*Post all reports/logs directly into this topic,not as attachments,thanks.

1 more replies
Answer Match 51.24%

I just downloaded this program called ETRUST EZ ANTIVIRUS. It found 16 infected files and deleted 3. I don't know how to get rid of the files that are infected.
please help me, i don't want to ruin my computer
Thankyou.
 

A:Infected files ???

16 more replies
Answer Match 51.24%

i have some trojan horses and spyware how do i remove? my security has expired!

A:infected files

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

1 more replies
Answer Match 51.24%

I'm getting frustrated. For some reason, Windows Police Pro downloaded itself on my computer yesterday, and it's pretty much a mess. I manage to delete the program files, but I know I'm not out of woods yet. Nothing seems to work. Nothing. The whole desote.exe thing keeps popping up.

Running any antivirus is useless because it just clicks off. I've tried running McAffee, Panda Security (online version), Malware, Hijackthis, RSIT, Win32kDiag, and Rootappeal. Everytime it starts, it stops. I took an advise of another poster and rename to desote.exe file. It helped, and I could at least get to command prompt. But with that it still does not work. Things like Malware and such just don't run (even though they show themselves in the Task Manager). Other programs like RSIT and Win32k start, but once it starts scanning (or touching the registry, I assume), it gets shot down. When I try to start them up again in the command prompt, it says ACCESS DENIED. I really don't know what to do at this point. I cannot give you logs because something is blocking the heck of my attempts. What I need to do is at least get rid of whatever is blocking my attempts, or work around it.

Please, any help is appreciated. I'm running Windows XP.

PS: I'm using my laptop for this, for I cannot get online with the infected desktop because IE doesn't work.

More replies