Tech Problem Aggregator

Infected with Rootkit.0Access.H and IE closes immediately when opened

Q: Infected with Rootkit.0Access.H and IE closes immediately when opened

Hello Forummates,

Im glad I googled and found this forum. Please pardon me for any mistake I make, I am a newbie and am trying to post in this forum precisely as per your guidelines. I apoligise if I inadvertantly make any mistakes. I need help

Initial symptoms - It started around March 29th. PC kept restarting. It restarted about 3-4 times in 1 day.
Further symptom - IE would not open, Computer got really sluggish. Opening a folder would take about 15-20 seconds!!
Then I Ran Malwarebytes - It found the following viruses. After running Mbytes, IE does open the homepage, but when typed any URL it immediately closes.

Malwarebytes Files Detected: 7
C:\Documents and Settings\2ndPC\Local Settings\Temp\Addons\00C94A8D\zugo.exe (PUP.Zugo) -> No action taken.
C:\WINDOWS\system32\beatjamupnpmusicserver.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NEUSBw32.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\Microsoft\sp.DLL (TrojanProxy.Agent) -> Delete on reboot.
C:\WINDOWS\system32\PID_PEPI.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TdmService.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\0.8594643604432864h7i.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.
DDS
I tried to Run DDS, but instead of the normal 3 minutes, did not see the text window popup even after 1 hour of scanning. The black DOS window has ####### and a blinking cursor.

So I moved on to GMER. I was not able to save the file in GMER (no dialog box popped up), so instead I copied it using the COPY button and am pasting it below

GMER LOG

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-04 00:01:48
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort2 ST380815AS rev.4.ADA
Running: lmw6k30t.exe; Driver: C:\DOCUME~1\2ndPC\LOCALS~1\Temp\pxtdypog.sys
---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\drivers\Senfilt.sys entry point in "init" section [0xA2C5CA00]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[2940] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 00C3E5E8 C:\Documents and Settings\2ndPC\Application Data\Remote\dllx4.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2940] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2940] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2940] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 00C3E432 C:\Documents and Settings\2ndPC\Application Data\Remote\dllx4.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2940] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2940] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2940] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2940] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2940] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2940] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2940] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2940] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E5717 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2940] WININET.dll!InternetCloseHandle 3D949098 5 Bytes JMP 00C38B07 C:\Documents and Settings\2ndPC\Application Data\Remote\dllx4.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2940] WININET.dll!InternetSetStatusCallback 3D95DCF0 5 Bytes JMP 00C37FDF C:\Documents and Settings\2ndPC\Application Data\Remote\dllx4.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2940] WININET.dll!InternetWriteFile 3D9A610E 5 Bytes JMP 00C38E98 C:\Documents and Settings\2ndPC\Application Data\Remote\dllx4.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2940] WININET.dll!HttpSendRequestExW 3D9BA72B 5 Bytes JMP 00C38DB9 C:\Documents and Settings\2ndPC\Application Data\Remote\dllx4.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3520] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 00A3E5E8 C:\Documents and Settings\2ndPC\Application Data\Remote\dllx4.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3520] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3520] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3520] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 00A3E432 C:\Documents and Settings\2ndPC\Application Data\Remote\dllx4.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3520] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3520] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3520] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3520] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3520] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3520] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3520] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3520] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E5717 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3520] WININET.dll!InternetCloseHandle 3D949098 5 Bytes JMP 00A38B07 C:\Documents and Settings\2ndPC\Application Data\Remote\dllx4.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3520] WININET.dll!InternetSetStatusCallback 3D95DCF0 5 Bytes JMP 00A37FDF C:\Documents and Settings\2ndPC\Application Data\Remote\dllx4.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3520] WININET.dll!InternetWriteFile 3D9A610E 5 Bytes JMP 00A38E98 C:\Documents and Settings\2ndPC\Application Data\Remote\dllx4.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3520] WININET.dll!HttpSendRequestExW 3D9BA72B 5 Bytes JMP 00A38DB9 C:\Documents and Settings\2ndPC\Application Data\Remote\dllx4.dll

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

A: Infected with Rootkit.0Access.H and IE closes immediately when opened

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/448786 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
Please do this even if you have previously posted logs for us.If you were unable to produce the logs originally please try once more.If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system. If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available. Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.Thank you for your patience, and again sorry for the delay.*************************************************** We need to see some information about what is happening in your machine. Please perform the following scan again: Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.DDS.scr DDS.pifDouble click on the DDS icon, allow it to run. A small box will open, with an explanation about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that pop up for posting the results. Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE We also need a new log from the GMER anti-rootkit Scanner. Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log. Please first disable any CD emulation programs using the steps found in this topic: Why we request you disable CD Emulation when receiving Malware Removal Advice Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here: How to create a GMER logAs I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

5 more replies
Answer Match 95.76%

I have downloaded IE11 directly from Download IE Here Before that though I tried getting IE9, 10 and 11 through the Windows Update process. IE8 works on my laptop but I cannot get Direct x to function properly on http://www.moac.microsoftlabsonline.com I have tried uninstalling and reinstalling via the "Turn Windows features on or off" section of the control panel. Also reset IE through the control panel. Followed the instructions from this page as well. Internet Explorer opens, flashes, and then closes immediately when you start it Here is the link to the thread that suggested I seek help here.

Other browser (Firefox) works fine. I rarely use IE and only need it now to do the lab work for the 2 MOAC courses I am taking.

dds log:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17126
Run by JohnnyD at 0:55:48 on 2014-07-03
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2942.1807 [GMT -4:00]
.
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServic... Read more

A:IE 11 - When opened, immediately closes

jdougs,

Hi and welcome to TSF.

I am currently reviewing your logs. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please be patient with me during this time.

19 more replies
Answer Match 95.76%

I am having the same problem. I have tired resetting, I ran sfc and no issues were found. I have tried uninstalling/reinstalling. Also tried the tweaks from majorgeeks.com. I have tried IE9 via update and IE11 via update and also from downloading. Also I just finished a clean install on a tower and have the exact same issues there. I am desperate here. I need IE to complete MOAC labs. Both machines are running Win7 64bit. Laptop has Home Premium and the new tower is Pro. Both machines have the OS on one partition with registry point program files to a second partition.

A:IE 11 - When opened, immediately closes

Moved to a thread of your own, please do not hijack another thread, making one of your own will get you help specific to your issue.
Do you have any other issues, where did you get the copies of windows that are installed, have you tried running a startup repair. What about other browsers do they have the same problem.

19 more replies
Answer Match 95.34%

Oy, these cyber hackers are driving us CRAZY.

Here is my HiJackThis log. Every time I load IE, it comes up for a sec. or 2, then closes. Any help would be greatly appreciated. I can use any other internet browser fine.

Thanks in advance.

- Ray
Logfile of HijackThis v1.99.1
Scan saved at 9:44:36 PM, on 9/21/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\System32\Grxp4exe.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Ray\Desktop\HijackThis.exe

R1 - HKCU\Softwar... Read more

A:IE closes immediately closes when opened.

11 more replies
Answer Match 94.92%

I'll start with my current setup:

I'm running Win 7 Pro 64 on a Dual HDD setup, 120GB SSD/1.5TB Spinning. I have installed Windows on the SSD and I have set the Registry to expect Program Files and Program Files (x86) in the D drive.

So far, so good, except IE will not start. It flashes on the screen and immediately closes. It's getting frustrating. I've tried the Microsoft solution, and even re-registered all the .dll's for IE.

At this point, I have no idea what to do next. Anyone have any thoughts or suggestions? I would really prefer not to set Program Files and (x86) back to C drive, but I might have to if I want IE to run. And yes, I run a different browser primarily, I'd just like to know IE is functioning.

A:[SOLVED] IE 11 - When opened, immediately closes

Can you boot IE in Safe mode?

Have you tired to reset IE via Control Panel?

Internet Explorer: How to reset your settings - Lansing Computers | Examiner.com

12 more replies
Answer Match 85.26%

I started to have my web browser redirect to various spam pages. Microsoft security essentials was killed and I cannot start the service. Any help would be appreciated.

Thanks,
Adam

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by aeglap at 21:29:20 on 2012-08-13
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4022.2341 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:&... Read more

A:Malwarebytes reports Trojan.Dropper.BCMiner, Rootkit.0Access, and Rootkit.0Access

Please close this thread. I was planning on buying a SSD drive in the near future so I just moved it up.

Thanks,
Adam

3 more replies
Answer Match 83.16%

Good Evening,

The problem started happening yesterday an employee came to me saying that eset was deleting his files off the network share which is connected to the server on a seperate partition. When I looked on his computer all the .docx files were changed over to .exe files eset keeps saying the files are infected with a w32/Pronny.JG.worm. I immediatly disconnected access to the network shares by disconnecting them. After network shares were disconnected I ran a scan with malwarebytes I can post the log file if you would like it found Trojan.ZbotR.Gen, Trojan.0Access, Rootkit.0Access, a lot of the files were loaded in the user directory of the employee they said 2pom/exe, passwords.exe, pron.exe, runme.exe, secret.exe, sexy.exe. I removed all files rebooted. Computer came up everything looked good check taskmgr there were still items running in the process I believe I check msconfig items were still checked. Unchecked all the items. Ran combofix I can post the log file later as well if you request it. Computer rebooted seemed like everything was working fine nice and fast nothing running in the background nothing in the user folder. Plugged setup map drive to network share same exact problem same exact files infected. Well by this time it was late in the evening went to sleep thinking the issue was isolated and only one pc was infected. After 9:30 this morning 2 more pcs became infected from access the network share. I think I'm getting out of my expertise in dealin... Read more

A:Infected With Trojan.ZbotR.Gen, Trojan.0Access, Rootkit.0Access

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/478489 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

2 more replies
Answer Match 81.9%

My father ran the Malwarebytes Anti-Malware and found 3 viruses on my computer. Trojan.Dropper.BCMiner, Rootkit.0Access and a Rootkit.0Access.64 I need help removing them and I am not computer smart. Here is a DDS log

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_35
Run by Laura at 19:02:33 on 2012-10-12
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3996.2039 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\PROGRA~2\AVG\AVG10\avgrsa.exe
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\STacSV64.exe
C:\windows\system32\svchost.exe -k LocalService
C: ... Read more

A:Trojan.Dropper.BCMiner, Rootkit.0Access, Rootkit.0Access.64

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top o... Read more

3 more replies
Answer Match 80.64%

Well, I'm sitting pretty on a rootkit and MBAM isn't having any luck, and since most Google searches resulting me being more confused than before (ran into a guide asking me to delete sys32). I'm currently in safe mode with networking, where to go from here?

Thanks in advance!

A:Infected with rootkit.0access

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results hereDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

39 more replies
Answer Match 80.64%

My PC was infected with a zero access rootkit before, along with Trojan.dropper.BCminer, and I think it may still be infected. Whenever I try to change the settings for Windows Firewall I get Error Code 0x80070424.
My other topic here: http://www.bleepingcomputer.com/forums/topic462401.html

DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Penguin at 17:32:38 on 2012-07-25
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.16291.9946 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\system32\svchost.exe -k NetworkS... Read more

A:I think my PC is infected with Rootkit.0access

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

16 more replies
Answer Match 80.64%

Hello,

First off, thanks for any help you can provide in this matter. When I booted up my computer today, I noticed that some services (XP Security Center for example) failed to start. I then ran a quick scan in MalwareBytes and it reported a DLL (C:\WINDOWS\system32\smstsmgr.dll) as being infected with RootKit.0Access.H. Re-booting did not clean up the problem. After researching this some on the internet, it seemed severe enough to warrant the help of someone with greater knowledge in this area.

I followed along with the Preparation Guide and have generated the desired log files.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Run by John at 3:31:44 on 2012-03-18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2045.1223 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Apache2.2\bin\... Read more

A:Infected with Rootkit.0access.h

Hello and Welcome to Bleeping Computer!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us1.Do not run any other tool untill instructed to do so!doing so will only at best cause you unneeded worry as it finds our backups and may even list our toolsand at worst can cause conficts with our tools and lead to unforseen things to happen2.Please Do not Attach logs or put in code boxes.besides the time it takes me to open the reports it makes it harder to find something if I need to go back to do more research and putting them in code boxes just makes them so hard to read3. After each step give me a little feedback It does not need to be long but just something so I know how things are going it can be something likeI am still getting redirectedThe computer is running as it shouldDon't put things like - it is the same as before or still the same this just makes me go back and look for you last feedback as to how things are4. read every post completely before doing anythingPay special attention to the Notes** I have put inThese are things I have found that happen allot and can be taken care of easily just by reading the Notes**Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Plea... Read more

5 more replies
Answer Match 80.64%

Hello, today I decided to launch my copy of "Splinter Cell", a 3rd person stealth game. I then realized the game long ago came with an extra map pack. I then tried to find the map pack off the web in hopes of an uploaded one. The map pack is pretty hard to find since "Splinter Cell" is a 2003 game. Not all copies came with the map pack.

Either way, I rushed and didn't scan the file I found. It's only after I clicked .exe file when I realized something is wrong. I then scanned the file and realized it was a rootkit.

Okeydokey, I am wondering if you guys can reverse engineer this file. See what it even does:
http://www.2shared.com/file/jKRnQuvk/PC_Splinter_Cell_Mission_Pack_.html

^ That is the file. That is the virus file. Inside the .zip file are two files. the .exe file and a file with random numbers. I tried opening both items through notepad++ but all I see is weird gibberish that is not even considered as "code".

I ran dds, see if you find anything. My PC is running perfectly, and I scanned my PC using Malwarebytes. Nothing showed up in particular.

I hope I haven't been rude. Take your time as I know you guys have tons of backlogs.

EDIT: I watched this video: and the files are not in my system (registry is also clean through my own manual check) after I rebooted Windows.
Here is the log from dds:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.5.1
Run by Joji Horiuc... Read more

A:Infected with rootkit.0access, need help

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top o... Read more

30 more replies
Answer Match 80.64%

Hi,

My computer was infected recently with a Rootkit. When I open any of my browsers a few seconds later is automatically closed. I lost the audio on my computer. I use McAffe and the real time feature is disable and can't enable it. Also I ran Malwarebytes and the program detected several threats, they are in the quarantine folder but there is 1 file that can't be removed.

Here is the DDS.txt

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Gonzalo Gerbasi at 20:37:39 on 2012-03-05
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.58.3082.18.3325.2249 [GMT -4,5:30]
.
AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32�... Read more

A:Infected with Rootkit.0access

Hello vincent_g and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
If I instruct you to download a specific tool in which you already have, plea... Read more

8 more replies
Answer Match 80.64%

A while back I had a run in with the rootkit and Trojan.Dropper.BCminer and ran TDSS Killer to get rid of them. Though I've recently read that it's only a temporary fix which worries me. How do I get rid of it for good? I ran the DSS and GMER and created the logs. I also ran a scan and search (for services.exe) with FRST and have the logs handy.

Thanks in advance,

Geoxile

A:I think my PC may be infected with rootkit.0access

Welcome aboard This kind of infection requires elevated help.Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

2 more replies
Answer Match 79.8%

Hi All,
 
I was infected by Zero Access a few days ago with the following symptoms (amongst other things):
 
 - Google was redirecting everything to Google.nl;
 - All downloads (Chrome, Firefox, IE9) are completing before immediately being deleted as they 'are a virus';
 - Windows Firewall unable to launch.
 
First thing when I noticed an issue was to run MBAM and do a scan - this located a few things which I promptly removed (log located at bottom of post).
 
Following this I spoke to a friend to suggested to run TDSSKiller.exe which, to paraphrase the logs, quarantined C:\Windows\system32\drivers\ACPI.sys.
 
Finally he said to run RogueKiller and remove the offending problem registry entries and files.
 
To resolve the Firewall issues I followed a TechNet article on re-applying some Services registry keys which seems to have worked the part.
 
So basically, I 'think' I'm clean now, with Google behaving correctly and the Firewall coming back to action, unfortunately I still cannot download anything at all - everytime I get the following results:
 - Firefox - download completes but file never arrives in Downloads folder;
 - IE - download completes with note that the file was deleted as it is a virus;
 - Chrome - download completes with note that file was deleted as it is a virus.
 
Now, I'm just being honest here, and am sure that some of you may not want to get involved given that I've already had a crack ... Read more

A:Was infected with Rootkit.0Access - still lingering

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Third party programs if not up to date can be the cause of infiltration an infection.Please run this security check for my review.Download Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.===Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Delete tab follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).===Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofixLink 1Link 2IMPORTANT !!! Save ComboFix.exe to your Desktop1. Close any open browsers.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.3. Do ... Read more

28 more replies
Answer Match 79.8%

My mothers system is infected with rootkit.0access. She has Mcaffee antivirus running on the system and I ran MalwareBytes which didn't solve the issue. Can someone please help with my next step.

A:System is infected with rootkit.0access

Please do the following:download Farbar Recovery Scan Tool and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) ... Read more

6 more replies
Answer Match 78.96%

Hey Folks -- My Norton virus protection informed me that I was infected with an attack two days ago. I ran Malwarebytes Anti-Malware which "removed" Trojan.Happili and Rootkit.0Access. My computer is continuing to run slower & slower, Internet Explorer keeps freezing up or won't load at all about two-thirds of the time and the volume & music will no longer play on the computer. Several times when I've rebooted the computer the Windows XP icon screen will not even come up, forcing me to do a manual reboot. Rescanning both Norton & Malwarebytes are coming up with a clean slate, but I know the issue is far from settled. Any sugestions on what other action I can take to remove the issue? Thanks so much!

A:Infected with trojan.Happili and Rootkit.0Access

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results here.If you get crashes in normal mode,run it in safemode with networkingDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

19 more replies
Answer Match 78.96%

Hi,

Here are the symptoms - started 2 days ago:

-have had a couple of Microsoft Windows popups with writing that appears to be Greek or Russian followed by "DFS has stopped working
A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available."

-SuperAntSpyware finds around 250 cookies every day

-when I use google I sometimes get the message "Our systems have detected unusual traffic from your computer network" with a CAPTCHA

-Malwarebytes anti-malware finds 2 Items both identified as Rootkit.0Access

Thanks for your help-

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Ann at 18:52:56 on 2011-09-26
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3962.1060 [GMT -7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:&... Read more

A:Laptop infected with Rootkit.0Access Virus

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

15 more replies
Answer Match 78.96%

Hi,

Today I ran Malwarebytes Antimalware and it announced I had one infected file, which supposedly was infected with rootkit.0access.

I had Malwarebytes remove the infected file. I then ran RogueKiller (log attached). Could someone explain what this log means? It seems to say that there are no infected files, but there are some suspicious registry entries. Could this have been a false alarm? Or should I change all my passwords now (major hassle)? Repeat scans by Malwarebytes and MS Security essentials showed no infected files.

Subsequently I also ran Combofix, and I messed up somehow when running it, resulting in my computer not being able to connect to the internet any more. So I had to restore my entire C-drive from a backup made a year ago using Acronis. Does this guarantee the infection has gone away, assuming future Malwarebytes scans are negative?

I would greatly appreciate any help.

Best wishes,

MM

UPDATE: I ran another Malwarebytes scan and the same (supposedly) infected file is back already, even though I just restored my entire C: drive from a backup I made a year ago. Can this be real? I mean, if this is a real infection, shouldn't there be more than just one infected file? I'm attaching my DDS and Malwarebytes logs. I would appreciate any help!

A:Infected with rootkit.0access? Or a false alarm??

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the ... Read more

36 more replies
Answer Match 78.96%

Hi, I this afternoon I noticed there was an error with my MSE and it wouldn't start or update. I did some googling about the problem and found out it looked like symptoms of a recent virus, so I ran MBAM (free) and it found 3 trojans; The 2 listed in the title and another generic kind of trojan that I did not get the name of before I removed it and restarted. After restarting, I only see the Rookit.0Access trojan left when I run MBAM, but I've read that it's possible the viruses could still be around and "backdoors" could still be affecting me. I'm trying to find out what I can do to remove these threats without reformatting the PC.

Also, if the situation is that I'll have to reformat to be completely safe, is it possible that any files I backup will also be infected? I'm using Windows 7 Home Premium 64 bit. I'm not entirely sure when I was infected, but last night I did fill out a job application and it contained tons of personal information... =( Do you think the hacker has all of my info now?

Anyway, here are the logs:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
Run by Anthony Stark at 19:01:42 on 2012-07-05
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3956.2562 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Mi... Read more

A:Infected with Rootkit.0Access and Sirfef trojan!

Hi,Please run the following:Download Farbar Recovery Scan Tool and save it to a flash drive.Plug the flashdrive into the infected PC.Restart your computer and tap F8 to bring up the Advanced Menu, then click Repair your computerFollow the prompt to enter keyboard input method, and then the prompt to enter a password. If the machine does not have a password, simply click Enter.In the next menu, use the arrow keys on the keyboard to highlight Command Prompt and press Enter.In the command window type in notepad and press Enter. The notepad opens. Under File menu select Open. Select "Computer" and find your flash drive letter and close the notepad. In the command window type e:\frst64.exe and press Enter. Note: Replace letter e with the drive letter of your flash drive.The tool will start to run. When the tool opens click Yes to disclaimer. Uncheck the Whitlelist boxes next to Registry, Services, Drivers, and known DLL's Place a check next to List Drivers MD5 Press Scan button. It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

15 more replies
Answer Match 78.96%

Hello - I was infected with a rootkit (on Aug 14), and irresponsibly ran a myrad of fix tools willy-nilly, in attempt to fix the pc before a deadline.  Tools used: MAB, FixZeroAccess (symantec), tdsskiller, rogueKiller, combofix.  After deadline missed, I calmed down, read thru a few threads here, then tried mbar, which seemed to fix. PC appears running fine now.  BUT, I'm concerned if I really cleaned completely.  I'm hoping for assistance to check logs/registry/etc for any potential problems.
 
Other info:
1) I saved all logs from all tools ran that day.
2) I attempted several restore points, which none would load.  This was before running mbar, so I assumed I infected the restore points, and have turned off/deleted since then.
3) Only active antivirus being used on machine was/is MSE
 
Thank you in advance,
Steve
 
 
 
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.25.2
Run by Steve at 14:43:23 on 2013-08-18
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3069.2553 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\P... Read more

A:Was infected with Rootkit.0Access - unsure if clean now

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the Report button and the report will open in Notepad.IMPORTANTIf you click the Clean button all items listed in the report will be removed.If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Check off the element(s) you wish to keep.Click on the Clean button follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).=== Please downloadJunkware Removal Tool to your Desktop.Please close your security software to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.The tool will open and start scanning your system.Please be patient... Read more

7 more replies
Answer Match 78.12%

A Windows 7 Machine, 64-bit, was given to me to clean (relatives laptop)

MalwareBytes was installed and QuickScan detected Rootkit.0access , Adware.GameVance , and Trojan.Dropper.BCMiner
All items were quarantined and removed. Further MBAM scans do detect something, but the scanning program freezes up.

Windows Firewall is not at its recommended settings (likely disabled), and is unable to have its settings set to the recommended. Trying to alter Firewall settings fails.

I will continue to look over the machine, but have used this forum for previous cleaning, with success. Logs and information are as follows, only DDS.txt is below, and Attach is attached. As it is an x64 system, GMER is inapplicable.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Cushin at 19:38:53 on 2012-07-11
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.1053 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\syste... Read more

A:Win7 x64 infected with Rootkit.0access , Adware.GameVance

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

38 more replies
Answer Match 71.82%

Hi, I could use some help. When I try to open msconfig it closes immediately. When I search for a file on my pc the search closes to. When I uses the internet it will close when certain words are searched for. some of the words are; virus, trojan, avast. I'm using Firefox for the browser fyi. When I turn on my pc and sign in I get a message saying install NETframe.com v4.0  Honestly though, I think I uninstalled this myself by accident
 
 
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16686  BrowserJavaVersion: 10.55.2
Run by Sparks at 16:54:59 on 2014-05-12
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8152.6622 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\HitmanPro\hmpsched.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork... Read more

A:msconfig closes immediately internet closes to

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/534116 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

2 more replies
Answer Match 71.4%

HI - My other computer is now infected. I ran MBAM in safe mode and got this:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.09.05.09

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Owner :: OWNER-PC110658 [administrator]

9/5/2012 3:04:53 PM
mbam-log-2012-09-05 (16-11-11).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 407178
Time elapsed: 33 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SonyAgent (Trojan.LameShield) -> Data: C:\Windows\Temp\temp93.exe -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|sqlldlpl (Trojan.LameShield) -> Data: C:\Users\Owner\AppData\Local\sqlldlpl.exe -> No action taken.

Registry Data Items Detected: 3
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> ... Read more

A:Trojan.LameShield, Trojan.0Access, Heuristics.Shuriken, Rootkit.0Access.64

Hello mattsbach, ! Welcome to BleepingComputer Forums! My name is Georgi and and I will be helping you with your computer problems. Before we begin, please note the following:I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.The logs can take some time to research, so please be patient with me.Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.Instructions that I give are for your system only!Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Please perform all steps in the order received. If you can't understand something don't hesitate to ask.Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.IMPORTANT NOTE: One or more of the identified infections is related to the rootkit ZeroAccess. Rootkits, backdoor Trojans, Botnets, and IRCBots are very dangerous because they compromise system integrity by making changes that allow it to be used be the attacker for malicious purposes. Rootkits are used be Trojans to conceal its presence (hide from view) in order to prevent detection of an attacker's software and make removal more difficult. Many rootkits can hook into the Win... Read more

35 more replies
Answer Match 70.14%

Hello,

I would be very thankful if you could help me cleanup my laptop . Since 2 days I have been experiencing problems everytime I log in into websites, especially facebook's. I get a sign that says that internet explorer has blocked that website and when I want to log in into facebook, I encounter a sign that says that the website's certificate has expires and whether I would like to proceed.

I have run the anti-malware software 3 times but without success . This is the first report I got using the quick function during normal mode:

-------------- PLEASE DONT SPENT ATTENTION TO THE DATE, I DIDNT REALIZED THAT IT WAS SET UP TO A DIFF. DATE.

Malwarebytes Anti-Malware (PRO) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.03.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: GLV [administrator]

Protection: Enabled

6/14/2012 8:37:18 AM
mbam-log-2012-06-14 (08-37-18).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 228445
Time elapsed: 5 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No ... Read more

A:Infected with PUB.BundleInstaller, Trojan.Dropper.PE4, Rootkit.0Access, and Trojan Backdor

I would like to add that this problem came around the same time that I started using the free quebles offered by hotmail.

35 more replies
Answer Match 70.14%

Hi my name is Mike and I recently scanned my computer with mbam and found: Trojan.small, Trojan.Sirefef, Rootkit.0Access. I quickly deleted them after the scan, restarted and found my desktop icons moved around and my color scheme changed. I have not had any serious issues yet and would like to prevent any ASAP. My antivirus also popped up while I was scanning with mbam informing me of an infection. I have used p2p (utorrent) and this is likely the cause of it. The last time I used utorrent was about Tuesday so this is likely when it started. I have read the pinned post on p2p and how it can infect my computer and I have taken this into consideration. I have also noticed that while scanning with mbam in Safe Mode it does not find anything, but when in regular mode it does.

I have used TDSSKILLER, ccleaner, mbam so far...nothing. Mbam seems to find some files created by something else, which on deletion and restart, reappear.
At one point my buddy told me to download Microsoft Security Essentials. I did and ran a scan. The infection didn't like that and proceeded to bring up, "Windows has encountered a critical problem and will restart automatically in one minute. Please save your work now", then kept restarting. I tried many ways to figure out what was happening but then just decided to uninstall Microsoft Essentials and it stopped.

I followed steps 6-9 in the guide, attached my logs hope that helps.

I have Windows 7 Ultimate 32bit. Any help would be much ap... Read more

A:Infected w/ Trojan.small, Trojan.Sirefef, Rootkit.0Access

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

22 more replies
Answer Match 70.14%

Hi my name is Mike and I recently scanned my computer with mbam and found: Trojan.small, Trojan.Sirefef, Rootkit.0Access. I quickly deleted them after the scan, restarted and found my desktop icons moved around and my color scheme changed. I have not had any serious issues yet and would like to prevent any ASAP. My antivirus also popped up while I was scanning with mbam informing me of an infection. I have used p2p (utorrent) and this is likely the cause of it. The last time I used utorrent was about Tuesday so this is likely when it started. I have read the pinned post on p2p and how it can infect my computer and I have taken this into consideration. Any help from here on out would be much appreciated. I have also noticed that while scanning with mbam in Safe Mode it does not find anything, but when not in Safe Mode it does.

I have Windows 7 32bit Ultimate

used: Mbam, tdsskiller, ccleaner.

Thank you

-Mike

A:Infected w/ Trojan.small, Trojan.Sirefef, Rootkit.0Access

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

7 more replies
Answer Match 64.26%

Hi guys,

Im absolutely desperate to find a solution to this. Ill outline the problem and then tell you what ive tried..


Problem
Whenever I open firefox.exe or iexplore.exe, before even the first webpage has opened both applications will crash. When viewing the crashlog, it says the following error:

Quote:




AppName: firefox.exe AppVer: 1.8.20080.40413 ModName: unknown
ModVer: 0.0.0.0 Offset: 01f28313




or

Quote:




AppName: iexplore.exe AppVer: 7.0.6000.20733 ModName: unknown
ModVer: 0.0.0.0 Offset: 0035620c




Once, an error came up like "The memory could not be 'read'".


What I've Tried
I have done full virus scans with 4 different anti-viruses. No problem there.
I have done registry doctors, nothing.
Then 5 different antispyware programs, nothing.
I ran a RAMtest program overnight, no problem.
Reinstalled both iexplore and firefox, and it didnt work.
I inserted my Windows XP SP2 CD, and did a repair installation, nothing.

I have tried absolutely everything, and search everywhere.
My immediate suspicion was that it could be an inetsrv corruption, but after repair installation of windows making no difference, thats out the window.

Please let me know, am desperate for help.
Kind Regards x
Neerajmorz

p.s. This happened instantly yesterday, the day before it was working fine, and I made no changes. Perhaps WindowsUpdate ran overnight, but I doubt it. Oh, an... Read more

A:Firefox & IE7 immediately crash when opened

oh and something that may help, not all thigns related to internet dont wor.
i.e. im transferring via ftp fine
im using RDC with no problems
using a myspace program called friendblaster, it has an internet browser, and that works fine too.

argh :P
x

2 more replies
Answer Match 64.26%

As of earlier in the week every program that was on my desktop, excluding google chrome, is impossible to use because they close as soon as they launch. I've tried to run them as administrator, go into start and run them there, nothing works. I did a clean boot incase it was a background program that was causing the problem but still the problem persisted. I even tried a system restore and to uninstall then reinstall some of the programs. I have an HP notebook with 64 bit windows.

A:Programs closing immediately after opened

Hi there welcome to SevenForums, high chance it could be malware of sorts

Please download AdwCleaner by Xplode and save to your Desktop.Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator.
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
Copy and paste the contents of that logfile in your next reply.
A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
Please download Junkware Removal Tool to your desktop.
Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents... Read more

5 more replies
Answer Match 63.84%

MS Word 2000 SR-1 closes immediately on launch. My operating system in Microsoft XP Pro. I've removed the program and reinstalled it, restarting the system after each action. I've updated AVG and run it, then restarted the computer, but no luck. Any ideas?
 

A:Word closes immediately

yes, here an idea
though, you have remove the application from your computer, you system have kept some files from old installation.
not to worry, this can be fixed by purging all MS Office files from your system.

let us start with add/remove programs & remove MS Office 2000
click Start, Run & type regedit & OK. browse to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office. right click that folder & choose the delete option.
go to C drive, Programs Files, & delete Microsoft Office from there. (don't worry if you receive an error of some files can not be removed, will just do it after reboot)
if the last step gave u an error, please reboot & delete after reboot (don't open any applications or browsers)
reboot
click Start, Run & type %TEMP%, the click OK. (delete all items within the folder that opens)
reboot
reinstall MS Office 2000
this should fix your issue. please let me know how it goes
 

1 more replies
Answer Match 63.84%

Unfortunately I need IE7 for a stupid little app I'm running. IE6 and IE8 just won't work with it :-(

Machine is XP MCE-SP3 and was recently formatted so it's pretty clean.

Anyway same old story, IE6 works...IE8 works...IE7 opens for 500ms or so and disappears.
The process closes so it's not an issue where the window is simply hidden.

**********
I don't use this machine to get on the net
PC Functions:
Run MCE
Run IIS
Run an MS SQL DB that keeps tabs on my movies
Some video encoding using VirtualDub

Non MS Software Installed:
K-Lite Codec Pack
PowerISO
XP-AntiSpy (tweak)
Winrar
--Nvidia Drivers

MS Software installed:
MS ForeFront Client Security (AV)
MS SQL Server 2005

**********


Scanned with MS Forefront Client Security...nothing found
Scanned with Malwarebytes Anti-Malware......nothing found

Machine preperation for further troubleshooting:
1) All Run items removed (HKCU, HKLM, Startup Groups)

2) AV Service Completely disabled,
(no other security or spyware apps installed)

3) No toolbars or add-on's installed but I still checked disable all third party add-on's in Inet options.



Troubleshooting:
===Stage 1===
Downloaded IE7 setup to local drive
Uninstall IE7
Reboot
Install from local file
Reboot
Hit [Tools>Inet Options>Advanced>Reset]

===Stage 2===
Create new local admin account and login with that account.
I rip out out 7, reboot and IE6 works fine again.
Install IE8 it works great.
Ri... Read more

A:XP SP3 - IE7 opens and closes immediately

You can try to run the following command to see if any DLL files are missing/damaged.

sfc /scannow

Try also the install folder of the app you use with IE7, if there is a DLL called PSAPI.dll
if there is delete it or rename the file.

6 more replies
Answer Match 63.84%

IE 11 opens and then closes immediately. The only way to open IE 11 is to right click on IE shortcut, select properties, then set to open minimized. Then click IE 11 on toolbar, and it opens. Setting IE 11 to Normal or Maximized causes IE 11 to open then immediately close. I have removed then re-installed IE 11, ran malewarebytes and ccleaner but IE 11 still has the same problem. I turned off GP rendering. I am out of ideas, does anyone have any other methods to try?

A:ie 11 opens then closes immediately

Run CCleaner-Slim or CCleaner-Portable & remove everything it finds, then try IE11 again. If that doesn't do it, go to Internet Options > Advanced tab, then click the reset button located near the bottom.https://www.piriform.com/ccleaner/b...

6 more replies
Answer Match 63.84%

Internet Explorer closes immediately after loading on my ThinkPad. I have run a virus scan using my installed Internet Security scanner (Comodo), but it has found no threats. Following the instructions for this forum, I have run dds.scr and gmer.exe. DDS.txt is pasted below; ark.txt and atttach.txt are zipped together in the attachment. Any guidance would be most helpful.


DDS (Ver_09-12-01.01) - NTFSx86
Run by asquared at 13:48:30.78 on 27/01/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3037.2317 [GMT -8:00]

AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe
C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\vsnp2uvc.exe
C:\Program Files\Lenov... Read more

A:IE closes immediately after loading

Hello XEyedBear,

I see you also ran ComboFix. Are/were you being helped at another forum?

11 more replies
Answer Match 63.84%

When I try to use Hijackthis, it closes withing a maybe two seconds. I'm not exactly sure what's wrong.
When I managed to get the log by quickly pressing the button, the log hadn't work either until I changed the name of the file. Also, certain websites that deal with hijackthis, closes my explorer immediately. D:

But here's the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:55:18 AM, on 7/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Yahoo!\Me... Read more

A:Solved: HJT closes almost immediately.

16 more replies
Answer Match 63.84%

Also Outlook Express if I select to display images on HTML e-mails, or reply or forward an HTML e-mail. Firefox runs just peachy!
I hope I did all of this right. I really appreciate the assistance!

Hijack This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:38:42 PM, on 10/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Novadigm\AXF\Bin\XFSrvcNT.Exe
C:\WINNT\system32\CmgShieldSvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Symantec\SPA\smc.exe
C:\Program Files\Symantec\SPA\snac.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINNT\system32\ccs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Communication Now\2119264\Program\ServiceWrapper-2119264.exe
C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\Program Files\McAfee\Common Framework... Read more

A:IE closes immediately upon launching

Bump.

1 more replies
Answer Match 63.84%

This is primarily a informational post for those interested.. I found this post http://forums.techguy.org/malware-r...regedit-msconfig-closes-immediately-upon.html and wanted to reply but it was closed.

I just copied my drive over using Western Digital's Data Lifeguard utility. Upon rebooting (and making sure the new drive was selected in the bios to boot from) I encountered 2 problems..

1: the boot menu (which had not previously been enabled) now showed two entries for "Default system", both which worked, but was annoying to me..
2: msconfig would not work for me to check the startup and boot.ini.

I ran through a lot of steps trying to get msconfig to work again.. copied the file to a different location, rename it as a different filename, check for virus/malware, even copied it from my laptop, and checking the registry entries.. Nothing would let this program run!
As far as antivirus programs, I run Avast! .. I was POSITIVE I had no virus malware, etc. Even still, I ran a boot time virus sweep. NOTHING found. Even ran HijackThis.. again nothing. After MUCH searching on Google and even these forums, I simply resigned myself that I was going to need to do a repair install (which I hate doing). I decided to check one last thing first.. manual edit of the boot.ini.

When I opened it up and compared to my laptop running the same version of the OS (Win XP Pro sp3) I noticed it was missing an entry .. the information under [operating systems] (second entry) was b... Read more

More replies
Answer Match 63.84%

I am unable to access IE (Win XP home edition)
The IE white screen opens and then closes after a few seconds. I have tried to do a system restore - and I can't even get that to open.

I have attached the output from Hijackthis. When I attempted to run the dss tool, it was unable to complete. I tried several times and recieved a Windows error - "dss.exee has encountered a problem and needs to close".

Please help!!

Thanks

A:My Ie Opens And Then Closes Immediately - Pls Help!

Hello brownth01,

Welcome to Bleeping Computer

Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea

2 more replies
Answer Match 63.84%

In our client we are facing the below issue in only 4 machines.

When we open Internet Explorer 11 in the machines, it freezes for some time and then closes automatically. No error is getting recorded in the even viewer. Tries to launch the IE by disabling the add ons and by enabling the use software rendering instead of
GPU rendering. Disabled the script also but no use. When i tried to uninstall IE 11 and use the old version of IE it works fine.
Kindly suggest

More replies
Answer Match 63.84%

I just installed AIMMusicLink and all of a sudden AIM won't work. I try to run it and the screen flashes really quick and then closes. I uninstalled the music link program, reinstalled AIM 6.8, uninstalled 6.8 and installed 6.9 beta and then gave up and started using 5.9 which does work. Any ideas to why 6.8 won't work? I even searched the registry and deleted everything that had to do with musiclink but it still didn't work.

A:AIM opens and then immediately closes

meebo works if you cant fix aim meebo.com

5 more replies
Answer Match 63.84%

Hi All,

Internet Explorer (7 and 8) will open and close immediately under Vista Home Premium. I have tried the following:

1) Run IE in no adds-on mode. Does the same thing.

2) Reset all settings under the Internet Options Panel---when it gets to the third part 'Applying Default Settings' it fails.

3) Run Malware Malabytes in Safe Mode---nothing detected.

4) Install IE8 (wasn't working back when it was IE7), still no luck. Uninstalled back to IE 7, no working, and then back to IE8.

So, any ideas? I normally use Firefox and Opera, but there is one specific work-related website that requires some ASP scripting that neither Firefox or Opera can handle!

Thanks!

-bea

-----------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:20:46, on 26/08/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\SetPoint\LBTWiz.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Kontiki\KHost.exe
C:\W... Read more

More replies
Answer Match 63.84%

Hijackthis runs for about two seconds and then closes. Though, I was able to get a log by clicking the button quickly enough.And then I realized that the saved log also closed within a few seconds also. So I tried changing the name of log, and then it worked.But here's the log I managed to get:Logfile of HijackThis v1.99.1Scan saved at 6:20:15 PM, on 7/17/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0011)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\TGTSoft\StyleXP\StyleXPService.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Microsoft Hardware\Mouse\point32.exeC:\Program Files\Java\jre1.6.0_01\bin\jusched.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\PowerISO\PWRISOVM.EXEC:\WINDOWS\system32\rundll32.exeC:\Program Files\DAEMON Tools\... Read more

A:Hijackthis Closes Almost Immediately.

Hello Onyx,Please download ATF Cleaner by Atribune.This program is for XP and Windows 2000 onlyPlease download OTMoveIt by Oldtimer and save it to your desktop.Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.O2 - BHO: (no name) - {53B5F2B1-94DD-43E5-8187-EB4E31F00701} - C:\WINDOWS\cxylyvyh.dllO4 - HKLM\..\Run: [SeePassword] C:\Program Files\SeePassword\SeePassword.exeO4 - HKLM\..\Run: [jexetsns] rundll32.exe "C:\Program Files\jexetsns\rohyzyvs.dll",InitO4 - HKLM\..\RunServices: [system] keygen.exeO4 - HKCU\..\Run: [gf1.0.0.2] C:\WINDOWS\zcrqpghy.exeNow close all windows other than HiJackThis, then click Fix Checked. Close HijackThis.Run ATF Cleaner:Double-click ATF-Cleaner.exe to run the program.Under Main choose: Select AllClick the Empty Selected button.If you use Firefox browserClick Firefox at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browserClick Opera at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.For Technical Support, double-click the e-mail address located at the bottom of each menu. Run OTMoveIt:Please double-click OTMoveIt.exe to run it. Copy the file paths be... Read more

2 more replies
Answer Match 63.84%

Unfortunately I need IE7 for a stupid little app I'm running. IE6 and IE8 just won't work with it :-(
Machine is XP MCE-SP3 and was recently formatted so it's pretty clean.
Anyway same old story, IE6 works...IE8 works...IE7 opens for 500ms or so and disappears.
The process closes so it's not an issue where the window is simply hidden.
**********
I don't use this machine to get on the net
PC Functions:
Run MCE
Run IIS
Run an MS SQL DB that keeps tabs on my movies
Some video encoding using VirtualDub
Non MS Software Installed:
K-Lite Codec Pack
PowerISO
XP-AntiSpy (tweak)
Winrar
--Nvidia Drivers
MS Software installed:
MS ForeFront Client Security (AV)
MS SQL Server 2005
**********

Scanned with MS Forefront Client Security...nothing found
Scanned with Malwarebytes Anti-Malware......nothing found
Machine preperation for further troubleshooting:
1) All Run items removed (HKCU, HKLM, Startup Groups)
2) AV Service Completely disabled,
(no other security or spyware apps installed)
3) No toolbars or add-on's installed but I still checked disable all third party add-on's in Inet options.

Troubleshooting:
===Stage 1===
Downloaded IE7 setup to local drive
Uninstall IE7
Reboot
Install from local file
Reboot
Hit [Tools>Inet Options>Advanced>Reset]
===Stage 2===
Create new local admin account and login with that account.
I rip out out 7, reboot and IE6 works fine again.
Install IE8 it works great.
Rip out 8 back to 6 works fine
Install IE7 again... Read more

A:XP SP3 - IE7 opens and closes immediately

What is the app that you are trying to run? Is there not an update that will work with IE8, or at least a bug fix?

When was the last time this program was working properly?
 

3 more replies
Answer Match 63.84%

Whenver I start msconfig it immediately shuts down. I know its a virus and ive seen other boards on it but none of it helped me out. I used Hijackthis but dont know what to do now. This is the log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:06:36 PM, on 4/23/2013
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\regsvr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\WINDOWS\system32\28463\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\AutoProtect\DrvMonitor.exe
C:\WINDOWS\system32\regsvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
C:\WINDOWS\system32\XP-1B65F206.EXE
C:\WINDOWS\system32\mdm.exe
C:\WINDOWS\Sy... Read more

A:msconfig.exe closes immediately

Platform: Windows XP SP2 (WinNT 5.01.2600)

Hi, you need first to download Windows XP Service Pack 3
http://www.microsoft.com/en-us/download/details.aspx?id=24
You are missing out on important Windows Update and your Pc is not protected.
------
Once you have installed SP3 - restart your Pc and check for Windows Updates.

When that is done - post a New Hjt log.
-------
Download Security Check by screen317 from
http://screen317.spywareinfoforum.org/
Or
http://www.bleepingcomputer.com/download/securitycheck/

Save it to your Desktop.
Double click the install icon.
Let it scan the Pc - press any key when asked.
It should now open in Notepad.
Copy and Paste the result of the scan in the reply box below.

The saved log will be called checkup.txt.
------
Check and post
TSG System Information Utility - found here.
http://library.techguy.org/wiki/TSG_Valuable_links
 

2 more replies
Answer Match 63.84%

I was trying to install updates on our desktop last night and had to roll back because the XP3 update could not install. Now IE does not work. I try to install IE8 through automatic updates and it cannot finish the installation. Also when I first logon to my machine, I get the messages cannot find and could not run or load C:\windows\inet2003\winlogon.exe.

A:IE opens then immediately closes

Its wise to make sure when you are doing updates and Service Packs to make sure the system is 100% malware free. With that said, why wold the SP3 not install? Did you recieve an error and if so what was the EXACT error message?

3 more replies
Answer Match 63.84%

I apologize in advance for not having thee format of my post perfect, but I read the preparation guide and will try my best so here goes...Originally got the following error when trying to access facebook, using google chrome: You attempted to reach www.facebook.com, but the server presented a certificate signed using a weak signature algorithm. I am no longer able to turn on Windows Defender or Windows Firewall. Google searches will be redirected occasionally. Did some scans using ESET online tool and Malware bytes and found out that I had trojans ad a rootkit. Tried to remove them and reboot but they keep coming back with full scans.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Mike at 1:13:16 on 2012-08-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6126.4124 [GMT -7:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.ex... Read more

A:Rootkit.0Access

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

3 more replies
Answer Match 63.84%

(Windows 7, Internet Explorer 10)
My mother's computer kept locking up and the zoom level was either 99% or 149%, and when trying to change it back to normal settings it would go back to 99/149%. When it locks up a hand icon would come up to allow the screen to be moved up/down but that's it.
 
I used AVG Virus/Anti-root, Malwarebytes, Spybot, TDSSKiller, & SuperAntiSpyware and got this:
Files Detected: 1
C:\Qoobox\Quarantine\C\Windows\System32\consrv.dll.vir (Rootkit.0Access) -> Quarantined and deleted successfully.
 
It ran fine for about a day, but now it's locked up again.  So I ran all the anti-ware stuff again in safe=mode & nothing came up. But it still is locking up.
 
 

A:Rootkit.0Access

HI habs1998,
 
to Bleeping Computer.
My name is Jason and I'll be helping you with your computer problems. You can call me by my screename jntkwx or Jason is fine.
Some things to remember while we are working together.
Do not run any other tool untill instructed to do so!
Please do not attach logs or put logs in code or quote boxes (unless explicitly asked to)
Tell me about any problems that have occurred during the fix.
Tell me of any other symptoms you may be having as these can also help.
Do not run anything while running a fix.
If you don't understand a step, please ask for clarification before continuing with any future steps.
In the upper right hand corner of the topic you will see the Follow This Topic button. Click on this then choose Receive Notification Immediately and then click Follow This Topic and you will be sent an email once I have posted a response and make the cleaning process faster.
 
Note to others: The instructions here are intended for the person who began this topic.  If you need help, please create your own topic in the appropriate forum.
 
 
It appears Combofix has been run in the past.  Please post the latest Combofix log, it should be located at C:\Combofix.txt

23 more replies
Answer Match 63.84%

Hi all,

Recently, my brother been having problems with my computer. For example MSE won't, it states that
"Security Essentials isn't monitoring your PC because the program's service stopped." When it tries to start it tells me "The specified service does not exist as an installed service"
Same thing with the Windows Firewall its off and, it tells me Windows firewall cant change some of your settings.
When I use Chrome on a secured site it tell me "This site's security certificate is signed using a weak security algorithm"
Here's the log from MalwareBytes, it tells me the virus has been removed but it keeps appearing each time I scan.

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.19.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Eddie :: EDDIE-PC [administrator]

Protection: Enabled

19/08/2012 4:47:58 PM
mbam-log-2012-08-19 (16-47-58).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 225880
Time elapsed: 5 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

... Read more

A:Rootkit.0Access

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results hereDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threats

12 more replies
Answer Match 63.84%

Hi,
I am having problems removing Rootkit.0Access. Or at least I believe that is what it is. I ran Malwarebytes and several of the deletions were of the following.

Trojan.lameshield
Trojan.0Access
Trojan.Happili
Rootkit.0Access

I tried running combofix and it finds stuff and deletes but I am still infected after reboot. I have ran TDSSKiller and it did not detect anything. Please Help!

bcrs

DDS file:

DDS (Ver_2012-11-07.01) - NTFS_x86 NETWORK
Internet Explorer: 9.0.8112.16450
Run by Security at 18:14:11 on 2012-11-16
Microsoft? Windows Vista? Business 6.0.6002.2.1252.1.1033.18.2004.1537 [GMT -5:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\ntvdm.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.... Read more

A:Rootkit.0Access

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top o... Read more

21 more replies
Answer Match 63.84%

Was surfing the web when I got a popup from Microsoft Security Essentials. I dont remember what it said but the recommended action was to quarantine. But before I could click the button, my computer started loading really slow, like if a lot of stuff was being installed. It froze for like 10 seconds and then I was able to move the mouse again. I knew a lot of viruses and malware had been installed so I closed everything and restarted my computer. Ran a malwarebytes scan and it found around 6 items. I removed all of them except for this Rootkit.0Access. No matter how many times I run a malwarebytes scan and attempt to remove it, it shows up again after every restart. Also my Windows Update and Microsoft Security Essentials do not work at all now. There might be other programs that don't work also but so far I havent found any. Thanks for your time.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
Run by Edward at 23:05:58 on 2012-08-13
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3071.1785 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C: ... Read more

A:Rootkit.0Access

Please do the following:download Farbar Recovery Scan Tool and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) ... Read more

24 more replies
Answer Match 63.84%

Having trouble removing rootkit.0access. Malwarebytes finds it and then says its removed but then it comes right back. Also downloaded ANVISOFT and it found several issues and said it removed them. I did a second full scan and the rootkit.0access has reappeared. Any help would be greatly appreciated. My system isnt running horrible yet. I did notice on booting Im asked for my windows product key and it wont take the number I put in. It is the original number I have that came with my HP Pavillion dv5 1235x laptop.I can then bypass the issue until later but I have no wallpaper. The issue doesnt seem to be affecting operations. I do notice a small note in the lower right corner stating my version of windows isnt genuine. Im running vista home premium..............Mbam LogsMalwarebytes Anti-Malware (Trial) 1.62.0.1300www.malwarebytes.orgDatabase version: v2012.08.09.08Windows Vista Service Pack 2 x64 NTFSInternet Explorer 9.0.8112.16421OWNER :: OWNER-PC [administrator]Protection: Enabled8/9/2012 12:02:37 PMmbam-log-2012-08-09 (12-02-37).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 238705Time elapsed: 14 minute(s), 20 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 1HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokk... Read more

A:rootkit.0access

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

3 more replies
Answer Match 63.84%

Hello!
 
Today, we kept getting notices on the laptop that it was was infected with malicious programs.  I ran MBAM and deleted two items.  I just got another notice that we are infected again, so I ran MBAM again and Rootkit.0Access came up as the malicious software.  It came up as one of the two malicious softwares the first time I ran it today. 
 
Now that I've removed it with MBAM, how can I be sure it's gone for sure and for good!?  A copy of my log follows.  Thank you!
 
************************
 
Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org
Database version: v2013.07.22.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
user :: USER-HP [administrator]
7/24/2013 5:22:23 PM
MBAM-log-2013-07-24 (19-30-59).txt
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 497506
Time elapsed: 1 hour(s), 57 minute(s), 35 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Users\Maddy\AppData\Local\Google\Desktop\Install\{c12ae097-b346-22b9-... Read more

A:Rootkit.0Access - Unfortunately, I've Got It ....

Hi and Welcome!!   
 
My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
The fixes are specific to your problem and should only be used for the issues on this machine.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.
If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
Please be sure to subscribe to the topic if you have not already done so.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.
 
Having said that....     Let's get going!!  
----------
 
Please download DDS from either of these links
 LINK 1LINK 2
 
and save it to your desktop.
Disable any antivirus programs during the scan (If you have ... Read more

30 more replies
Answer Match 63.84%

I have had problems with the bitly.com website not loading properly for me for several days, so in trying to figure out if it was the website who got hacked or me, I ran Malwarebytes (just the freebie version) and discovered the rootkit.0access.h virus/trojan. I did some poking around online and followed all of the advice given in this thread: www.bleepingcomputer.com/forums/topic445217.html EXCEPT running the ComboFix because I didn't want to screw my computer up worse.

Prior to finding that thread, I had already downloaded tdsskiller and had clicked "cure" next to the line that said virus.win64.zaccess.b

In doing all of these steps, I assume that maybe I've gotten some of the bug out, but not everything. My computer seems to have sped up, Malwarebytes is no longer catching anything, the only thing showing up on tdsskiller now is stuff I know is not malware... however, I'm still getting website redirects and still cannot access the bitly website (I get a screen telling me the page has been blocked because it contains malware and directions to download Panda Cloud.)

What more can I do? Or can someone guide me through ComboFix?

A:rootkit.0access.h

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

23 more replies
Answer Match 63.84%

Having trouble removing rootkit.0access. Malwarebytes finds it and then says its removed but then it comes right back. Also downloaded ANVISOFT and it found several issues and said it removed them. I did a second full scan and the rootkit.0access has reappeared. Any help would be greatly appreciated. My system isnt running horrible yet. I did notice on booting Im asked for my windows product key and it wont take the number I put in. It is the original number I have that came with my HP Pavillion dv5 1235x laptop.I can then bypass the issue until later but I have no wallpaper. The issue doesnt seem to be affecting operations. I do notice a small note in the lower right corner stating my version of windows isnt genuine. Im running vista home premium..............I have now reposted the requested DDS and Attach txt files. I did not run the GGMER as I believe Im running a 64 bit OS.............

DDS.TXT LOG FILE
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by OWNER at 9:44:05 on 2012-08-13
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.4026.1594 [GMT -4:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* By default we load generic code, php, css, sql and xml/html; load others here if desired 9
SP: AVG Anti-Virus Free *Enabled/Updated* By default we load generic code, php, css, sql and xml/html; load others here if desired 8
SP: Windows Defender *Disabled/Outdated* By default we load generic code, php, css, sql and xml/html; loa... Read more

A:rootkit.0access

Please run the followingRefer to the ComboFix User's Guide Download ComboFix from the following location:

Link

* IMPORTANT !!! Place ComboFix.exe on your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
You can get help on disabling your protection programs here
Double click on ComboFix.exe & follow the prompts.Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

---------------------------------------------------------------------------------------------
Ensure your AntiVirus and AntiSpyware applications are re-enabled.

---------------------------------------------------------------------------------------------NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

more replies
Answer Match 63.42%

I recently cleaned a laptop with Malwarebytes' Anti-Malware because of a Scareware program that had been installed.

After the cleaning and thorough scanning of MBAM and AVG 9.0, the browsers on the machine will not open. IE8 opens a browser page for less than a second before closing down, and Firefox only shows a crash report. Safe Mode Firefox does not open either.

After reading through the posting directions, I believe the reports you are looking for are below:

(It should be noted that the machine I am posting from is not the affected machine.)
=========================================================


DDS (Ver_09-12-01.01) - NTFSx86 MINIMAL
Run by Administrator at 18:41:28.64 on Wed 01/20/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1790 [GMT -8:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3090114
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
uDefault_Page... Read more

A:Browsers IE8 and Firefox close immediately after being opened.

Also of interest: The GMER program was only able to complete under Safe Mode. When I attempt to run it in Normal mode I get a BSOD with a PFN_LIST_CORRUPT error.

4 more replies
Answer Match 63.42%

Hi, has anyone had problems with IE6 after installling sp2? As soon as i open the internet explorer it closes, i am also having problems with Outlook 2000. Send and recieve fails with the error (although i am connected to the net):

Task 'pop.tiscali.co.uk - Sending and Receiving' reported error (0x800CCC15) : 'Unable to connect to the network. Check your network connection or modem.'

Can anyone help, please!
 

A:IE6 Closes as soon as its opened

Hiya

I've moved you to Web and email for more response

For the 0x800CCC15, have a look at this:

http://support.microsoft.com/?kbid=813514

Also, as IE seems to close all the time, lets take a look at a log:

go to http://aumha.org/downloads/hijackthis.zip , and download 'Hijack This!'.
Unzip, doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log somewhere, and please copy & paste its contents to the forum.

It will possibly show other issues deserving our attention, but most of what it lists will be harmless or even required, so do NOT fix anything yet.
Someone here will be happy to help you analyze the results

Regards

eddie
 

1 more replies
Answer Match 63.42%

Thought this would be a good place to ask this...if not, feel free to point me in the right direction.

I've had this problem ever since the first betas, thinking that it would eventually work or "be fixed"--but even the release candidate and now the final has the same issue.

When I install IE9, when I go to open up the browser (32 or 64), it opens for a split second and then immediately closes. Every single time. I've never seen IE9 open on this machine.

One of my thoughts on why would be that I have two hard drives in this machine--a 60GB SSD and a 1TB HDD. I manually edited the registry entry for default install location / program files location to the E: drive, or 1TB drive, so I don't mistakenly install programs onto the SSD and clog up its limited space. For 95% of programs this has worked out just fine, including Microsoft's own Security Essentials (even though I'd love to have the option to put it on the SSD, but there's no options on where to install it).

Anyone else run into a problem like this? Is there a better solution than reverting that program files change? Now that I've had Windows running for a while I imagine changing that record will cause some...not so nice issues.

EDIT: And I just checked--IE9 is indeed installing to Program Files on the E:\ drive.

A:IE9 opens for a split second, then immediately closes.

For IE crashing, you probably want to try starting it from the command line first to see if it works this way - start > run > iexplore -extoff. If so, you have an add-on causing an issue, and can disable them via autoruns.

3 more replies
Answer Match 63.42%

My computer had/has a bug that will sleep, but not die. EasySearch is the bug and it is really pesty. My anti-spyware provider is close to finding an effective pesticide. I have overcome most problems, but I also have downloaded 5 browsers, IE, Firefox, Opera, Avant & NetCaptor to compare them. Now something different has occurred. IE, Firefox and Opera will open certain websites I like to visit, e.g. consumerworld.org and then promptly close the window. Avant and NetCaptor do not do this. I'm leaning toward Firefox as my preferred browser.

Question 1. Can you give me some advice as to how to make IE, Opera and Firefox keep these auto-closing windows open?

This is my first post. Any help will be appreciated. Thanks.

Gary
 

A:Browser Immediately Closes Windows

Download Spyware Search & Destroy and run:
http://www.safer-networking.org/en/download/index.html

Download Ad-Aware and run:
http://www.lavasoftusa.com/software/adaware/

These should get rid of your "bug".
 

1 more replies
Answer Match 63.42%

Good afternoon,

Have a nasty infection and can't seem to get DDS to work. When I doubleclick it, it opens and then immediately closes. I can't see anything!

Windows Vista x64

A:Nasty infection - DDS closes immediately

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/465721 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

2 more replies
Answer Match 63.42%

I cant seem to get out of this one. we removed with tddskiller then got the 0x7b. Tried many things. Just recently tried to run farbar and I can share a log if someone is available please? Should i attach or post?

A:Firefox and IE redirecting, now closes immediately

Is this the same computer as your other topic here: http://www.bleepingcomputer.com/forums/topic438946.html

6 more replies
Answer Match 63.42%

Ohh Hi...I've posted a same thread on this issue before but i made a stupid mistake..
I added the word hijackthis to my title..and i cant seem to open the thread up due to the problems in my computer...

i'll basically repeat what i said on my previous thread..

I know that I've heard that other people have had similar problems, and I've read how they have had their problems fixed. Ive tried many different things to get my problem fixed, but nothing seems to work.

I think I may have multiple problems that may or may not be related to each other, but either way I cannot do certain things to fix anything.

The problems that I have noticed are:
1. Home page for internet explorer changes to nuevaq.fm even when I change it back to what I want.
2.a)Hijack This opens, then lasts about 5 seconds, then automatically closes
b) Whenever I type Hijack This in internet explorer, whether on google, or any site, Internet Explorer closes within seconds (making it almost impossible to search for help regarding Hijack This)
3. Regedit/msconfig open for a split second then close again (task manager and antivirus sites do still work)

could any of u tell me if there's another software i can use to get rid of this problem..and if possible guide me through the process...thanks

FYI: i posted this in this section because i could not enter the proper forum cause my browser seems to automatically close when i do so...srry for the inconvenience caused..
 

A:Browser & Hijack closes Immediately

You computer is obviously infected. Are you saying you cannot post in the Malware Removal & HijackThis logs forum? Possibly caused by the name HijackThis?

Can you download the program after booting in Safe Mode with Networking?

Is so,

Please click here to download and install the HijackThis installer. ​
Run it and select Do a system scan and save a logfile.

The log will be saved in Notepad. Copy and paste the log in your next post.

Do not fix anything​
 

1 more replies
Answer Match 63.42%

I've been through the forums and i know that other people have had similar problems, and I've read how they have had their problems fixed. I've tried many different things to get my problem fixed, but nothing seems to ever work.

I suspect that i have multiple problems that may or may not be related to each other, but either way I cannot do certain things to fix anything.

The problems that I have noticed are:
1. Home page for internet explorer changes to http://www.nuevaq.fm/ even when I change it back to what I want.
2.a)HijackThis opens, then lasts about 1-4 seconds, then automatically closes
b) Whenever I type Hijack This in internet explorer, whether on google, or any site, Internet Explorer closes within seconds (making it almost impossible to search for help regarding Hijack This)
3. Regedit/msconfig open for a split second then close again (task manager and antivirus sites do still work)

It'll really help me if you guys could tell me an alternate software which could fix this problem or better still guide me through the process of getting rid of this problem..

FYI: I wanted to post the Malware Removal & HijackThis Logs forums but whenever i visit the subforum my browser automatically closes...

please help me thanks in advance
 

A:Browser & + HijackThis closes Immediately

Duplicate here: http://forums.techguy.org/general-security/866624-browser-hijack-closes-immediately.html
 

1 more replies
Answer Match 63.42%

Hi,

I've had zero luck with the Poser support people and have had to take this issue into my own hand. This app *will* work under safe mode but does when vista is booted up normaly. What are the key differences between safe mode and normal mode in vista? I need to start there if i want to begin troubleshooting this thing. I absolutely know its a display driver conflict between Catalyst 8.8 and my Asus software package that came with the video card. Any suggestions?

A:Poser 7, closes immediately after it loads

Safe mode loads basic drivers, and prevents most Anti virus and other prevention software from running fully.

So, you either have a conflict with your av / am software or else with a driver.

2 more replies
Answer Match 63.42%

Hi,
I am running Windows 2000 on my machine here at work. I had Office 2000 Professional installed and all was well. A few weeks ago I installed a CAD reading program called Volo View and sometime there after all my problems started. All of my office applications (Excel, Outlook, Word, etc.) close only a few seconds after opening any one. I have removed both softwares and tried reinstalling Office. I also removed Volo View out of the registry also and it still shuts down. I found a MS fix to edit the registry by deleting HKEY_LOCAL_MACHINE\Software\Microsoft\Office\9.0 and then reinstalling Office from an administrator profile which didn't help. I have run Spybot, Adaware and CW Shredder, in an attempt to remove anything that may have come about via the internet and none have solved my problem. Below is my Startup Log and HijackThis Log. Thanks for any help that can be relayed...

StartupList report, 8/9/2004, 8:47:30 AM
StartupList version: 1.52.2
Started from : C:\Hijack This\HijackThis.EXE
Detected: Windows 2000 SP4 (WinNT 5.00.2195)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\NMSSvc.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\syste... Read more

A:Office 2000 Closes Immediately

when removing Office 2000 to correct problems, make sure you run OFF2000: Utility to Completely Remove Remaining Office CD1 Files and Registry Entries and OFF2000: Utility to Completely Remove Remaining Office CD2 Files to clean up any leftovers the uninstall left behind

Here's some MS KB articles that might help with the programs closing problem . . .
Office 2000 programs quit immediately on Windows 2000 when you are logged on as user
Error messages starting Office 2000 program, or program immediately quits on Windows XP, Windows NT 4.0, or Windows 2000
OFF2000: Program Quits Immediately After Installing Project or Visio, not necessarily the same issue, but you can try it, if all else fails.
 

1 more replies
Answer Match 63.42%

Hello, I was reading over this forumand I had the same problem.Regedit and MSConfig closed immediately after opening.Well, to my surprise, after following those steps, I tried to install HiJackThis.It did the exact same thing.It closed right after I opened it.Please help?

A:Hijackthis Closes Immediately After Opening

turns out I was using an old version
so I did what it told me to
now whenever I try to open the folder to run the installer, it restarts the explorer process.
Folder opens, then immediately afterwards, screen goes black.
Something very smart installed in my computer is preventing me from finding it. Please help?

58 more replies
Answer Match 63.42%

All of a sudden today Outlook closed and now when I try to re-open it, it immediately closes. I've uninstalled MS Office and reinstalled, tried using a restore point, tried to open in safe mode and run spybot. After all of this, still nothing.

Anyone have any advice or tips on what I can do next to get Outlook back up and running?
 

A:Outlook opens then immediately closes

Hi Lionhart

Are you receiving any error messages at all?
Which version of Outlook are you running?
 

3 more replies
Answer Match 63.42%

When i open the Internet Explorer, it will open then immediately close. I was able to pinpoint the problem at my home page (www.google.com). I opened IE again, stopped it quickly from opening the home page and then entered another web page. It worked. Then i went back to the home page and it closed again. So whenever i enter the home page the program will shut itself. I also use Firefox as web browser and it doesnt do the same thing. Any help will be appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:33:25 p.m., on 27/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\ARCHIV~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\ARCHIV~1\AVG\AVG8\avgrsx.exe
C:\ARCHIV~1\AVG\AVG8\avgemc.exe
C:\Archivos de programa\Archivos comunes\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.exe
C:\winlogon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\vsnpstd.exe
C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe
C:\Archivos de programa\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:... Read more

More replies
Answer Match 63.42%

When I click on a link to a page (that I've used many times before) IE suddenly shuts down. Actuually, I jsut tried it on FireFix also and the same thing happened. Makes me think it's a firewall issue, but I don't know how to troubleshoot that. Tried all I cound, but not a TrendMicro guru and could appreciate any help that's out there.
 

A:IE immediately closes when directed to link

9 more replies
Answer Match 63.42%

Hello FYI, I was referred to post here by MRT.Today I did Windows updates.Before updating, I had Win XP SP2 and IE6 (IE6 used to work fine).After updating, I had IE7 and XP SP3.After going to IE7 and XP SP3:IE will not work. IE flashes open and closes very fast.The text in the cmd prompt dialog box is now teeny tiny microscopic (was normal sized before).Wireless connection will not work. (worked fine before; now using ethernet connection to DSL modem).I found this topic on Microsoft's site:When you start Internet Explorer, it opens, flashes, and then closes immediatelyhttp://support.microsoft.com/kb/967896Tried "resetting" IE, as per Microsoft's instructions.....didn't work.I uninstalled IE7, and IE6 still did not work. Downloaded IE8 and am about to install it, per Microsoft's instructions in above-referenced topic.Anybody ever heard of this, text in cmd prompt dialog box going teeny tiny after IE7 and XP SP3 updates, and what the fix is for this?Regarding the wireless connection not working after IE7 and XP SP3 updates:I right clicked wireless icon in tray area of taskbar, hit "Repair" and it was unable to "repair". Went back to Control Panel, Network Connections, right clicked on Wireless Network Connection, hit Properties, clicked TCP/IP, hit Properties. There is a checkmark in "obtain IP Address Automatically". I thought maybe I could type it in manually, so I went to the cmd prompt, did an IPCONFIG. The top part... Read more

A:IE opens, flashes, and then closes immediately

Well...the only question I have...is do you have a boxmaker (Dell, HP, etc.) system?

If so, you should have read their documentation/suggestions before ever installing SP3.

Louis

11 more replies
Answer Match 63.42%

IE 11 closes either immediately after opening or within 2 sec when selected from Win 8.1 start page, does not happen when I

select IE icom from bottom bar

More replies
Answer Match 63.42%

Internet Explorer 7.

There is a particular page of just one website that brings up the following message the second it has loaded: 'Internet Explorer has encountered a problem and needs to close.'

It's a multiple choice bullet page for placing an order at the pizzahut.co.uk site!!

I can logon just fine, but as soon as I navigate to the problem page the error is thrown up. It bugs me enough to tell you about it here!

Can anyone suggest a remedy for this? I just want to be able to order a pizza without the damn error!

Very curious that it only happens with this page and on this site only.

Not the most serious problem in the world I admit, but any help appreciated of course.

Thanks.

A:[SOLVED] Web Page Immediately Closes IE7.

Hello and welcome to TSF

Do you have these problems in any other browsers? Please try one of the below (both are free):

Firefox
http://www.mozilla.com/en-US/firefox/
Opera
http://www.opera.com/

19 more replies
Answer Match 63.42%

As the title says, Google Chrome opens then immediately closes. I've tried uninstalling it but it does the same , the uninstall window will just close so i deleted all the files off the PC and tried to install it but again, when installing the window just opens then closes..

Has anybody come across this before?

Thanks.

A:Chrome opens then immediately closes

Hello,

Boot into Safe Mode and see if you can uninstall the program then try the reinstall.

If still does not work try creating a new user profile. Create a new browser user profile - Google Chrome Help

If still having issue make sure that your antivirus is up to date and perform a scan on the PC.

See the thread below and try the recommended fix. Hopefully this helps

chrome crashes on startup

2 more replies
Answer Match 63.42%

OK, this is what's going on...

This particular game doesn't require much out of my machine. I've ran this game 5-6 times over just to see and it still ran smoothly, so I know for fact it has nothing to do with hardware (especially because I can still run much more graphically/processor intensive games). Just getting that out of the way.

I have played this game, unchanged, many-a-time pretty much every day, then one day it simply quits working. No update to the game (it does not update automatically), no change whatsoever. It'll just open and immediately close before any kind of content, color, or image is loaded. The whole process of me attempting to run the game and it closing takes less than a second.

I've tried spamming the game to see if maybe a 1 in 100 shot will randomly open it. This didn't work.

I have removed all my firewalls and antivirus, just for sake of testing purposes. This didn't work. Yes, I rebooted.

I have absolutely completely uninstalled the game, then reinstalled it. Rebooted, and it didn't work.

I have tried running as Administrator, or even just disabling the UAC altogether. Rebooted, and it didn't work.

It's an online game. Windows Firewall is disabled, all my ports are open, nothing is justifying what's going on here.

The two previous Firewalls/Antivirus I had were McAfee and Avast.

I am on Windows 7.
 

A:Game closes immediately after opening

What game and what are you exact PC specs (make and model if its a big brand name, or make and model of motherboard, cpu, gpu, ram, harddrive, power supply including wattage, optical drives etc.)?

At the moment, all you are saying is a random game doesn't work on a undefined machine ... thats not a lot to work with
 

1 more replies
Answer Match 63.42%

I cannot open IE7 - or any other browser on my laptop (I am using our desktop to enter this). The window says connecting for about 5 seconds, but it never connects and the window just closes. I have run Norton Antivirus, Adaware and Spyware Terminator and no viruses have been found. Please help me fix this problem - I don't even know where to begin trying to fix it since I can't access the Internet from the machine.

A:IE7 Closes Immediately - Cannot Access Browser

I am going to close this thread and post in the malware forum instead as I am sure I have a virus.

1 more replies
Answer Match 63.42%

Im running Win XP Home and just started to encounter this problem. I just finished ad-aware/spybot/cswshredder/defragging/antivirus and any other little tricks of the trade i have picked up.....

Seems that when i try to open Task Manager it will only stay open for around two seconds, then just closes automatically....

Any help would be great ty.
 

A:Task Manager Closes Immediately

11 more replies
Answer Match 63.42%

I posted this in the "email" forum but I'm thinking it might be a security issue so I'm going to post it here as well:

All of a sudden yesterday Outlook closed and now when I try to re-open it, it immediately closes. I get the splash screen and I see my inbox for about a second but as soon as it tries to send/receive, it closes.

I've uninstalled MS Office and reinstalled, tried using a restore point, tried to open in safe mode and run spybot. After all of this, still nothing.

I'm running MS Office XP Pro

Anyone have any advice or tips on what I can do next to get Outlook back up and running?

Here's my HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 09:41:16, on 6/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Dell\NICCONF... Read more

More replies
Answer Match 63.42%

I know this has been addressed in previous posts but none of the solutions I found worked for me.

Upon starting my computer, opening regedit isn't possible. I get an error message saying: "Regedit is disabled by administer." To fix this, I run (every time I turn on my netbook) the following statement: REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f

This allows me to open Regedit, but it immediately closes again.

I have started working in Sierra Leone and know my computer has many viruses on it. Still, none of my anti-virus software (I use AVG Free 9.0 and PandaSecurity ActiveScan 2.0) has solved this problem.

Below please find my HJT log. Any and all help would be greatly appreciated.

Thanks,

Daniel

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 6:18:45 PM, on 1/13/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Fi... Read more

More replies
Answer Match 63.42%

Whenver I start msconfig or regedit or generally any other program of that sort it immediately shuts down. I know its a virus and ive seen other boards on it but none of it helped me out. I used Hijackthis but dont know wat to do now. This is the log:
Logfile of HijackThis v1.96.4
Scan saved at 6:15:04 PM, on 09/08/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
c:\program files\logitech\wingman profiler\lwpevntm.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\WINDOWS\System32\WXKFCGREMB.EXE
C:\Program Files\Opera\Opera.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Mannycanny\Desktop\HijackThis.exe
C:\Program Files\MSN Messenger\msnmsgr.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://ok-search.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ok-search.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ok-search.com/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Defau... Read more

A:MsConfig Closes Immediately After Execution

Welcome to TSG, Cronfofan; I've moved you to the XP forum since that is your operating system.

I see you have a couple of problems, first and foremost is the msconfig issue caused by a trojan. The second is a hijacker called rapidblaster among other things.

I'll try to address both in a combined fashion.

First have HijackThis and a notepad copy of these instructions handy in their own folder on the desktop. Then go to Folder Options > View and make sure "show hidden files" is selected. Folder Options is found through the Control Panel or any Explorer Tools menu.

Then shutdown completely and wait about 20 seconds before restarting. Tap f8 promptly on restart to access the boot menu and select Safe Mode.

1 -- in Safe Mode, click Start, Run and enter Explorer

2 -- navigate to c:\windows\system32 and delete:

WXKFCGREMB.EXE

3 -- navigate to: C:\Documents and Settings\All Users\Start Menu\Programs\Startup and delete:

TFTP1504

4 -- Run HijackThis and check the following boxes and click "fix checked":

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://ok-search.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ok-search.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ok-search.com/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://findloss.com/home.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,... Read more

3 more replies
Answer Match 63%

Initially posted my problem here:
 
http://www.bleepingcomputer.com/forums/t/506362/wife-clicked-on-rogue-av-popup;-now-cant-get-rid-of-infection/#entry3145565
 
I was told I have a new variant of the 0access rootkit and I need to post my DDS log here:
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16660
Run by Bob at 22:35:50 on 2013-09-01
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4061.2866 [GMT -4:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k LPDService
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Fi... Read more

A:New variant of the 0access rootkit

Hello rbarry I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", ... Read more

35 more replies
Answer Match 63%

Hello,This is my first post on Bleeping Computer. My computer has a Trojan on it and I haven't been able to get rid of it. I have tried using malware bytes and tdsskiller to try and remove it. After trying some solutions that I have found online, tdsskiller doesn't see the rootkit.0access anymore but malware bytes still sees and detects the threat. I'm not sure where to go from here. Any suggestions?Thanks.Edit: Moved topic from Forum Games to the more appropriate forum. ~ Animal

A:Rootkit.0access Removal

Welcome aboard  ZeroAccess rootkit requires elevated help. Please follow the instructions in THIS GUIDE starting at Step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it HERE. Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

1 more replies
Answer Match 63%

Hi!
This is a follow-up topic from a previous post -

http://www.bleepingcomputer.com/forums/topic440263.html/page__gopid__2575214#entry2575214

Summary: Google redirect virus - hasn't been removed with TDSSKiller or Malwarebytes.

Below is the DDS log -
##############################

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385
Run by Jason at 21:42:15 on 2012-01-29
Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1013.205 [GMT -8:00]
.
AV: Norton Internet Security Netbook Edition *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security Netbook Edition *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security Netbook Edition *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32&#... Read more

A:Rootkit.0Access) won't cure

Here's the GMER log file (ark.log). The system hung during the first attempt, but the second time was successful
Thanks!

22 more replies
Answer Match 63%

Hi all - this started with MS Security Essentials continually rebooting my machine due to malware. I uninstalled in and tried other packages (lots of them!). The rebooting issue has gone but now Malware Bytes keeps throwing this up whenever I run a scan and I can't seem to resolve it. I'd really appreciate some help from anyone who can spare the time. Many thanks

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Home at 0:13:54 on 2012-07-16
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4007.1742 [GMT 1:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Wi... Read more

A:rootkit.0access - I can't shift it.....please help

Hello rooster4t, Welcome to Bleeping Computer.
My name is fireman4it and I will be helping you with your Malware problem.

Please take note of some guidelines for this fix:
Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.DO you have a Usb Flash drive you can use?

17 more replies
Answer Match 63%

Boopme has assisted me in cleaning ransom ware from an eMachines ET1331G-07w with Win 7. I have attempted to install Security Update for Windows 7 for x64-based Systems (KB2813170). It fails even after everything we have tried.
 
Boopme instructed me to past this link to save time: 
My original post: http://www.bleepingcomputer.com/forums/t/505221/win-7-screen-goes-eggshell-after-login-safe-mode-restarts-after-login/page-2
 
A link from Boopme (not sure if this was for me or you)
http://www.bleepingcomputer.com/forums/t/493400/hit-with-trojan-downloader-have-i-taken-enough-steps-to-fix/
 
I have followed the DDS instructions. Here is the log:
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16660  BrowserJavaVersion: 10.25.2
Run by aweaver at 23:53:24 on 2013-08-30
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3839.2714 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\sys... Read more

A:Possible 0Access rootkit infection

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/506217 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

3 more replies
Answer Match 63%

Hi,
This on a WIN7 machine ( my son's )
I can only do anything while in Safe Mode.
I was able to run MalwareBytes, it found some things and deleted them, but it's still infected.
When I try to download in Safe Mode, whatever file I'm trying to download, says : such and such exe is infected and has been deleted.
When this first started I was able to bring TDDSKiller in from a USB drive, didn't help. I don't want to plug that thumb drive back into my clean computer to bring other apps over, without knowing if something has copied itself onto it from the infected pc ( too much thought into that? lol ).
So, any help would be appreciated.
ps I'm not against restoring this pc, I think we still have a restore disc, but not a full blown windows disc.
Thanks in advance
 

A:Rootkit Infection - 0Access

16 more replies
Answer Match 63%

Using the instructions on the removal of a virus that appeard during a scan as trojan:sirefef found here (http://www.bleepingcomputer.com/forums/topic456396.html) I downloaded and installed Malwarebytes Anti-Malware program, fully scanned my system, found, quarantined and deleted a rootkit.0Access
However the next set of instructions I did not follow as the OP in the forum had a different operating system and ended up dealing with only a sirefef virus and the issue with windows firewall.
Would appreciate instructions on how to finish/confirm removal and fix issue with windows firewall being unable to be enabled and showing an error code 0x80070424

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Straynj at 18:21:41 on 2012-06-26
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8182.6195 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRest... Read more

A:Rootkit.0Access virus need help

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

14 more replies
Answer Match 63%

I recently was infected with the backdoor.prorat virus and downloaded Kaspersky and Trojan remover and sucessfully removed the file. It does not appear on any of the 7 virus scanners that I have run since then. But...Now I can open IE, but whenever I click on any link or bookmark, the application automatically closes. The same happens when I open AIM and go to send an IM. I also noticed the problem occurs when I open Google Talk and roll over a name and go to send a message. Windows Media Player also closes immediately after I open it. Could this be spyware? I do not mind permanently using Firefox (as I have not experienced the same problem yet), but I can't live with AIM or Google and who knows what else may be affected.I've attached the proper logs below. Any help would be soooooo much appreciated.-BrendanLogfile of HijackThis v1.99.1Scan saved at 9:37:59 PM, on 9/13/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\RunDll32.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\AVPersonal\AVGNT.EXEC:&... Read more

A:Ie And Other Apps Randomly Close/crash Immediately After Being Opened

Hello;

The cause of your problems is most probably because you are having several Security suits installed.
This really doesn't make any sense, because they are incompatible, can cause these problems you are dealing with, and won't help you protect you in a better way, on the contrary.
It causes also a serious system slowdown and can cause BSODs as well.
It's like you are building your own Security Center.

This is what you have installed:

Kaspersky Antivirus
Escan/MicroWorld AntiVirus
Norton Internet Security
Antivir

You may only install ONE of above. So uninstall all the rest and only keep the one you purchased or you prefer.
Reboot after uninstalling.

Then post a new hijackthislog.

3 more replies
Answer Match 62.58%

This started about a week ago. I leave my computer running all the time, with IE open with usually about 6 tabs open.

Sometimes when I open a new tab, IE completely closes and I have to reload everything I was working on. After reopening IE, I open six tabs and reload the pages without it closing down again. It seems to be more likely to happen if I have not opened a new tab recently (i.e., first thing in the morning).

I tried downloading and reinstalling IE 7 (I did not try to uninstall IE7 first).

The only new software that I installed recently is PatentHunter 3.5. Others here who have installed PatentHunter are not having this problem though.

Does anyone know why this is happening? Thanks.

My configuration is as follows:
IE 7.0.5730.13IC
Windows XP Pro Version 2002 Service Pack 2

A:[SOLVED] IE 7 Closes when a new Tab is opened

Try updating windows

6 more replies
Answer Match 62.58%

I scanned with Malwarebytes, Spybot and Superantispyware. I updated them all too. And I noticed my Comodo Internet Security had disappeared too, I didn't know what happened, but all of a sudden IE closes immediately after opening and I know that is bad. can someone help me? this is my hijack this.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:47:16 PM, on 1/4/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\COMODO\COMODO Internet Security\cmdagent.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\ehome\ehtray.exeC:\WINDOWS\arservice.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\COMODO\COMODO Internet Security\cfp.exeC:\WINDOWS\ALCXMNTR.EXEC:\Program Files\Lexmark X74-X75\lxbbbmgr.exeC: ... Read more

A:Internet explorer 8 closes immediately after opening.

Hi Versani,Welcome to BC HijackThis forum. I am farbar. I am going to assist you with your problem.Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. Please let me know in your next reply if you agree with this.Please post the required log as outlined here:Preparation Guide For Use Before Using HijackThis and other Malware Removal Tools, Instructions for receiving help in cleaning your computer

14 more replies
Answer Match 62.58%

Hi,
 
I noticed lately that sometimes when I do a google search in Firefox and click on a link I'll be brought to some other ad/search site. It could be going on for awhile; I don't normally use Firefox and only noticed this problem when I opened it a few days ago. I don't have this problem in Chrome. Anyway, when I put two and two together I went to open Microsoft Security Essentials to run a scan only to find that as soon as I open it, it closes. Usually within a second. I ran a complete scan with Malware Bytes that did not find anything malicious but quarantined a few files which I deleted. 
 
I am running Windows 7 64-bit.
 
Any help would be greatly appreciated,
 
-Rick Moranis

A:Redirected searches. MSE opens then closes immediately.

Hello RickReboot into Safe Mode with NetworkingHow to start Windows 7 in Safe ModePlease download Rkill by Grinler from one of the 4 links below (if one of them does not work try another...) and save it to your desktop:•Link 1•Link 2•Link 3•Link 4•In order for Rkill to run properly you must disable your anti-malware software. Please refer to this page if you are not sure how.•Double-click on Rkill. (If you are using Windows Vista, please right-click on it and select Run As Administrator)?Note: You may have to run Rkill a few times before it is successful. You may also have to download Rkill from a different link which will save it as a different file name.•A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.•An Rkill.log will appear. Please copy and paste the contents in your reply (file also located at c:\rkill.log)•Do not reboot your computer after running Rkill as the malware programs will start again. If your computer reboots, run Rkill again before continuing on to the next step.•If nothing happens or if the tool does not run, please let me know in your next reply.Please Download TDSSkiller Launch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive)Do not change the default options on scan results.Please download AdwCleaner by Xplode onto your des... Read more

7 more replies
Answer Match 62.58%

Regedit, Task Manager close immediately!
I've run Spy-Bot, AdAware, Norton 2004. Some forum questions are similar, but items they were asked to get fixed in their HijackThis logs are not listed in my logs.
(Someone in my house did recently click on an IM Message with a fake message, which then started propagating malicious fake away messages for my family member. I'm not sure if the Norton virus scan took complete care of the IM problem or not.)(I also installed Service Pack 2 a couple of weeks ago for my XP computer.)

Please Help!

Here is the HijackThis log:
Logfile of HijackThis v1.98.2
Scan saved at 12:14:49 PM, on 9/8/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\qggo.exe
C:\WINDOWS\system32\MSTFX.EXE
C:\Program Files\Comm... Read more

A:Regedit, Task Manager closes immediately

Task Manager, MSCONFIG, or REGEDIT disappears while opening
 

3 more replies
Answer Match 62.58%

When I launch the People app, the app opens for a brief moment and then immediately closes.

If I search for a name that I know is in my People list, from the charms menu, then the People app will open with information about that person. But if I touch "Home", the app acts as before - briefly displays the People app home screen, then closes.

I've searched online for an answer but haven't seen anyone with this problem.

The only connection I've made in the app is with Facebook.

Any advice is appreciated. Is there a way to "reset" the People app from outside the app, for example?

Thanks!

A:People App Starts to Launch then Closes Immediately

Hello, april. Welcome to EightForums.

Try SFC /SCANNOW Command - Run in Windows 8. Its takes about 15 minutes. I'd say to run it a few times if necessary.

Hope that helps.

1 more replies
Answer Match 62.58%

Hi everyone, New to the forum so thanks for the help ahead of time. Upon opening internet explorer it immediately closes and displays nothing. Also Internet options in control panel will not open at all. The windows firewall also tells me "For your security, some settings are controlled by group policy." This computer is not on a network and is a home computer. I was able to work around it by doing some registry work in which I removed the value on the firewall key. So that enabled me to turn the firewall back on. The service for windows firewall is now started with no errors and is set to automatic.

The Internet explorer problem is more important to me at the moment. I know the internet connection is active because firefox works perfectly. I scanned the computer with AVG and it found so many viruses and trojans it was rediculous. I also scanned the computer with webroot spysweeper and it found nothing but when I open IE it stops all sorts of things like drivecleaner for example.

HijackThis log listed below...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:57:40 PM, on 12/29/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svcho... Read more

More replies