Tech Problem Aggregator

Uninstall of System Progressive Protection Malware creates registery files problems

Q: Uninstall of System Progressive Protection Malware creates registery files problems

First of all - thank you for your dedication to people like me!
I followed the removal instructions but then has a black screen when restarting my computer. Computer woks in safe mode.
I have done a Windows startup repair but it cannot be completed, I get the message that unspecified changes to system configuration might have caused the problem. Error code 0x490.
Also get Boot/BCD failed.
I have restored the computer and can work on it in normal mode. I still see the little lock of the Malware on my taskbar.
I have also purchased Advanced System Care to assist but I get no joy...
It seems like removal of the Malware also removes some system registry files but I am no expert.

Please, please help me!

A: Uninstall of System Progressive Protection Malware creates registery files problems

Please do the following:Please download DDS from either of these linksLINK 1 LINK 2and save it to your desktop.Disable any script blocking protection Double click dds to run the tool. When done, two DDS.txt's will open. Save both reports to your desktop.---------------------------------------------------Please include the contents of the following in your next reply:DDS.txtAttach.txt. NEXTPlease download aswMBR to your desktop.Double click the aswMBR.exe icon to run itWhen asked if you want to download Avast's virus definitions please select Yes.Click the Scan button to start the scanOn completion of the scan, click the save log button, save it to your desktop and post it in your next reply.You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well

40 more replies
Answer Match 103.74%

I think my laptop is infected by the System progressive protection malware. Whenever I turn on the laptop, window will hange at the booting stage without reaching to the desktop page.

To reach to the desktop page successfully, I need to boot window in safe mode and select start window normally option. Once window is at the desktop page, program name "system progressive protection" will do the scanning automatically and listed out several infected files on my laptop. All the programs that I try to execute are prohibited by this malware.

I am very grateful for your help to solve this problem. I have done the HijackThis, DDS, and GMER scanning. Please see below log files. Thank you.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:06:49 PM, on 12/28/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\Explorer.exe
C:\Windows\system32\ctfmon.exe
C:\Users\... Read more

A:System Progressive Protection malware

16 more replies
Answer Match 103.74%

Hello Experts,I have win 7 and installed Microsoft Security Essential (MSE) with latest updates. System Progressive Protection (Malware) showed up and hijacked my computer. My windows firewall is ON. I am wondering, how does this malware come into my system and changed folders/registry. How did MSE allow to make such changes? As I googled, there are suggestion to install additional antivirus software. Is it necessary to go in that direction? Thanks in advance.

A:System Progressive Protection - Malware

Welcome RIMD... Please follow our guide System Progressive Protection Removal Guide Post the log and tell us how it isThe log is automatically saved and can be viewed by clicking the Logs tab.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.

1 more replies
Answer Match 102.9%

Hey All,

I have the System Progressive protection Malware Issue.

I have shut down the main portion of this malware and I'm just waiting on the additional cleanup.

Thanks,
Cnon

A:I have the System Progressive protection Malware Issue

I'm clean now, would it be ok the link the guide I used?

Cnon

8 more replies
Answer Match 91.14%

My system, XP Ser Pk 3, was infected by malware called "System Progressive Protection". I understand that this malware belongs to the Winwebsec family of rogue security products. It blocks its victims from accessing any other application on an infected machine. It would only allow access to IE, presumeably for paying the fee to clear it.
Unfortunately I contracted for a one-time-fix to be carried out by MYTECHGURUS. At their request I booted into Safe+Network mode and then watched as the downloaded a single anti-malware prog, MalwareBytes, and ran that. They then unloaded my installed Microsoft Security Essentials, which would not respond, re-installed it, updated it, and ran a Quick scan. They then declared my computer to be ok!!

Shortly afterwards I discovered that Security Essentials will not update. The pop-up says:
"Virus and Spyware definitions update failed.
Check Internet and Network connections and try again.
Error code: 0x80070424"
Other computers on the home wireless network Update without a problem and prior to this issue there was not a problem on this box.

The only way that I can update Essentials is by uninstalling and reinstalling. It will then update but following that update the error message recurs on the next attempt.

Also when I attempt to check if Windows Firewall is on by Run Firewall.cpl I get the message:
"Due to an unidentified problem, Windows cannot display Firewall settings"

I no longer trust the machine and would... Read more

A:After effects of malware "System Progressive Protection"?

16 more replies
Answer Match 86.94%

After reading your website I am sure I have System Progressive protection. I read the user guide written by Lawrence Abrams and have tried it a couple of times. I am using windows XP. I have followed the steps each time, but it does not seem to work. I boot into safe mode and then download one of the RKill downloads and it does it's thing and then posts a report on my desk top. Each time I have attempted to remove the vius/worm I have tried a different version of RKill. So then I move on to scanning my computer. I use Microsoft Security Essentials. I have run full scan twice and found and removed "unwanted software". Then when I have removed it I am prompted to "restart" the computer to let changes take effect. When it boots back up in normal mode the System Progressive Protection thing pops up again and obviously I did not get rid of it. I would guess one of two things is going on. Either it is not stopping the virus when I run RKill or I am rebooting back into normal mode and I should not be doing that. What should I do? With this description can you tell what I might be doing wrong? I know this is not a really serious problem but I would prefer to get rid of it. I am so close to fixing this issue but I can't seem to completely get rid of this thing. Please help. By the way. Thanks for the site. You all do wonderful work here. Thanks again. Looking forward to hearing from someone.

A:System Progressive Protection

Can anyone help me with the issue I am having? Thanks.

5 more replies
Answer Match 86.94%

I am running Windows XP using Firefox. I got the System Progressive Protection virus. I ran Malwarebytes and can use the computer now but "iexplore.exe" is still running in the background. Also, Microsoft Security Essentials pops up every few minutes with a "Detected threats are being cleaned" message. What do I do now?
Thanks, in advance.

A:System Progressive Protection

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply.====================================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next t... Read more

1 more replies
Answer Match 86.94%

Helloes
Pz say to me how to remove the System Progressive Protection which I was attacked by him.....Thnx

A:system progressive protection 3.7.17

Hello nrimawi.

Please follow these instructions closely here at this site.
System Progressive Protection Removal Guide <-Let me know if you cannot go to that site.

Post back with any questions and to let us know how things are going.

1 more replies
Answer Match 86.1%

Hello,

My computer was recently infected by System Progressive Protection virus, which I removed using RKill and Malwarebytes Anti-Malware. In the process, the Antimalware detected and removed several Trojans and Rogues. How do I ensure that my computer is not infected? Any suggestions on additional scans that can be performed?

Thank you so much.

A:System Progressive Protection Virus

Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply.====================================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwar... Read more

12 more replies
Answer Match 86.1%

Hi,
I got the System Progressive Protection a couple weeks ago, but have had only a little of time to work on fixing it since then. I have kept my computer off for much of that time, only when trying to fix it.

I am not sure if my trend micro didn't find it or the virus was not allowing it to find anything. I immediately went to safe mode and downloaded Malewarebytes and started scanning. It found quite a few files. I continued removing them. Then I rebooted. When starting, my computer would freeze after getting to the home screen. So I would go back to safe mode and rerun malwarebytes only to find a file again. I did this a few times with same result thinking the virus was somehow reinstalling itself on startup. Then finally no files were found. So I restarted and the computer still froze. I then realized that I was running two virus programs, Trend Micro and Malwarebytes and thought maybe they were interfering with each other. So I uninstalled Malwarebytes and restarted. My computer has not frozen since. I ran a full scan using Trend Micro and got a list of things that it has found and deleted or quarantined. I am wondering how I know if I have fully and successfully removed everything I need to from my computer and am ok to use like normal.
Any help is much appreciated.

Thanks.

----------------------

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Jason at 10:55:40 on 2012-12-09
#Option Extended Search is enabled.
Micros... Read more

A:System Progressive Protection - am I clean

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Please download ComboFix from one of these locations:Link 1Link 2* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Close any open browsers, and all other programs working. Make sure you save your file if working on a document.
Do not install any other programs until this if fixed.[/b]
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass... Read more

11 more replies
Answer Match 86.1%

I am running Windows XP. Yesterday I got the "System Progressive Protection" virus. I used Malwarebytes to remove it and I can now use the computer but I have "iexplore.exe" running all the time. I tried to delete it in the Task Manager but it pops back up immediately. Also, I am using MSE and it now pops up every few minutes with a "Detected threats are being cleaned" message.
What do I do now?
I have attached the files I believe will be needed.
Thanks in advance.
 

More replies
Answer Match 86.1%

my computer was infected by Rogue "System Progressive Protection"
but it was protected by my NOD32 antivirus.
therefore some of it left on my computer eg. it's icon and some file without extension
on my C:\Documents and Settings\All Users\Application Data\(random number)

i am not sure that my computer is slower than before or not!!

i attached hijack this log file along with my post..
please help me to check is my computer still in good condition or not??...
Many thanks in advance
===============================================================================
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:22:37, on 3/11/2555
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Lenovo\Bluetooth Software\... Read more

A:infected with System Progressive Protection

Hi jackoff

I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible.

White Warrior

6 more replies
Answer Match 85.26%

HelloI have a Sonay Vaio running Vista 32bitI had the System Progressive Protection on my laptop and ran rkill and MBAM and cleaned it.After that i lost use of my laptops keyboard and mouse but the USB keyboard/mouse work.I tried many thing with no success and have now restored all the files found by MBAM and now back to square one and realize i'm in over my head and need some help.Windows Update will not run as well as other servicesMS Security Essentials was on it but was getting errors so i uninstalled itMy Recylc Bin says it's corrupted as well.Here is the log from my most recent Rkill being ran in safemode and MBAMPlease Help!Rkill 2.4.3 by Lawrence Abrams (Grinler)http://www.bleepingcomputer.com/Copyright 2008-2012 BleepingComputer.comMore Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.htmlProgram started at: 10/01/2012 08:46:02 PM in x86 mode.Windows Version: Windows Vista ™ Home Premium Service Pack 2Checking for Windows services to stop: * No malware services found to stop.Checking for processes to terminate: * No malware processes found to kill.Checking Registry for malware related settings: * No issues found in the Registry.Resetting .EXE, .COM, & .BAT associations in the Windows Registry.Performing miscellaneous checks: * ALERT: ZEROACCESS rootkit symptoms found! * HKEY_CLASSES_ROOT\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32 [ZA Reg Hijack] * HKE... Read more

A:Zeroaccess Rootkit and System Progressive Protection

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

22 more replies
Answer Match 85.26%

System Progressive Protection is a rogue security software which will report that malware has been detected on your computer in an attempt to scare you into buying this malicious software.
In reality, none of the reported issues are real, and are only used to scare you into buying System Progressive Protection and stealing your personal financial information.

As part of its self-defense mechanism,System Progressive Protection has installed a rootkit on your computer,which will disable the Windows Task Manager and will block you from running any program that could lead to its removal.

System Progressive Protection is a scam and you should ignore any alerts that this malicious software might generate.
Under no circumstance should you buy this rogue security software as this could lead to identity theft,and if you have, you should contact your credit card company and dispute the charge stating that the program is a scam and a computer virus.
Removal instructions for System Progressive Protection virus​This is a self-help guide, use at your own risk.
If you experience problems completing this guide, or the problem persists after following the instructions below or would like to have one of our staff members guide you through the process, please start a new thread in our Malware Removal Assistance forum.
STEP 1 : Start your computer in Safe Mode with Networking

Remove all floppy disks, CDs, and DVDs from your computer, and then restart your computer.

Press and hold the F... Read more

More replies
Answer Match 85.26%

Had System progressive protection malware
ran Rkill, malwarebytes, and PSIS. Now I am getting a message that says

The Recycle Bin on C:\ is corrupted. Do you want to empty the Recycle Bin for this drive?

I said yes at first and when it said there were over 700 files I stopped it. Rebooted and got it again, this time I said no and tried to open the Recycle bin to view the files and it wouldnt let me.

Any suggestions????

Thanks,

A:malwarebytes removed system progressive protection

Hello,I will be helping you with your problems. Please be patient while I assist you.Some points for you to keep in mind while I am helping you to make things go easier and faster for both of us Please do NOT run, install or uninstall any programs, unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post. Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process. Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the Watch Topic Butt... Read more

1 more replies
Answer Match 84.42%

Hi all,

The other day I turned on to find malware on my computer - a fake antivirus called System Progressive Protection.

I have since:

- deleted the files from their origin folders
- ran the computer in safe mode
- run Rkill
- run malware bytes (having first updated)
- run hitman
- deleted all cookies and temporary internet files
- emptied my recycle bin

When I boot my computer in normal mode I get the message:

"recycle bin is corrupted" and I think it then asks if I want to empty it.

System progressive protection seems to have gone but i still have internet re-routing malware going - seekportal and doublee-click.net for example. These won't go no matter what I do.

In my task manager processes, something called atieclxx.exe is running, which I've read could be malware.

When I go back into safe mode and run malwarebytes, it doesn't pick anything up.

If somebody could please help me, then I'd be hugely appreciative.

Thanks,

Trevor

A:System Progressive Protection, Seekportal, Doublee-click.net

Oh, I've also made sure that in my LAN settings I do not have ticked "use a proxy server".

23 more replies
Answer Match 73.08%

Hi guyz I'm a newbie here and not much of a techno geek.My torch browser began crashing and I'm not able to uninstall it. My first response was to google it and found about a torch virus. I wanted take it off so I downloaded malwarebytes and scanned my netbook. Its OS is windows 7 ultimate. Once I did a threat scan it showed 47 infected files and quarantined it. My gut said not to delete any of it but to save time I deleted all of it. Now my computer won't uninstall anything like revo uninstaller, NCH videopad and etc. Everytime I try to open a program, restore file things like these pop out:AvastUI.exe - Application error memory could not be writtenWerfault.exe  - Application error memory could not be writtendllhost.exe - Application error memory could not be writtenrundll32.exe - Application error memory could not be writtensdclt.exe - Application error memory could not be writtenmobsync.exe - Application error memory could not be writtenWhen I try to uninstall these keeps popping:Werfault.exe  - Application error memory could not be writtenrundll32.exe - Application error memory could not be writtenAnd says that it was already uninstalled and asks me if I wanted to remove it from the programs and features list.and when I try to restore files these keeps popping out:Werfault.exe  - Application error memory could not be writtenrundll32.exe - Application error memory could not be writtenLike this: The instruction at 0x00000000 referenced memory a... Read more

A:Malware deleted some of my system files and now I can't uninstall

Oh yeah. Forgot to tell everyone. My brother borrowed my netbook and deleted my backup memory to free some space. That maybe a reason it won't restore anything.

2 more replies
Answer Match 71.82%

one morning i woke up to my computer restarting over and over again.
i ran an antivirus program (ViRobot) which indicated that i had win32.patched.3 and trojan.win32.tibs.7968.
soon my computer said that i had to re-register my operating system within 3 days. so i did.
i ran ccleaner - and most likely deleated something i should not have deleated.
when i restart my computer it cannot find something called " ".
now i cannot connect to the internet.
i called my cable internet provider who tested the cable modem, it checked out.
i can plug the cable modem into my laptop which will connect to the internet just fine. so id do not think it is the modem or internet provider.
i then called intel motherboard support who helped me install new drivers and check the onboard networking which is fine.
so i think something is corrupt with windows.
I use xp pro version 2002 service pack 2.
can some one help me get back on line and get rid of any malware?
i could download anti malware software to my laptop, write it to a cd and then load it on my desktop however most of these programs want to log onto the net to get updates which i cannot do.
here is the log.

Logfile of HijackThis v1.99.1
Scan saved at 10:34:58 AM, on 9/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\sys... Read more

A:get back on line, malware and registery problems

16 more replies
Answer Match 70.98%

My lapTop has infected with virus : Win32.SillyIM and Win32.Srimge!gen. Bootop time getting slower and cause system hang during bootup. Bwloe the log file from HijackThis. Please advise on how I can fix my system register of system configuration. !st time using the HijackThis. Scared to Fixed without any advise.Someone pls help & thanking you in advance for any valuable help.--Masita------< START LOG >------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 13:11:43, on 02-Nov-2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\Program Files\Common Files\Virtual Token\vtserver.exeC:\WINDOWS\system32\ibmpmsvc.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\WINDOWS\System32\... Read more

A:Laptop Infected With Virus/malware, Changed System Configuration / Registery

Hi Masita!

I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible. I'm in Hijackthis school and Teachers will check my posts.
Sorry that it took us so long to get back to you, but as you can see we're stumped withthe amout of logs.

Before we can start, please post a fresh hijackthis log back here.

1 more replies
Answer Match 70.14%

Hi, My computer is infected with some kind of malware that is creating temporary files. When I view the history from Internet Explorer I see at least 1,000 NDr(random #'s and letters).tmp. It is usually 2 numbers or 1 number and 1 letter. For example (NDr66.tmp,NDr8B.tmp). Spybot, Ad-aware,and AVG can't seem to find it. This malware is really slowing down my computer, causes popups, and it also causes explorer.exe to stop working sometimes. And when thats not responding I have to go through task manager to restart my computer because the bottom start bar and Desktop disappear. The popups are usually ads that are trying to get me to buy some kind of anti virus service. Deckard's System Scanner v20071014.68Run by Tyrone Pratt on 2008-07-20 14:46:09Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------System Restore is disabled; attempting to re-enable...success.-- Last 1 Restore Point(s) --1: 2008-07-20 19:46:11 UTC - RP1 - System CheckpointBacked up registry hives.Performed disk cleanup.-- HijackThis Clone ------------------------------------------------------------Emulating logfile of Trend Micro HijackThis v2.0.2Scan saved at 2008-07-20 14:47:43Platform: Windows XP Service Pack 1 (5.01.2600)MSIE: Internet Explorer (6.00.2800.1106)Boot mode: NormalRunning processes:C:\WINDOWS\SYSTEM32\smss.exeC:\WINDOWS\SYSTEM32\win... Read more

A:Infected With Malware That Creates .tmp Files And Popups

Hello and welcome to BCWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay. Please download Deckard's System Scanner (DSS) and save to your Desktop.alternate download siteDSS will do the following:Create a new System Restore point in Windows XP and Vista.Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.Check some important areas of your system and produce a report for an analyst to review.Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.You must be logged onto an account with administrator priv... Read more

2 more replies
Answer Match 70.14%

OK. I'll try and explain this as good as i can. This started a couple months ago where i was trying to sync a scanner to laptop on win8 Toshiba, when the CPU started going crazy changed all contrast colors and ease of access settings to where the screen was not legable. ran my virus scan which didn't find anything but it kept happening. so did a full system restore. to no avail started noticing cpu always different  i got on it so i've been trying to run malware and spyware that gets shutdown or computer reboots in middle of scan. to where the laptop has crashed quite a few times when i get to looking deeper into the problem. now ive noticed network problems at home  with so many ports open and established. its gotten so bad as my older asus running win 7 has same problems now and my brand new galaxy s5 cell phone also was doing weird things and finally it too finally crashed. so thinking its something over the network which at first i thought it was the wife spying on me but every now and again i can turn off router and seems like things still happen and couple of my scan logs got changed were i know i saw some alerts on log about not updating but next day it was changed. when laptop was off all night after scan.
 
im not that tech savy but i try to read and look up as much as i could but shoot it just keeps getting worse and worse. so i would greatly appreciate some help with the matter before the laptop gets thrown in trash. it seems like theres alot of cmd ... Read more

A:Total system problems. files moved around virus protection gets disabled.

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware to your desktop.NOTE. If you already have MBAM 2.0 installed scroll dow... Read more

5 more replies
Answer Match 69.72%

Dell laptop, windows 7. Progressive protection virus shows up. It only had about 20 minutes to get the infection started when the computer came to me. Could not get programs to open. I started in safe mode. Did a system restore. Scanned with MSSE. All looks good. Is it gone or will it come back ?? I can get MWB on it tomorrow, if needed.
THANKS

A:[SOLVED] progressive protection virus windows 7

I just scanned with MWB. All clean. Must have gotten lucky, thats a nasty virus.

5 more replies
Answer Match 69.3%

Upon bootup, file C:\programdata\6TMDwA02.exe is created. It also appears to be downloaded from the Internet.Trend warns about it, but it appears to be downloaded even if "blocked". I am not sure if the exe is being regeneratedlocally and/or downloaded from the Internet.6TMDwA02 executes (visible in DDS.txt as a running process) and creates files At1.job through At24.job in folder c:\Windows\Tasks. 6TMDwa02 cannot be deleted until the job files have been generated. After generation, I can delete the exe andthe job files, but the problem persists.The malware exhibits by trying to launch IE. If IE is running, it opensvarious websites, periodically closing Internet Explorer. It almost makes IE unusable.I have run scans with ComboFix, SuperAntiSpyware, MalwarebyAntiMalware, and Trend. ComboFix detects and deletes6TMDwa02.exe and the job files, but they are regenerated on the next boot. ComboFix was run in SafeMode. The last2 times I ran ComboFix, it crashed the system while writing the log.DDS (Ver_10-03-17.01) - NTFSx86 Run by OldClaret at 16:34:12.07 on Sat 05/15/2010Internet Explorer: 8.0.6001.18904Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.1917.1178 [GMT -4:00]SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:\Windows\system32\wininit.e... Read more

A:Unknown malware - infects IE, creates At1-At24.job files

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

16 more replies
Answer Match 68.04%

When you perform a system restore, it can create multiple files ie, example, example(1), example(2) etc. Is there a program that can clean this up? Thanks
 

A:System Restore creates multiple files

You don't need one, instead see: http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx
 

2 more replies
Answer Match 60.9%

I've already started the process with tetonbob through PM since my system wouldn't allow me to create a thread. I'll just post everything here in order, if it works.

A:Search Redirect Malware and progressive errors

Here is my initial problem with first step files.





Whenever I click on search results from different engines, some of the results will redirect me to things I don't want. I will do it many times before giving me the site I want. In the past, it would redirect via tru01.... now it is qo1q... or something. Mostly it sends me to sites of ......com/search with a favicon that is a stylish blue/green looped 2. On rare occasions, while the browser is open for a while, it will create a new window popup with different addresses like directdr with a green lon/lat atlas favicon.

I did have norton internet on the system but it has expired so I removed it. I've run malware bytes, spybot, superanti-spyware, ccleaner and avast. They sometimes found things but it never fixed the issue. Avast's active protection blocks somethings from time to time but doesn't stop all of it. The problem occurs on both firefox and IE, I don't use IE much but at one point my firefox stopped working. Chrome opens but won't load any sites. Superanti, ccleaner, and avast were all loaded after infection. Sometimes I get "General Host Process Win32" or something errors followed by the window and task bar style going plain brown. My volume controls don't work anymore. Sometimes one of my svchost.exe processes will spike to 99% and stick for a while. Java and Adobe have both been updated recently. In extreme instances, the computer slows to a halt and won't load anything and won't shut down with... Read more

15 more replies
Answer Match 60.48%

Pretty much any form of antivirus/antispyware programs that are installed have stopped working (IE: malwarebytes, spybot, HiJack This, and Panda) and wheni click some of them it says, "Application cannot be executed. The file is infected. The file is infected. Please activate your antivirus software."

Task manager also does not seem to work and gives the above error message. I also get some popups related to Protection System.

The DDS program/logger didn't work and also gave the above error; however, I was able to get a RootRepeal log and have attached it.

Thanks for your time.

A:very bad "Protection System" Malware

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.Please download and run Win32kDiag: Download Win32kDiag from any of the following locations and save it to your Desktop. Download Win32kDiag (Win32kDiag.exe) - #1 Download Win32kDiag (Win32kDiag.exe) - #2 Download Win32kDiag (Win32kDiag.exe) - #3 Double-click Win32kDiag.exe to run Win32kDiag and let it finish. When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program. Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.Download and run a batch file (peek.bat): Download peek.bat from the download link below and save it to your Desktop.Download peek.bat Double-click peek.bat to run it.A black Command Prompt window will appear shortly: the program is running. Once it is finished, copy and paste the entire contents of the Log.txt file it creates as a reply to this post.==========Please post the following logs in your next reply:* Win32kDiag.txt* Log.txt

27 more replies
Answer Match 60.48%

Here is my log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:44:04 PM, on 6/30/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exec:\Program Files\Common Files\Symantec Shared\ccProxy.exec:\Program Files\Common Files\Symantec Shared\ccSetMgr.exec:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exec:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\HPZipm12.exec:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\ehome\ehtray.exeC:\Program Files\Java\jre1.5.0\bin\jusched.exeC:\windows\system\hps... Read more

A:Protection System Malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 60.48%

I have this annoying system protection malware and also maybe, I don't know for sure one that keeps redirecting me everywhere else. I have already used 3 different programs spybot and windows malware remover. I also used combofix and I already have the Log ready. I'm pretty technical savy so I hope that helps you. ComboFix 11-07-17.03 - jessie 07/17/2011 15:20:48.1.2 - x86Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3317.2098 [GMT -7:00]Running from: c:\users\jessie\Desktop\ComboFix.exeSP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\programdata\defender.exe..((((((((((((((((((((((((( Files Created from 2011-06-17 to 2011-07-17 )))))))))))))))))))))))))))))))..2011-07-17 22:50 . 2011-07-17 22:52 -------- d-----w- c:\users\jessie\AppData\Local\temp2011-07-17 22:50 . 2011-07-17 22:50 -------- d-----w- c:\users\Default\AppData\Local\temp2011-07-17 22:50 . 2011-07-17 22:50 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp2011-07-17 22:16 . 2011-07-17 22:16 -------- d-----w- c:\windows\system32\MpEngineStore2011-07-16 20:50 . 2011-06-20 15:57 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates&#... Read more

A:Malware system protection one

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

3 more replies
Answer Match 60.06%

Hi, all. First, thank you for everything you do. I've come to this site a couple of times over the years and everyone has been incredibly helpful. I really appreciate it.

Now I come once again with a malware issue. I thought Spyware Doctor had gotten rid of all of Protection System, but it seems there are still residual traces wreaking havoc. I can hear different programs clicking on & off in the background, but nothing shows up in task manager. Spyware Doctor is finding a new Trojan or spyware about once an hour. Firefox Google Search doesn't seem to work and when I go to Google directly, I'm sometimes redirected to a different site & another Google tab opens up. When I reboot, I get half a dozen of memory errors.

I ran DDS, but GMER just would not run at all. I can download the zip file, but the program itself just won't initiate an install. I have the same issue with MalwareBytes--it seems something is preventing these programs from loading.

If you have any insight as to what is going on, I'd appreciate any sage advice you have to offer. Thank you.

DDS.txt:


DDS (Ver_09-06-26.01) - NTFSx86
Run by Brigid Fitch at 19:22:51.92 on Mon 07/13/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.313 [GMT -4:00]

AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: Protection System *On-access sc... Read more

A:Infected with Protection System malware

hi.

Let run your gmer in a different way. Follow the instructions below;

If you have the gmer.exe now, delete it please.

Redownload GMER from here:
http://www.gmer.net/files.php

Unzip it to the desktop.

---------------------------------
Open Notepad and copy/paste the contents in the code box below, into Notepad.

Code:
@copy /y gmer.exe gamer.exe
@Start gamer.exe -protect
Save this as kyrie.bat Choose to "Save type as - All Files"

It should look like this:

Place the batch next to gmer & double click kyrie.bat to launch it.

--------------------------------------------------------------------------

When the program opens and click on the Rootkit tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for 'Show All'.
Click on Scan.
Once done click on the [Save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop.
Attach that ARK.txt in your next reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Mark

19 more replies
Answer Match 60.06%

I was surfing the internet and all of a sudden this protection system prompt popped up. I thought it was a legitimate windows prompt and thus clicked on it. It seems to have installed itself into my computer and has shut off my legitimate anti virus software. The Protection System program slows down my computer and it sometimes makes my screen go black and pops up with a prompt asking me to download more anti virus software. Sometimes it gets really bad with the pop ups and it doesn't allow me to do anything. I tried to download malwarebytes in order to solve this problem. I installed it successfully however, the protection system doesn't allow me to run malwarebytes. Same goes for my McAfee AV. Both are installed and neither one is allowed to run. Hope you guys can help with this problem. Thanks

A:Infected with Protection System Malware

We have a self-help area for removing common malware. Please see the tutorial How to remove Protection SystemWhen done, click the Logs tab and copy/paste the contents of the new report in your next reply.Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

3 more replies
Answer Match 59.22%

Laptop just got hit with this. Window opens stating its Malware Protection and starts running a scan, when I try to run or do anything else I get a pop up window saying app cant start infected with W32/Blaster.worm please activate malware protection. Also shows a sheild in the tray. Help me please.

More replies
Answer Match 59.22%

Hi, all. First, thank you for everything you do. I've come to this site a couple of times over the years and your advice has been incredibly helpful. I really appreciate it.
Now I have my own problem with a malware issue. My computer has become disabled. It boots to the desktop, but I cannot access anything with my mouse, and when I place the cursor in the taskbar, the hourglass icon appears. Sometimes the Protection System window would appear trying to tell me about some fake virus problems and to do an install.
I was able to delete any mention of Protection System from the registry through safe mode with command prompt, then regedit. That removed the Protection System screen from startup, but I still can't run any scans to send to you for review. Nothing works! I have to unplug the machine to turn it off!
Is there any other way to access scan programs to get this fixed?
I am running Windows XP with I believe Service Pack 3.

A:Protection System malware wreaking havoc

Bump, please!

Please help! I am still having trouble with this nasty malware one week later.

1 more replies
Answer Match 59.22%

Hello,
 
So one day my wireless internet stopped working on my Dell XPS 15z running windows 7.  Ran the troubleshooter everything was fixed...for a few hours.  Repeat the troubleshooter and things were fixed again, but only for a limited time.  Ran avast! and found nothing.  The error messages I kept getting were "default gateway is not available" and/or "problem with wireless adapter or access point"
 
So i began to check other things.  It's not my internet, as plugging in via ethernet works just fine.  Not my router, as I would get the same error messages on other wireless router networks.  Dell replaced the motherboard just before this because of some other problem, so I'm having them replace it again.  They just replaced the wireless card 2 days ago and nothing.  It would work again for a few minutes before it would stop.  Now today my laptop doesn't even see a wireless card existing.
 
Thoughts, questions, suggestions?  Any help would be appreciated.  If you need more info, just ask!
 
Thanks!
 
~Supersox

A:Progressive Wireless Problems...Need Help!

I forgot this as well. after a few days, i noticed my computer would completely shut down (not hibernate or sleep) at some point after i stepped away from it. Upon restart, I was informed that something had gone wrong and the error message i get after rebooting says the details of the shutdown are as follows:
Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7601.2.1.0.768.3
Locale ID: 1033
Additional information about the problem:
BCCode: 9f
BCP"
1: ****-****-****-****
BCP2: FFFFFA8006CF1060
BCP3: FFFFF80000B9C3D8
BCP4: FFFFFA800B5C8BD0
OS Version: 6_1_7601
Service Pack: 1_0
Product: 768_1
Files that help describe the problem:
C:\Windows\Minidump\101613-30607-01.dmp
C:\Users\David
M. Behm\AppData\Local\Temp\WER-117515-0.sysdata.xml
Read our privacy statement online:
http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409
If the online privacy statement is not available, please read our privacy statement offline:
C:\Window
s\system32\en-US\erofflps.txt

1 more replies
Answer Match 58.8%

Infected with malware (Funmoods?). Downloaded Malwarebytes last night and did a full scan. Found 30-35 objects (many of them listed as REGISTRY). Removed those. Restarted. The HDD is constantly reading. Something it wasn't doing before. Don't see anything out of the norm in Task Manager. Tried going into XP's Peformance Tool under Administrative Tools but can't figure out what exactly is running. The system blue screened (page fault error I believe) once yesterday afternoon.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2
Run by Tyler at 19:11:47 on 2012-11-26
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3054.1769 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
C:\Program Fi... Read more

A:Infected with Registery Malware

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top o... Read more

16 more replies
Answer Match 58.8%

Hi there, I've been looking around for a while now trying to find an answer to this problem I've been having lately. According to my task manager the process under the user name SYSTEM and image name "System" (NOT System Idle Processes) has been running at 99% CPU usage. It bogs down my entire computer. All programs run much slower and some even crash and freeze up.

I've run tons of Norton Anti-virus scans, all of which froze up before they finished, so I downloaded a program called "Advanced System Care" via recommendation of my brother. I was able to run full system scan and system clean up, but the problem remained. I even went to another forum and was told to "Click Start, click run, type in CMD, and then MSCONFIG".

I did that and ended several programs. The ones marked in red

Nothing weird happened, meaning I didn't have any problems restarting my computer. However, the System remained running at 99% CPU.

I'm really at my wits end here and have been told I may need a new hard drive. I've never been given a clear answer as to what's wrong with my computer. I know it's not a virus, I just want to know what's wrong with it and if it can be fixed then how?

Thanks to anyone who took the time to read that whole lot and even more thanks if you can help me out! =D

A:"system" running at 99% CPU, creates multiple problems

Please post the PC specs.

Were there any hardware changes just prior to the problem? Were there any Windows updates just prior to the problem? Often times this is caused by USB drivers and/or some other driver-hardware problem.

3 more replies
Answer Match 57.96%

Hi all,
I seem to be having a frustrating issue. I was attempting to enable my system protection in order to allow me to restore individual files to a previous state. Unfortunately when I go to do so the option is not available at all. I did some research and have not been able to find a solution for this issue. I attached a screen shot of what i'm seeing and what should be available below (found the second one on sevenforums). Any help with this would be greatly appreciated as I have been searching for a solution for this problem for a little over two hours now .

A:No option to enable system protection for files

Hello Waffle, and welcome to Eight Forums.

Previous Versions of files from system protection has been replaced with File History in Windows 8/8.1 now. File History gives you more control.

File History - How to Use in Windows 8

Hope this helps,
Shawn

3 more replies
Answer Match 57.54%

Hello! I have Microsoft Security essentials and recently my real time protection has been turning off every single day but it is up to date. It's affecting my Malware protection. I downloaded malware bytes and ran several scans with both of them in regular mode and safe mode. However, it didn't seem to fix anything and malware bytes is running out of trial mode :/. Then 2 days later my laptop  shut off and restarted itself. Then today when I turned it on I got the blue screen of death.
 
 
 
Any advice would be amazing thanks!!

A:Real-time protection keeps turning off (malware problems)

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware (MBAM) to your desktop.NOTE. If you already have MBAM 2.0 installed scr... Read more

23 more replies
Answer Match 57.54%

Hi, as you can see by my Topic title, I am ready to tear my hair out trying to get this computer back to normal so any help would be GREATLY appriciated. My computer seems to be infected with a rogue anti-virus called Protection System, and it causes fake Windows Security Alerts to pop up every so often with claims that my computer is infected. Most forums I go to tell me that people who have this Malware can't search for help on Google, this is true in my case to a certain degree. Before EVERY link on Google I clicked made a pop up coming up, leading to some AD website called windowsupdate.com or something like that, but now it doesnt do that, but some websites are blocked and I find ways around them. On top of that after a couple of hours or so depending on the time, a system shutdown will start to countdown. Now most times I can avert this by simply clicking cancel whenever the task manager pop ups start occuring telling me to End Now and stuff, but sometimes it goes through. Also sometimes i'll get a process called IEXPLORE.EXE which I know isn't the REAL iexplore.exe because 1 it's UPPER CASE and 2 I use Opera, and the IEXPLORE.EXE will play random audio clips of commercials and scenes and stuff like that and I have to end the processes from the Task Manager. Also I have weird processes like: wscsvc32.exe, g106p.exe, freddy41.exe etc etc. I downloaded Malwarebytes but I had to save it and run it from my external hard drive because if i save it on my normal hard drive it ... Read more

A:HELP!! PROTECTION SYSTEM ROGUE ANTI-VIRUS MALWARE MAKING ME INSANE!!!

Also here is my Malwarebytes LOG as well:Malwarebytes' Anti-Malware 1.38Database version: 2297Windows 5.1.2600 Service Pack 26/26/2009 3:15:19 AMmbam-log-2009-06-26 (03-15-19).txtScan type: Quick ScanObjects scanned: 116506Time elapsed: 14 minute(s), 27 second(s)Memory Processes Infected: 3Memory Modules Infected: 0Registry Keys Infected: 11Registry Values Infected: 8Registry Data Items Infected: 0Folders Infected: 5Files Infected: 43Memory Processes Infected:C:\WINDOWS\freddy47.exe (Worm.KoobFace) -> Unloaded process successfully.C:\WINDOWS\system32\reader_s.exe (Trojan.Agent) -> Unloaded process successfully.C:\Documents and Settings\Compaq_Owner\reader_s.exe (Trojan.Agent) -> Unloaded process successfully.Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_CLASSES_ROOT\CLSID\{b2c7b2a1-00f3-42bd-f434-00aaba2c8952} (Trojan.Ertfor) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b2c7b2a1-00f3-42bd-f434-00aaba2c8952} (Trojan.Ertfor) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b2c7b2a1-00f3-42bd-f434-00aaba2c8952} (Trojan.Ertfor) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall&... Read more

3 more replies
Answer Match 57.54%

hey guys,
after boldly trying to fix this problem on my own though I am not a technical person I am now in a dead end.
- my system is xp
- obviously my pc is infected with the system check or system fix trojan.
- in fact the icon on my desktop says "system check" but all the problems (hidden data, false warnings, everything) are identical to what is described in "remove system fix"
- I have done all steps described in the very understandable "remove system fix guide" (maybe I was wrong, mixing system fix an system check?)
http://www.bleepingcomputer.com/virus-removal/remove-system-fix
- rkill has found something, I could post the log
- everything worked until I tried to install Malwarebytes' Anti-Malware
- i could not finish the installation process, when I click "install" there come?s something like "access denied" (english is not my mother and computer language)and then " the setup could not be finsihed. please fix the problem and start the setup again"
- that is basically the status quo....
What should I do? I have no idea...was so happy to find this guide, and now something does not work....Do you need any further information?

Best regards and thanks for reading!

freebe

A:system check or system fix virus - problems while following the uninstall guide: cannot install mbam

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

3 more replies
Answer Match 57.12%

I'm using Windows Home Premium x64, and I want to delete a single file from a backup created by system protection. When I open a restore point, It takes me to an address like "\\localhost\C$\@GMT-2012.03.14-xx.xx.xx" I can see and open all of the files on that folder, such as like play videos from it, but I cannot delete anything from it. When I try to access the folder through disk management, access is denied. how do I go about deleting individual files from the backups?

A:How do I delete individual files created by system protection?

Hello Bhootnat, and welcome to Seven Forums.

A restore point is different than a backup. You will not be able to delete a specific file included in a restore point. Any attempt to mess with a restore point like that would most likely end with the restore point no longer able to be selected to be used when doing a system restore.

Instead, you could only delete specific restore points if you like.

System Protection Restore Points - Delete

Hope this helps,
Shawn

5 more replies
Answer Match 56.7%

Hi,

On 3/16, my Vista PC was infected with the Vista Internet Security 2011 malware program. This particular varient appeared as "eyr * 32" in my processes, there was also a suspicous process identified as: "unsecapp" The infection would not let me access the web via IE, I tried google, bing and several news sites, all were blocked, dont remember the exact reason, something like the site is unavailable.

I researched removal from another machine and since I could not get out to web from the infected machine for automated removal tools, I struggled to remove it manually with instructions from a variety of sites.

Most discussed the registery entries to be removed. This particular varient did not have entries for the HKEY_LOCAL_MACHINE uSoft\Security Overrides. Nor did it have entries for the HKEY_CLASSES_ROOT exe shell open commands.

It did have entries for the HKEY_CURRENT_USER Software Classes shell open commands for both '.exe' and 'exefile', I removed the command entries, both of which referred to eyr.exe

It also had an entry for the HKEY_LOCAL_MACHINE Software clients Start menu internet IEXPLORER, which I removed

In my naivete, I looked for and found an entry in HKEY_CLASSES_ROOT\exefile, I deleted this key entry!

I looked for, found but could not access HKEY_CURRENT_USER\Software\Classes\exefile

I rebooted the machine, the infection is not executing, however, I can not execute programs from the desktop, start menu, start tr... Read more

A:Need registery entry defn for exe files...

Reboot the computer and start tapping F8 just before windows starts to load.
Should bring you to a safe mode menu listing.
Select last known good configuration and hit enter.
See if that gets it going again.
 

1 more replies
Answer Match 56.7%

Hi,
I am having this problem,when I'm trying to C:\>SFC \SCANNOW ,it is giving error message as this "windows protection could not initiate a scan of protected system files the specific error code is 0*000006ba [the RPC server is unavailable]".I'm using windows xp service pack 3.Please some one tell me how to solve this.
 

A:windows protection could not initiate a scan of protected system files

7 more replies
Answer Match 56.28%

Hi, as the title says I deleted important registry files. It was accidental, I wanted to uninstall microsoft office pro plus 2013(or something like that) with Revo Uninstaller Pro because I wanted to make sure nothing was left behind. However, after I deleted it with the scan for leftovers (it asks you if you want to delete leftover registry and then leftover files and folders) my computer started to **** up. My theme changed to the basic grey thing, when I want to navigate the Internet it doesn't work... I knew I did something wrong, so I wanted to restore my PC using system restore. However even that isn't working. When I go on the page after clicking on system restore, it gives me an error with about a shadow file or idk(I'm not on my PC right now because Internet doesn't work as said above). I can't even click on a restore point because of that error.

I can however boot normally so that at least is good. I am extremely confused!! Please help!
Is Revo uninstaller a good or bad thing considering what it did to my PC(or more what I did to it by trusting them)?

Thank you!
 

A:Solved: Deleted important registery files!

6 more replies
Answer Match 55.86%

I have come back from Wales with a problem I had before I went there: nearly having no disk space at all for anything.

But that's not the worst of it.

Second by second, folders and files are being created in my Programe Files folder. How do I stop it? Is this normal for my machine?

Please help, my dad is desperate to free up some space before this computer becomes just what my old XP became: a piece of junk that no longer works.

A:Programe Files creates loads of files by the minute!

Try a disc cleanup. Go to computer,c drive, disc clean up (including system files) Do that twice.

Go to control panel>programs and delte all programs that you do not want or need. Make a system resore point, first in case of problems.

There will be HD space used for the recovery functions. System Image, System Restore, Backup and restore and shadow copies. Every time a new SR point is made more space is used.

Try my suggestions and tell us what happened.

1 more replies
Answer Match 55.44%

I have a Acer laptop running Windows XP. It is an Acer Aspire 5610z model number BL50. I cannot give specs on it because every time I try to open something a box pops up that says:

The File Type Assistant
Get Safe Software Suggestions
Powered by www.trustedsoftware.com

File name: rundll32.exe
Either you do not have a program installed that can open your file, or you are may be looking for a new one.

What do you want to do?

Search the Trusted Software web site for safe programs that can open your .EXE file. You can also read information about .EXE files.

Let Windows manage the file.

The computer worked fine, but then a friend was on the computer and downloaded a trial version of Uniblue Registry Booster. Then he ran a scan using that trial program. He did not tell me that he ran the scan or even downloaded the program. I saw the program on the laptop, so I went into the add and remove program and unistalled it. After uninstalling the program I then lost, I think, all my .EXE files.

What can I do to fix this. Please help. I need this laptop for college. Any help is much appreciated.

Thank you,
Randyhammm1
 

A:Lost exe files after uninstalling uniblue registery program

16 more replies
Answer Match 55.44%

HI I am completely new to this, my problem is i have lost about 60 programs from the program and features control panel and have only 30 remaining.All the programs still seem to be working though.I have tried restoring to earlier time but have sinse read that its probably a registery fault. I use Nortons reg cleaner and avs as well as cc cleaner useing them intermediately so i was surprised to have a problem . The computer is a Toshiba laptop Satellite500 32/ 64 op system.Nortons security scans cant find any faults and say computer is running like new although its 3yrs old.Its nortons 360 security and Virgins health check gives 100% clearance. I am not that good with too much technical stuff but would be very very grateful any help or advice. Warm Regards Halfinch
 

A:Solved: Registery Problems

7 more replies
Answer Match 55.44%

hello i wonder could anyone help me,I've been getting some popups recently about parts missing in windows registary. so i did some scans withpc mechanic and pc doc(free versions) and i had some 334 severe problems in registry.can anyone advise me what to do?

Mariska

A:Severe Problems With Registery

Well, are you on line when you get these popups? If so they are more than likely just something that is trying to make you buy their product. If you are just getting these write down what they say and post them here in this thread.

If you are having troubles and real bad ones with your registry I will save you a lot of time here by telling you that you should have some one that can look at the computer do so that knows what and how the registry works. You can believe me it will be worth the time and money that you spend.

The registry is the heart and should of any Windows Operating system and if messed with by anybody that either does not know what they are doing or makes a mistake believe me it will be the last mistake they make just before reinstalling everything.

11 more replies
Answer Match 55.44%

Hi, I'm not sure what I've done, but it apparently was something that managed to kill my system.

This is the Message that I've been getting:

System Error!

Attention, Jason! Some dangerous trojan horses detected in your system. Microsoft Windows XP files corrupted. This may lead to the destruction of important files in C:\WINDOWS. Download protection software now!

Click OK to download the antispyware. (Recommended)

Any help that could be provided would be greatly appreciated. Below is the Panda Report that I got and the Main report from DSS. I've also attached the extra text file from DSS.

Thanks,

Jason

Panda

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-06-22 18:54:36
PROTECTIONS: 1
MALWARE: 29
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Windows Live OneCare 1.0.0 Yes Yes
;==================================... Read more

A:"System Error!...Microstoft Windows XP Files corrupted. Download protection now!

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please save this page to Notepad in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

You have no firewall enabled. Please enable Windows OneCare Live Firewall in the Security Center of your Control Panel.

------------------------------------------------------

I see you have P2P software ( Azureus ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. Howe... Read more

1 more replies
Answer Match 55.02%

I am having problems with my computer running smoothly whenever I start my computer up get several .DLL files that windows says it cant find as well on my avast program it say I have Kaspersky antivirus causing an incompatible program. I need some help with this. Here is my hijackthis log. Thanks.Logfile of Trend Micro HijackThis v2.0.3 (BETA)Scan saved at 7:51:53 PM, on 2/23/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16981)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Cisco Systems\SSL VPN Client\agent.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\Program Files\Alwil Software\Avast5\AvastSvc.exeC:\WINDOWS\Explorer.EXEC:\Acer\Empowering Technology\eDataSecurity\eDSloader.exeC:\Acer\LANScope Agent\awtray.exeC:\WINDOWS\system32\SysMonitor.exeC:\WINDOWS\RTHDCPL.EXEC:\WINDOWS\system32\RUNDLL32.EXEC:\PROGRA~1\ALWILS~1\Avast5\avastUI.exeC:\WINDOWS\system32\c... Read more

A:Kaspersky uninstall problems and .DLL files

I am having problems with my computer running smoothly whenever I start my computer up get several .DLL files that windows says it cant find as well on my avast program it say I have Kaspersky antivirus causing an incompatible program. I need some help with this. Here is my hijackthis log.Thanks.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:00:24 PM, on 2/23/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16981)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Cisco Systems\SSL VPN Client\agent.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\Program Files\Alwil Software\Avast5\AvastSvc.exeC:\WINDOWS\Explorer.EXEC:\Acer\Empowering Technology\eDataSecurity\eDSloader.exeC:\Acer\LANScope Agent\awtray.exeC:\WINDOWS\system32\SysMonitor.exeC:\WINDOWS\RTHDCPL.EXEC:\WINDOWS\system32\RUNDLL32.EXEC:\PROGRA~1\ALWILS~1\Avast5\avastUI.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolb... Read more

3 more replies
Answer Match 55.02%

A new variant of the ACCDFISA Protection Center ransomware has been released called Malware Protection. The malware developers target Windows servers and appear to hack them in order to install the software. Once the Malware Protection ransomware is installed, it will lock you out of computer and create password-protected RAR archives out of your data that you can no longer access unless you pay a $300 ransom.

When installed, the Malware Protection ransomware will scan your computer for all files using certain file extensions and will use the command line RAR program to turn them into a password protected RAR archive. These files will be renamed with the .aes extension and are supposed encrypted with the AES encryption. You will then be prompted to pay a ransom in order to get the decryption key to restore your files. The decryption key starts with aes987156 and then the password for the RAR files is appended to it. The decrypt.exe program will read through the list of encrypted files and extract them to the proper location using the RAR password. In the past version of this malware, there have been some cases reported that the decrypt process actually deleted the files, so once you have the RAR password it is suggested that you use a manual method restore the files. A manual method using a batch file can be found in the How to remove and decrypt the ACCDFISA Protection Program guide.

The files that this infection installs can be found in the following locations:


... Read more

A:New ACCDFISA Protection Center ransomware called Malware Protection

Hello,

Thanks for all the tips. We have had a number of clients affected with both variants. All these clients had kaspersky installed! Does anyone know the source of these infections? Is it via email/web/RDP or manual?

Thanks
Nihar

more replies
Answer Match 54.18%

My System Restore never automatically creates daily restore points like XP does with those daily 'AM system checkpoint' restore points. So everyday I have to remember to manually create one myself

What do you guys think about this?

A:System Restore never creates 'am system checkpoint'

Hi, have you checked the setting in "Control Panel" just to make sure it is enabled for your OS drive?

9 more replies
Answer Match 54.18%

A Dutch company known as the Frame4 Group has created what's almost the computing equivalent of a Center for Disease Control lab. The Malware Distribution Project is, according to its own site, the "world's biggest private malware archive."
Don't jump to the conclusion that the project's run by a bunch of supervillains; the malware samples are supposed to be "offered for the purposes of analysis, testing and malware research."



Link -
Enormous Malware Archive Creates Stir

More replies
Answer Match 53.34%

http://www.eweek.com/article2/0,1895,1983037,00.asp
A security researcher with expertise in rootkits has built a working prototype of new technology that is capable of creating malware that remains "100 percent undetectable," even on Windows Vista x64 systems.

Joanna Rutkowska, a stealth malware researcher at Singapore-based IT security firm COSEINC, says the new Blue Pill concept uses AMD's SVM/Pacifica virtualization technology to create an ultra-thin hypervisor that takes complete control of the underlying operating system.
 

A:'Blue Pill' Prototype Creates 100% Undetectable Malware

Oh that's just great!!
 

1 more replies
Answer Match 53.34%

'Blue Pill' Prototype Creates 100% Undetectable MalwareBy Ryan NaraineJune 28, 2006 A security researcher with expertise in rootkits has built a working prototype of new technology that is capable of creating malware that remains "100 percent undetectable," even on Windows Vista x64 systems.Joanna Rutkowska, a stealth malware researcher at Singapore-based IT security firm COSEINC, says the new Blue Pill concept uses AMD's SVM/Pacifica virtualization technology to create an ultra-thin hypervisor that takes complete control of the underlying operating system.http://www.eweek.com/article2/0,1895,1983037,00.asp

A:Blue Pill' Prototype Creates 100% Undetectable Malware

Very very scary stuff, just how long will it be before the WORLD governments finally pull there fingers out and realise how big computer crime is. Computer crime should have the same sentence as bank roberry, at the end of the day, its a quick way to mug somebody, or even company and until the government gets serious,sadly this will continue even further.
We are all victims in our own homes

6 more replies
Answer Match 53.34%

  I am a bit unsure of difference between malware protection and anti-virus protection. I have Norton nis which is great for stopping Trojans. I have a company that works on my computer if I have a problem. They wanted me to put in a anti malware program. I have been having problems with computer lately, so I let them do this, could this cause a problem, because I know that you are not supposed to run 2 anti-virus programs?
          Anyone?

A:Difference between malware protection and virus protection

Anti-virus and anti-malware programs each perform different tasks as it relates to computer security and threat detection. Essentially, they look for and remove different types of malicious threats. In simplistic terms, an anti-virus program will focus on viruses, worms, Trojans, rootkis and bots while anti-malware programs generally tend to focus more on spyware, adware and PUPS (potentially unwanted programs)?. However, there can be some overlap in functionality and detection features depending on the program's scanning engine, how the vendor defines a specific threat and what Naming Standards are used. Some vendors also add a modifier or additional information after the name that further describes what type of malware it is.The Difference Between Antivirus and Anti-MalwareAntivirus and Antispyware Software: What's The Difference?What Is the Difference Between Antivirus & Antispyware?Use Anti-Virus and Anti-Spyware SoftwareTo fully understand the difference between Anti-virus and Anti-spyware (anti-malware) programs, you need to understand the difference between the various types of malware. Please read the Glossary of Malware Related Terms.

6 more replies
Answer Match 53.34%

Happy new year, all. I am helping a friend set up auto backups on a Toshiba Satellite laptop running Vista Home Premium. The backup is saved on a Seagate Expansion drive, 250 GB. The backup creates 24 .zip files. How can we confirm that the backup was successful and the docs readable? When we try to extract any of the backup files, Vista tries to open them using Word (can that be the right association?), which then advises that the backup files cannot be opened because there are problems with the contents in that "some parts are missing or invalid." I suspect that is because of the way backup files must be restored, in connection with the Catalog file created at the same time.

However, this doesn't inspire confidence. Is there a way to save the backup files in another format so that we can easily see that they are complete and readable? Or is there an application that can read the backup zip files and make that assessment for us? Other approaches?

Many thanks for all thoughts,
MAHoopes
 

More replies
Answer Match 53.34%

Is there an easy way to determine what files an installation has created ? More specifically i am interested in drivers that have been installed. I know i could do a 'before' and 'after' on various folders or i could turn on windows installer tracing but the product i'm interested in is ALREADY installed.

thanks for any help.

skint

A:How to determine files an install creates ?

  
Quote: Originally Posted by skint


Is there an easy way to determine what files an installation has created ? More specifically i am interested in drivers that have been installed. I know i could do a 'before' and 'after' on various folders or i could turn on windows installer tracing but the product i'm interested in is ALREADY installed.

thanks for any help.

skint


Sorry for the ubrupt answer, but No.

The only way would be to do a trace on Windows Installer (I'd like to know myself how to do that). If the product is already installed, then it can't be done.

EDIT:
If the installer is in the form of an MSI file, then you can try to use Orca, from the Microsoft platform SDK.

8 more replies
Answer Match 53.34%

Sometimes dm_log_collector.exe creates very tiny, apparently empty Zip files. Other times it seems to work fine. When it doesn't work properly, sometimes the source SFdebugFiles folder can be found either on the Desktop or in the Recycle Bin and a Zip file can be created manually. Other times, the SFdebugFiles folder is nowhere to be found and one has to run dm_log_collector.exe again and hope for the best.

No doubt the kind people who analyze the materials submitted in this forum are often busy with pressing personal and professional obligations and cannot immediately render assistance; however, if perchance my post at BSOD APC_INDEX_MISMATCH ntoskrnl.exe has slipped through the cracks, I'd like to bring it to someone's attention.

Thanks very much.

A:dm_log_collector.exe sometimes creates empty Zip files

Hi Animadversor ^_^,

Really sorry that your thread was not answered very quickly. We are shorthanded here and there are not many BSOD Analysts

We are aware of the problem with the DM Log Collector Tool and hence I have created a new utility to solve this, although it is still in BETA. You can find it in the below thread -
[BETA] BSOD Inspector

Feel free to test it and report back in case of any problems
-Pranav

1 more replies
Answer Match 53.34%

On a previous computer I had some encryption software I downloaded from Tucows which used the extension .fff for the encrypted files. I need to decrypt them now to a new computer, but I don't remember the name of the program. Do you have any ideas? Thanks a bunch. Dohn

A:What encryption program creates *.fff files?

There is no encryption software that comes up in Google: FFF File Extension - Open .FFF files

2 more replies
Answer Match 53.34%

THANK YOU TEAM!!!!DDS (Ver_10-10-10.03) - NTFS_AMD64 Run by burak at 16:44:43.23 on Tue 10/19/2010Internet Explorer: 8.0.7600.16385Microsoft Windows Server 2008 R2 Standard 6.1.7600.0.1252.1.1033.18.4094.2521 [GMT -5:00]============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k apphostC:\Program Files (x86)\FileZilla Server\FileZilla Server.exeC:\Windows\system32\svchost.exe -k ftpsvcC:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exec:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exeC:\PROGRA~2\Intuit\QUICKB~2.0\QBDBMgrN.exeC:\Windows\system32\svchost.exe -k regsvcC:\Windows\System3... Read more

A:Infected with something which creates tons of .exe files

Hello ch2163Welcome to BleepingComputer ==========================Download OTL to your desktop.Double click on OTL to run it.When the window appears, underneath Output at the top change it to Minimal Output.Under the Standard Registry box change it to All.Under Custom scan's and fixes section paste in the below in bold

netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
Check the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

1 more replies
Answer Match 52.92%

Thanks in advance to the BleepingComputer users for helping me and others with this malware/virus problem: On December 14, 2011, the System Fix Virus & Privacy Protection Virus hijacked and infected my system: WinXP (64-bit). They've caused my default web browser to change frequently (each time I reboot my PC). So I've been having trouble getting rid of all of this malware/viruses from my system, since I use Windows XP x64. The latest version(s) of ComboFix and TDSSKiller don't work on the 64-bit version of Windows XP, but they are compatible with other versions of Windows: 98, XP, VISTA, 2000, 2003, 2008 and Windows 7! The following programs were made for other operating systems, so I need a solution to these 3 problems (listed below)e: ComboFix.exe and TDSSKiller.exe are not compatible with my Windows XP 64-bit system. So how do I get rid of the malware/viruses from this computer without those apps that were made to get rid of the following problems on other Windows OS's?:1. System Fix Virus (reference: http://www.bleepingcomputer.com/forums/topic432547.html)2. Privacy Protection Virus (reference: http://www.bleepingcomputer.com/forums/topic432664.html)3. Google-Redirect Malware (reference: http://www.bleepingcomputer.com/forums/topic416561.html)

A:Infected WinXP 64-bit with "System Fix Virus" & "Privacy Protection Virus" (Malware)

That is coorect they will not.. If you need to remove malware stiil then please go here....Preparation Guide ,do steps 6 - 9.Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.If Gmer won't run,skip it and move on.Include a link back to this topic.Let me know if that went well.

1 more replies
Answer Match 52.92%

http://www.pcworld.com/article/260015/researcher_creates_proofofconcept_malware_that_infects_bios_network_cards.html>>>Rakshasa replaces the motherboard BIOS, but can also infect the PCI firmware of other peripheral devices like network cards or CD-ROMs, in order to achieve a high degree of redundancy.snipExistent computer architecture gives every peripheral device equal access to RAM (random access memory), Brossard said. "The CD-ROM drive can very well control the network card." This means that even if someone were to restore the original BIOS, rogue firmware located on the network card or the CD-ROM could be used to reflash the rogue one, Brossard said.The only way to get rid of the malware is to shut down the computer and manually reflash every peripheral, a method that is impractical for most users because it requires specialized equipment and advanced knowledge.Brossard created Rakshasa to prove that hardware backdooring is practical and can be done somewhere in the supply chain, before a computer is delivered to the end user. He pointed out that most computers, including Macs, come from China.<<<MODS: Please fix topic title s/b ReasearcherEdit: TY!

More replies
Answer Match 52.92%

Hi,
My laptops performance has taken a bit hit due to multiple pop ups that run invisibly in the background. I use Avast Anti virus and it is continuously trying to block these ads. The infections details according to Avast are:
URL: http://reannewscomm.com/ads.php?sid=1803
Infection: URL:Mal
Process: C:\Windows\explorer.exe

No matter how many scans I run I can't seem to find the files and delete them. I only see the pop-ups when I got to shut down my computer.
Any help greatly appreciated!
 
**
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-02-2016
Ran by Sam (administrator) on SAMANDKAT-TOSH (13-02-2016 18:28:09)
Running from C:\Users\Sam\Downloads
Loaded Profiles: Sam (Available Profiles: Sam)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Windows\System32\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
()... Read more

A:Infected with reannewscomm.com Malware - creates multiple invisible popups

Hello RiotAkt,
 
I'm Stan and I will be helping you for this problem.
 
First of all I want to clear some things about the malware removal process:
Do not run/install any tools on your own. This may affect the process of removal and may cause both slowdown and additional problems.
Read carefully the steps that I suggest you to do. Any mismatch will prolong this case.
Copy any scripts carefully so they stay exactly the same with the original. Otherwise the script may not work and we will need to rerun/recreate it.
Feel free to copy all the steps in offline environment. They may be easier to read and follow in this way.
Feel free to ask any questions about the malware removal process. I'm here to help you so nothing must be hidden or misunderstood.
Share with me any problems/changes you experience while working with the current system.
Please, do not use any quotes or code boxes when you post logs.
I want to inform you that I will be able to respond in the evenings - 07:00 P.M - 11:00 P.M. (UTC + 02:00) - since I'm working during most of the daytime. If I haven't posted anything for 48 hours straight, please, feel free to send me a personal message. I will bump the topic if there is no response from you for 3 days. After 5 days of inactivity, the topic will be closed.
 
I want to inform you that I'm still in my training program so my posts must be reviewed by an instructor. This may lead to a slight delay in my an... Read more

5 more replies
Answer Match 52.5%

I am using Windows XP and I recently had a problem with the user account causing problems when I renamed a folder. It would create a 0 byte file with no extension with the name of the previous folder name. Since this was only happening on the user account and not on the C drive, I rebuilt the administrator login and it was fine. The it happened again so I rebuilt the account again. ( I am considering a new hard drive but I don't know if that is the problem).

My other problem now is when I was cutting and copying and pasting files from one window to another very quickly. I had cut or copied some jpgs and noticed that they were left in the original folder still. I accidentally double clicked one and the jpg wouldn't display in the viewer. In file properties it said 0 bytes. Was it because I was going too fast? I am not sure if the file was left from a cut or a copy as I was going so fast. Or is my Windows corrupt? There was a thumbnail file I left in the folder but that should not cause a problem. I didn't rename the folder to a longer path. (I have had experience with that causing a file management problem before. That was not the problem here). There was no problem deleting the files and folders.

I am going to try to recreate the problem tomorrow when I have some free time to test it.

Was I going too fast? Or is my User account corrupt again? Do I need a new hard drive? Any help is greatly appreciated. Thanks in advance, Zooks
 

A:Cut copy paste creates 0 byte files

11 more replies
Answer Match 52.5%

We have Excel 97 running on a Win95 PC. When we use Excel file/open to open a spreadsheet it also creates a shortcut to the file. This appears to happen with files that are named as the following.

CTAXCASH.XLS OR NNDRCASH.XLS

If you change the filenames to the following all is ok.

C Tax Cash.xls or NNDR Cash.xls

Has anybody got any ideas as to what is happening. Is it something to do with the 8.3 file format.
 

More replies
Answer Match 52.08%

Hi All,I got the System Integrity Scan Wizard and Security System Warning popups the last few days. I've done the Safeboot and scan with Norton with no viruses so it's clearly the nuisance thing that many others have been plagued with.I run both the SmitfraudFix.exe and ComboFix.exe programs. Here are the resulting log files.Any ideas of how to remove these popups is welcome.Thanks,DannySmitfraudFix.exe----------------------SmitFraudFix v2.309Scan done at 13:55:45.03, Mon 03/31/2008Run from C:\temp\SmitfraudFixOS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in normal mode???????????????????????? ProcessC:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\WINDOWS\system32\crypserv.exeC:\Program Files\Cisco Systems\VPN Client\cvpnd.exeC:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exeC:\WINDOWS\system32\DVDRAMSV.exeC:\Program Files\Googl... Read more

A:System Integrity Scan Wizard And Security System Warning Malware Problems

Hello and welcome to the forumsMy name is Katana and I will be helping you to remove any infection(s) that you may have.Please observe these rules while we work:1. If you don't know, stop and ask! Don't keep going on.2. Please reply to this thread. Do not start a new topic.3. Please continue to respond until I give you the "All Clear" (Just because you can't see a problem doesn't mean it isn't there)If you can do those three things, everything should go smoothly :D I apologize for the delay in responding, but as you can probably see the forums are quite busyUnfortunately there are far more people needing help than there are helpers.If you still require help, please can you do the followingClick here to download HJTinstall.exeSave HJTinstall.exe to your desktop.Double click on the HJTinstall.exe icon on your desktop.By default it will install to C:\\Program Files\\Trend Micro\\Hijack This.Click I acceptClick on the Do a system scan and save a log file button. It will scan and then ask you to save the log.Click Save to save the log file and then the log will open in notepad.Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.Come back here to this thread and Paste the log in your next reply.DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.Installed ProgramsPlease could you give me a list of the programs that are in... Read more

1 more replies
Answer Match 52.08%

Having used a freecom external harddrive for over 6 months with no problems - it has suddenly started converting picture files to PMS files - which are unreadable on either my laptop or PC (Both running on XP). the files still say they are JPEG but have the extra PMS extension. The unwanted conversion happens when we view on the laptop which is where the files were originally copied from. However this is did not happen when i first started to use it. Looking for suggestions of how to a) reconvert my image files and b) stop it happening again. Would be grateful for any help.
 

A:Freecom External harddrive creates unwanted PMS files

PMS files are Personal Media Suite files which are used by software provided by Freecom. Do you have any Freecom software installed?
 

3 more replies
Answer Match 52.08%

Something very strange has started happening in Windows Explorer. When I cut and paste image files into different folders, it does copy everything but for some reason, a few tmp files are being created as well. Every time I copy stuff, I have to delete about 5-6 of them.

Does anyone have any ideas as to why this is happening? It's started in the past few months and I've been hoping it would stop but it hasn't.

A:Cutting and pasting in Windows Explorer creates TMP files

Its third-party software. Something you have installed...what I cannot say from such limited information.

1 more replies
Answer Match 52.08%

Hello I ve been having some problems with a trojan/virus. Something is creating *****.exe files in e:\windows\temp The files look like this:
OE434REF.EXE
8C185D4D.EXE
0EAED637.EXE
E5BBBD6.EXE
and the list goes on with random numbers and letters. All these files try to execute but the firewall stops them. If I erase them, they get generated again after some time. I run hijackthis and here is the result

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:17:10 AM, on 1/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
e:\AppServ\Apache2.2\bin\httpd.exe
E:\Program Files\ESET\ESET Smart Security\ekrn.exe
E:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
E:\Program Files\Alias\Maya6.5\docs\wrapper.exe
E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
E:\AppServ\Apache2.2\bin\httpd.exe
E:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
e:\AppServ\MySQL\bin\mysqld-nt.exe
E:\Program Files\Alias\Maya6.5\docs\jre\bin\java.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\Program Files\CyberLink\Shared files\RichVideo.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
E:\WINDOWS\Explorer.EXE
E:... Read more

More replies
Answer Match 52.08%

Respected members and moderators,
 
I am completely puzzled with this infection. I am using Windows 7 ultimate with zonealarm antivirus + Firewall. Before couple of days, I have noticed that, my mouse point suddenly getting stucked. After little investigation - I found some files created in my public folder. the (exe file) use the same name of the folder. Like - public.exe, Public Videos.exe, Public Recorded TV.exe. The location is - C:\USERS\PUBLIC. the virus creates exe files inside all the subfolders. I have tried - TDSKillar, KVRT and rkill but no luck. Avira can only delete the visrus but after sometimes - they appers again!
 
Please help.
 
Thanks & Best Regards

A:Trojan Creates files in Public folder randomly

Welcome to BC !
 
See what the scans below can find.
 
Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the
Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.
After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.
CCleaner - PC Optimization and Cleaning - Free Download
 
Download Malwarebytes' Anti-Malware from Here
Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
When MBAM is finished scanning it will display a screen that displays any malware that it has detected.
Click the Remove Selected button.
MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the ... Read more

10 more replies
Answer Match 52.08%

Runing XP Home SP2 on AMD ATHLON 1600 MHZ Processor. Things work fine for awhile but all of a sudden the Logitech LX3 Optical Mouse's light goes out and I lose cursor control. Is there a way out of this other than a reboot? This has been happening for a long time. No resent changes. I use several spyware detection removal programs. The system looks clean.

A:Curser Lost Creates System Hang

I assume you have tried other mouses?
Is it a wireless mouse?

3 more replies
Answer Match 52.08%

When I open the Font folder, the system lags, CPU usage hitting max, and the system becoming totally unresponsive. Installing is impossible.

Is it a corrupted font or error in the system?

A:Font folder creates system crash

Sounds like some fonts are damaged. I would check http://www.adobe.com/support/techdocs/328607.html and http://support.microsoft.com/kb/q133725/ first.

3 more replies
Answer Match 51.66%

Hello
I used the tool from bleeping to uninstall AVAST but i see the avast icon is still on the windows file program I have uninstalled it 2 times in safe mode and have dragged the icon to delete it but still there.  any suggestions.   Thanks for reading.  From Gina

A:uninstall protection

What happens if you just right-click on it and choose delete?Anything in the All Programs Menu is a short-cut. Sometimes uninstallers and removal tools don't also remove them.

2 more replies
Answer Match 51.66%

My computer was recently infected with spyware and I used spysweeper to clean my system. I still have an ie7 add-on called "Protection Bar" that I would like to uninstall. I can't figure out how to do that.
 

A:How do I uninstall protection bar add-on

internet options,manage add ons,disable active x or tool bars,try tool bar cop thats good
http://windowsxp.mvps.org/toolbarcop.htm
 

2 more replies
Answer Match 51.66%

Hi, I was checking my friend's PC for spyware, because he told he couldn't see some websites, and found out that it was actually a web sedurity software the one blocking the access. It's called Blu Coat's k9 web protection.
I already tried uninstalling it with the Add/Remove from windows and with ccleaner but it needs a password to uninstall.
He doesn't even know who installed it in the first place so there's no way to find out the password.
Can anyone help me remove this thing?
thanks for your help
 

A:k9 web protection uninstall

Sorry to say you probably will not be able to get any assistance with k9 removal here at TSG ...

http://forums.techguy.org/web-email/650637-got-used-laptop-k9-web.html
 

2 more replies
Answer Match 51.66%

Hello

Windows Vista Home Premium Addition.

I was having a virus which shows a blank screen after we do winlogin as it was activating a ~.exe files and CTRL ALT DEL and was not working. Fixed the problem by deleting the files and updatign the registry entry.

New problem started after this now can login to computer and it gets slower after sometime.

Registry editing is disabled by adminstrator
Task Manger is is disabled by adminstrator

using the option F8 can enter the system and modify the registry entries but they are restored back to old after the next restart.

Tried to restore the system to previous points but after the process get error exception problem and the things are not restored to any previous points.

Found that after winlogin is done there are 2 exe files are created in directory username\appdata\temp and they are loaded in memory also. There are 3 temp files associated with it also in same directory.

It has also made appdata as hidden directory.

If we delete these files in next reboot they are created with new names and loaded to memory.


Which virus is causing this please help.



Thanks

A:Virus creates Exe files with new names in appdata\Temp directory

Hello dinku Welcome to TSF.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html
After running through all the steps, you shall have a proper set of logs. Please post them in a new topic,
as this one will be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

1 more replies
Answer Match 51.24%

__________________________

All of a sudden, can hardly use my HP Mini 1100. Seems like everything is freezing up and slow as a tax refund check.

I ran DDS, but can't attach the files because the HP Mini won't recognize USB drives. (I'm using another computer to post this thread). GMER would not open. Can't save a file to the folder of choice.

Ran Advanced System Care just before all this happened and it said no problems. Ran SuperAntiSpyware and have Norton 360 running, no problems detected.

Won't restart or shutdown. Have had to cold boot a few times eek! but what else to do?

I run Firefox 3.6.11, have 1 GB ram, Windows XP Home SP3, and wish I could post more info, but I can barely access anything.

Any ideas anyone?

A:Freeze problems, can't uninstall programs, can't add attachments, can't open System Restore Point

Hello,Now that you have posted a topic posted here: http://www.bleepingcomputer.com/forums/topic354846.html you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.Please be patient. It may take several days to get a response but your... Read more

1 more replies
Answer Match 51.24%

____________________________

Posted this in Windows XP but realized that maybe this is where it should be. ?

____

All of a sudden, can hardly use my HP Mini 1100. Seems like everything is freezing up and slow as a tax refund check.

I ran DDS, but can't attach the files because the HP Mini won't recognize USB drives. (I'm using another computer to post this thread). GMER would not open. Can't save a file to the folder of choice.

Ran Advanced System Care just before all this happened and it said no problems. Ran SuperAntiSpyware and have Norton 360 running, no problems detected.

Won't restart or shutdown. Have had to cold boot a few times eek! but what else to do?

I run Firefox 3.6.11, have 1 GB ram, Windows XP Home SP3, and wish I could post more info, but I can barely access anything.

Any ideas anyone?

A:Freeze problems, can't uninstall programs, can't add attachments, can't open System Restore Point

Hello MeekookWelcome to BleepingComputer ==========================Do you still need assistance with this?

41 more replies
Answer Match 51.24%

I've been beating my head against this one for the better part of a day now. I have the well known "System Alert!" in my Taskbar that leads to an Antivermins popup window. The problem is that every thing I have seen for AntiVermins removal does not function on this little bastard. He just simple refuses to be seen and to go away. Any help would be greatly appriciated!!Thank you.Logfile of HijackThis v1.99.1Scan saved at 7:14:27 AM, on 12/18/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0011)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\arservice.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\dllhost.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\... Read more

A:Taskbar 'system Alert!' Creates Antivermins Popup

Click here to download SmitfraudFix (by S!Ri). Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.Open the SmitfraudFix folder and double-click smitfraudfix.cmdSelect option #1 - Search by typing 1 and press EnterThis program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log in your next reply.Please do not run any other options until you are asked to do so.

7 more replies
Answer Match 51.24%

Hi,
I'm not sure this is the right place to ask this q. I have an Acer TravelMate 5720 with windows 7 ultimate on it. I have no idea what happened but one day I was browsing and watching a promotional video on a website when the screen froze and I got white lines accross it. The problem seemed to happen every time I restarted the cpu. No idea what could have caused it. Everything was working fine prior. Then, after a few restarts/refreezes, I kept on getting startup errors and windows refused to start.
This was in April. I haven't touched the computer since then because it seemed dead. Now, a few months later, I decided to turn it on and low and behold, it started up fine, until it got to windows where it said logging on and then gave me a blank screen. I then restarted with wifi off and it works, I'm using it right now in fact.
My question is, how can I know this won't happen again? are there any tests to run to see if there's something inherently wrong with my computer? I'd love it if someone could help. I posted in the malware forum before and got great results, so I have great faith in this forum Any help much appreciated.
 

A:Screen freezes - then creates more problems

Strange that the problem seems to have disappeared after you disabled wifi.

I'm afraid I can't offer you much help when it comes to finding out whether the problem will happen again. I'd do a chkdsk scan and maybe even run Memtest86+ just to make sure that the problem isn't caused by a failing HDD or bad RAM.

I 'd also suggest you update your drivers and and scan for malware. Did you attempt a startup repair when the problem first cropped up? If you do encounter the problem again, see if you can start your system in safe mode. Or you can also disable all non-Microsoft services using the msconfig route to see whether that makes a difference. It does sound like a driver or software issue, though I can't be sure. Any abnormal beeping at boot?

I'm sorry I couldn't be of more help to you. I'd stick around and wait for the advice of the more tech savvy members.
 

12 more replies
Answer Match 50.82%

Hi,I'm new to this forum, so bear with me please.The pc has been infected with "Protection Center". Description of what "Protection Center" does : Protection Center Antispyware cntprot.exeBTW, is this website above a part of the "problem"? They offer a solution, but I do not trust it.What I already did:Scan with MalwareBytes' AntiMalware in safe en normal mode en removed evrything it found.Did a Kaspersky Online scan and removed everything it found.When I scan with MalwareBytes' AntiMalware now it does not find any infections. But when I want to install AVG 9 Free it says "Protection Center" must be removed first. This makes me worry. I did click on the "Ignore" button and installed AVG 9 Free. Scanned the whole computer and found no infections.How can I make sure "Protection Center" is properly removed?Best Regards,Johan

A:How do I UNinstall "Protection Center"?

Hello and welcome...Please run these,post logs and tell me how iy's running after.>>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
If nothing happens or if the tool does not run, please let me know in your next replyDo not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.Next run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".From your regular user account..Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..DO NOT run yet.Open SUP... Read more

3 more replies
Answer Match 50.82%

.
I am getting a lot of pop ups telling me my computer is infected and it will not stop. I was told that "system progressive Security" was a very bad one "malware" I seriously need help fixing it bcz I don't have $100 that everyone is asking

Thank you,
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 2/6/2012 8:29:09 PM
System Uptime: 10/12/2012 9:19:07 PM (0 hours ago)
.
Motherboard: eMachines | | EL1358G
Processor: AMD Athlon(tm) II X2 220 Processor | CPU 1 | 2812/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 912 GiB total, 855.3 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
==== System Restore Points ===================
.
RP54: 8/7/2012 5:02:15 AM - Windows Update
RP55: 8/14/2012 5:02:17 AM - Windows Update
RP56: 8/15/2012 3:00:11 AM - Windows Update
RP57: 8/16/2012 3:00:12 AM - Windows Update
RP58: 8/21/2012 5:20:58 AM - Windows Update
RP59: 10/10/2012 5:58:01 PM - Windows Update
RP60: 10/10/2012 6:10:31 PM - Installed VIPdesk Scan Utility
RP61: 10/11/2012 3:00:13 AM - Windows Update
RP62: 10/11/2012 9:26:06 AM - Installed J2SE Runtime Environment 5.0 Update 17
RP63: 1... Read more

A:"system progressive security"

12 more replies
Answer Match 50.82%

Hello, and happy new year! It's been a while since I have been engaged on the site. My question is: What virus that is current that will create system folders and affect audio online like on youtube?

Items noticed and steps taken. Window XP system

Apparently there is a file that appears as a .txt file located in the Administrator user menu (noticed this from safemode) the file in question is epor.exe (under startmenu). If you try and disable from msconfig, it will populate another command to handicap the system. Can't find the epor.exe file in the registry. I couldn't delete this file for nothing. out of curiosity, I clicked on the file to see what content were listed. The file created another system folder. The user name will not be listed in your main users, but will create a system folder/user within the documents and setting's folder.

Steps taken. Removing files from registry, logged in safemode,command prompt and attempted to force remove the directory using rd /S. I attempted attrib commands to change the folder permissions. I've used killbox to delete directory on reboot changing from process to system, as the option type to delete. Used combofix. Combofix detects a rootkit. Smitfraud keeps decting and removing, suspect replication. AVG detect virus as well. I attempted to handicap the files by renaming or removing from registry to no avail.; this virus is constantly attaching itself and replicating. Customer attempts to inst... Read more

A:What virus creates system folders and affect sound and youtube?

Hello,Please follow the instructions in ==>This Guide<== starting at step 6.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Since you have run ComboFix, please include the ComboFix log in the new topic. Please be sure to include a description of your computer issues and what you have done to try to resolve them.If you cannot produce any of the other logs, then please create the new topic anyway, include the information that you were unable to produce the other logs and why and include the ComboFix log along with a description of your computer issues.Orange Blossom

1 more replies
Answer Match 50.82%

On Sunday May 25, I ran Live Update under SystemWorks 2003. Four modules were downloaded -- two virus updates, and two updates to Norton AntiVirus. Since then, on two separate computers:

1. Each time I boot up, shortly after the deskop appears, a dial-up window appears. I can click on cancel to get rid of it, but it is a pain.

2. Norton Auto-Protect icon does not appear in the system tray for several minutes. In the interim, it is difficult to start other apps. When I look at running apps (CTRL-ALT-DEL), Norton's Ccapp is often listed as "not responding".

Symantec advises "uninstalling and reinstalling Windows 98SE every 9 months or so" as the cure. Anybody else having these problems? If it was only one computer, I could accept some responsibility, but since identical symptoms appear on two computers -- both of which were fine before Live Update -- I've got to think others might be affected as well.
 

More replies
Answer Match 50.82%

The error 0x800CCC7D message came up in my Outlook out of the blue when trying to send messages. Receiving messages worked fine. Tried rebooting and sending messages.. that worked the first time but now the error message is back.
I tried unchecking the box " this server requires a secure connection (SSL) in the outgoing box only. I was able to receive mail but not send it . I get a message that my message could not be sent because the server rejected the senders email address. .........error number 0x800ccc78
....but the address rejected is correct.
I have recently done virus and spyware scans using avast antivirus, spybot search & destroy and Superanti spyware programs.
This problem has popped up unexpectedly in the past but usually resolves itself by rebooting.
Any ideas?
ps. I have three email addresses and this happens with all of them
 

A:outlook problems error fix creates another problem

9 more replies
Answer Match 50.4%

What exactly creates CBS and CbsPersist_20160216121732.cab files on Windows 7 and is it safe to empty this folder and what causes to quickly fillup again?

More replies
Answer Match 50.4%

Hi Guys! 
so i have a dell xps 9550, and i downloaded dell data protection, was about 500mb!i install it, but now i would like to uninstall it, it is not in control panel, so i need another way!can anyone helpme please? im really gonna apreciate it!

More replies
Answer Match 50.4%

I have been infected by Search Protection by Spigot, Inc. and cannot remove the program.
 
I have Windows 7 and attempted removal in the "Uninstall or change a program" module but I receive an error "NSIS Error" with a message "Error launching installer."
 
I currently have no symptoms (slow computer, hijacking, changing search engines, etc.) that I notice. A few days ago, I did have my default search engine switched to Yahoo in Firefox, and earlier today noticed the Lucky Leap Add-In, but I deleted the Yahoo search engine and the Lucky Leap Add-In. Additionally, I uninstalled Lucky Leap from the "Uninstall" module in Windows 7.
 
I know there are probably some things left behind.
 
Please let me know what you think I should do.
 
Best regards!

More replies
Answer Match 50.4%

Uninstall AOL SPYWARE PROTECTION - I have beenadvised to uninstallthe programme. I have found in in my programme files and need to download my spyware from bullguard which I use at the moment.
 

A:Solved: How do I Uninstall AOL SPYWARE PROTECTION

Follow the directions here: http://info.aol.co.uk/help/asp/uninstall_asp.html That should do it for you.
 

2 more replies
Answer Match 50.4%

I cannot uninstall my virus protection or install a new one. I am running Windows 7. What's up with that? Do I possibly have a virus?

A:uninstall and install virus protection

The trick is to ensure that the real time monitoring has been stopped before uninstalling. Otherwise, in most cases the suppliers have their own uninstall file on their websites for download and use.You haven't said which virus protection you are using so it is not easy to do more than generalise.Always pop back and let us know the outcome - thanks

4 more replies
Answer Match 50.4%

Should this be posted in Installation & Setup or Performance & Maintenance?

Scenario:
Hard drive in 2009 Satellite P500 series notebook, Windows 7 Home Premium X64, is pre-Advanced Format Drive.
The 2008, 500 GB Hard drive failed with SMART warning at every boot. (Pre-Advanced Format Drive)

Replace with new 500 GB HDD (AFD) Advanced format.
Repair with Toshiba supplied 3 Disc set
"Recovery Media Satellite P500 series"...
Boot okay, no network, Device Mgr shows 6 yellow exclamation marks, but properties all show "The device is working properly". Download latest drivers and install... no change in symptoms.
Scrounge up another 2008 (320 GB) Hard drive, and the Recovery Media installs fine.
System boots and everything is working great.Image Backup with three different programs, (PQ Drive Image (GHOST), Acronis, [email protected] Image)Restore to new 500 GB (AFD) hard drive
Continue to configure and customize system, and install all the latest updates.

Install again, the new AFD hard drive into computer.

Machine seems okay.. Use it for a couple days...
Discover that Windows Update does not work. Says service is not running... but it is. I spent most of a day trying to resolve... can't fix it.
Download an install a stand-alone fix does not work either.

And it now reports "NOT GENUINE"
Also I discovered a lot of repetitive errors in Event Log, one of which is Cryptographic Services failed, error 583.
Another on Windows Search ... Read more

A:Recovery Media to Advance Format Drive creates unusable system

Good information here that may help: How to Re-install an Operating System on an Advanced Format Hard Drive for Home Users

1 more replies