Tech Problem Aggregator

Computer devices got compromised using the same router.

Q: Computer devices got compromised using the same router.

It's been month reading and searching around forums but I just can't get it done. It's totally another level for newbie like me.
My laptop Samsung, desktop Alienware both got corrupted. Factory image being modified, download anti virus program but get mod become useless. Do not have admin rights on my own computer. Window firewall policy got mod but have no idea how to get it fixed. Window defender can't be run due to its service is missing. I have TEMP/TMP folder which can't be remove in my profile. All the files and folder is being shared but I did turn off sharing setting. Can't be delete due to admin access. Shortcut, and thumbnail have invalid path. Group policy is being mod which I'm totally clueless how to get it done. Workstation is running which I'm on a home network. Background process like CTF loader and COM keep running even thou I keep end the process. Window installer keep running but no idea what is it for. Window update keep searching but can't be install. Sometimes it get freeze. Registry is being mod, have no knowledge about it so don't dare to delete some of it. Cmd can't be run. Lots of svchost running in the svc. Did so many correction once restart everything back to square 1. Guys please help. Cause the one who did this is just staying right above me. So I'm clueless how I get it fix.

A: Computer devices got compromised using the same router.

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/581281 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.Please do this even if you have previously posted logs for us.If you were unable to produce the logs originally please try once more.If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available. Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.
Thank you for your patience, and again sorry for the delay.
***************************************************
We need to see some information about what is happening in your machine. Please perform the following scan again: Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.FRST Download LinkWhen you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.Double click on the FRST icon and allow it to run. Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button. Notepad will open with the results. Post the new logs as explained in the prep guide. Close the program window, and delete the program from your desktop.As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

2 more replies
Answer Match 60.9%

Hello,

This my first post here, so I'll start off by apologising if I've put this in the incorrect place. I stumbled across this forum and have found it to be very informative. As a result, I was wondering whether anyone could help me with a query I have.

Recently, my laptop became infected with Spyware Guard 2008 (hereinafter 'SG2008') and this effectively prevented my laptop from connecting to the internet (everytime I clicked on Internet Explorer 7, it suffered an error and closed). Having browsed a few websites on another computer, I was given the impression that SG2008 could be removed by running Malwarebytes Anti-Malware. I transferred Malwarebytes onto my infected laptop using a USB storage device, but not before backing up some files onto another USB storage device and some music files onto my MP3 player.

Running Malwarebytes (3 times) revealed that my laptop had been infected by a backdoor trojan/rootkit infection (Malwarebytes picked up numerous TDSS.??? files). Following the advice given on a number of websites (and on this forum), I changed my internet passwords, reformated my hard disk, and re-installed MS XP. The laptop now appears to be fine, but I was wondering whether my two storage devices and my MP3 player could have been compromised by the infection? Are they safe to use? (I have not used them since).

Thanks in advance for any help - it would be very much appreciated!

A:USB devices compromised by Backdoor Trojan?

Try this------------------------Please insert your flash drive before you begin!Download Flash_Disinfector.exe by sUBs and save it to your desktop.Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.Wait until it has finished scanning and then exit the program.Reboot your computer when done.Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that is plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.

1 more replies
Answer Match 59.22%

I have a new tower (desktop computer). When it's powered on (active or sleep mode) it will boot all other devices in the house using the router (another desktop, 4 laptops, and 2 game consoles via ethernet or wifi connection - doesn't matter). The new tower does NOT have wifi and does NOT have to be connected to the router via ethernet to cause the disconnect.

Here's what the utility brought up about the tower:
Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft Windows 7 Ultimate , 64 bit
Processor: AMD Phenom(tm) II X4 B55 Processor, AMD64 Family 16 Model 4 Stepping 3
Processor Count: 3
RAM: 4095 Mb
Graphics Card: ATI Radeon HD 4800 Series , 1024 Mb
Hard Drives: C: Total - 430697 MB, Free - 388993 MB; D: Total - 999997 MB, Free - 763832 MB;
Motherboard: ASRock, 770 Extreme3,

Photos from device manager are located here.

Senario: Josh is playing on his laptop via ethernet. Bill is on his via wifi. I'm watching Netflix on the Wii on TV. Eric fires up his new computer, hasn't even put his password on the login screen and everyone is booted offline.

Here's the list of devices and how they connect to the 2Wire DSL router (which works fine until the new tower is powered on, and it's the ONLY thing able to connect to the internet):

NewPC - Desktop - W7 - ethernet
OldXP - Desktop - XP - ethernet
HollyPC - Laptop - Vista HP - wifi
JoshPC - Laptop - W7 - ethernet
BillPC - Laptop - W7 - wifi
RyanSPC - Laptop - W7 - wifi
X... Read more

A:New Computer Boots All Other Devices From Router/Network

8 more replies
Answer Match 55.86%

Ok, thanks y'all for listening.

I am running DD-WRT on my wireless router and there is this mysterious MAC address that has many connections when our download bandwidth usage goes up. I don't know where to start on this, but so far, this past fall, our router IP and password have mysteriously changed.

Edit:
The MAC address appears to be connected through LAN

Can someone please help me on this?

UPDATE:
I figured out the MAC address issue, but we are still having an issue where some computers will have their connections jump up to 300-400 and our bandwidth shoots up, lagging everything else.

A:Have my router/computers been compromised?

What OS and anti virus programs are you running?

Have you scanned all the PC's with your anti virus?

2 more replies
Answer Match 52.92%

"I would suggest opening a topic in the Am I Infected? What Do I Do? forum to see if there is any malware or virus.
 
Please leave a link to your current topic, copy and past the following to do this.  http://www.bleepingcomputer.com/forums/t/625147/problems-persisting/?p=4073958"
 
 
i understand this is complicated and many symptoms and hard to detect
 
am aware of most antivirus tools out there and have tried the majority -no single tool detects/catches everything
 
 
 
the main problems still reocurring 
 
are drivers going missing like network drivers disappear some restarts
 
i update my amd drivers to the latest 3 times this week (which worked for a login )within couple days each time the drivers act like no drivers working
 
even though amd radeon tool is present
 
many times my network loses its default name and becomes "unidentified" 
 
 
 
previously the whole desktop deleted itself, restores deleted, antivirus kept being disabled and greyed out so i cant turn it back on,
 
whole software /games would install on completion then delete? some days they were there the next gone.
 
 
 
we have made progress and solved some issues but many linger on such as above
 
most disturbing is these hidden foreign isatap/toredo tunneling that reinstall themselves even after i disable and uninstall them from hidden devices in device manager
 
suspect is... Read more

More replies
Answer Match 50.82%

Hello,

I have a Windows XP and have recently been having some virus issues. I have used Avira, AVG, Malwarebytes, Spybot, etc., to scan my computer and remove a lot of the corrupted files.

The problem I am having now is that any external device I plug in to my computer (hard-drives, thumb drives, iphone, ipod and memory cards) through any of my usb and card reader slots are not being recognized in "my computer."

The slots do work, in the sense that the external hard-drives light up and the disc spins, I can charge my iphone and ipod through my usb, but my computer does not find them so I cannot access the external hard-drives, memory cards, or sync iphone and ipod. Also, I can hook up these same devices to other computers without any issues.

I have uninstalled and reinstalled all of the usb drivers, tried safe mode, and multiple other things I've read from other forums. I was also getting the "windows no disk exception processing error" that I was unable to resolve by any of the proposed methods such as renaming drives, etc. I ended up downloading a patch to make this error go away, but it just stops the error from popping up, it doesn't actually fix the problem. I am guessing this might be related to my current problem, but it may also be a result of some of the spyware and trojans I have had and what I deleted from my computer to clear up these viruses.

Any suggestions would be greatly appreciated. I really want my computer to be able to ... Read more

A:external usb devices and memory card readers are not showing devices in my computer.

Scan you computer with "Microsoft AutoPlay Repair Wizard". It will scans your computer devices to find defective AutoPlay settings, and attempts to fix those it finds.
http://www.microsoft.com/downloads/details.aspx?FamilyID=c680a7b6-e8fa-45c4-a171-1b389cfacdad&DisplayLang=en

 

2 more replies
Answer Match 49.98%

Esteemed Forum Members,

This is my first posting here. I am a Java programmer/developer. And I look forward to participating. Although I generally find that I learn more from reading the posts of the knowledgeable folks here than with me talking.

My current question is to see if anyone knows any more about a computer affliction that has affected two friends in the past week. (They are in different groups, so these are separate "afflictions".)

The two are remarkably similar so I am hypothesizing that they are basically the same attack. I suspect that if I have bumped into two of these cases, you folks may have already been there and done that.

As I don't have access to either of their computers, and as they are rather naive MSWindows users, it might be difficult for me to run the various diagnosic tools on their systems.

Basically the symptom is that they received an email from a known source. (Yeah, I know...) And clicked on a link to one of the {canxhealth health24x medhealthx xmedx } dotcom websites. The result is that, at a minimum, their Yahoo email account was compromised and an email was sent out to all of their contacts. The sent email has no subject and contains only the link to the malware website.

Googling through the web, I see suggestions ranging from changing the email account password through reformatting the hard-drive and resetting external routers. I also see claims that none of the major anti-virus/firewall applications detect this... Read more

A:Yahoo Account Compromised, possible system compromised

Hello Chuck, First i will move you one forum down to Am I Hacked.Please read the first pinned topic there, Who To Contact If Your Yahoo Webmail Account Is Hacked Next follow tese instructions,also a pinned topic there How to receive help in the Am I Hacked? forum

5 more replies
Answer Match 49.98%

Hello.  I seem to be sharing my firewall privileges with a remote hacker and a system restore didn't help.  A similar posting at Tom's Hardware pointed to a corrupted/malware rundll32.exe file creating extraneous malware files (guard.tmp, filename.dll) in his Win/System32 folder.  I suspect I have something similar though couldn't find those same file names.  (His posting is here: http://www.tomshardware.com/forum/134388-45-mysterious-rundll32-administrator-privileges )
 
I have tried kaspersky, combofix, rskiller, hitman, symantec, emsisoft, avg, symantec, windows defender, etc.  I am not a tech guy by trade but serve as my own IT guy some months so any help I get is welcome.  I probably am supposed to be posting "hijack this" findings or something as a first step but haven't done anything like that in 12 years so I figured I would post my problem first.  Thank you.

More replies
Answer Match 48.72%

I downloaded a few songs from LimeWire last night. Two of them did not play music and I was suspicious of them, so I deleted them. Then I ran stinger and it isolated one of the files as being a UA trojan dopwnloader and it said it deleted it. I searched the computer for the other file name and it did not come up. Ok, now today, I opened a My Docs folder and I notcied every folder in there is "Date Accessed" on 3/1/2009 at 8:58 pm. Also a bunch of files are listed as date accessed this morning and afternoon. Some info in those files is sensitive. Is my computer security compromised?
 

A:Is my computer compromised?

16 more replies
Answer Match 48.72%

edit: sorry for not posting the malware name in title its JPGIFRAMERi feel that some kind of malware has recently compromised my computer. symptoms:random internet dropslow computermcafee randomly repairing jpg files from the virus JPGiframerbeen a logn time since i got a windows updateheres an HJT log. halp me!!!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:36:23 PM, on 5/6/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Creative\Shared Files\CTAudSvc.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeC:\Program Files\McAfee\MPF\MPFSrv.exeC:\WINDOWS\system32\nvsvc32.exeC:\PROGRA~1\McAfee\VIRUSS~1&... Read more

A:Compromised computer

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

2 more replies
Answer Match 48.72%

Hi! I posted a log a while back for a different computer and ended up replacing that one, but now I'm afraid my laptop may now be infected.Can someone please take a look at my logs & let me know if I have anything remaining? I ran Malwarebytes Anti-malware and it removed a few items, but my computer is still acting strangely.Thank you in advance!Logfile of Trend Micro HijackThis v2.0.4Scan saved at 1:14:41 PM, on 10/13/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exec:\drivers\audio\r211990\stacsv.exeC:\Program Files\Cisco Systems\VPN Client\cvpnd.exeC:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exeC:\WINDOWS\system32\DRIVERS\o2flash.exeC:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exeC:\Program Files\Dell Support Center\bi... Read more

A:Computer may be compromised

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the ... Read more

2 more replies
Answer Match 48.72%

using ad-aware I found a file in the windows system folder that did not look familiar: yrbxysxr.exeI decided to run hijackthis and post the log to see if anyone could help. ThanksLogfile of Trend Micro HijackThis v2.0.2Scan saved at 8:29:07 PM, on 10/12/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Java\jre1.6.0_02\bin\jusched.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXEC:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXEC:\... Read more

A:S.o.s. Compromised Computer

Hello and welcome to BC.

Sorry for the late response. If you haven't received help elsewhere yet and still need help, please post a fresh HijackThis log and I'll be happy to help you.

20 more replies
Answer Match 48.72%

Good morning,
I need help!
Yesterday, I found out that one of my online bank account (Bank A) has been compromised. I do most of my banking online, so I link my other banks (Bank B and Bank C) into this bank.

On July 10, Bank A instructed ACH transfers from Bank B($2000) and Bank C($2500) into Bank A. I dont know if i should say I am lucky because I dont have much money, but because i dont have much money those ACH transfers are denied (Non-sufficient fund).

So, yesterday, I went online into Bank A, and i did found 2 instructions. So, 1st impression that maybe banks screw up the transactions (should be other poeople account). Then, later when i look at the bank setup, I found a new bank that is waiting to be verified for linking with Bank A. Then, I know I have problem. So, I have called the bank and report this.

I googled, and found this site. I saw a posting about Keylogger and many replies of helps. So, i am hoping i can get your helps as well.

For the past 2 months, I have several things that happens differently.
1. I started to play World of Warcraft battlenet again...
2. I receive a new computer from work
3. My wife started to use computer at home more often, but mostly to go friendster.com (I think)

I uninstalled my zonealarm because I have been having problem restarting.
But prior to this, i have zonealarm, spydoctor, avg antivirus installed. Right now, I have hijackthis, panda (didnt get catch anything), trojanhunters (found 2 trojans, but t... Read more

More replies
Answer Match 48.72%

hello there, wonder if someone can help me out, I think someone has hacked my computer, what is the process of checking please

A:I think my computer has been compromised

What are the symptoms making you believe your computer has been compromised?  Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware (MBAM) to ... Read more

1 more replies
Answer Match 48.72%

Hello. Yesterday when I returned from lunch, my computer was logged out. I thought maybe I had a power outage, but the other computer on the network (server) was still logged in. So, I just logged back in and went back to work. This morning, when I came into work, again I was logged out. And again I just logged back in. While I was working today, I looked up and saw that I was logged out. When I went to log back on, now there was my icon, but also another one with a karate icon, and it said "administrator"...and that "person" was logged on. I was very concerned and tried to log back in, but it wouldn't let me. I shut off my computer and then turned it back on. Now, the only user I saw was mine. Some background....I have Windows XP, McAfee Security with a Firewall. I do use logmein.com, but it's password protected. Just to be safe, I turned that off. I looked around my files and found that someone named "administrator" was in my computer yesterday when I was out to lunch. Also it showed that my fax file was used around the same time. I found a new document in "recent documents" called "desktop" and when I clicked on that file, this is what came up:

[LocalizedFileNames]
Mail [email protected],-4
Desktop (create shortcut).[email protected],-21
Compressed (zipped) [email protected],-10148
I am very concerned that someone took some private information from me. Is there a way to find out what this was? An... Read more

A:Has my computer been compromised?

16 more replies
Answer Match 48.72%

I've got a computer at work that seems to be fairly compromised. I've followed all of the steps listed in the 'read this topic' message and am at the point where I get to post a hijack this log (joy!). Basically this system has popups that show up constantly and the typical cleaning programs/methods have not gotten the popups to go away. Virtumonde has been detected on the system but I haven't been able to get it cleaned up yet. Basically each time I run a scan (with whatever program) it finds new things that weren't there on the previous scan. I just need to figure out the root cause of these popups and get rid of it. The date on the comp was set wrong at the time of the scan. I took this scan 20 minutes ago.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:45:33 PM, on 7/21/2003Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\Program Files\WIDCOMM�... Read more

A:Compromised Computer

Welcome to the BleepingComputer HijackThis Logs and Analysis forum ensoll My name is Richie and i'll be helping you to fix your problems.It appears you've no virus protection installed.Download\install one of the following freeware options from the choice below.Once installed update its definitions and then run a full system virus scan.AVG7 Free Edition Antivirus:http://free.grisoft.com/softw/70free/setup...ree_446a965.exeAvast! 4 Home Edition: http://files.avast.com/iavs4pro/setupeng.exeAvira AntiVir Personal Edition Classic http://www.free-av.com/------------------------------Please download VundoFix.exe to your desktop.Double-click VundoFix.exe to run it.When VundoFix re-opens,click the "Scan for Vundo" button.Once it's done scanning,click the "Remove Vundo" button.You will receive a prompt asking if you want to remove the files, click "YES".Once you click yes, your desktop will go blank as it starts removing Vundo.When completed,it will prompt that it will reboot your computer,click "OK".Post the contents of C:\vundofix.txt into your next reply.Note: It is possible that VundoFix encountered a file it could not remove.In this case,VundoFix will run on reboot,simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.------------------------------Please download Combofix and save to your desktop:Note: It is important that it is saved directly to your d... Read more

1 more replies
Answer Match 48.72%

So my dad tells me that his desktop computer is acting all weird, and I have a feeling something may be infected. Internet Explorer.exe cannot be found, I think it was deleted or renamed, which raises alot of questions as to how that happened. Here is my Hijack This Log File... Thank you !
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:29:49 PM, on 2/14/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\Google Desktop Search\Goo... Read more

A:Computer compromised

9 more replies
Answer Match 48.72%

My computer has been acting funny, websites not displaying properly, HTML messed up, hanging all of the time. It should be a high performance machine with Win 64, P6TD deluxe MB, 6GB Corsair Dominator RAM, but it's really sluggish. Here are the DDS log reports. My website was hacked recently, maybe because my PC was compromised. Not sure. Thanks in advance.
Sam

ps. I do have access to Windows Disc.


DDS (Ver_10-12-12.02) - FAT32_AMD64
Run by Monster at 9:38:13.24 on Mon 01/10/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.6135.3268 [GMT 9:00]

AV: Trend Micro Titanium *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\s... Read more

A:Computer Compromised

ANyone? DOes this look clean? Is that why nobody got back to me? I am having problems with websites like ESPN which is telling me that the server's certificate does match the host's name.

static.ak.fbcdn.net

I am getting weird HTML across the page instead of a clean website. Pages are loading slowly.

1 more replies
Answer Match 48.72%

Hi all,

I have Win7 pre-release running on my loungeroom PC, as well as the old faithful XP on dual boot (second HDD).
After the October 22nd release, Win7 would not run, and has also shut down access to XP as well!!

Im was told that it would shut down every 2 hours until I paid money, but was not expecting my whole machine to be sabotaged?

Also read that I would get $100 off retail from using the pre-release Win7?

Anyone else like me - frustrated.

Automatic repair could not do justice to Win7 and it shut down no warning.

A:Computer compromised

I re-started and tried to get XP happening, but the screen disappeared permanently after the intro logo.
Then I re-set and tried Win7 again, and lo and behold, it came up and ran normally??? I have a TV program running on MCE as I type!

Any ideas as To why XP is compromised? I have done chkdsk in the recovery console.

1 more replies
Answer Match 48.72%

Been fighting this for a week and I can't find anything actually wrong, but I know something has to be there. My Warcraft account was recently hacked and based on some of the actions of the hacker I have to assume that they have gained access to my computer. Not only have they gotten my login information everytime I change it, but they have gotten some files submitted to Blizzard. Despite running multiple virus and malware scans nothing has ever come up. I am reluctant to simply reformat because I would like to at least try to understand how this has occured, but you can't fix what you can't find.
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16750  BrowserJavaVersion: 10.45.2
Run by troy at 1:30:21 on 2014-01-14
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.4094.1950 [GMT -6:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Emsisoft Anti-Malware *Disabled/Updated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Emsisoft Anti-Malware *Disabled/Updated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
C:\Windows\system32\svc... Read more

A:Computer Compromised

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/520819 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

17 more replies
Answer Match 48.72%

Hello everybody!

I finally removed Spyware Protect 2009 from my computer with Malwarebytes, and just wanted to know if my personal info (banking records, etc..) can be accessed by others on the web. I don't see any TDSS/backdoor.bot, soo... idk, just want to be sure. Any help is appreciated. Here is my log:
Malwarebytes' Anti-Malware 1.33
Database version: 1733
Windows 5.1.2600 Service Pack 2

2/5/2009 8:31:53 PM
mbam-log-2009-02-05 (20-31-53).txt

Scan type: Quick Scan
Objects scanned: 75586
Time elapsed: 19 minute(s), 59 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 4

Memory Processes Infected:
C:\WINDOWS\sysguard.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\system32\iehelper.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c9c42510-9b21-41c1-9dcd-8382a2d07c61} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9c42510-9b21-41c1-9dcd-8382a2d07c61} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c9c42510-9b21-41c1-9dcd-8382a2d07c61} (... Read more

A:Is my computer compromised?

Hi DAUeleven and welcome to BCPlease print out and follow these instructions: "How to use SDFix". When using this tool, you must use the Administrator's account or an account with "Administrative rights"Disconnect from the Internet and temporarily disable your anti-virus, script blocking and any real time protection programs before performing a scan.When done, the SDFix report log will open in notepad and automatically be saved in the SDFix folder as Report.txt.If SDFix is unable to run after rebooting from Safe Mode, run SDFix in either Mode, and type F, then press Enter for it to finish the final stage and produce the report.Please copy and paste the contents of Report.txt in your next reply.Be sure to renable you anti-virus and and other security programs before connecting to the Internet.-- If the computer has been infected with the VirusAlert! malware warning from the clock and the Start Menu icons or drives are not visible, open the SDFix folder, right-click on either the XP_VirusAlert_Repair.inf or W2K VirusAlert_Repair.inf (depending on your version of Windows) and select Install from the Context menu. Then reboot to apply the changes.

1 more replies
Answer Match 48.72%

Hi there,

Im trying to help my mum out with her computer. After a visit to her local bank they informed her that someone had got her bank details online and has been ordering video games for themselves from this. I need to ensure that her PC is like fort Knox as im meant to be good with computers but need help this time. Heres what ive tried so far:-

Ran MSE anti-virus, updated and full scan: nothing found.
Ran Malwarebytes anti malware: updated and full scan: nothing found

IE is the latest version but it seems to have adverts all over the place. Ive disabled all add-ons but to no avail. Is the best thing to do next uninstall and reinstall IE?

Thanks for any advice given to me.

A:Computer compromised

The first thing you need to do is change all passwords, using a "known clean" computer. Do not use the infected one!

Next, flush the bad DNS cache and restore MS's Hosts file:
Copy and paste these lines in Note pad.

@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0

Save as flush.bat to your desktop.
Double click on the flush.bat file to run it.Vista and Windows 7... right click the .bat file and choose to run as Administrator. Your computer will reboot itself.

Now, download DDS from one of these links:
DDS.com
DDS.pifDisable any script blocking protection
Double click the dds icon to run the tool.
When done, DDS will open two (2) logs: DDS.txt
Attach.txt <--- will be minimized in the task tray

Save both reports to your desktop.

Include the contents of both logs in your next post.
The scan will instruct you to post Attach.txt as an attachment.

4 more replies
Answer Match 48.72%

Helly all,
 
I had an issue with my email, did a search on Google and found a support website. I called them, they asked for card details and a screenshare
 
they then took over my system and I think installed somethings asthey showed me my passwords in a text file, also they sent an email from my account to themselves stating I authorize payment... I tried to stop it they kept writing and after I switched computer off just to get away, I feel I have been compromised. My bank said the same thing and a friend said thebest place to get help was here.
 
Please do help me clean my system from these leechers
 
I run windows
 
thank you

A:computer compromised seriously

I would suggest you replace the credit card and of course dispute any charges.
 
There are sites when doing a search for help represent themselves falsely as Microsoft, popular security programs and many other popular programs.
They are simply thieves.
 
It is likely that no malware was installed but the program used to remotely connect may still be on the computer and some crappy scan program or
two.
 
Use all of the programs below to find and remove both malware and adware.
 
Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the
Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.
After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.
CCleaner - PC Optimization and Cleaning - Free Download
 
Download Malwarebytes' Anti-Malware from Here
Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
Click the Scan tab at the top of the program window, select Threat S... Read more

2 more replies
Answer Match 48.72%

Hello,

I'm hoping I can get a second opinion to a question I posed on the MS Win7 Forum. The answer seemed to go against what I've read on numerous computer security sites regarding different software to have. Also mentioned was "first I would dump anything Norton", many sites gave it extremely high marks, but anyway. It seemed reply was all negative without answering question. Here is what I posted, and His answer, Hope this is okay.

One thing I didn't think to add to original question was that I'm using Norton Safe Search in toolbar if that matters. _______________________________________________________________________________________________________________________________________________________________
Is my computer compromised?

Win7, IE9, Norton Internet Security 2011, (Malwarebytes, SuperAntispyware, and Ad-Aware, I only use the ones in brackets as secondary scans and not actively running.

I notice sometimes at many different websites my toolbar will what I say is "move down a step" and leave a blank like toolbar (empty of course) above it just below the address bar.

I'm using Norton Internet Security 2011, and have Malwarebytes, SuperAntispyware, and Ad-Aware as just secondary scanners. I keep everything updated at least weekly, though Norton automatically updates on its own the same as Windows. Everytime I do scans (weekly) they all come up clean.

With the toolbar moving down leaving an empty space between ... Read more

More replies
Answer Match 48.3%

Currently my computer has a number of issues, these started when I downloaded what I thought was a no-cd crack for Diablo 2: Lord of Destruction (I DO own the game, however I cannot find my cd ><). I noticed immediately after unzipping the files that I had a problem, popups everywhere, I couldn't go into my computer without errors showing up (these are fixed as I use spybot and it took care of most of these things, however I still do have popups). I also cannot use ctrl+shift+esc to get to task manager, nor can I use ctrl+alt+del to get to task manager as apparently task manager is "disabled".

Currently if I google anything and click any link that would lead me to where I would search, I go to this link

Mods note:

<URL removed>

Hmm, I can't think of any other problems that I would think originated from infection, however I somehow managed to accidentally uninstall my soundcard driver - if anyone can assist me in finding that I'd much much appreciate it - though I'm mostly concerned with getting my computer virus free. (I don't really know what sound card I have, however this is a link to the exact model of PC I have - the only thing I have upgraded in my PC is my video card which should be a non issue - http://www.dealtime.com/xPF-Gateway-...VDRW-Dual-Laye)

My Log:
Deckard's System Scanner v20071014.68
Run by Owner on 2008-04-08 19:57:04
Computer is in Normal Mode.
--------------------------------------------------------------------... Read more

A:Frustrated with compromised computer

Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please be patient with me during this time.

11 more replies
Answer Match 48.3%

I was on my computer tonight when my computer froze and I had to restart. I'm on a wireless connection run by my apartment building, and I have some personal security stuff on here but really am not too sure about the wireless security my building runs. I don't really download that much off of the internet, so I was surprised when strange things happened when I restarted my computer tonight. First, there was a brand new internet connection listed under my connections tab called Internet (1) that was not there before using WAN miniport. Also, the bar on the bottom of my screen is becoming distorted at times for no reason. And as I just now look, part of my screen is becoming cut off, with a strip of nothing but black along the right hand side of the screen. The time was changed to military time which I didn't do, and I can't change it back for some reason. I'm going to post my HJT log, and I also have RKR, ComboFix, and GMER on my computer as well. If anyone can help me, I'd greatly appreciate it, thanks!

Here's the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 00:18, on 07-01-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C... Read more

A:I think my computer security has been compromised?

If someone can please help me I would greatly appreciate it....thanks!
 

2 more replies
Answer Match 48.3%

I have a 2wire router/modem which is usually very sloppy but today I noticed a few warning signs that make me think that somebody accessed or tried to access to my computer through my network.

First, last night I completely charged my Acer laptop and used it for a few minutes. When I woke up, I could hear the computer was trying to start unsuccessfuly but I didn't worry about that since it does that sometimes, I have a cheap laptop. I woke up my computer (I don't shut it down everyday) and I could go online right away, but after 5 minutes I was disconnected. I reset my router once but after a few minutes my internet was disconnected again. This time, I manually disconnected my computer from my network and reset the router again. When I came back to my computer, this is what happened:

* My computer was connected to a neighbor's unsecured network.
* Right away, I disconnected from that network and connected to my own secure, hidden network.
* ZoneAlarm prompted me to add and set the new network. Since I didn't know which network that was, I did something stupid. I shut down ZoneAlarm. When I realized that, I started it again.
* I went to my devices and I found a Belkin router--I have a 2wire router. I deleted it.
* I went to ZoneAlarm and found my own network and another network that shouldn't have been there. I deleted all networks.

I don't remember my last configuration but I think it might have changed. This is what I see in Network and Shari... Read more

A:Help me figure out if my computer has been compromised

Enable WPA(2)-PSK encryption on the router. Use a strong passphrase--20+ (at least 8 or 9) characters of letters and numbers and special characters mixed (do not use dictionary words).
 

3 more replies
Answer Match 48.3%

My friend was browsing through the internet on firefox and inadvertently downloaded a malicious program by visiting a website link posted on a forum. I know that my computer is infected as I have had multiple passwords changed on me such as my email password and my friend's game account has also had a password change. I have scanned with AVG and spybot search and destroy. Nothing has worked thus far. I would try to do something with hijack this, but I made an error due to my stupidity last time I tried to delete something scanned by it and ended up having to re-format my system. Here is the log that I have from a recent scan. Any help is greatly appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 6:36:45 PM, on 9/7/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\s... Read more

More replies
Answer Match 48.3%

I play World of Warcraft and recently had my account taken control of. I then realised since I have never given out my password, it must be a keylogger.

I ran KL-Detector while I screwed around in notepad and a few other things, and this is what it came up with
Code:
KL-Detector has found some suspicious files:
C:\Users\Taylor\AppData\Local\Temp\~DFF1AC.tmp
C:\Users\Taylor\AppData\Local\Temp\~DFFCBB.tmp
C:\Program Files\World of Warcraft\Logs\SESound.log

Please check; someone might have installed a keylogger on your computer!
You MAY want to take a look at:
C:\Users\Taylor\AppData\Local\Temp\
C:\Program Files\World of Warcraft\Logs\
C:\Users\Taylor\AppData\Roaming\Microsoft\Windows\Cookies\
C:\Windows\Prefetch\
C:\Users\Taylor\AppData\Local\VirtualStore\Program Files\World of Warcraft\Cache\WDB\enUS\

>>FULL REPORT<<

Below are some file operations that were done during the monitoring process.
Review them carefully and check for suspicious files.
C:\Users\Taylor\AppData\Local\Microsoft\Windows\UsrClass.dat
was modified.

C:\Users\Taylor\AppData\Local\Microsoft\Windows\UsrClass.dat
was modified.

C:\Users\Taylor\ntuser.dat.LOG1
was modified.

C:\Users\Taylor\NTUSER.DAT
was modified.

C:\Users\Taylor\NTUSER.DAT
was modified.

C:\Windows\Prefetch\KL-DETECTOR.EXE-BAE45825.pf
was modified.

C:\Windows\Prefetch\KL-DETECTOR.EXE-BAE45825.pf
was modified.

C:\Windows\Prefetch\NOTEPAD.EXE-EB1B961A.pf
was modified.

C:\Windows\Prefetch\NOTEPAD.EXE-EB1B961A.pf
was... Read more

A:Computer compromised with a keylogger

Hey guys, if the KL detector doesn't mean much, just ignore it and look at the hijack this post.

Thanks guys!
 

3 more replies
Answer Match 48.3%

Help.... Please...

I think that I have a few problems going on that are a result of an infestation of a virus or other malicious software. I am running an IIS on a Windows 2000 Server. Since last week we cannot send email. I even tried to drop a few messages into the pickup directory and it immediately goes to the bad mail folder. So far, I have found the following.

1. net32a.exe

2. spybot.exe

Also, when trying to send mail I receive a message that looks like the following:

"Unable to deliver this message because the follow error was encountered: "Error is processing file in pickup directory.". The specific error code was 0xC00402CE.
The wording is broken in some places ("follow" instead of following / Error "is" instead of Error "in") which leads me to believe I may have been compromised by someone. I'm not sure what to do... I need help.
Thank you.
 

A:Solved: Computer Compromised? Help...

16 more replies
Answer Match 48.3%

Somehow someone is seeing my passwords on my computer and accessing some of my accounts specifically my Verizon account and Vanguard so far.  I have a flag setup on credit bureaus and setup security features and alerts in all my accounts.  I'm posting Speccy and ToolBox below.  Curious if you see anything suspicious or have any recommendations?  Thanks
 
 
http://speccy.piriform.com/results/akVa5YbYYOg6ghUMB30gqou
 
 
MiniToolBox by Farbar  Version: 21-07-2014
Ran by zj (administrator) on 07-03-2015 at 16:20:55
Running from "C:\Users\zj\Desktop"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (03/07/2015 02:51:02 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/06/2015 11:32:28 AM) (Source: LMS) (User: NT AUTHORITY)
Description: LMS Service lost connection to HECI driver
 
Error: (03/06/2015 10:46:09 AM) (Source: LMS) (User: NT AUTHORITY)
Description: LMS Service lost connection to HECI driver
 
Error: (03/05/2015 09:24:18 AM) (Source: Application Error) (User: )
Description: Faulting application name: NinjaTrader... Read more

A:Computer security compromised..

There is a chance that you are infected with a backdoor, bot or RAT. (remote administration tool). If this is the case more powerful advanced tools will be needed than can be used here in Am I Infected.Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

3 more replies
Answer Match 48.3%

The first time I noticed this I got a window saying "This machine dangerously low on resources!" I read where Win98se users should correct this by rebooting and clearing the cache, that this is a flaw in 98. I did but the problem persists, especially if I have Word and a couple of other applications running at once.
Task monitor shows that Explorer is continuously running in the background, even tho I use Firefox for browsing. Attempts to close Explorer result in a scrambled desktop and that 'Restore Active Desktop' message, or everything simply hangs until I power off and reboot. I run 98se on a compaq deskpro with Pentium 3 that is part of a home network with 2 other computers running Windows XP. They seem to be fine.
Here is a Hijack This! log I just ran which is pretty short.

Logfile of HijackThis v1.99.1
Scan saved at 8:16:08 AM, on 6/11/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ FIREWALL\CA.EXE
C:\PROGRAM FILES\ANALOG DEVICES\SOUNDMAX\SMTRAY.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FIL... Read more

More replies
Answer Match 48.3%

Hey guys,
 
I'm a little out of my depth here so don't feel bad about telling me I'm a complete idiot.  I got to work this morning unable to connect to my network drives because "The system detected a possible attempt to compromise security." So I did a little digging through event viewer and found a few disconcerting entries:
 
At 6:14 AM this morning: The Terminal Server security layer detected an error in the protocol stream and has disconnected the client. Client IP: 69.49.130.122.
 
According to google this generally happens when there's high traffic to the server, but the server doesn't get high traffic ever and the office doesn't even open until 7.
 
Also there's an audit at 12:45AM: 
 
A logon was attempted using explicit credentials.

Subject:
Security ID: SYSTEM
Account Name: WORKSTATION-17$
Account Domain: <REDACTED>
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}
Account Whose Credentials Were Used:
Account Name: WORKSTATION-17$
Account Domain: <REDACTED>
Logon GUID: {b8e5e60f-7cd0-e25e-5654-baf839662d0d}
Target Server:
Target Server Name: workstation-17$
Additional Information: workstation-17$
Process Information:
Process ID: 0xce0
Process Name: C:\Windows\System32\taskhost.exe
Network Information:
Network Address: -
Port: -
This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials.  This most commonly occu... Read more

A:My computer's security may have been compromised.

Open the Start Menu and type cmd in the Search programs and features box.  Command will appear above the search box in the, right click and select Run as administrator.  This will open the Command Prompt.
 
When the Command Prompt opens copy the command below and paste it in the command prompt, then press Enter.
 
netsh int tcp set global chimney=disabled

2 more replies
Answer Match 48.3%

Hi,
 
I have an ongoing problem. For the last five years, the same person or persons keeps breaking into my computer, and network. I have had several computers, different ISP's, I have even moved out of state for six months even there they kept on attacking me, I came back and still the person keeps getting in. I have bought security software, and I have used the free ones as well, and to no avail. Somehow this person is able to listen into my conversations. Now they are impersonating me online, and make it their business to draw my attention to it. One thing is if they are harassing me, and threatening to hurt me. But is completely another when they are taking to harassing my family, or anyone else that I care about. I have contacted the police they wont do anything without solid proof. I have sent in complaints to FBI, and other computer crime resources, heard nothing back from them.
 
This person believes that since they have been getting away with this so long, no one can stop them. I must stop them. I need to get my life back. This person or persons are all into my business, and I do not even know their name? They can attack me whenever they want to,and I cannot identify this person? I need help here. I feel like a victim, I sound like one even to my own ears. I do not wish to be one. I won't be one. Can you help me with my problem? If you could I would most certainly thank you.

A:Computer and cellphone compromised

Tonight I downloaded the tcp utility to see what is going on on network. Everytime I try to run the program it starts to run then it shuts down. I have tried several times, and still the same result. What I did notice for the short time that the program was running that there many processes running. I noticed other things as well. I just tried again, and many of the process running before are all closed down. I see now that there are just very few running, not the case five minutes ago.
 
Also I was having issues accesing a site I use usually with no issues. I believe that it was a denial of service attack. This went on for about three hours.
 
I was hoping that by now someone would get around to helping me with this problem. I am aware that there many people are on this site, and they too need help. I am going to continue to ask for help, and state what is going on until I am helped. I would prefer to receive help from someone who actually works for the site. I am not being fussy or think that I am more entitled than anyone else. The person who has been attacking me has just recently tried to communicate with me. I must be sure who I am speaking to, and who is assisting me with his situation.Thank you.

3 more replies
Answer Match 48.3%

My wow account has been recently hacked 2 times in a row by a keylogger. I was told that posting my HJT logfile as well as my MBAM logfile should be useful for someone specialized in 'malware detecting and cleaning' to see what is really happening in my PC and finally fix it. Please take a look at my logfiles below:

Here's the HijackThis logfile:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:34:27 μμ, on 14/9/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\OSK.exe
C:\WINDOWS\system32\MSSWCHX.EXE
C:\Program Files\A... Read more

A:Computer compromised with keylogger.Please help!

Hello and Welcome to TSF.

We no longer use HijackThis as our initial analysis tool.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

1 more replies
Answer Match 48.3%

Logfile of HijackThis v1.99.1
Scan saved at 1:45:09 PM, on 4/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\System32\sistray.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\INTERN~2\MEDIAKEY.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\DLink\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\PROGRA~1\INTERN~2\KBOSDCtl.EXE
C:\PROGRA~1\INTERN~2\KCodeMsg.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Common File... Read more

A:Another Hijack This log from another compromised computer :(

13 more replies
Answer Match 48.3%

This is going to be a long one, sorry. Let me start by saying that I am a professional in the field (web systems engineer) so have a pretty good working knowledge of systems and networks.
 
I recently (6/28/16) received an email from my ISP (Cox) stating that they detected a ZBot infection from my network, due to access of a known C&C server. I inspected the email headers to ensure that the email did in fact come from Cox and it appears to be legitimate.
 
I can post the URL that they said my network had contacted, but was not sure if I should do that in this forum or not, given the stated rules. Since my systems are behind a router locally Cox was (obviously) not able to tell which system on my side this traffic came from, but I only have one personal Windows system running at the moment. There are also a few Android devices, a smart TV, and Xbox One.
 
We use OpenDNS (free version) for our DNS services here, and the OpenDNS server IPs are configured directly on the router. All devices within the network use DHCP and pull the correct IPs for DNS services from the router as expected (FYI -- router is a DLink DIR-655 on the latest firmware). I have confirmed that all of this still appears to be in place and that OpenDNS is recording queries coming through it. I also confirmed that the specific URL that Cox flagged was indeed seen in the OpenDNS logs on 6/28/16. This part seemed a little strange to me -- that Cox was able to determine that this URL was access... Read more

A:Compromised Computer Notification from ISP

Here is the same netstat command output following a fresh startup (taken about 5-10 minutes after startup to allow initial communications to settle down).
 
TCP Statistics for IPv4
  Active Opens                        = 381
  Passive Opens                       = 77
  Failed Connection Attempts          = 8
  Reset Connections                   = 101
  Current Connections                 = 8
  Segments Received                   = 22743
  Segments Sent                       = 16818
  Segments Retransmitted              = 475
Active Connections
  Proto  Local Address          Foreign Address        State
  TCP    127.0.0.1:49668... Read more

4 more replies
Answer Match 48.3%

A friend is fearful that her computer has been compromised. This is the HJT logfile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:29:07 PM, on 11/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D... Read more

A:Suspect computer is compromised!

Hello and Welcome to TSF.

We no longer use HijackThis as our initial analysis tool.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.


More detail about why your friend thinks the machine has been compromised will be helpful. What symptoms? Please report them in your new topic.

1 more replies
Answer Match 47.46%

I had a World of Warcraft account that is accessed from my computer recently attacked by hackers. Since I also access a number of much more valuable accounts (banking, etc.) it rang a lot of alarm bells. I had been running Norton Antivirus, but apparently it didn't find anything. I'm totally sure I didn't fall prey to any sort of social engineering or phishing, so I'm trying to review my system to see what was installed. It does look like spyware made it onto the system at some point (note the Media Star 2 toolbar, which I didn't install myself, and took over IE), and I'm assuming a Keylogger or password sniffer made it onto the machine.

Since Norton didn't detect anything, I tried Kaspersky, and it did find some files that it identified as trojans. Those were removed, although it still isn't clear to me how the passwords were observed.

I've run HijackThis, and I'm hoping an expert can take a look and let me know if you notice anything I should still be concerned about.

==================================

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:10:54 PM, on 3/2/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Hewlett-Packard&#... Read more

A:HiJackThis - Recently Compromised Computer

Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far. Upon completing the steps below another staff member will review your topic an do their best to resolve your issues. If you have already posted a DDS log, please do so again, as your situation may have changed. Use the 'Add Reply' and add the new log to this thread. Thanks and again sorry for the delay. We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scr DDS.pifDouble click on the DDS icon, allow it to run. A small box will open, with an explaination about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that... Read more

2 more replies
Answer Match 47.46%

Hi Guys,
 
I been a frequent lurker on this site and you guys have been a great help. 
 
What are some options for someone who has had their phone's sim card cloned. Also the PC is compromised..
 
Have any of you ever dealt with a situation like this, what can I do to ensure that this phone is clean its an iphone 6 - the cell company says its been addressed. 
 
Will scanners like malwarebytes actually pick up installed "spy" programs? I believe someone locally did this.
 
I haven't looked at the computer yet, but just trying to get a game plan and not make any mistakes.

A:Computer compromised by a local person, help

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/578101 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

2 more replies
Answer Match 47.46%

Windows 7, Outlook 2013 and ESET Smart Security 7. This is the second computer with the issue below that we would like reviewed please.

The other day my hosting company shut down my email accounts, not sure which system did it, but my dad and sister were using our webmail and now email accounts starting sending thousands of emails. This is the only details that I have. This computer is approx 2-3 years old and runs great but it's my sisters so not sure if she's on Facebook or which sites may have done this. Please help by reviewing the files and see if there is anything trojans, malaware, etc that could have done this. We are afraid to use the systems as passwords are now compromised.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:09:58 PM, on 4/21/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16521)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe
C:\Users\Mary\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files (x86)\ACT\Act for Windows\Act.Outlook.Service.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\TechSmith\Snagit 10\TSCHelp.exe
C:\Program Files (... Read more

A:emails & passwords have been compromised - Computer 2

Hi, I just wanted to reach out see if anyone could review this.
 

2 more replies
Answer Match 47.46%

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:03:14 PM, on 1/12/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\java.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\e... Read more

More replies
Answer Match 47.46%

Hi everyone, this computer is running Windows 8 and outlook 2013, plus Smart Security by ESET 7.

The other day my hosting company shut down my email accounts, not sure which system did it, but my dad and sister were using our webmail and now email accounts starting sending thousands of emails. This is the only details that I have. This computer is approx 2 months old and runs great. Please help by reviewing the files and see if there is anything trojans, malaware, etc that could have done this. We are afraid to use the systems as passwords are now compromised.

GMER had problems loading. COuld not run some scans because System32 was running and ntuser.dat. FYI

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:05:29 PM, on 4/21/2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.16537)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
C:\Program Files (x86)\TeamViewer\Version... Read more

A:emails & passwords have been compromised - Computer 1

10 more replies
Answer Match 47.46%

Hello all,
About two weeks ago my computer got attacked by a nasty virus, and ever since it?s been running a lot slower. A few days ago I got a message from time Warner cable that they were temporarily blocking my internet service because my computer had been turned into a zombie and was sending out spam messages. They weren?t completely sure, but they think it was the Koobface virus and the only way to get rid of it is to reformat and reinstall. Thankfully I have nearly everything I need backed up, some on CDs and most through Carbonite. I was also planning to upgrade to windows 7 so this is as good a time as any. The big issue I?m facing though is what can I safely put back on my system after I reinstall. From what I understand, when a computer is turned into a zombie the worm digs into your system and constantly changes its name so it?s nearly impossible to track down and get rid of. Is this only through things like the registry and system files/settings, or can it embed itself into other unrelated files like pictures and videos? If it?s the first situation I should be alright if I just restore everything in my Carbonite and hard copy backups back onto my clean system. But if it can get into my other files then are they all to tainted to trust? On a side note, could a worm infect files in a separate volume on my hard drive? Most of my movies are on their own partition so it would be simple to save them.

More replies
Answer Match 47.46%

Alright, my Dad's office has about 10 computers and they have all been locked down via securities to not have internet access; however one computer is open that receives the company email.

The other day some x-popups were on the screen when only one person was supposed to be in the office. This person denied it so any investigation was under way. A log was pulled of the last couple of months showing sites visited and the times they were visited. Some of the times were like 3 or 4 am. So logs where checked at the bldg security company to see when people were logged into the bldg, which no one was at the times involved. The computer has been slow for a very long time so my dad had already ordered another one before this happened so just replaced the computer in question.

So now we have a brand new computer added to the same network where it is the only computer online and it still shows visits to x-sites at 3 and 4 in the morning.

Can anyone explain what might be going on?

Thanks,
Will

A:Can my network be compromised if I just bought a new computer?

I am suspecting of a night crew some how..Cleaning,,night shift.Are thet on a router?What is the Antivirus?Lets run 2 sans on the PC that connectd..Please download TDSSKiller.zip and and extract it.Run TDSSKiller.exe. Click Start scan.When it is finished the utility outputs a list of detected objects with description.
The utility automatically selects an action (Cure or Delete) for malicious objects.
The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click ContinueLet reboot if needed and tell me if the tool needed a reboot.Click on Report and post the contents of the text file that will open.

Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log has a name like: TDSSKiller.Version_Date_Time_log.txt.I'd like us to scan your machine with ESET OnlineScanHold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScanClick the button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on to download the ESET Smart Installer. Save it to your desktop.Double click on the icon on your desktop.Check Click the button.Accept any security warnings from your browser.Under scan settings, check and check Remove found threats Click Advanced settings and select the following:Scan potentially unwanted applicationsScan for potential... Read more

1 more replies
Answer Match 47.46%

I was on AIM doing my usual thing until I recieved a messege from my friend. It had some wierd url that made me suspisious, but being the idiot that I am I clicked it and ran some file. Norton Antivirus instantly flagged it as a virus and did auto-repair which didn't work. In Norton's log viewer it has 2 entries, here's a picI've ran the full system scan option and nothing turned up. I've also ran the antivirus software that you guys recommended (except for Panda Anitvirus) and nothing turned up.I havn't ran Norton in safe-mode yet, but i'm going to in abit.My question is, is my computer still infected?Here's my hijacklog:Logfile of HijackThis v1.99.1Scan saved at 2:35:16 AM, on 7/13/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Executive Software\Diskeeper\DkService.exeC:\Program Files\Norton Internet Security\ISSVC.e... Read more

A:[email protected] Virus Compromised My Computer.

Hello TranNova and welcome to the BC HijackThis forum. I do not see any signs of that in the log but it probably wouldn't show up there anyway. HJT does not scan the temp folders.Norton should have taken care of the file by quarantining it or one of the scanners should have picked it up if it was still there. Since it was downloaded to the temp folders you can clean those out rather quickly.Download and install ATF Cleaner by Atribune.This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.Under Main choose: Select AllClick the Empty Selected button.If you use Firefox browserClick Firefox at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browserClick Opera at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.For Technical Support, double-click the e-mail address located at the bottom of each menu.There are a couple of questions I have though. Is the IE executable in the C:\My Files\Website\Browsers\ folder for a reason? If you put it there that is fine. If you didn't, then we might want to check that file out.Also, the file Cleaner.bat might or might not be questionable. If you know what it is and have it set to run on startup then it's Ok. If not, then we should d... Read more

3 more replies
Answer Match 47.46%

Here is the Log from the Panda scan. Computer is compromised. Severl problems.

I have Windows XP, Home Edition. Just checked for WINDOWS updates. Evidently all are there except for SP2.

LOG:


Incident Status Location

Virus:Trj/Cimuz.JX Disinfected Operating system
Adware:adware/virtualbouncer Not disinfected c:\windows\system32\INNERADINSTALL.LOG
Adware:adware/savenow Not disinfected c:\windows\downloaded program files\WUInst.inf ... Read more

A:Computer compromised. Many problems. Log attached.

Well it doesn't look bad after having run that program.

I just think you should run a couple of others.

Those are the two free programs from AVG, Antivirus and Antispyware. Be sure to also have removed the Panda program, and you can also remove both AVG programs after you have completed 2 cleanings each. As in clean, restart, clean once more.

http://free.grisoft.com/

2 more replies
Answer Match 47.46%

I have My PC (Win7) with Netgear WGR614v7 connected by Wired LAN to Topfield 7100 Pvr and Laptop (XP Pro). My main concern is the Topfield Pvr which must download programs from IceTV Interactive for Recording. After setting it up as DHCP (reccommended by both Ice TV and Topfield) and Pinging both ways to prove connection, I logged into the Router to check Network Status. The Topfield was displayed in the Attached Devices Page of the Router. Satisfied that all was setup OK, I logged out of the Router. Later in the day, I again logged into the Router to again check the Status of the Network. The only thing showing in the Attached Devices was: My Pc - the Topfield and the Laptop, both previously present, were not displayed in the Attached Devices Page, even though they were still Connected, On, and able to be pinged. The bring them back, I have to Re Activate the Topfield connection, unplug and replug the Cable on the Laptop.
I am of the belief, that once Devices are Setup, Remain Connected. Remain ON and are available for Communication (proven by Pinging), they should at all times be visible in the Attached Devices Page of the Router.
As I am not familiar with how the Router maintains its contact with Devices, I am at a loss to understand if my belief is correct or what may be the cause of my apparrent problem.
Any advice will be most helpful. I do not particularly want to buy a new Router.
I have also set the Topfield to a Static IP Address and Reserved this Address in the Rou... Read more

More replies
Answer Match 47.46%

My wireless devices are having a hard time connecting though my router. They see the router and can connect to it but cannot get on the internet. When I go into my router and check Wireless Status to see connected devices the window is empty. Usually if I reboot my router some of my devices will connect but if I leave them idle for any amount of time the connection is dropped. Suggestions. I have Dell 530 desktop running Vist Home Premium and the router is Dlink Dir 615. The desktop has no issues connecting to the internet as it is connected through LAN port
 

A:Devices can see router but cannot connect

Please show for the Dell 530 and, if any of the other devices are running Windows, the following ...

Start, Run, CMD, OK to open a command prompt:
(For Vista or 7 type CMD in the Search box after Start)

Type the following command:

IPCONFIG /ALL

[Note that there is no space between the slash and ALL.]

Right click in the command window and choose Select All, then hit Enter.
Paste the results in a message here.

If necessary use a text file and removable media to copy the results to a computer with internet access.
 

2 more replies
Answer Match 47.46%

hey,

ok so i have a set up, all wifi where only some devices connect. ill start by putting some details. these are the devices i have on my network:

1 PC runnin Win 7 (connected
1 PC running vista or 7 (connected) <--- new roomates
1 iphone 4 running iOS6 (connected) <-- new roomate
1 iPhone 4S runnning iOS6(no long connects)
1 PC running XP (no longer connects)
1 PS3 ( no longer connects)

network hardware:

Modem: Motorola surfboard
router D-link DIR 615

the problem:

let me first start by saying that i know that EVERY device mentioned above is able to connect to the WIFI. they just dont :s.
Ie: jst yesterday i was on my PC, on wifi on my iphone.

since my roomate moved in, the above mentioned devices won't connect anymore. his do though :s.

i tried powering off and on both modem and router, nothing. the same devices will connect only none of the others.
i would like for all my devices to connect, all the time, without the need to reboot.

can anyone help here?

i did an ipconfig /all and 2 pings :
let me know if u need anything else.

also, im pretty good on computer but crap on networks.

C:\Users\ziggy>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : ziggy-pc
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnect... Read more

A:router only connecting to certain devices

10 more replies
Answer Match 47.04%

Our system seemed to act strangely beginning in early March. We use ZoneAlarm firewall and it seemed to auotmatically lock on occasion upon log-in, requiring a manual "un-lock" before the internet could be used. I was suspicious there was something trying to get in or out that ZoneAlarm was "catching" and locking the firewall.

To try to detect the problem, I downloaded the latest version of "MalwareBytes" and ran a scan. It found a few issues and I chose to quarantine a few of them, but not all as some looked legitimate to me.

Upon re-booting the next time, everything went bad. A pop-up came up with the windows installer and then it said it was trying to install HPPhotosmartEssential. The system became very sluggish and the hard drive was constantly being accessed. After numerous "Cancels" to the install, it finally stopped trying to install. However, the hard drive continued to be accessed non-stop and the system was very slow. I became very concerned something was going on in the background so I shut the system down.

I tried to re-boot in safe mode and it would not boot, it either hung or gave a disk error suggesting c:\windows\system32\wbem was corrupt or unreadable and chkdsk should be run. I immediately felt I needed to do a system restore back a couple of weeks to clear off the issues. Upon trying to run the restore I received a message that the application failed to start because framedyn.dll was not found and that re-... Read more

More replies
Answer Match 47.04%

Good Morning:

AVG alerted me last week that there were several trojan Horses in our computer, trojan Horse 16.BVN, I believe. It seemed to remove them, but they were found again by AVG over the next couple of days every time AVG ran its scan at startup, together with other viruses.
Then, it didn't find that particular trojan, but a different one: trojan SHeur2.CBKQ.

The IT person at my husband's job told him to get rid of AVG, and use Avast instead, saying it is a better program. So, we deleted AVG, installed Avast, which promptly found that same trojan. That was yesterday. Today, Avast didn't find any trojans, but I updated Malwarebytes, and it found a trojan in the registry keys. Here is the log:

Malwarebytes' Anti-Malware 1.42
Database version: 3444
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/28/2009 11:47:48 AM
mbam-log-2009-12-28 (11-47-48).txt

Scan type: Quick Scan
Objects scanned: 109629
Time elapsed: 3 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\richtx64.exe (Trojan.Agent) -> Qu... Read more

More replies
Answer Match 47.04%

please help!!! seems compromised, combofix says detected rootkit, cannot seem to fix up???

A:computer seems compromised, freezing, combofix says rootkit

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

21 more replies
Answer Match 47.04%

Hi.
First I would like to thank you for helping me with my problem... It really means a lot to me that there is people around the world willing to help other people, even thoguh they dont know eachother...

My WoW account have recently been hacked and I think that it might be a keylogger or a trojan virus... The hacker have someway been able to get my account name and password.

I have been following a Keylooger cleaning guide on the officiel WoW forum... I have downloaded several anti-virus program and done as the guide told me to do... The last checkpoint in the guide was to post a thread on this site with a Hijackthis log, and thats what im doing now

So heres the Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:20:34, on 12-09-2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16890)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMHID.exe
C:\Program Files\Ideazon\ZEngine\Zboard.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\... Read more

More replies
Answer Match 47.04%

Good day to you! First of all thanks for looking into my problem, its much appreciated!

My WoW account has been compromised twice in the last week by hackers that were able to get a hold of my password. It is suspected that i have a keylogger or trojan virus on my computer.
Following a virus removal guide on the official WOW forums i have used several programs like MBAM, Spybot, Avast Ad Aware and Kaspersky to try and get rid of the problem. The last checkpoint on the list was to post a hijackthis log on this site to hopefully verify that my account is clean. If you could have a look at my log it would be great.

Thanks alot!

Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:35:10 PM, on 9/6/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\windows\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\windows\system32\RUNDLL32.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Telenor\Telenorhjelpen\Telenor.exe
C:\Program Files\Logitech\Deskto... Read more

A:My computer compromised by a keylogger and/or a trojan virus.

16 more replies
Answer Match 47.04%

I receive telephone calls, they tell me My Computer is sending data and they just happen to be able to stop it!!
They want me to send them money, they will go into my computer fix it for their fee $$$ !

1) How can I stop these pesky phone calls..?? They seem to know when I am on the computer!

2) How did they get my phone number!?

3) Is there a "Cookie" or some "Setting" I can change or remove to stop this Kidnapping/Ransom!!!
 

A:Phone Call telling me they KNOW my computer is compromised.

1) you cant ,they are usually overseas and difficult to block the calls - they have no idea if you have a PC
tell them next time you only have an ipad or apple mac - they hang up
i get a call probably every 6-12 weeks - and sometimes play along with them, for 40mins or more before they hang up - usually asking them all sorts of silly questions while acting concerned and trying to do everthing i can - or ask them to hold on while i turn on the pc - and just leave the phone

2) companies sell lists of phone numbers , also from the normal phone book , and given the type of people you are dealing with , probably by various illegal activities

3) no setting - Just a) Never let them on to the PC - and if you have - you need to post in the virus forum to get the remote access and any malware off the machine
 

2 more replies
Answer Match 47.04%

This computer had had rdp access open to the Internet for some time and a bot recently cracked the Administrator password and successfully logged in. Rdp access was disabled about 12 hours after the first successful login, but I'm almost certain there are now new or pre-existing viruses on the computer, and a quick scan with Spybot Search & Destroy showed a suspected "system service that has been identified as a threat" with the displayed name "!!!!" and the registry key "hide_evr2".

Thank you in advance for your time and assistance!
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.11
Run by Chaplain Dave at 18:18:42 on 2012-05-29
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1233 [GMT -7:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\afasrv32.exe
C:\WINDOWS\system32\astsrv.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
C:\WINDOWS... Read more

A:Suspected Rootkit Installed, Computer Compromised through RDP

Sorry, I do not mean to bump this topic, but I don't seem to be able to edit my original post.

I have since run Spybot Search & Destroy and a full scan with Malwarebytes Anti-Malware and removed all threats detected by both scans. I then ran another Spybot scan in safe mode, which found no threats.

I will not have access to the Internet from June 3 through June 9, but despite my inevitable lack of response, I am still seeking assistance on this issue.

Thank you in advance!

14 more replies
Answer Match 47.04%

Lately I have been receiving calls telling me my computer has been compromised and is operating at less than 100%. Of course the caller, who is not a native English speaker, offers to guide me through what I need to do to fix it. They state they are calling
from Microsoft. What kind of scam is this?

More replies
Answer Match 47.04%

Hi,

I ran across this forum when I was searching for info on pop up that give the following text:

Message from Local System to User on 3/30/2008 12:53 AM. CRITICAL ERROR MESSAGE!-REGISTRY DAMAGED AND CORRUPTED

To FIX this problem:
Open Internet Explorer and type: www.registrycleanerxp.com
Once you load the web page, close this message window

After you install the cleaner program you will not receive an more reminders or pop-ups like this.

VISIT www.registrycleanerxp.com IMMEDIATELY!

I have researched and I know it is a scam and probably some sort of malware, virus, etc., but I have done a lot. Nothing seems to stop it. The computer I have was given to me in 2004 and I finally got it running and realized it was infected. It crashes after multiple messages like this come up and eventually many strange redirections to websites will occur. I ran antivirus and anti-rootkit programs. I managed to destroy or quarantine many viruses, but there is still a problem because I am getting this pop up. I am exhausted and feel like destroying the computer. I was thinking of doing a trial of Trend Micro's product(s), because I don't want to get stuck with something I don't like at a high price. It hasn't done it yet, but my computer will probably eventually lock up and prevent me from using it at all.

Any ideas would be appreciated.

One last thing. When I ran the anti-virus program, it quarantine many virus or suspect files. I restarted my computer and g... Read more

A:Frusrated with compromised computer (Moved from Win2k)

I wish someone would recognize this and give some advice. I am thinking of trying some free software called RegCare to try to resolve this.

11 more replies
Answer Match 47.04%

I got a weird warning while playing a FB game tonight. It opened a new tab in Firefox & started playing an audio message telling me to call this number.  One message states:  WARNING:  Customer - Your browser and computer may be compromised by security threats.  Call 1-877-679-2144 now for IMMEDIATE assistance.  There's a web page behind that pop up message.  it's (malware alert dot org slash warning dot html).   How do we get this to stop?  Is it a virus?  I scanned with AVG & it didn't pick anything up.

A:Browser and Computer Compromised - Call 877-679-2144?

Sounds like there is something fishy going on in your system. Try checking your FireFox Add-Ons and Extensions and remove anything. You might also want to have a quick look at your Programs and Features to see if there is a Potentially Unwanted Program (PUP) installed on your computer. 

1 more replies
Answer Match 47.04%

Hi

I have a THOMSON TG585 v7 DSL router and when I browsed devices connected i found 2 unknown devices and apart from my 2 pcs, a switch and a media player I have nothing else wired and the wireless option is disabled.
 

A:unknown devices connected to DSL router

Obvious question #1: do you learn anything by clicking on the unknown devices?

Obvious question #2: do the unknown devices correspond to the switch and media player (check the MAC addresses)?
 

3 more replies
Answer Match 47.04%

Both my DSL modem router and a wireless surveillance system (cameras and receiver) use the 2.4 GHz frequency; of course, one inactivates the other.
Does anyone know a DSL modem router operating in another frequebcy range (fixed or adjustable)? :evil: :evil:
 

A:2.4 GHz for modem router and other wireless devices?

802.11a WiFi standard uses the ~5GHz frequency. These devices are considered enterprise class though and cost more than your normal wireless.

Have you tried changing the channel on your current WiFi gear? Changing it from 1 to 13 for example may be enough to make both your systems fit into the band.
 

2 more replies
Answer Match 47.04%

I have a Cisco Linksys E1200 router. Three computers are wired to it while my laptop connects to it wirelessly. When I look at the network topology (Network and Sharing Center->See full map), it shows that my laptop is connected to E1200 (this one has the same name as the router but different icon. The icon has an antenna. Thus, I think it is some kind of wireless device) which is connected to a switch, then a hub, then to the E1200.

Why are there three devices between the wireless router and my laptop?

A:Why so many devices between my laptop and the wireless router?

Just a quick guess....

Is one of the "wired" computers set to use Internet Connection Sharing? My dad (80 y.o. and still buying the latest hardware) did that once in the XP days and had an issue similar to yours. He never lost connectivity, but took the long way to get there. Found the issue doing a traceroute.

1 more replies
Answer Match 47.04%

SORRY FOR ALL THE BACKGROUND INFO

So I have had the same router for years now (Belkin f5d7623-4) and whilst its had its problems over the years its generally been okay. On my home network I have my Sony Vaio and my Asus, a ps3, both my iphone 4 and 5, my samsung tv, as well as my mum's acer netbook and her galaxy s3.

My iphone 4 is a few years old now and has for some time struggled to consistently connect and stay connected to the wifi, my asus had some problems but they were hardware related and I fixed them a couple of months ago. The acer netbook had been connecting to the wifi fine since my mum was given it when a few months ago it suddenly wouldnt connect and no matter what I did to the settings of the laptop or router it could not be solved, as my mum is not heavily reliant on technology we got her a long ethernet cable as a short-term fix. A few weeks later I wanted to use the internet functions of my samsung tv so I took the cable from the netbook as my mum wasnt there at the time. When my mum returned she complained about me having taken the cable but then found her netbook was working over the wifi again, since then it has stopped working with the wifi again. My vaio and ps3 have never suffered problems before and my 5 has only began to struggle since being water damaged.

SORRY FOR ALL THE BACKGROUND INFO

About 3 days ago I was in my kitchen where the wifi barely reaches and therefore paid no attention when my vaio lost connection and wouldnt regain it. It... Read more

A:Devices and router teaming up to fry my brain

With the iphone I would try to forget the wifi network under your settings and then trying to reconnect it. They have weird issues like this often and that usualy fixes the issues. I have also have seen issues in the past with how my wireless routers have been configured. I have seen issues with mixed mode configurations and such. Can you send me any information on how your wireless router is configured?
 

1 more replies
Answer Match 47.04%

Slowly lost app's now have no control. Or admin privilege. The screen looks fake. There's drives listed I can't access. And every download was hijacked. Now theres no real Network or bios driver installed. after multiple attempts and no system functions available I want to use another computer and try to download virus software there. Noticed something strange happen and both laptops havea Dll bug long story short my Android, laptops, printer and router have all been hijacked and I do not know what to do at this point

I haven't seen or been able to find anything on something so expensive enedina have any other laptops that are accessible at this time so even doing it from my phone is challenging
 

More replies
Answer Match 47.04%

Hello,

I have a D-Link DIR-652 router, and I can see that it is broadcasting but I cannot connect through my laptop, tablet, or phone. Sometimes it will let me connect but other times it says it is unable to. I can connect when I plug into the router through a cable. I'm doing that now, and I did an ipconfig/all in case it's helpful to see that:
Windows IP Configuration

Host Name . . . . . . . . . . . . : Kyle-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 82-B9-A5-D2-D0-5B
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : ASIX AX88772B USB2.0 to Fast Ethernet Adapter
Physical Address. . . . . . . . . : 9C-EB-E8-02-9E-37
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::7830:64d7:7d49:c0fb%18(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.100(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Friday, February 15, 2013 8:52:29 AM
L... Read more

A:Router is broadcasting but no devices can connect

12 more replies
Answer Match 47.04%

A friend currently has a Belkin wireless G router and uses a D-Link DGL-3420 gaming adapter to connect her XBox 360 to her wireless network. This configuration works fine but she did have an issue where the connection was lost and the troubleshooting tool on the Xbox 360 recommended using an 802.11a connection to avoid possible interference problems. Apparently, the wireless Xbox 360 controller she uses broadcasts at 2.4GHz, just like 802.11g.

So, I'm looking at replacing her Belkin router with one that supports 802.11a. I see 802.11n wireless routers should support 802.11a/b/g devices but I was wondering if anyone here had any "real world" experience with connecting to a 802.11n wireless router using 802.11a.

Did it work for you? Have any problems?

Thanks!

Peace...
 

A:Anyone have experience with 802.11a devices and a 802.11n wireless router?

I've connected to my ZyXEL N router using an 802.11a adapter, worked just fine. That's a sample of one.
 

3 more replies
Answer Match 47.04%

Hi everyone. Ive been having a problem with my Netgear WGT624v3 router. Its broadcasting the WIFI signal ok. My devices pick it up but cannot connect. If i go and unplug the router and then plug it back in all the devices connect. They will stay connected for several hours but then the connection will drop. They can still see the router and they try to connect but i have to unplug it and then plug it back in, then they all connect again. Its happened with my phone, my laptop and my Kindle Fire. Any ideas guys? Thanks.
 

A:Devices sees Router but will not connect

can we see the following form one of the wireless pc when connected and working and the repeat ALL the tests when it disconnects

------------------------------------------------------------------------
ipconfig /all
If you cannot access the internet with this PC, then you will need to paste the results into something like notepad and then copy onto a machine that can access the internet and post results here

We would like to see the results from ipconfig /all post back the results in a reply here

Hold the Windows key and press R, then type CMD then press Enter to open a command prompt box (A new dialogue box - black with white font, will appear on screen ):

In the command prompt window that opens, type the following command:

Note that there is a space before the /ALL, but there is NOT a space after the / in the following command.

ipconfig /all > network.txt & network.txt

It will export the results to notepad and then automatically open notepad.

Now all you need to do is copy and paste those results to a reply here
to do that:
From the notepad menu - choose Edit - Select all
all the text will be highlighted
Next
From the notepad menu - choose Edit - Copy
Now go back to the forum - reply and then right click in the reply box and paste
------------------------------------------------------------------------

------------------------------------------------------------------------
Ping Tests
If you cannot access the internet with this PC, then you will need... Read more

1 more replies
Answer Match 47.04%

I use Fing for Android which shows me a bunch of info for connected devices on the router including their IP address and name, but sometimes it's not enough and I'm looking for a Windows 7 tool that does the same thing. Is there something I'm missing in Control Panel or command line or do I need to install a third-party tool?

A:Get router attached devices info

I don't know that Windows itself has that info, but if you log into the router itself (run ipconfig /all in command prompt, and use the default gateway as the address in a web browser) - this should give you what you are looking for.

Per example:

9 more replies
Answer Match 47.04%

I have a Linksys RT31P2 router which seems to be acting funny. What happens is it randomly seems to assign my pc different IP addresses. I have it set to hand out a max of 50 addresses (100 - 149) and my pc has always been .100, but for some reason yesterday it assigned it .134. It's really annoying because several of my programs need ports forwarded to work and having to change them in my router is tedious and unnecessary. Anyone know why this is happening?
 

A:How can I tell what IP address my router is assigning various devices?

8 more replies
Answer Match 47.04%

Basically, what's happened is that after transferring my old PC's data onto my new one, and putting that one in place of my old one, therefore hooking up my modem to it, my wireless devices have been having trouble connecting to the router. Everything's hooked up fine, and it was working perfectly before, but now my devices such as my laptop and Droid Pro can SEE the router (As in connect to it and say that they are getting excellent signal strength), but when I try to open my browser, it asks as if I'm not connected to anything at all. The PC that's wired to the modem through the router works fine, however.
 

A:Wifi devices can see router but not connect.

16 more replies
Answer Match 46.62%

Hello

For about a week or two my laptop has been running slower than normal on the start up which I put down to the age of the machine (2 years) and it didn't really bother me.

Then, this week, three things made me question my computer security. I use Gmail for everything to the point where any other e-mail addresses I have are managed from there.
I had an e-mail from Blizzard to say that my account was locked after I tried to reconnect "recently"
I had an e-mail from graze saying that I had tried to reactivate my account
shortly after sending an e-mail with an attachment I found that an e-mail with the same attachment had been sent to "undisclosed recipients" and then moved to the trash

--I haven't tried to reconnect to my Blizzard account.
--I haven't tried to reactivate my graze account. Also, the email address I signed up to the graze service with is different from my main e-mail address, but graze sent their most recent e-mail to my main account.

This and the attachment e-mail that I found in the "trash" make me suspicious. I wonder if anyone here could help me with this?

I haven't done any major security checks in a while on this computer, but I regularly run Ccleaner and an evaluation copy of PC Tools Registry Mechanic. I have Avira Free Antivirus installed.

=========================================================

I have tried as best to follow the NEW INSTRUCTIONS.
I have not changed any passwords since I suspect ... Read more

A:Potential Compromised Mailbox and Computer running Slower

Hi and Welcome!! :) My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following: I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for the issues on this machine.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.

IMPORTANT NOTE : Please do not delete anything unless instructed to.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.
Doing so could make your system inoperable and could require a full reinstall of your OS losing all your programs and data.

Vista and Windows 7 users:
These tools MUST be run from the executable (.exe) every time you run them
with Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you... Read more

13 more replies
Answer Match 46.62%

Hello. I followed most of the advice I could find about removing malware, viruses, trojans, and enhancing computer performance in general. I found an article here on malware removal which told me to first download MBAM and SUPERAntiSpyware. I followed the instructions carefully and removed 2 trojans, over 300 tracking cookies, and some adware if I remember correctly. I still noticed no significant improvement in computer performance. So I was going to run MBAM in safe mode next but when I tried to update I got an error so I uninstalled and used MBAM clean then reinstalled and it updated. Next I uninstalled some unnecessary programs, and used Disk Cleanup. From there I followed the advice about using Autoruns and disabled what I could using the database and googling whatever else I couldn't find. Still nothing. I tried to delete a "GetDislike" entry in Autoruns that I know is related to malware but it wouldn't let me. So I booted into safe mode and tryed to open Autoruns there but Windows Exporer kept crashing and restarting every 30 seconds or so. I managed to open it anyway and try to delete the entry and it still wouldn't let me. Now I'm on the "Slow Computer/Browser?..." post and was going to follow that advice before posting here but I ran into a strange problem. I first cleaned the vents and blew dust inside as instructed, and felt the heatsink which was okay. I cleaned the contacts of the RAM and components not too long ago so those s... Read more

A:Recurring Trojans, Slow Computer, Compromised Accounts (Win 7)

Try using defraggler rather than the other fragmenting program you mentioned. You can also use CCCleaner to clean up your registry files, which may speed things up a bit. Sounds like you have been downloading, installing, and uninstalling things frequently trying to fix your problem, which is causing more fragmentation, and registry errors.

http://www.piriform.com/ccleaner

Both programs I suggested, are available from the same developer, so this link will enable you to download them both...

4 more replies
Answer Match 46.62%

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofixLink 1Link 2* IMPORTANT !!! Save ComboFix.exe to your DesktopIMPORTANT....1. Close any open browsers.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.3. Do not install any other programs until this if fixed.How to : Disable Anti-virus and Firewall...http://www.bleepingcomputer.com/forums/topic114351.htmlDouble click on ComboFix.exe & follow the prompts. When finished, it will produce a report for you. Please post the C:\ComboFix.txt Note:Do not mouse click ComboFix's window while it's running. That may cause it to stallNote: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.htmlNote: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.===Third party programs if not up to date can be the ca... Read more

A:Recurring Trojans, Slow Computer, Compromised Accounts (Win 7)

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

2 more replies
Answer Match 46.62%

Hi,

My WoW password was reset so am thinking my computer is compromised (Since they obviously accessed my email)

currently running a malaware antibytes scan and when its done I will run a Norton Scan. Any other tips on what I should run?

Also I ran hijackthis so that I can post the log here and it says that hijack this is denied write acccess to hosts file and to remove entries with hijackthis in them but I checked the hosts file and there are no such entries. Also when hijackthis is done with the scan it tried to open a log file but it says not found.

Please advise.
Thanks
 

More replies
Answer Match 46.62%

About a week ago I noticed that some how my email account, which is a hotmail/msn.com account that I have use with out issue for over twelve years, began sending mail to all of my contacts that I did not generate. I have had a strong password too, I access the account on both my (Sprint EVO HTC Android phone) and computers. I primarily use the web based mail account but also some times us MS Outlook. When I first noticed the unauthorized activity I changed my password. But to my surprise the same thing happened again and mail had been sent again to all of my contacts. I again changed my password and accessed email on phone and computer and restricted mail to my in box to only those in my contact list. Within a short time it happened again. This time I strongly suspected an issue with my phone as the weak link. I again changed my password, to a rather strong one and deleted the email completely from my phone. My computer began to respond differently than normal, when I started it up two days ago I was prompted to enter my wireless router's password; and did not do so, strongly suspect of this request, I rebooted in in safe mode. I ran a complete system scan with AVG 9.X and found nothing. I didn't think this was able to find what was going on, so I restarted in normal windows mode and went to a web based system scan, HouseCalls. This too was unable to find any issues. I than tried "HiJackthis" scan and was pointed to your site for interpretation of the s... Read more

A:Android phone/mail hacked & computer compromised

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/428324 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

2 more replies
Answer Match 46.62%

On a Sony Vaio laptop, running Windows 7 and Avast! free anti virus, I am crashing while playing online RPG called Eden Eternal, by Aeria Games.

At the same time I am using Live Messenger for voice chat to talk to the people I am playing with. When the voice chat starts there is a window that comes up telling me that there are two programs that fail, one called "ThirdPartyAppManager" or something like that and the other is a power manager found on Sony Vaio laptops.

Also, sometime around 05 August 2012, Avast! found malware in the java deployment cache or something like that. The threat was sent to the chest and Avast! and Malwarebites both came back clean on full scans immediately afterward. It was some sort of possible trojan, although I do not recall details, and cannot find in the logs for either Avast or MBAM when that was found. At the time I think I also ran some of the other online scanners, Eset for one, which also came back clean.

I am still getting the freezing when using Eden Eternal and Live IM at the same time, although the time between freezes varies greatly.

I also have Spybot S&D on here, as well as a couple of other security programs, I hope that they are not conflicting.

This week, one of my Yahoo! accounts was accessed from Vietnam. I suspect that my address and password may have been leaked in the recent Yahoo! voices attack, but I've never used that service, so I am not sure. I MAY have used the same passwor... Read more

A:Possible trojan? E-mail account compromised, computer freezes...

Update and do a quick scan with Malwarebytes remove all that it finds and reboot.
http://www.filehippo.com/download_malwarebytes_anti_malware/download/ecf14848530d11a2f09a94b92a69fcfa/
Update do a quick scan with Superantispyware remove all this finds reboot.
http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE
Run a scan with Eset.
http://www.eset.com/us/online-scanner/
When the scan finish list found threats save to clipboard copy to notepad Post the log here.


Please download FarbarServiceScanner and run it on the computer with the issue.
http://download.bleepingcomputer.com/farbar/FSS.exe
Make sure the following options are checked:
Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Please download MINITOOLBOX and run it.
http://download.bleepingcomputer.com/farbar/MiniToolBox.exe

Checkmark following boxes:
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)

Click Go and post the result.

Download Adware Cleaner run it as admin Click the delete button allow it to run and post the log it creates.

http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xp... Read more

90 more replies
Answer Match 46.2%

Hi,
Normally some router default is opening of some ports like http, and ftp which may be made more secured , by portforwarding the ports to unused devices ip, in one"s pc. This is the solution given by leading av, and i do not know, how to know the ips of the unused devices on my computer.

More replies
Answer Match 46.2%

So I have a TP-LINK TL-WR841ND 300Mbps router and the basic problem is, that it repeatedly drops the internet connection and also the devices connected to it. But the my main computer, which is wired to the router has never had any problem, even at the time,when the wireless doesn't work. I use many os like win7, ios 5.1.1 on iPad 3rd, a samsung smart tv and a samsung smartphone with android. But as I mentioned it only happens with wireless, never with the wired computer. When the problem occurs there is no device, which can connect to the internet and to the router, except the wired one.

I've tried all of the encryptions and security methods, at the moment I use WPA2-PSK with AES (also tried with TKIP and automatic mode, and with disabled security too), but neither have helped me. Then I contacted the reseller and they gave me a new one, and said it could have had some special problem. The new one, which I'm using now, got the same problem.

Have any ideas why this problem occurs repeatedly? Or if you need more information about my devices, router or settings, please write me. Thanks in advance!
 

A:TP-Link router drops wireless devices

7 more replies
Answer Match 46.2%

Just recently my Lenovo laptop w/Windows 8.1 will not connect to my Vizio wireless router but it was fine a few months ago. This laptop will connect to my AT&T modem/router.
All my other wifi devices connect to both routers. The only one that does not is the Lenovo laptop with Windows 8.1. I suspect the last windows update screw up my connection. My laptop will connect to Vizio router wired. Every time Microsoft updates I get problems. Vizio router is xwr100. Any suggestions?

A:All devices connect to router except Windows 8.1 Laptop

If you are using both the Vizio router and Att gateway, you would need to place the Vizio behind the Att gateway in a DMS Plus zone

7 more replies
Answer Match 46.2%

Hello,

I have 4 apple devices in house. 3 on 5ghz connected to access point, and 1 on 2.4ghz.
its a belkin router, model N10117.

the belkin router is connected to a virgin router.
thier is a setting on the belkin router, which allows you to use it as an 'access point'.

all 4 devices can connect perfectly. and use programs like 'VLC remote' perfectly.

but when it comes to itunes on the pc, after setting all the apropriate settings on itunes,
itunes is unable to see all 4 devices for 'wireless syncing'.

ive come to a hault, and stuck :/
many thanks in advance,
stuart

A:Router 5ghz and 2.4ghz not see apple devices?

as etc info -

I have virgin router 4 lan ports - port 4 is connected belkin N10117 router, and setting is set too 'act as access point'.

PC is connected to virgin router via LAN...

is it something to do with the IP address maybe?

stuart

4 more replies
Answer Match 46.2%

I was having issues with my old router so I got a new linksys AC1200. I have some devices that use 5.0 and they're working fine but my other devices are very sporadic and only work for maybe 30 seconds before losing connectivity then start working after another 30 seconds or so. Wired devices work fine
 

A:Dual band router devices work on 5 ghz but not 2.4

If you have a Windows PC with the problem ...

Please attach a screen shot of the Networks page (don't collapse the Radar, Connection or Signal History) of the Xirrus Wi-Fi Inspector. If you need help with a screen shot see TSG Posting a Screenshot. FWIW to take screen shots with Windows Vista or latter I prefer to use the built-in Snipping Tool.

Identify your network if it is not obvious.
 

1 more replies
Answer Match 46.2%

Hey guys,

Just a quick one I'm sure most could answer, I'm a bit of a novice when it comes to Wifi, and my router is kicking devices off when we have more than 4, picking and choosing which devices it will allow Wifi too. We often have 3 phones, 2 laptops and 1 PC in the house which need constant connection. What do I do to make this happen?

My Router is a D-Link: DSL-2780, I'm with Talk-Talk in the UK.

Thanks in advance!
 

A:Solved: Router kicks Wifi devices off.

16 more replies
Answer Match 46.2%

I have 2 wireless PCs and a BlackBerry that connect to my dlink router. I am finding that my BlackBerry is constantly getting kicked off the network, and I always have to reconnect before I can use the internet. (It still says that it's connected though) I was told that a dual channel router would fix this.

So my question is, will 3 devices work without a problem on a dual channel router? Or is my BlackBerry still going to be "booted off"?

Thanks
 

A:How many devices can a dual channel router handle?

11 more replies
Answer Match 46.2%

Hi,
In the past 3 days I've noticed that I periodically get randomly redirected via link bucks when browsing the internet. It was odd when it happened on my nexus 7 tablet but also has started happened on the 2 laptops that are connected to my router.
There's no specific pattern, time or website but it is certainly happening on websites that wouldn't use link bucks (Facebook/university e-mail). I have security software installed on all devices (lookout on nexus 7, MSE on windows 7 laptops).
Any advice anyone could offer would be appreciated, its getting annoying now!
Thanks!
P.s. - at the same time my nexus 7 stopped connecting to Google now with a connection error, but only when connected to my network, on other networks it works fine

A:Linkbucks redirect across all devices connected to router

Welcome aboard  Try resetting your router.... Turn the computer off.On your router, you'll find a pinhole marked "Reset".Keep pushing the hole, using a pencil, or a paperclip until all lights briefly come off and on.NOTE. Simple router disconnecting from a power source will NOT do.Restart computer and check for redirections.NOTE. You may need to re-check your router security settings, as described HERE 

5 more replies
Answer Match 46.2%

Hello,

Yesterday afternoon, my internet appeared to have gone down. I attempted to fix it in the usual way (turn it off and on) but to no avail. I assumed it must be on the ISPs end and continued on with my day.

The internet was still not working this morning, so I checked to see if it might be the router that is causing the issue. Lo and behold, I can access the internet through the modem. Great, router is bust.

Reconfigured it, I updated the firmware, and then did a series of ping tests.

Ping test to google through the ethernet was successful. Ping test to router IP address through the router was successful. Ping test to google through router was unsuccessful.

Does anyone have an idea what the problem might be? Just to reiterate, this is an issue across all devices (Mac, PC, iPhone/iPad, Android, PS3, etc... )
 

A:Router spontaneously stops working across all devices

Hopefully, you know and can still log into the router.
find the WAN side, specifically Router Status or that display that
shows:

IP Address (the public address, not 192.x.y.z)
Default Gateway (your connection to the ISP)
DHCP Server (will not be one of your lan addresses)
Subnet Mask

DNS Server
Lease Obtained
Lease Expires
if any of the first three are missing, then the modem did not feed the information to the router
OR the router did not save it.

disconnect the modem->router
power off both
wait one minute
power on the modem
connect the router (but still powered off)
when the modem is fully sync'd with the ISP
power on the router
from your computer

ping 8.8.8.8 (a ping by address)
nslookup google.com (a dns request that should resolve to an address)

ping google.com (a ping that requires nslookup to work)

 

8 more replies
Answer Match 46.2%

Can anyone help with this?

having some trouble all of a sudden at work (small business, no IT dept)

Everything worked fine Friday and Monday my computer couldn't connect to the router - it was off all wknd no updates or anything.

When I run an Ethernet cable to the router I get internet access. My phone and iPad recognize the router and have Internet access. My laptop has the same trouble as the desktop - can't see the router at all.

Desktop - Toshiba DX735
Laptop - HP (dont have it here, not sure of the specifics)

Internet Provider - Comcast

Cable connection

Using a Western Digital My Net N900 router

Problem computer has norton installed.

Things I've tried:
* power cycling the router and computer
* ipconfig renew and release both wirelessly and wired
* a different command prompt - netsh followed by other stuff I could look up if necessary
* updating the drivers for the wireless connection
* uninstalling and reinstalling the drivers for the wireless connection
* resetting the router
*system restore to when it last worked

Hoping someone can help me!!!
 

More replies
Answer Match 46.2%

Recently installed a new motherboard -- ever since then I've been randomly disconnecting all users on my network -- four different computers usually. I've tried everything we can think of, including anti-spyware scans and antivirus scans, reinstalling ethernet drivers on the onboard ethernet, using a different ethernet card, releasing/renewing IP address, etc.

My friend told me to run a scan, and I removed two proccesses already but this is the update log I have for right now:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:59:11 PM, on 7/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\... Read more

A:[SOLVED] HijackThis Log -- Disconnecting all Devices on Router

Any help, please?

8 more replies
Answer Match 45.78%

Hi All,
I have an issue with my wireless router that I needed some help with. To start off let me give you a bit of background...

I use a macbook at home and a pc at work and I wanted to be able to access my macbook remotely. I used RealVNC for this and had to open up port number 5900 on my router, and the local IP used was 192.168.1.4 - which is the local IP address of my macbook. I am now able to access my macbook from my pc at work.

Unfortunately as a side effect, no other device is able to access my home wifi connection anymore, not another pc, my nokia e71 or my friend's iphone. Is this a by product of the port forwarding? or is it unrelated and should I try and figure out if something else is the matter?

My macbook seems to be able to use the wifi just fine.

Would appreciate any insight on this matter.

Thanks a lot
 

A:Has Port Forwarding Disabled Other Devices From Accessing My Router?

I think the other devices are not able to connect not because of the port forwarding, but because you went ahead and gave a static IP address to your macbook, The 192.168.1.4, and all the other devices for some reason also want this IP addresss. Try assigning your macbook to a different IP.
 

2 more replies
Answer Match 45.78%

About a year ago, my wireless router would randomly not allow any wireless devices to connect to the network. A wired cable worked fine, but not wireless. So we had to unplug the router, and then it would work fine.

You could see the device, but not connect. We moved our wireless phone a little farther away from the router thinking it was interfering, but still no luck. It didn't matter if it was an iPod, our BluRay player, or a laptop. Sometime days would go by with no problem, and some days we would restart the router three or four times.

So we replaced the router, only to have the same problem. We called tech support, but they were no help. So we changed from a local ISP to Comcast, replaced the router for a third time (Cisco Wireless N), and we are still having the same problem. Any ideas?
 

A:Wireless router randomly locks out devices from connecting

6 more replies
Answer Match 45.78%

Two days ago, somehow Windows lost the ability to contact any DNS server in the middle of my browsing for Internet Explorer, Firefox, Google Chrome, and indeed a small browser called Midori. Strangely, Steam still had the ability to connect and browse, but after I rebooted in an attempt to fix the problem, steam could no longer connect.

Chrome Error: DNS PROBE FINISHED NO INTERNET FOUND

IE Error: This page cannot be displayed.

Firefox Error: Firefox cannot find this page.

No other device in my house has this problem. All other computers can connect just fine.

Things I have tried

Rebooting.
Cycling the power on the modem/router.
Using a direct ethernet cable rather than the laptop's antenna.
manually assigning a DNS server with control panel.
Reinstalling the network driver
flushing the DNS cache
Using system restore to go back DAYS before this problem ever emerged.

All yielded no change. I would really, really rather not have to reinstall windows 8 and lose all my information. I don't have the resources currently to back everything up.

A:Windows 8 DNS error; other devices work fine on same router

Please click on the link and provide the information requested in your next post: Pre-posting Requirements - for both Wired and Wireless Connectivity Issues

1 more replies