Tech Problem Aggregator

Malware system protection one

Q: Malware system protection one

I have this annoying system protection malware and also maybe, I don't know for sure one that keeps redirecting me everywhere else. I have already used 3 different programs spybot and windows malware remover. I also used combofix and I already have the Log ready. I'm pretty technical savy so I hope that helps you. ComboFix 11-07-17.03 - jessie 07/17/2011 15:20:48.1.2 - x86Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3317.2098 [GMT -7:00]Running from: c:\users\jessie\Desktop\ComboFix.exeSP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\programdata\defender.exe..((((((((((((((((((((((((( Files Created from 2011-06-17 to 2011-07-17 )))))))))))))))))))))))))))))))..2011-07-17 22:50 . 2011-07-17 22:52 -------- d-----w- c:\users\jessie\AppData\Local\temp2011-07-17 22:50 . 2011-07-17 22:50 -------- d-----w- c:\users\Default\AppData\Local\temp2011-07-17 22:50 . 2011-07-17 22:50 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp2011-07-17 22:16 . 2011-07-17 22:16 -------- d-----w- c:\windows\system32\MpEngineStore2011-07-16 20:50 . 2011-06-20 15:57 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2582FC9B-796A-485F-9C06-A017B09B9DE8}\mpengine.dll2011-07-16 18:32 . 2011-07-16 18:32 -------- d--h--w- c:\programdata\PC Tools2011-07-15 04:29 . 2011-07-16 10:53 -------- d--h--w- c:\users\jessie\AppData\Roaming\IMVU2011-07-07 00:11 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll2011-07-02 23:25 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll2011-07-02 22:56 . 2011-02-16 16:16 34304 ----a-w- c:\windows\system32\atmlib.dll2011-07-02 22:55 . 2011-02-18 14:03 305152 ----a-w- c:\windows\system32\drivers\srv.sys2011-07-02 22:55 . 2011-03-02 15:44 86528 ----a-w- c:\windows\system32\dnsrslvr.dll2011-07-02 22:55 . 2009-05-04 09:59 25088 ----a-w- c:\windows\system32\dnscacheugc.exe2011-07-02 22:55 . 2011-04-21 13:58 273408 ----a-w- c:\windows\system32\drivers\afd.sys2011-07-02 22:53 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll2011-07-02 22:51 . 2011-05-02 17:16 739328 ----a-w- c:\windows\system32\inetcomm.dll2011-07-02 22:51 . 2011-04-30 06:09 758784 ----a-w- c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll2011-07-02 22:51 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll2011-07-02 22:51 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe2011-07-02 22:51 . 2011-05-02 12:02 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat2011-07-02 22:51 . 2011-04-29 13:24 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys2011-07-02 22:51 . 2011-04-29 13:24 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys2011-07-02 22:51 . 2011-04-29 13:24 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys2011-07-02 22:51 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2011-05-25 02:14 . 2010-05-25 23:08 222080 ----a-w- c:\windows\system32\MpSigStub.exe..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712].[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}].[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]2010-09-29 06:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712].[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}][HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1][HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}][HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd].[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712].[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}][HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1][HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}][HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd].[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"WindowBlinds"="c:\program files\AlienGUIse\wbload.exe" [2005-05-12 437760]"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-19 39408]"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-27 3883856]"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-08-31 2321600].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ATSwpNav"="c:\program files\Fingerprint Sensor\ATSwpNav -run" [X]"RtHDVCpl"="RtHDVCpl.exe" [2006-11-01 3772416]"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-26 151552]"IndicatorUtility"="c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2006-11-07 97072]"LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2006-11-17 80688]"LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2006-11-26 260912]"LoadBtnHnd"="c:\program files\Fujitsu\BtnHnd\BtnHnd.exe" [2006-11-13 68400]"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-12-08 240640]"OmniPass"="c:\program files\Softex\OmniPass\scureapp.exe" [2007-01-25 2506752]"FJUPDNV_Chitose"="c:\program files\Fujitsu\chitose\updatenv.exe" [2006-11-28 151552]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-25 154136]"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-25 129560]"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-29 583048]"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]"DNS7reminder"="c:\program files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" [2006-11-27 255528]"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 648072]"SSUtility"="c:\program files\Fujitsu\SSUtility\FJSSDMN.exe" [2009-01-19 193832]"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-23 107112]"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-11-28 134808]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]"PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2007-12-11 323584]"GuideMenu"="c:\program files\Corel\Corel GuideMenu\GuideMenu.exe" [2007-08-08 1282048]"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904]"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-14 421160].c:\users\jessie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2010-7-25 0]OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]Xfire.lnk - c:\program files\Xfire\Xfire.exe [2008-11-20 2986320]ZooskMessenger.lnk - c:\program files\ZooskMessenger\ZooskMessenger.exe [N/A].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-10-31 2134016].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"EnableLUA"= 0 (0x0)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]2001-12-21 06:34 24576 ----a-w- c:\program files\AlienGUIse\fastload.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\windows\System32\wbsys.dll c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"aux"=wdmaud.drv.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]"DisableMonitoring"=dword:00000001.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000001.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]"DisableMonitoring"=dword:00000001.R0 omnipass;omnipass; [x]R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 135664]R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]R2 UpdateNaviInstallService;UpdateNaviInstallService;c:\program files\FUJITSU\chitose\updnvsrv.exe [2006-11-27 11776]R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]R3 ADVNTDRV;ADVNTDRV;c:\windows\System32\drivers\ADVNTDRV.SYS [1999-11-18 3872]R3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [2009-12-18 11336]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-05-16 105592]R3 PAC207;PC Camer@;c:\windows\system32\DRIVERS\PFC027.SYS [2008-02-14 618112]R3 SavRoam;SavRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2006-11-28 122008]R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-12-01 34384]R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]R3 wtpfiltr;wtpfiltr;c:\windows\system32\drivers\wtpfiltr.sys [2006-02-03 7680]S0 FBIOSDRV;FBIOSDRV;c:\windows\system32\drivers\FBIOSDRV.SYS [2006-08-28 8960]S0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\system32\DRIVERS\FJGSDisk.sys [2009-01-19 12712]S0 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2006-10-03 36640]S0 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2006-10-12 33152]S1 MpKsl6ac7c502;MpKsl6ac7c502;c:\windows\system32\MpEngineStore\MpKsl6ac7c502.sys [2011-07-17 28752]S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\DRIVERS\FUJ02E3.sys [2006-11-01 5632]S3 LachesisFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [2007-08-08 12032]S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2010-05-31 6638080]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - MPKSL6AC7C502.[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]WindowsMobile REG_MULTI_SZ wcescomm rapimgrLocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgrLocalServiceAndNoImpersonation REG_MULTI_SZ FontCache.Contents of the 'Scheduled Tasks' folder.2011-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 18:43].2011-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 18:43].2011-07-17 c:\windows\Tasks\Norton Security Scan for jessie.job- c:\program files\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2010-01-21 18:04].2011-01-27 c:\windows\Tasks\User_Feed_Synchronization-{D9B30BB4-63C0-47D4-A444-A174F9308500}.job- c:\windows\system32\msfeedssync.exe [2011-07-02 04:32]..------- Supplementary Scan -------.uStart Page = hxxp://www.google.com/uInternet Settings,ProxyOverride = *.localIE: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.htmlIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.htmlIE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\jessie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnkTCP: DhcpNameServer = 71.9.127.107 68.190.192.35 68.116.46.115FF - ProfilePath - c:\users\jessie\AppData\Roaming\Mozilla\Firefox\Profiles\fuv9skuz.default\FF - prefs.js: browser.search.selectedEngine - Ask.comFF - prefs.js: browser.startup.homepage - google.comFF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=BT5&o=15435&locale=en_US&apn_uid=2E93CA3B-BC6D-419B-9E29-090DEA85836B&apn_ptnrs=GG&apn_sauid=2030DDD6-440F-49DD-838D-BA9D87A2FF18&apn_dtid=YYYYYYB7US&q=FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.comFF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtensionFF - user.js: network.protocol-handler.warn-external.dnupdate - false.- - - - ORPHANS REMOVED - - - -.HKCU-Run-cinipvtg - c:\users\jessie\AppData\Local\hbgxpdokv\qqywpebtssd.exeAddRemove-Aim Plugin for QQ Games - c:\program files\Tencent\QQ Games\Plugin\Uninstall.EXEAddRemove-QQ Games - c:\program files\Tencent\QQ Games\Uninstall.EXE...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2011-07-17 15:52Windows 6.0.6002 Service Pack 2 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-1407658311-2280804667-1995695326-1000\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\ActiveSync]"Name"="ActiveSync""DisplayName"="Microsoft ActiveSync""Param1"="ActiveSync""Type"="wellknown""Order"=dword:00000000"State"=dword:00000020.[HKEY_USERS\S-1-5-21-1407658311-2280804667-1995695326-1000\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\IESettings]"Name"="IESettings""Type"="IESettings""Order"=dword:00000002"State"=dword:0000000b.[HKEY_USERS\S-1-5-21-1407658311-2280804667-1995695326-1000\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\MediaFiles]"Name"="MediaFiles""Type"="MediaFiles""Order"=dword:00000001"State"=dword:0000000b.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000"MSCurrentCountry"=dword:000000b5.Completion time: 2011-07-17 16:10:29ComboFix-quarantined-files.txt 2011-07-17 23:10.Pre-Run: 18,740,314,112 bytes freePost-Run: 30,579,814,400 bytes free.- - End Of File - - 9F820A2202582C92F5A995EC8F1106FEEdit: Moved topic from Vista to the more appropriate forum. ~ Animal

A: Malware system protection one

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appear Click OKDeFogger may ask you to reboot the machine, if it does - click OKDo not re-enable these drivers until otherwise instructed.Download DDS:Please download DDS by sUBs from one of the links below and save it to your desktop:
Download DDS and save it to your desktop

Link1
Link2
Link3

Please disable any anti-malware program that will block scripts from running before running DDS.

Double-Click on dds.scr and a command window will appear. This is normal.Shortly after two logs will appear:
DDS.txt Attach.txtA window will open instructing you save & post the logsSave the logs to a convenient place such as your desktopCopy the contents of both logs & post in your next replyScan With RKUnHookerPlease Download Rootkit Unhooker Save it to your desktop.Now double-click on RKUnhookerLE.exe to run it.Click the Report tab, then click Scan.Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.Wait till the scanner has finished and then click File, Save Report.Save the report somewhere where you can find it. Click Close.Copy the entire contents of the report and paste it in a reply here.Note** you may get this warning it is ok, just ignore"Rootkit Unhooker has detected a parasite inside itself!It is recommended to remove parasite, okay?""just click on Cancel, then Accept".information and logs:In your next post I need the following

.logs from DDSlog from RKUnHookerlet me know of any problems you may have hadGringo

3 more replies
Answer Match 60.48%

Pretty much any form of antivirus/antispyware programs that are installed have stopped working (IE: malwarebytes, spybot, HiJack This, and Panda) and wheni click some of them it says, "Application cannot be executed. The file is infected. The file is infected. Please activate your antivirus software."

Task manager also does not seem to work and gives the above error message. I also get some popups related to Protection System.

The DDS program/logger didn't work and also gave the above error; however, I was able to get a RootRepeal log and have attached it.

Thanks for your time.

A:very bad "Protection System" Malware

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.Please download and run Win32kDiag: Download Win32kDiag from any of the following locations and save it to your Desktop. Download Win32kDiag (Win32kDiag.exe) - #1 Download Win32kDiag (Win32kDiag.exe) - #2 Download Win32kDiag (Win32kDiag.exe) - #3 Double-click Win32kDiag.exe to run Win32kDiag and let it finish. When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program. Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.Download and run a batch file (peek.bat): Download peek.bat from the download link below and save it to your Desktop.Download peek.bat Double-click peek.bat to run it.A black Command Prompt window will appear shortly: the program is running. Once it is finished, copy and paste the entire contents of the Log.txt file it creates as a reply to this post.==========Please post the following logs in your next reply:* Win32kDiag.txt* Log.txt

27 more replies
Answer Match 60.48%

Here is my log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:44:04 PM, on 6/30/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exec:\Program Files\Common Files\Symantec Shared\ccProxy.exec:\Program Files\Common Files\Symantec Shared\ccSetMgr.exec:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exec:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\HPZipm12.exec:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\ehome\ehtray.exeC:\Program Files\Java\jre1.5.0\bin\jusched.exeC:\windows\system\hps... Read more

A:Protection System Malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 60.06%

Hello Experts,I have win 7 and installed Microsoft Security Essential (MSE) with latest updates. System Progressive Protection (Malware) showed up and hijacked my computer. My windows firewall is ON. I am wondering, how does this malware come into my system and changed folders/registry. How did MSE allow to make such changes? As I googled, there are suggestion to install additional antivirus software. Is it necessary to go in that direction? Thanks in advance.

A:System Progressive Protection - Malware

Welcome RIMD... Please follow our guide System Progressive Protection Removal Guide Post the log and tell us how it isThe log is automatically saved and can be viewed by clicking the Logs tab.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.

1 more replies
Answer Match 60.06%

I think my laptop is infected by the System progressive protection malware. Whenever I turn on the laptop, window will hange at the booting stage without reaching to the desktop page.

To reach to the desktop page successfully, I need to boot window in safe mode and select start window normally option. Once window is at the desktop page, program name "system progressive protection" will do the scanning automatically and listed out several infected files on my laptop. All the programs that I try to execute are prohibited by this malware.

I am very grateful for your help to solve this problem. I have done the HijackThis, DDS, and GMER scanning. Please see below log files. Thank you.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:06:49 PM, on 12/28/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\Explorer.exe
C:\Windows\system32\ctfmon.exe
C:\Users\... Read more

A:System Progressive Protection malware

16 more replies
Answer Match 60.06%

I was surfing the internet and all of a sudden this protection system prompt popped up. I thought it was a legitimate windows prompt and thus clicked on it. It seems to have installed itself into my computer and has shut off my legitimate anti virus software. The Protection System program slows down my computer and it sometimes makes my screen go black and pops up with a prompt asking me to download more anti virus software. Sometimes it gets really bad with the pop ups and it doesn't allow me to do anything. I tried to download malwarebytes in order to solve this problem. I installed it successfully however, the protection system doesn't allow me to run malwarebytes. Same goes for my McAfee AV. Both are installed and neither one is allowed to run. Hope you guys can help with this problem. Thanks

A:Infected with Protection System Malware

We have a self-help area for removing common malware. Please see the tutorial How to remove Protection SystemWhen done, click the Logs tab and copy/paste the contents of the new report in your next reply.Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

3 more replies
Answer Match 60.06%

Hi, all. First, thank you for everything you do. I've come to this site a couple of times over the years and everyone has been incredibly helpful. I really appreciate it.

Now I come once again with a malware issue. I thought Spyware Doctor had gotten rid of all of Protection System, but it seems there are still residual traces wreaking havoc. I can hear different programs clicking on & off in the background, but nothing shows up in task manager. Spyware Doctor is finding a new Trojan or spyware about once an hour. Firefox Google Search doesn't seem to work and when I go to Google directly, I'm sometimes redirected to a different site & another Google tab opens up. When I reboot, I get half a dozen of memory errors.

I ran DDS, but GMER just would not run at all. I can download the zip file, but the program itself just won't initiate an install. I have the same issue with MalwareBytes--it seems something is preventing these programs from loading.

If you have any insight as to what is going on, I'd appreciate any sage advice you have to offer. Thank you.

DDS.txt:


DDS (Ver_09-06-26.01) - NTFSx86
Run by Brigid Fitch at 19:22:51.92 on Mon 07/13/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.313 [GMT -4:00]

AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: Protection System *On-access sc... Read more

A:Infected with Protection System malware

hi.

Let run your gmer in a different way. Follow the instructions below;

If you have the gmer.exe now, delete it please.

Redownload GMER from here:
http://www.gmer.net/files.php

Unzip it to the desktop.

---------------------------------
Open Notepad and copy/paste the contents in the code box below, into Notepad.

Code:
@copy /y gmer.exe gamer.exe
@Start gamer.exe -protect
Save this as kyrie.bat Choose to "Save type as - All Files"

It should look like this:

Place the batch next to gmer & double click kyrie.bat to launch it.

--------------------------------------------------------------------------

When the program opens and click on the Rootkit tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for 'Show All'.
Click on Scan.
Once done click on the [Save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop.
Attach that ARK.txt in your next reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Mark

19 more replies
Answer Match 59.22%

Hey All,

I have the System Progressive protection Malware Issue.

I have shut down the main portion of this malware and I'm just waiting on the additional cleanup.

Thanks,
Cnon

A:I have the System Progressive protection Malware Issue

I'm clean now, would it be ok the link the guide I used?

Cnon

8 more replies
Answer Match 59.22%

Laptop just got hit with this. Window opens stating its Malware Protection and starts running a scan, when I try to run or do anything else I get a pop up window saying app cant start infected with W32/Blaster.worm please activate malware protection. Also shows a sheild in the tray. Help me please.

More replies
Answer Match 59.22%

Hi, all. First, thank you for everything you do. I've come to this site a couple of times over the years and your advice has been incredibly helpful. I really appreciate it.
Now I have my own problem with a malware issue. My computer has become disabled. It boots to the desktop, but I cannot access anything with my mouse, and when I place the cursor in the taskbar, the hourglass icon appears. Sometimes the Protection System window would appear trying to tell me about some fake virus problems and to do an install.
I was able to delete any mention of Protection System from the registry through safe mode with command prompt, then regedit. That removed the Protection System screen from startup, but I still can't run any scans to send to you for review. Nothing works! I have to unplug the machine to turn it off!
Is there any other way to access scan programs to get this fixed?
I am running Windows XP with I believe Service Pack 3.

A:Protection System malware wreaking havoc

Bump, please!

Please help! I am still having trouble with this nasty malware one week later.

1 more replies
Answer Match 57.54%

Hi, as you can see by my Topic title, I am ready to tear my hair out trying to get this computer back to normal so any help would be GREATLY appriciated. My computer seems to be infected with a rogue anti-virus called Protection System, and it causes fake Windows Security Alerts to pop up every so often with claims that my computer is infected. Most forums I go to tell me that people who have this Malware can't search for help on Google, this is true in my case to a certain degree. Before EVERY link on Google I clicked made a pop up coming up, leading to some AD website called windowsupdate.com or something like that, but now it doesnt do that, but some websites are blocked and I find ways around them. On top of that after a couple of hours or so depending on the time, a system shutdown will start to countdown. Now most times I can avert this by simply clicking cancel whenever the task manager pop ups start occuring telling me to End Now and stuff, but sometimes it goes through. Also sometimes i'll get a process called IEXPLORE.EXE which I know isn't the REAL iexplore.exe because 1 it's UPPER CASE and 2 I use Opera, and the IEXPLORE.EXE will play random audio clips of commercials and scenes and stuff like that and I have to end the processes from the Task Manager. Also I have weird processes like: wscsvc32.exe, g106p.exe, freddy41.exe etc etc. I downloaded Malwarebytes but I had to save it and run it from my external hard drive because if i save it on my normal hard drive it ... Read more

A:HELP!! PROTECTION SYSTEM ROGUE ANTI-VIRUS MALWARE MAKING ME INSANE!!!

Also here is my Malwarebytes LOG as well:Malwarebytes' Anti-Malware 1.38Database version: 2297Windows 5.1.2600 Service Pack 26/26/2009 3:15:19 AMmbam-log-2009-06-26 (03-15-19).txtScan type: Quick ScanObjects scanned: 116506Time elapsed: 14 minute(s), 27 second(s)Memory Processes Infected: 3Memory Modules Infected: 0Registry Keys Infected: 11Registry Values Infected: 8Registry Data Items Infected: 0Folders Infected: 5Files Infected: 43Memory Processes Infected:C:\WINDOWS\freddy47.exe (Worm.KoobFace) -> Unloaded process successfully.C:\WINDOWS\system32\reader_s.exe (Trojan.Agent) -> Unloaded process successfully.C:\Documents and Settings\Compaq_Owner\reader_s.exe (Trojan.Agent) -> Unloaded process successfully.Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_CLASSES_ROOT\CLSID\{b2c7b2a1-00f3-42bd-f434-00aaba2c8952} (Trojan.Ertfor) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b2c7b2a1-00f3-42bd-f434-00aaba2c8952} (Trojan.Ertfor) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b2c7b2a1-00f3-42bd-f434-00aaba2c8952} (Trojan.Ertfor) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall&... Read more

3 more replies
Answer Match 56.7%

First of all - thank you for your dedication to people like me!
I followed the removal instructions but then has a black screen when restarting my computer. Computer woks in safe mode.
I have done a Windows startup repair but it cannot be completed, I get the message that unspecified changes to system configuration might have caused the problem. Error code 0x490.
Also get Boot/BCD failed.
I have restored the computer and can work on it in normal mode. I still see the little lock of the Malware on my taskbar.
I have also purchased Advanced System Care to assist but I get no joy...
It seems like removal of the Malware also removes some system registry files but I am no expert.

Please, please help me!

A:Uninstall of System Progressive Protection Malware creates registery files problems

Please do the following:Please download DDS from either of these linksLINK 1 LINK 2and save it to your desktop.Disable any script blocking protection Double click dds to run the tool. When done, two DDS.txt's will open. Save both reports to your desktop.---------------------------------------------------Please include the contents of the following in your next reply:DDS.txtAttach.txt. NEXTPlease download aswMBR to your desktop.Double click the aswMBR.exe icon to run itWhen asked if you want to download Avast's virus definitions please select Yes.Click the Scan button to start the scanOn completion of the scan, click the save log button, save it to your desktop and post it in your next reply.You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well

40 more replies
Answer Match 55.02%

A new variant of the ACCDFISA Protection Center ransomware has been released called Malware Protection. The malware developers target Windows servers and appear to hack them in order to install the software. Once the Malware Protection ransomware is installed, it will lock you out of computer and create password-protected RAR archives out of your data that you can no longer access unless you pay a $300 ransom.

When installed, the Malware Protection ransomware will scan your computer for all files using certain file extensions and will use the command line RAR program to turn them into a password protected RAR archive. These files will be renamed with the .aes extension and are supposed encrypted with the AES encryption. You will then be prompted to pay a ransom in order to get the decryption key to restore your files. The decryption key starts with aes987156 and then the password for the RAR files is appended to it. The decrypt.exe program will read through the list of encrypted files and extract them to the proper location using the RAR password. In the past version of this malware, there have been some cases reported that the decrypt process actually deleted the files, so once you have the RAR password it is suggested that you use a manual method restore the files. A manual method using a batch file can be found in the How to remove and decrypt the ACCDFISA Protection Program guide.

The files that this infection installs can be found in the following locations:


... Read more

A:New ACCDFISA Protection Center ransomware called Malware Protection

Hello,

Thanks for all the tips. We have had a number of clients affected with both variants. All these clients had kaspersky installed! Does anyone know the source of these infections? Is it via email/web/RDP or manual?

Thanks
Nihar

more replies
Answer Match 53.34%

  I am a bit unsure of difference between malware protection and anti-virus protection. I have Norton nis which is great for stopping Trojans. I have a company that works on my computer if I have a problem. They wanted me to put in a anti malware program. I have been having problems with computer lately, so I let them do this, could this cause a problem, because I know that you are not supposed to run 2 anti-virus programs?
          Anyone?

A:Difference between malware protection and virus protection

Anti-virus and anti-malware programs each perform different tasks as it relates to computer security and threat detection. Essentially, they look for and remove different types of malicious threats. In simplistic terms, an anti-virus program will focus on viruses, worms, Trojans, rootkis and bots while anti-malware programs generally tend to focus more on spyware, adware and PUPS (potentially unwanted programs)?. However, there can be some overlap in functionality and detection features depending on the program's scanning engine, how the vendor defines a specific threat and what Naming Standards are used. Some vendors also add a modifier or additional information after the name that further describes what type of malware it is.The Difference Between Antivirus and Anti-MalwareAntivirus and Antispyware Software: What's The Difference?What Is the Difference Between Antivirus & Antispyware?Use Anti-Virus and Anti-Spyware SoftwareTo fully understand the difference between Anti-virus and Anti-spyware (anti-malware) programs, you need to understand the difference between the various types of malware. Please read the Glossary of Malware Related Terms.

6 more replies
Answer Match 52.92%

Thanks in advance to the BleepingComputer users for helping me and others with this malware/virus problem: On December 14, 2011, the System Fix Virus & Privacy Protection Virus hijacked and infected my system: WinXP (64-bit). They've caused my default web browser to change frequently (each time I reboot my PC). So I've been having trouble getting rid of all of this malware/viruses from my system, since I use Windows XP x64. The latest version(s) of ComboFix and TDSSKiller don't work on the 64-bit version of Windows XP, but they are compatible with other versions of Windows: 98, XP, VISTA, 2000, 2003, 2008 and Windows 7! The following programs were made for other operating systems, so I need a solution to these 3 problems (listed below)e: ComboFix.exe and TDSSKiller.exe are not compatible with my Windows XP 64-bit system. So how do I get rid of the malware/viruses from this computer without those apps that were made to get rid of the following problems on other Windows OS's?:1. System Fix Virus (reference: http://www.bleepingcomputer.com/forums/topic432547.html)2. Privacy Protection Virus (reference: http://www.bleepingcomputer.com/forums/topic432664.html)3. Google-Redirect Malware (reference: http://www.bleepingcomputer.com/forums/topic416561.html)

A:Infected WinXP 64-bit with "System Fix Virus" & "Privacy Protection Virus" (Malware)

That is coorect they will not.. If you need to remove malware stiil then please go here....Preparation Guide ,do steps 6 - 9.Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.If Gmer won't run,skip it and move on.Include a link back to this topic.Let me know if that went well.

1 more replies
Answer Match 52.5%

My system, XP Ser Pk 3, was infected by malware called "System Progressive Protection". I understand that this malware belongs to the Winwebsec family of rogue security products. It blocks its victims from accessing any other application on an infected machine. It would only allow access to IE, presumeably for paying the fee to clear it.
Unfortunately I contracted for a one-time-fix to be carried out by MYTECHGURUS. At their request I booted into Safe+Network mode and then watched as the downloaded a single anti-malware prog, MalwareBytes, and ran that. They then unloaded my installed Microsoft Security Essentials, which would not respond, re-installed it, updated it, and ran a Quick scan. They then declared my computer to be ok!!

Shortly afterwards I discovered that Security Essentials will not update. The pop-up says:
"Virus and Spyware definitions update failed.
Check Internet and Network connections and try again.
Error code: 0x80070424"
Other computers on the home wireless network Update without a problem and prior to this issue there was not a problem on this box.

The only way that I can update Essentials is by uninstalling and reinstalling. It will then update but following that update the error message recurs on the next attempt.

Also when I attempt to check if Windows Firewall is on by Run Firewall.cpl I get the message:
"Due to an unidentified problem, Windows cannot display Firewall settings"

I no longer trust the machine and would... Read more

A:After effects of malware "System Progressive Protection"?

16 more replies
Answer Match 49.98%

Privacy Protector, Error Cleaner and Spyware&Malware protection, it pops up a message saying my computer is infected and keeps opening internet windows even when i change the homepage away from the site it wants to go to. it is really slowing my laptop down, and when u attemp to close the pop ups or delete the desktop icons, it frezzes the laptop and the only way to resolve it is to restart but it just comes back no matter what, norton will not pick it up either. it is causing my laptop start up and loading time to be epic and is making it unusable, this topic has been fixed before by RichieUK on: http://www.bleepingcomputer.com/forums/t/105116/privacy-protector-error-cleaner-spyware-malware-protection/ i have the exact same thing. should i just follow those steps or wait for specific advice for my system? Logfile of Trend Micro HijackThis v2.0.2Scan saved at 00:00:05, on 03/09/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\S... Read more

A:Malware, Privacy Protector, Error Cleaner And Spyware&malware Protection

Hello,* Download Combofix to your desktop.Doubleclick combofix.exeFollow the prompts.Don't click on the window while the fix is running, because that will cause your system to hang.When finished and after reboot (in case it asks to reboot), combofix will open again to gather the necessary information for the log. This may take a bit. When done, Combofix will close and a log should open, combofix.txt. Post the contents of this log in your next reply together with a new hijackthislog.Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.

27 more replies
Answer Match 49.56%

This showed up when i started up my computer last night (I'm running XP). My desktop background changed to red with biohazard type logo, windows keep popping up trying to sell me protection, etc. when it first showed up some of my desktop icons dispeared and i couldn't get into my c drive, but that seems to have stopped for the moment.I've run my Kasperskys Antivirus, which says it can't delete it, disinfects it, but doesn't seem to change anything.I've also used System Mechanic 5, Spybot Search and Destroy, Smitfraudfix (i saw this suggested to someone else veiwing another forum- and it seems to work and everything looks good for 5 minutes, but then low and behold it comes right back) plus RegClean, RegistryFix, Tracks Eraser Pro, BugDoctor- to try and clean stuff out- some things seem to get rid of it, but then it returns. I've been looking it up on google to see what other people did, and trying these things, but obviously this strategy hasn't worked. its just given me a headache.I'm out of my depth. I really need help! Thankyou in advance for your wisdom.Here are my dss reports:Deckard's System Scanner v20071014.68Run by Aqua Dragon on 2008-06-08 11:54:45Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --5: 2008-06-08 15:54:53 UTC - RP230 - Deck... Read more

A:I Have An Error Cleaner, Privacy Protector, Spyware And Malware Protection Problem (virus? Malware? Trojan?)

Hi,Please uninstall the following programs since they are known to cause more damage than anything else:RegistryFix v6.2Bug Doctor 3.0.3.8Reboot afterwards.After reboot, * Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixThis includes installing the Windows XP Recovery Console in case you have not installed it yet.Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

2 more replies
Answer Match 46.62%

I've had the System Integrity Scan Wizard, PC-Antispyware, and Security System Protection Control Panel popups and my backround change to a blue colour. After reading some of the posts here and running Spybot Search and Destroy, Ad-Aware 2007, RegCure and Malwarebytes Anti-Malware it seems as if that problem was solved, but now everytime I put my pc on I get these messages:The first one says "rundll32.exe - Bad Image : The application or DLL C:\WINDOWS\system32\qpfrsnow.dll is not a valid Windows image. Please check this against your installation diskette" and the second one says "RUNDLL -Error loading C:\WINDOWS\system32\qpfrsnow.dll%1 is not a valid Win32 application".The disk that I got when I bought my pc was Windows XP Home Edition SP1. I downloaded SP2 from the internet.I'm attaching all of the logs you need to assist me, because I don't know if and how badly my pc is still infected.I attached 4 log files: 1. DSS Main.txt 2. DSS Extra.txt 3. Kaspersky 4. DSS Main.txt - after the Kaspersky reportThank you for taking the time to look into my problem.DSS MAIN.TXTDeckard's System Scanner v20071014.68Run by Parratjie on 2008-04-17 09:29:31Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------... Read more

A:System Integrity Scan Wizard, Security System Protection Control Panel

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Run Hijackthis again, click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =O4 - HKLM\..\Run: [e43075dd] rundll32.exe "C:\WINDOWS\system32\qpfrsnow.dll",b================Click Start -> Control Panel -> Add Remove Programs and uninstall these programs:J2SE Runtime Environment 5.0 Update 11 Java? 6 Update 2 Java? 6 Update 3 Java? SE Runtime Environment 6 Update 1Reboot and post a new hijackthis log.

37 more replies
Answer Match 46.62%

I've had the System Integrity Scan Wizard, PC-Antispyware, and Security System Protection Control Panel popups. They've been very stubborn but after reading some of the posts here and running Spybot, Adaware, SmitfraudFix, Panda Activescan, Housecall, Stinger Avert, Windows Defender, and SDFix, I am now getting only one popup, which shows up as a blank white rectangle in the center of the screen (and now I can't click "Close" to get it off the screen, since the "Close" option is missing). From the size & shape, I believe it's the Security System Protection Control Panel. Would you please review my HijackThis log? Also, in some of the posts I've noticed recommendations to update Java. Is that needed in my case? Thanks very much for your help.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:55:55 PM, on 3/28/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Sh... Read more

A:System Integrity Scan Wizard, Security System Protection Control Panel

The blank popup appeared to be repopulated with information over time...apparently the spyware refreshed itself. I also learned from Task Manager that all of my popups were from the System Integrity Scan Wizard. After some more searching, I found the name (in my case, yzqrqzkp.exe) and told Norton Firewall to block it from accessing the internet. I used HijackThis to fix it and then deleted it and a namesake (YZQRQZKP.EXE-1253B76A.pf) from Windows\Prefetch (not sure that was necessary but deleted it anyway). My only concern is that from what I read, there should have been another copy in \Local Settings\Application Data, which I didn't find. I updated Java per instructions in another post, also turned System Restore off and on. I think the PC is now clean, but would you review my latest HijackThis log to be sure? Thanks very much.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:05:26 AM, on 3/30/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Syman... Read more

14 more replies
Answer Match 46.62%

I have windows 7 home premuim 64 bit
I went to create restore point on my new dell and after about an 1/2 hour of waiting for SR to open up I got this:

You have no Restore Points. Use System Protection to create restore point.
When I attempt to turn on System Protection, it doesn't show any drives available when it opens -- it just says that it's searching for available drives and it keeps searching and doesn't stop. Eventually, I'll receive the following Error Message:

"There was an unexpected error in the property page: System Restore encounter an error. Please try to run System Restore again (0x81000203)." also all button are greyed out. I wanted take an image to show you but that's not working either. Is there hope?

Thank you.

 

A:Windows 7 Home Premuim System Restore and System Protection not working.

16 more replies
Answer Match 46.62%

My PC is infected with 3 malware popups named Security System Proctection Control Panel, System Integrity Scan Wizard and Security System Warning (the last one telling me I have Abebot). I have tried to get rid of them with Kaspersky Antit-Virus, Adaware, spyware sweeper, and SpybotSD, but they are still running. I didn't run the online scan by Kaspersky because I have the most recent version installed and running on my PC. When I ran a rootkit scan with KAV, it took just over four hours and reported my PC was clean. So for whatever reason Kaspersky is not picking up these three forms of malware. Following all other directions on your preliminary instruction list I used Deckard's System Scanner to make two Hijack This files. They are pasted in below. Please take a look and tell me what I should do to get rid of this malware. Thank you very much for this valuable service you are providing.-- Dark EagleDeckard's System Scanner v20071014.68Run by Perry H. Chesnut on 2008-04-18 23:11:18Computer is in Normal Mode.--------------------------------------------------------------------------------Backed up registry hives.Performed disk cleanup.-- HijackThis (run as Perry H. Chesnut.exe) ------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:47:35 PM, on 4/18/2008Platform: Windows 2000 SP4 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Boot mode: NormalRunning processes:F:\WINNT\System32\smss.exeF:\WIN... Read more

A:Security System Protection Control Panel & System Integrity Scan Wizard Popups

Hello Dark Eagle. to BleepingComputer.comMy name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)Please give me some time to look over your computer's log(s).Please take note of the following:In the meantime, please refrain from making any changes to your computer.Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Finally, please reply using the button in the lower left hand corner of your screen.See you soon,Billy3

2 more replies
Answer Match 46.62%

Hello,
 
I have recently successfully cloned my Old primary 1TB Western Digital HDD onto my new 1TB Samsung EVO SSD to increase hard drive performance to give it a quick boot up and to enable Windows and my programs to load a lot quicker and perform better with multi tasking. My laptop is one of the bigger 17inch Acer models which comes with two hard drive bays. So once I had wiped my older WD HDD I then inserted a new 2 TB Seagate hard drive into the second bay to be able to store it for personal and media files, and any other imprtant data, to keep it the SSD as the primary hard drive and just for OS and programs only. My system runs the Windows 8.1 OS and is 64 bit.
 
However, I wanted to create a restore point and upon doing so, I found that System protection was turned off for all my both my hard drives.
 
I thought I had managed to somehow enable system protection on my C:/ Dive (including the partioned :D/ drive on the same hard drive) on my SSD, and yet though it shows them enabled, it shows the word missing next to them, and I am assuming this is telling me the previous restores are missing; whether as a result of cloning I don't know. The other weird thing is further up the properties page it also shows the C\ and D:\ Drive but turned off.
 
So I thought I would try increasing the disk space usage, since it was showing it at 0, and it would allow me to do so and returned the message: 'There was an unexpected error in the property page: The system... Read more

More replies
Answer Match 46.62%

Hello,

I have recently just successfully cloned my Old primary 1TB Western Digital HDD onto my new 1TB Samsung EVO SSD to increase hard drive performance to give it a quick boot up and to enable Windows and my programs to load a lot quicker and perform better with multi tasking. My laptop is one of the bigger 17inch Acer models which comes with two hard drive bays. So once I had wiped my older WD HDD I then inserted a new 2 TB Seagate hard drive into the second bay to be able to store it for personal and media files, and any other imprtant data, to keep it the SSD as the primary hard drive and just for OS and programs only. My system runs the Windows 8.1 OS and is 64 bit.

However, I wanted to create a restore point and upon doing so, I found that System protection was turned off for all my both my hard drives.

I thought I had managed to somehow enable system protection on my C:/ Dive (including the partioned / drive on the same hard drive) on my SSD, and yet though it shows them enabled, it shows the word missing next to them, and I am assuming this is telling me the previous restores are missing; whether as a result of cloning I don't know. The other weird thing is further up the properties page it also shows the C\ and D:\ Drive but turned off.

So I thought I would try increasing the disk space usage, since it was showing it at 0, and it would allow me to do so and returned the message: 'There was an unexpected error in the property page: The system ca... Read more

More replies
Answer Match 46.62%

Hello,

I have recently just successfully cloned my Old primary 1TB Western Digital HDD onto my new 1TB Samsung EVO SSD to increase hard drive performance to give it a quick boot up and to enable Windows and my programs to load a lot quicker and perform better with multi tasking. My laptop is one of the bigger 17inch Acer models which comes with two hard drive bays. So once I had wiped my older WD HDD I then inserted a new 2 TB Seagate hard drive into the second bay to be able to store it for personal and media files, and any other imprtant data, to keep it the SSD as the primary hard drive and just for OS and programs only. My system runs the Windows 8.1 OS and is 64 bit.

However, I wanted to create a restore point and upon doing so, I found that System protection was turned off for all my both my hard drives.

I thought I had managed to somehow enable system protection on my C:/ Dive (including the partioned / drive on the same hard drive) on my SSD, and yet though it shows them enabled, it shows the word missing next to them, and I am assuming this is telling me the previous restores are missing; whether as a result of cloning I don't know. The other weird thing is further up the properties page it also shows the C\ and D:\ Drive but turned off.

So I thought I would try increasing the disk space usage, since it was showing it at 0, and it would allow me to do so and returned the message: 'There was an unexpected error in the property page: The system cannot fin... Read more

More replies
Answer Match 46.62%

The following will be an incomplete report on removing "Malware Protection" aka "Best Malware Protection". I'm posting because I found little help on this scareware infection, and most of it was inaccurate.
1) This malware completely locks out the normal user environment. One can not access Task manager to kill the process.
2) You CAN however safe-mode boot, but:
a) there is no networking, b)there are no folders anywhere, including the contents of Control Panel. It's empty. Also, you can not change keybd or mouse, nor plug the original working units into different ports. PNP is not working!!
What worked:
1) Get mouse and keyboard working by trying usb ports until they work (I took the pc home for shop-repair, but could not work on it because even in safe mode, no kbd or mouse would work)
2) Log into "safe mode with networking".
Used the "run" command from the start menu to open a command window. found no network, and that no NIC was available...
Used services.msc to find that nearly all were disabled! Enabled network required services and got networking / internet access.
launched iexplore from the cmd window, downloaded and installed Malwarebytes.
Pc is now clean, but, all hard disks appear empty, all menu folders are empty, "programs" is empty except for the just installed MBAM...
... Found that ALL files and folders had the "hidden" attrib. set. Reset them all. Now "programs" was pop... Read more

More replies
Answer Match 46.62%

Hello Bleepers:

I searched for this malware name on your site and I cannot find.

I am sure it is like other of these falsely named Security Prevention malwares as well.

I tried rKill (as iexplore) and it was prevented from opening. Malwarebytes prevented from opening.

Has anyone had experience with this one and determined the procedure to remove?

Thanks for any and all help

A:Malware called "Malware Protection"

I am having the same problem. It just appeared. I had RKill and Malwarebytes already downloaded and it disabled them both. It also disabled my internet as well as my task manager. I am so frustrated with these viruses. I only got rid of the windows recovery a few hours ago. I need my computer to work from home and am having a terrible time with this. Please let me know what can be done to fix it. Thanks

3 more replies
Answer Match 46.2%

I've tried to open System Protection in System in the Control Panel but it will not work. It gives an error of 0x81000203. I've rebooted and attempted but get the same thing each time.

A:System Protection not working in System Control Panel

Follow instructions on this page error code 0x81000203__ - Microsoft Community

Scroll to the 2nd answer by Meghmala

6 more replies
Answer Match 46.2%

Please help!!! Pics included to explain the situation
Basically after installing some new software for my phone my windows 7 laptop crashed - it flashes a blue screen and restarts on boot up I can get to image 1 page to try a system repair
But then I need to enable system protection.. Image 2
Is there any way I can do this through a command prompt??
Thank you in advance!!!

A:Enable system protection to preform system restore

Sorry images didnt upload???

9 more replies
Answer Match 45.78%

The System Fix Virus & Privacy Protection Virus hijacked and infected my system: WinXP (64-bit). They've caused my default web browser to change frequently (each time I reboot my PC). So I've been having trouble getting rid of all of this malware/viruses from my system, since I use Windows XP x64.

ComboFix.exe and TDSSKiller.exe are not compatible with my Windows XP 64-bit system. So how do I get rid of the malware/viruses from this computer without those apps that were made to get rid of the following problems on other Windows OS's?:

The latest version(s) of ComboFix and TDSSKiller don't work on the 64-bit version of Windows XP, but they are compatible with other versions of Windows: 98, XP, VISTA, 2000, 2003, 2008 and Windows 7!

1. System Fix Virus (the first virus that affected my Windows system, 2 days ago.)
2. Privacy Protection Virus (behaves almost exactly like the aforementioned virus)
3. Google-Redirect Malware (redirects all my searches to this site: 63.209.69.107)

Thanks in advance to ANY users for helping me and others with this malware/virus problem: I understand and read the previous pinned-thread about the revelant malware/virus issue that Windows-users solved with the programs I've been unable to install on my system. The aforementioned malware/viruses began to infect my PC on December 14, 2011 (since that day, I haven't found a single anti-virus program that can detect the Google-redirect malware/virus on my system).
&nbs... Read more

More replies
Answer Match 45.36%

My Toshiba Notebook (x64) (running Windows 7) has stopped being able to open/run programs. I've been using safe mode to try and find a cure, and safe mode works fine. I ran a few antivirus programs that detected a few things, but none of them solved this issue. Using System Restore seems to be the only thing I can really do, but I've been having some troubles with it.

Only one System Restore point shows up, and it's only from a few days ago, which isn't far back enough to fix my problem (I've already tried restoring it to that point). There are no other options as you can see here and here.

I tried to create my own restore point, but ran into some problems. When I go into "System" the "System Protection" option is missing. I only have these three options:

When I use the search bar to find it instead, "Create a restore point" comes up, but when I click and it opens System Properties, the "System Protection" tab is missing.

When I looked it up, someone had suggested running Regedit and checking HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\SystemRestore\DisableSR but I couldn't get that far.

If anyone could help me out, it would be greatly appreciated.

A:Troubles with System Restore/System Protection

Hello esu and welcome to Seven Forums.

Have you verified that System Protection is turned on? (If it is, try turning it off, restarting the computer, turning it back on, and restarting the computer one more time.)

System Protection - Turn On or Off

See if you can manually create a restore point.

System Restore Point - Create

If not, your computer may have damaged or corrupt sytem files. Try running a system file checker scan from an elevated command prompt (option two.) If problems are found, run the scan 3 times and make sure to reboot the computer immediately after each of the scans.

SFC /SCANNOW Command - System File Checker

4 more replies
Answer Match 45.36%

I need help on how to remove the (system reserved) folder under Available Drives in protection settings. On all my other computers it is not shown. Not sure why it is there as it does not show anywhere else on computer as a drive. I guess it just bugs the hell out of me not knowing why it's there. Any help would be appreciated.

A:In System Protection under Available Drives (System Reserved)

Look in Disk Management and see if the Reserve has a partition letter.

9 more replies
Answer Match 45.36%

Hi Everyone

I went on my laptop this morning and it said I needed to run a system restore. Unfortunately when I try to it says I need to enable system protection on my C drive. I've been searching the web for a solution for the past couple of hours and it seems like quite a common problem. However I've tried all of the suggested solutions and nothing seems to work. I'm not the most computer literate so some of the suggested didn't make the most sense. If anyone has any suggestions to help the matter it would be very much appreciated.

Thanks

A:How do I enable system protection for system restore?

System Protection - Turn On or Off

3 more replies
Answer Match 45.36%

Hi, I defragged my registry (castigate me later, please), and well, my system crashed. I'm running Windows 7 Home Premium 64 bit on a Lenovo laptop, and on startup, I get a blue screen claiming that the OS couldn't boot, and the option to try a system repair. After analysis, it says that it can't repair the system automatically, and offers more advanced options. I can try a system restore, but after selecting a restore point (clearly the one created before defragging the registry), system restore says that I must enable system protection on the drive. I don't remember disabling it, and I don't know how to enable it without access to the desktop.
From those same advanced recovery options, I can use a system image recovery (don't have an image to recover from), the windows memory diagnostic (it claims there's no memory error), or the command prompt. I know very little about using the command prompt, but I can open the task manager at least, though not explorer.exe or msconfig.exe (the prompt claims they're invalid commands).
I've tried booting in safe mode, with the last known good configuration, with boot logging, and everything else from that menu, as well as a Windows 7 recovery disc (though I believe this disc just provides the same options as those installed on the laptop.
If possible, I'd like to know how to enable system protection from the command prompt window so that I can continue with the system restore. I'm quite certain that the error lies in the defragmentation... Read more

A:System Restore - Enabling System Protection

right click my computer/properties/advanced system settings/system protection/ high light your drive, click configure,now click( restore system settings and previous versions of files)
OK and exit

7 more replies
Answer Match 45.36%

 I have a screen shot of it.  There is the Local Disk (C:) listed and then this other.
 Capture.PNG   126.43KB
  0 downloads

A:Under System Prop, and System Protection what is (C:) Missing ?

Post an Image from Disk Management Screen.
 
Control Panel / Administration Tools / Computer Management / Disk Management.
 
This will show all current active drives.
 
 
 

11 more replies
Answer Match 45.36%

I have a Win10 Pro and ran MR to create a system image backup.
It went well but it turned of system protection.
A message shows up with a warning yellow triangle that reads.
Using system protection on a drive that contains system image backups will cause other shadow copies to be deleted faster than normal.
--- How do I stop system protection from being turned off?

I have another Win10 computer and created a MR system image backup on that one also.
System protection wasn?t turned off on that one.

I do not use shadow copies: If shadow copies are in use on my computer it doesn?t matter to me if that is the case as I don?t know how to use them anyway. I just don?t want system protection turned off.

A:I donít want system protection turned off when I do a MR system image

Hi,

The available disk space on the pc with the warning issue is probably too small to store both backup images (MR) and system protection image.






I do not use shadow copies:



Actually you do. System Protection is a form of Shadow Copying.

Furthermore, it's not wise policy to store backups on the same physical drive as your system. Still better than nothing but all in all not sound practice.
Better to store back up on an ext. removable drive.

In the mean time you could reduce the amount of space allocated to System Protection and see if that helps any.

Cheers,

1 more replies
Answer Match 45.36%

I am also infected with the "Best Malware Protection" problem and have done what you suggested here
http://www.bleepingcomputer.com/forums/topic385295.html
Here are the results. Please help thanks Brad.
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6077

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

3/16/2011 9:21:10 AM
mbam-log-2011-03-16 (09-21-10).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|)
Objects scanned: 256125
Time elapsed: 31 minute(s), 49 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 760
Registry Values Infected: 17
Registry Data Items Infected: 7
Folders Infected: 1
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SO... Read more

A:Best Malware Protection

What you need to fix here that was not in those istructions is your HOSTS file this malware adds items to to prevent you from accessing certain sires.Microsoft has a tool to automatically do this for you. Click Me select Run .Rerun MBAM (MalwareBytes) like this:Open MBAM in normal mode and click Update tab, select Check for Updates,when doneclick Scanner tab,select Quick scan and scan (normal mode).After scan click Remove Selected, Post new scan log and Reboot into normal mode.Please ask any needed questions,post logs and Let us know how the PC is running now.

3 more replies
Answer Match 45.36%

I came across this malware today at work and i think what it does is create a fiddler proxy to intercept the ssl certicates.
 
I noticed the work citrix ssl certicate had DO_NOT_TRUST in the issuer field. On firther investigation it looks like it was intercepting the ssl certicate and replacing it with a remote fiddler proxy, essentially saving all the login and passwords during ssl sessions. I gathered this from the status messages that was seen during the login process.

A:Malware protection 360

MalwareProtection360 Analysis = Potentially Unwanted Program (PUP)

3 more replies
Answer Match 45.36%

I have this pop up on one user of my PC. How can I remove this? Also is the high jack this log below. Any help you can provide would be great.
 

 
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 8:32:33 PM, on 10/3/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17280)
 
FIREFOX: 32.0.3 (x86 en-US)
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\Dell\Dell Data Protection\Security Tools Authentication\Bin\DPAgent.exe
c:\program files (x86)\teamviewer\version9\TeamViewer.exe
C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe
C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Michelle\Downloads\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dell13.msn.com/?pc=DCJB
R1 - HKLM\Software\Mic... Read more

A:Malware Protection 360 pop up

Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully.First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.    HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs i... Read more

15 more replies
Answer Match 45.36%

Hello geeks:what do you think about Zemana Antimalware,i have heard that is have good realtime protection against ransomware.
 

More replies
Answer Match 45.36%

I have Nortons 360. It has Anti-Virus Protection,but no Maleware Protection. Should I get another program for Malware Protection? Thank You
 

A:Do You Need Malware Protection

Download and install the free versions of

Malwarebytes Anti-Malware 1.60.1.1000

SUPERAntiSpyware 5.0.0.1144

Make sure to update their definition files during the install process.

After that's done, restart the computer.

Run a quick scan with each one.

Once the scan is finished, select and remove EVERYTHING that was found.

Restart the computer, if prompted to, so the removal process can finish.

-----------------------------------------------------------

I recommend doing a quick scan weekly and a full/complete scan monthly.

Always make sure to update the definition files first BEFORE running a scan.

-----------------------------------------------------------
 

3 more replies
Answer Match 45.36%

i used this guide http://www.bleepingcomputer.com/virus-removal/remove-spyware-protection
i think i have other problems please help...
Scan saved at 1:35:58 PM, on 6/4/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgchsvx.exe
C:\Program Files\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\system32&#... Read more

A:Malware Protection

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator&#... Read more

17 more replies
Answer Match 45.36%

I came across this article that demonstrates how extremely effective a feature like AppLocker is. It becomes very reliable when applied to 500 Windows 7 computers over 3 years as in this case. The result: Not a single malware infection compared to several a week prior to applying AppLocker! Amazing

Free, almost perfect, malware protection with GPO App Locker - Spiceworks

Windows 7 versions:
For Enterprise and Ultimate AppLocker is built-in: AppLocker - Create New Rules
Professional has SRP(Software Restriction Policy): Preventing computer malware by using Software Restriction Policies. | Peter Gubarevich
For Home versions there are similar products available like AppGuard(pay software): AppGuard Review | MalwareTips.com
or Simple Software-restriction Policy: Wilders Security Forums (written by a well known Wilders member)

Personal experience
I'm using SRP and have configured it to only allow executable files to start from the Windows and Program Files folder, folders that require admin permissions to write to. Executable files include exe, com, bat, vbs, dll and more. This basically mean that only installed programs and those part of Windows can start. Any downloaded executable files or files from other drives including USB ones will not be allowed to execute.
Many automatic program updates(including Windows Update) will still work, but apps using files in user folders or in temp folders won't, for example Firefox. So to update such a program or install a new ... Read more

A:Best protection against malware?

Hi,
Sounds like pretty extreme measures
I suppose that last popup message needs a "Mother may I" if I promise to eat all my veg's

9 more replies
Answer Match 44.52%

Hello,

I am currently running Vista Ultimate on my computer and recently I have acquired the Malware Protection virus on my computer, which constantly tries to get me to buy its fake software and will not allow me to open any programs or applications.(In case you are wondering, I am using another computer right now.)

Whenever I try to open something, my computer displays the "W32 Blasterworm virus" thing in the lower right hand corner of my screen. I had Malwarebytes installed on my computer before I got the virus, however the virus will not let me open that program. I also tried doing System Restore, but like I said, my computer won't let me open anything.

I tried to run my computer in Safe Mode, thinking that I could run Malwarebytes in Safe Mode and my problem would be solved, but whenever I try to get into Safe Mode, I get a "Input Not Supported" screen. I looked up that problem and it seems like I need an older monitor, but I don't have one of those available. I'm also not sure if the error I'm getting is because of the virus, or because I need an older monitor because of something to do with the resolution, like I said. (Bear with me- I'm really not very good with computers!!)

Is it necessary for me to run my computer in safe mode in order to get rid of the virus? Are there any solutions I can do myself to fix the problem and get rid of the virus?

Thank you,
any help would be greatly appreciated.

Also, if you need ... Read more

A:Malware Protection Virus

g

1 more replies
Answer Match 44.52%

when i finish to update my windows 7 ( After Clean Install) i get this message

can anyone explain me what this message ?

BTW

A:Microsoft Malware Protection

It is some anomaly with Windows Defender setup which should not present further problems.

In fact, install the best free AV for Win7 Microsoft Security Essentials and it will replace Defender.

MSE gives best performance with Win7 Firewall.

1 more replies
Answer Match 44.52%

I am looking for suggestions on which brand of Real time Malware/Virus protection program. We are a non-profit organization running 6 computers. We do run Malwarebytes, but it is the free version, as well as SuperAnti Spyware. Any suggestions?

A:Virus/Malware Protection

Please see: Supplementing your Anti-Virus Program with Anti-Malware ToolsSpyware Terminator offers free real-time protection, although the latest version is more limited than prior releases.After reading that, scroll up to the first topic posting and read Best Practices for Safe Computing - Prevention.

1 more replies
Answer Match 44.52%

I have a Dell Dimension 8200 with XP, SP2 with AVG, A-Squared, Spybot Avast, Kapersky and Comodo with DSL connection. I noticed my computer it was unusually slow lately even with only (1) program running. I realized part of the problem is that I only have 256MB of RAM which I'm upgrading but I thought perhaps I might have infected with a virus or malware. So I posted my problem to http://groups.google.com/group/microsoft.p...5f61e71c36c6947after going through a series of steps to identify the problem suggested by one of the membersI now suspect that I'm infected with the following:O3 - Toolbar: (no name) - {a2595f37-48d0-46a1-9b51-478591a97764} - (no file) "ProtectionBar, rogue 'security software', related to the notorious PS_Guard/SpywareQuake/WinAntivirus foistware and detected as a variant of the FakeAle aka Zlob or Puper trojan." Here is my Hijackthis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:50:40 AM, on 1/15/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC... Read more

A:Infected With 'protection Bar' Malware

The problem has been resolved using SUPERAntispware.

2 more replies
Answer Match 44.52%

I have a post here: http://forums.techguy.org/general-security/918356-how-do-you-bill-charge.html#post7342582 that discusses the aspects of how you would bill a customer when you have done a malware removal and complete update / protection of system that takes many hours to complete.

One of the things I note in that post is there would likely be comments on what you would do to speed up the process or how you would go about doing it to keep the total hours down to a minimum.

What I would like to discuss here is how and what do you do to keep the total number of hours down when you are doing a complete malware cleaning of a unit with your average to tough malware as well as when you are having to completely update the OS (service packs), install anti-malware tools, update programs, and etc to make the system as defensive as you can for your customer.

Let me give some examples from the other post and then please give feedback on how you handle these situations.

Let's say I have a client with a personal computer. They have 80GB of actual data all on the same drive as the OS, they have very little protection in place, their OS is multiple service packs behind, and they have multiple unknown pieces of malware on the system.

So let's say you go through the normal process of running the 2 to x number of tools you normally would run to clear of malware. You also go through your own personal investigation to catch things not found by the anti-malware tools. You then p... Read more

A:How would you go about doing malware removal and protection?

6 more replies
Answer Match 44.52%

First time poster here!
Thanks for having me....
My old pc was hacked/attacked/destroyed by a virus, keylogger,data thief...aaarrrggghhh.
I have just purchased a new desktop that came with Windows Vista Home Premium 64 bit OS. Here's my issue.

When I log off -shut down my pc & log back in, the Malware Protection @ the Security Center has been turned OFF.

Does anyone have any idea as to why this is happening? I scan as soon as I sign in and this is scaring me to death, especially after what happened to my old pc. The Firewall was constantly "being" turned off old pc.

I was using the highly recommended Trend Micro IS 2008 on my old PC and am now using McAfee through MSN Premium.
I am a novice user and would appreciate any help tips or useful info I can get.
Thanks
Kj

A:Malware Protection Shutting Off????

Try & run an online scan & check if the system is infected or not. And if it is not infected you can try to uninstall & then re-install Mcafee.

2 more replies
Answer Match 44.52%

Get the latest definitions - Microsoft Malware Protection Center
Hopefully this site hasnt been hijacked, but as of friday evening, i have not found one update to this MS program.
Definition Change Log is the same one that i downloaded on Friday the 25th of Sept. i.e., Ver. 1.67.62.0
Would anyone know if the site is down, or has MY listing for this site been hijacked...
thanks for any info.
jakeers

A:MS Malware Protection Center

Hi

the site is up and the virus defs are the ones from the 25th. my mse defs are 167.130.0 and were updated on the 27th

ken

6 more replies
Answer Match 44.52%

....But Kapersky TDSSKiller says I am NOT infected. There is a Privacy Protection Icon on my desktop for pete's sake!!!I have an ASUS Notebook running Windows 7 and the pop up warnings started an hour ago. I clicked on a window to see if this was a windows warning since I have Avast as my Anti-virus program and and I immediately ran a quick scan in Avast and nothing was detected. I then googled Privacy Protection and came here.I have follow all the TDSSKiller instructions twice and nothing. One thing that raised suspision for me was the "run" warning. The name field said: C:\Users\Aric\Desktop\pookie.com\exe .....and the from field said:C:\Users\Aric\Desktop\pookie.com\exe Also the download window did not look the same, it was green and did not have the version numbers on the very top. Please, what do you suggest I do now? I want to hurry and do something before it disables my computer completely.My feeling now is to download the TDSSKiller from a non infected computer to a flash drive an see if it performs differently.Will that work? Why would the TDSSKiller not detect the malware?Gratefully,texasharperEdit: Moved topic from Virus, Trojan, Spyware, and Malware Removal Logs to the more appropriate forum, due to the absence of malware logs. ~ AnimalEdit: Moved topic from Am I infected? What do I do? to the more appropriate forum, with the addition of DDS Log. ~ Animal

A:I KNOW I have Privacy Protection malware

Please take a look here: Remove Privacy Protection (Uninstall Guide)

9 more replies
Answer Match 44.52%

My Trend Micro Security Suite has been excellent, but will expire.

Instead of commercial software protection programs, is free software protection sufficient to protect my computer. If so, what do you recommend?

Thank you.
 

A:free malware protection

11 more replies
Answer Match 44.52%

Hi all,
Requested Files attached

Original post below:
My PC is is/was infected by "Best Malware Protection". I've run Malwarebytes Anti malware and Combofix which seems to gotten rid of the annoying pop-ups - and to all intents and purposes has fixed the problem. I manually removed via HiJackthis's delete on reboot feature the hosts file that was permanently locked.

However when I now run Combofix it still tells me that a real time scanner is active - and tells me it is called Best Malware protection - asks me to disable this before continuing.

I cant seem to disable and am hoping someone can explain what i need to do to remove/disable. Besides this, computer seems to be running fine again.

Thanks everyone,
Mark

A:Best Malware Protection removal

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
Do not d... Read more

2 more replies
Answer Match 44.52%

Hello guyz,

Today accidentally installed Internet protection programm which is starting with windows and poping up each 2 mins with warning about viruses, key loggers and so on. So i searched about fix to this and i found ur homepage, i did everything as written and after rebooting my pc nothing has changed, so im actually thinking about reinstalling windows.
What i did was:

Went in to safe mode + networking.
Downloaded and run Rkill (wich kinda worked after the process got txt file)
downloaded Malware-antibytes and ofc run it too ( found me some 5 infected files which i deleted but as i already mentioned above didnt change anything.) Did it even for several times and still nothing.

More replies
Answer Match 44.52%

04-18-11 I have removed "Internet Protection" from a couple of computers in our school district but am encountering difficulty with a Toshiba laptop. For the others I have used "rkill" and Malwarebytes and was successful. Wonder if there is anything in particular I should be looking for and, if so, how to resolve. I have been unable to find any of the files or registry entries mentioned on the Bleeping Computer website.

A:Malware--Internet Protection

04-18-11 I have today encountered two (2) rogue antimalware names I have not seen before--"Malware Protection" and "Best Malware Protection". I found nothing on the internet about these two (2).EDIT: Merged topics ~ Hamluis.

2 more replies
Answer Match 44.52%

I recently learned that the two programs, I thought were virus/malware protectors, were actually only virus/malware removers.

Can anyone recommend me two virus/malware protection software.
- Hopefully the two programs don't interfere with eachother.
- They are good protectors.
- They are free.

So, can anyone recommend two programs with the above preferences?
 

A:Virus/Malware Protection

9 more replies
Answer Match 44.52%

.
DDS (Ver_11-03-05.01) - NTFSx86 NETWORK
Run by Kober at 15:17:25.66 on Sun 04/03/2011
Internet Explorer: 8.0.6001.19019
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3518.2917 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Pro... Read more

A:Antivirus Protection Malware

Hello tkober , Welcome to Bleeping Computer.
My name is fireman4it and I will be helping you with your Malware problem.

Please take note of some guidelines for this fix:
Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
Finally, please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.1.We need to disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make. Open Windows Defender. Click on Tools, General Settings. Scroll down and uncheck Turn on real-time protection (recommended). After you uncheck this, click on the Save button and close Windows Defender.After all of the fixes are complete it is very important that you enable Real-time Protection again.2.Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be ... Read more

17 more replies
Answer Match 44.52%

Currently.. All i am running is The Windows Def. The windows firewall(one that came with computer) and AVG Free version. But someone said something about spyware? Malware protection? And btw... i DO-NOT trust Malwarebytes Anti-Malware anymore. My dads friend had the free version on his computer and when he came over, (my wireless internet has super duper scanners built in)(my dad's business servers r at our basement) so it scanned my dads friends laptop, and their was like some sort of worm/trojan -like thing inside of malwarebytes anti-malware! So i just dont trust it! But all i got is -->

AVG Free, Windows Def, and normal Windows firewall. Any advice for Malware protetion/spyware stuff? OR is anti-spyware built-into AVG?

A:Malware PRotection/Spyware?

I suggest, & recommend you investigate SuperAntiSpyware. [ Their support is excellent too.]

SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!


SUPERAntiSpyware.com &bull; Index page

17 more replies
Answer Match 44.52%

So, my kid comes to me and says, "Dad, help. I was online and suddenly popups started appearing saying the computer is infected with two viruses, and it's running a scan." Lickety-split I'm in the office and sure enough "Malware Protection" is on the screen apparently running a scan. The problem is, I never loaded it onto my computer. That's for another day though...

The result is that I get continually rotating notification balloons in the bottom right hand corner of the screen that tell me, "File (such and such)
is infected by W2/Blaster.worm. Please activate Malware Protection to protect your computer." Being careful not to start any executable files or enter any personal information, I moved forward to see what activating it entailed. And of course it wants my personal information.

I cannot turn it off. I cannot uninstall it. It won't allow me to open the Task Manager. And here comes the worst part: it won't let me connect to the internet through either FireFox or Internet Explorer. So I'm sending this from a different computer.

Additionally, there is a larger popup saying, "FIREWALL WARNING. Hidden file transfer to remote host has been detected." It then recommends you block the transfer and asks you to choose to Block or Allow. Allow simply closes the popup for a little while. Block brings you again to a screen that asks you to activate the program.

Essentially, I can't use my computer at all for ... Read more

A:"Malware Protection" Virus

Had same problem as well. Was able to halt it by disconnecting from the internet and starting task manager immediately after logging into the computer, working quickly to stop processes related to it. Cannot recall name of process exactly, but I believe it started with a "u" and "*32" was at the end. There were several of the particular process. Doing this allowed me to run previously inaccessible programs, including system restore. Seems to be gone now.

10 more replies
Answer Match 44.52%

Windows Security Center told me my Malware protection is off. I never turned it off. It told me to open it via Kaspersky, I did. I also noticed I should update kaspersky as well, so I did. When I tried to run kaspersky via Windows Security, kaspersky poped up on the lower left of the tool bar and said I need to update my license. I DON'T. Not for another 99 days to be exact.

Anyways, after I updated Kaspersky the maleware was fine. Then kaspersky told me to shut down my computer for it to properly work. I DID. I TURNED IT BACK ON, kaspersky was no longer on my lower left tool bar and my windows security center said the Malware protection WAS STILL DOWN. I manually pulled up Kaspersky and you can't see anything. I'ts all white. This computer is my life. I need this to pass school. Windows defender is currently trying to protect my computer. Please note. I also uninstalled limewire off my computer already.

A:please help. Malware protection not working

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

1 more replies
Answer Match 44.52%

Bogus Software "Malware Protection" takes over my pc. I'm getting search engine redirects, internet is disconnecting and soon after "malware Protection" starts scanning. When I run Malware software it seems to be gone but returns eventually.

.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_20
Run by Compaq_Administrator at 21:08:42 on 2011-06-13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.1405 [GMT -7:00]
.
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Java\Java Update\jusc... Read more

A:Virus "Malware Protection"

did not allow me to attach this file so i copied and pasted. ark

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-13 22:44:37
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e WDC_WD2500JS-60NCB1 rev.10.02E02
Running: gmer.exe; Driver: C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\kwlyapod.sys
---- System - GMER 1.0.15 ----

SSDT BA757E96 ZwCreateKey
SSDT BA757E8C ZwCreateThread
SSDT BA757E9B ZwDeleteKey
SSDT BA757EA5 ZwDeleteValueKey
SSDT BA757EAA ZwLoadKey
SSDT BA757E78 ZwOpenProcess
SSDT BA757E7D ZwOpenThread
SSDT BA757EB4 ... Read more

18 more replies
Answer Match 44.52%

Hi,

I just put together a new machine with Vista and things actually went very well compared to other machines I have built myself. A couple of things related to security I'm not totally clear on -

When you go to the control panel-security settings, it advises you that the missing piece of Vista security is the virus checker. I did a small amount of research and although I hate to throw even more money at MS, I decided to go with MS Live OneCare (free trial).

Live Onecare was a little confusing to me at first...it seemed to duplicate a lot of things that Vista takes care of, I suppose this makes it look better than it's competitors. From what I understand it overrides the scheduling of the Vista based maintenance items like defrag, update etc.

At the point that I loaded the OS + Office, my compter was blazingly fast, much faster than my work computer which is a 3.0 Gig Pentium 4 (mine is 2.4Gz Core Duo). However, since then almost any operation brings up the "hourglass" for 1-3 secs. I think the only difference is Live OneCare but I need to disable or uninstall it to be sure. Is this just the price you pay for virus protection? I assume work computers are largely protected at the firewall so they will always be faster for a given machine?

Also, another Vista "expert" recommends running Spybot for malware detection. From what little I know however, Spybot is not enough by itself because it is not continuously looking for malware. It is someth... Read more

A:Vista malware protection

If I were you I'd ditch the OneCare and get Antivir for virus protection (for free) or buy Kaspersky AV. Both are highly rated and reccommended by many on this forum. For spyware protection it's reccommended to run more than one program because no single spyware app can catch all the stuff out there. I use Windows Defender and also run SuperAntiSpyware weekly.
 

2 more replies
Answer Match 44.52%

Okay so about 5 days ago I figured out that I had a Privacy Protection virus. I immediately went to my iphone and looked for help, since I could not connect to the internet via my computer. I found this guide from this website http://www.bleepingcomputer.com/virus-removal/remove-privacy-protection and followed its stepsbut I am still unable to connect to the internet so that I can update Malwarebites so that it can completely get rid of the virus. So what I need is help restoring my ability to connect to the internet so that I can update maleware bites, any help greatly appreciated.

A:Privacy Protection Malware HELP PLEASE

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform quick scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here.Be sure to restart th... Read more

7 more replies
Answer Match 44.52%

Hi, I posted earlier, awaited GMER then lost my entire post!

In short now:
PC infected with Best Malware Protection & other threats, Adware.MySearch.....and other hijack stuff. Found by running Malwarebytes, found 800+ threats.

Initially ran Malwarebytes and CCleaner and Spybot S&D. Before running these nothing security related could be accessed.

Ran Viruclean and Malwarebytes today, nothing found as of lsat scan.

Problem now, Windows Security Centre shows as Best Malware Protection runing as Firewall and Antivirus even though I have turned them off supposedly.

This runs at start up. Have tried lots of things as well as basic registry editing/removal from advice found on internet, if you need more info pls ask, I did write a v. detailed post and then tried to upload multiple files and it lost it all!

This infected PC is not connected to internet nor does it have any antivirus installed at the moment. Only installed is Malwarebytes and Spybot S&D. I have installed and run all progs for your logs by transferring from my laptop to the infected PC (my friend's PC) via USB.

My friend's PC is the one infected: she used to have AVG 8....., Spyware Blaster, CCleaner, Spybot S&S installed, don't think she ever updated anything, hence, the problem!

Thanks for help in advance. GMER and DDS logs follow.

DDS.txt log:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by sue casey at 21:09:21.60 on 02/04/2011
Internet Explorer: 8.0.6001.1870... Read more

A:best malware protection virus & others!

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your ... Read more

34 more replies
Answer Match 44.52%

For Anti-Virus I use AVG 8.0

Should I download Avira AntiVir And remove AVG 8.0?

How about for Spyware & Malware?
- I use MalwareBytes

A:Virus/malware Protection?

Hi tia08,Your Anti-virus is fine. It depends your own prefrence. I like AVG 8.0 because it scans for everything and then lets you remove it or not. Avira stops when it finds an infection and lets you deal with it before proceeding. Avira's scan is alot faster than AVG's. For me I still like AVG better. Note: Please do NOT Install more than one Anti-virus programs.How about for Spyware & Malware?- I use MalwareBytesMalwarebytes is a on-demand scanner which is good but it doesn't provide you with real-time protection. I suggust you install Spybot with teatimer or maybe Spywaretermaniator.In addition I recommend Superantispyware along with Spywareblaster.Hope that helps

21 more replies
Answer Match 44.52%

I have a post here: http://www.bleepingcomputer.com/forums/t/311540/how-do-you-bill-charge-for-malware-removal-and-computer-updates/ that discusses the aspects of how you would bill a customer when you have done a malware removal and complete update / protection of system that takes many hours to complete.One of the things I note in that post is there would likely be comments on what you would do to speed up the process or how you would go about doing it to keep the total hours down to a minimum.What I would like to discuss here is how and what do you do to keep the total number of hours down when you are doing a complete malware cleaning of a unit with your average to tough malware as well as when you are having to completely update the OS (service packs), install anti-malware tools, update programs, and etc to make the system as defensive as you can for your customer.Let me give some examples from the other post and then please give feedback on how you handle these situations.Let's say I have a client with a personal computer. They have 80GB of actual data all on the same drive as the OS, they have very little protection in place, their OS is multiple service packs behind, and they have multiple unknown pieces of malware on the system.So let's say you go through the normal process of running the 2 to x number of tools you normally would run to clear of malware. You also go through your own personal investigation to catch things not found by the anti-malware tools. You then ... Read more

More replies
Answer Match 44.52%

My computer started running slower then usual when I started having trouble with my internet connection. I have a wireless USB adapter in order to get internet on my desktop computer. I had one called D-Link which I thought was malfunctioning so I uninstalled it and tried reinstalling it. I was having errors getting it to work in which I decided to install my other USB wireless adapter 2wire. The internet started to work but would still cut off and not be able to re-engage unless i restarted my computer.

The other issue I am having is that a program by the name of malware protection installed itself onto my comp and I can't get rid of it. When looking into where it is located it is under the name of defender.exe. Also I can't use system restore at all, even in safe mode.

And When i was surfing the web there would be times when i would click on a link and be redirected to an entirely different thing. Also when I start my computer an error message pops up saying AirGCFG.exe-Entry Point Not Found (The procedure entry point apsSearchInterface could not be located in the dynamic link library wlanapi.dll.)

I will include a copy of a HJT Log. I had to save the HTJ install file to a flash drive and transfer it to my desktop in which the only way i could install it was in safe mode. And the only way i was able to run the program was also in safe mode.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:52:13 PM, on 4/30/2011
Platform: Windows XP SP3 (WinNT 5.01.2... Read more

A:Malware Protection (Defender.exe?)

6 more replies
Answer Match 44.52%

Hello,

I have an HP Laptop that was recently infected with some malware. A friend helped me out and installed a few items, which seemed to be a temporary fix, because a few days later I kept getting this Privacy Protection window that looked like it was scanning. It also prevented me from opening any programs, and would show a small bubble stating that the .exe file could not be opened.

Thank you in advance for any, and all, of your help.

Thanks again.

Logs:


.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24
Run by Priya Rastogi at 21:59:09 on 2011-11-24
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3895.3191 [GMT -5:00]
.
AV: Symantec Endpoint Protection *Enabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Outdated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalS... Read more

A:Privacy Protection Malware???

Welcome to TSF

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

A guide and tutorial on using ComboFix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
See this link for instructions on how to do this:
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Please include the C:\ComboFix.txt in your next reply for further review.

16 more replies
Answer Match 44.52%

My Windows security centre shows- under the heading -'Malware Protection'
That windows did not find antivirus software on this computer.
Under this in separate box is the following- Spyware and other malware protection
Windows defender and Mcafee virus scan both report that they are turned on.
Can anybody advise me - my Mcaffe shows that i am protected.

My system is windows Vista Basic.
 

A:Solved: malware protection

Problem solved.-- Uninstalled Mcafee license due to expire anyway.
Installed Avira premium 3mths free promo. Windows security centre now shows all sections protected. I can only assume that Mcafee was effecting it some how.
Thanks for all readers.
 

1 more replies
Answer Match 44.52%

I am new at the computer scene and I want to make sure I have the best security possible for free, Of course. I could use any and all pointers on what to have installed and also can someone please tell me what is the best fast & safe browser to use? I have asked several people and received several answers. Heeeeeelllppp...

A:Regarding Best antivirus & malware protection

You ask a common question for which you will receive varying opinions and recommendations.Choosing a security toolkit with anti-virus, firewall and anti-malware programs is a matter of personal preference, your needs, your technical ability and experience, features offered, user friendliness, ease of updating (and upgrading to new program release), ease of installation/removal, available technical support from the vendor and price. Other factors to consider include detection rates and methods, scanning engine effectiveness, how often virus definitions are updated, the amount of resources the program utilizes, how it may affect system performance and what will work best for your system. A particular anti-virus that works well for one person may not work as well for another. You may need to experiment and find the one most suitable for your use and your system. There is no universal "one size fits all" solution that works for everyone.For more specific information to consider, please read:Choosing an Anti-Virus ProgramSupplementing your Anti-Virus Program with Anti-Malware ToolsChoosing a FirewallSame goes for browsers... you will receive varying opinions and recommendations. I prefer to use Firefox.

3 more replies
Answer Match 44.52%

Hi.

THis is my issue and hope someone can HELP.

My husband was using the internet when the Best Malware Protection Software downloaded itself on to the home computer...

I am 3 1/2 hours away and he has no computer experience outside of researching car sites. We tried for several hours to attempt to get this soft ware off but it won't go away! Can anyone please help!

A:Best Malware Protection Software HELP!!!!!!!

Hello and welcome to TSF.

Please ask him to register and then follow the steps outlined below, communicating directly with us. The instructions are very clear and he should not have any problem following them:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If there is trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

1 more replies
Answer Match 44.52%

This is in reference to Grinnlers Here is a list of Virus/Malware related links, software, and resources to help with the removal of Spyware.Use an AntiVirus SoftwareIt is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.See this link for a listing of some online & their stand-alone antivirus programs:Virus, Spyware, and Malware Protection and Removal ResourcesI have been sifting through a number of BSOD for some time trying to locate the problem which seems to be mildly under control, at least for the moment.During this time I have changed a few things in msconfig and would like to get it back to the normal start up mode, but thats another story.For now my question is in Security, since I have removed and disabled one or more, AV/SW programs.In Security Center my Virus protection is not found. Automatic Updates is On, Firewall is On.Presently I have installed ;SpyBot S&DBit DefenderMcAfee StingerSuperAnti SpywareIn order to have my guard up one or more of these should be running correct ?Since these are no longer listed in msconfig, how do I get one of these running, Which would you advise to be running ?I uninstalled AVG and AdAware

A:Virus/malware Protection

Have you tried reinstalling any of those programs?

I'm not sure which of those are the best to use. Is Mcafee Stinger's full name Mcafee Avert Stinger? I did a quick google search, which revealed that Stinger is not a replacement for full anti-virus protection. If memory serves correctly, none of those other programs are primarily anti-viruses either, though they can detect viruses.

Personally, I use AVG Free Home Edition, Spybot, SpywareBlaster, and maybe a firewall on XP. Ad-Aware is also an excellent program to use.

8 more replies
Answer Match 44.52%

i got this malware that tells me that i need to protect my computer from virus and what not (its a virus itself). i have tried MBAM but it crashes when i click ok right after a scan is done. the malware locked me out of the taskmanager but i have worked around that by changing the reg key for that. i am going to post my dds and hijackthis logs first then hopefully the gmer log. it seems that my comp resets itself once in a while since i got this.DDS (Ver_10-03-17.01) - NTFSx86 Run by Taylor at 22:49:55.29 on Wed 06/02/2010Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_15Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.802 [GMT -6:00]AV: Protection Center *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}============== Running Processes ===============E:\WINDOWS\system32\nvsvc32.exee:\windows\system32\svchost -k dcomlaunchsvchost.exee:\windows\system32\svchost.exe -k netsvcse:\windows\system32\svchost.exe -k wudfservicegroupsvchost.exesvchost.exeE:\WINDOWS\system32\spoolsv.exeE:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeE:\WINDOWS\Explorer.EXEE:\DOCUME~1\Taylor\LOCALS~1\Temp\mscdexnt.exeE:\Program Files\Razer\Tarantula\razerhid.exeE:\Program Files\NavNT\vptray.exeE:\DOCUME~1\Taylor\LOCALS~1\Temp\wscsvc32.exeE:\... Read more

A:Protection Center malware

here is my gmer scan so far. I sat and waited for the comp to force reboot and a window poped up and said my system has been damaged and needs to restart this action was started by (computer name)/ (user name). you have 30 seconds to save progress.GMER 1.0.15.15281 - http://www.gmer.netRootkit scan 2010-06-03 00:20:57Windows 5.1.2600 Service Pack 3Running: gmer.exe; Driver: E:\DOCUME~1\Taylor\LOCALS~1\Temp\uftdipod.sys---- System - GMER 1.0.15 ----Code 89FC7238 ZwEnumerateKeyCode 8A111A90 ZwFlushInstructionCacheCode 89FC726E IofCallDriverCode 8A02428E IofCompleteRequest---- Kernel code sections - GMER 1.0.15 ----.text ntoskrnl.exe!IofCallDriver ... Read more

4 more replies
Answer Match 44.52%

I have the latest Norton Antivirus Protection. In reading some posts, i have read that sometimes a malware virus may infect even if one has protection. Is there a product that effectively does both?

A:Malware & Security Protection

No security software is foolproof.

4 more replies
Answer Match 44.52%

Hi, at the moment I have AVG Internet Security and from my experiences, it seems good for removing simple viruses but after that isnt very useful. What would you say would be the best all round Malware protection software?(I dont mind paying.)
Thanks.

PS - Im in need of a good firewall too :^)

A:I Need Advice On Malware Protection

Choosing a security toolkit with anti-virus, firewall and anti-malware programs is a matter of personal preference, your technical ability and experience, features offered, the amount of resources utilized, how it may affect system performance and what will work best for your system. Other factors to consider include effectiveness, user friendliness, ease of updating, ease of installation and removal. A particular combination that works well for one person may not work as well for another. There is no universal "one size fits all" solution that works for everyone. You may need to experiment and find what is most suitable for your needs. Another factor to consider is whether you want to use paid for products or free alternatives. For more specific information to consider, please read Choosing Your Anti-virus Software.Anti-virus software Comparisons & ReviewsIndependent comparatives of Anti-virus Software <- click on the "Comparatives" link on the leftNerdModo's Top 10 Antivirus SoftwareBest Antivirus Software - Editor's ChoiceTopTen Review: AntiVirus Software Product Comparisonsgizmo's Best Free Antivirus SoftwareAntiVirus Software Comparative Malware Removal TestsThese types of comparative testing results will vary depending on who is doing the testing, what they are testing for, what versions of anti-virus software is being tested, etc. There are no universally predefined set of standards/criteria for testing and each test will yield different resu... Read more

1 more replies
Answer Match 44.52%

Hi all,

My PC is is/was infected by "Best Malware Protection". I've run Malwarebytes Anti malware and Combofix which seems to gotten rid of the annoying pop-ups - and to all intents and purposes has fixed the problem. I manually removed via HiJackthis's delete on reboot feature the hosts file that was permanently locked.

However when I now run Combofix it still tells me that a real time scanner is active - and tells me it is called Best Malware protection - asks me to disable this before continuing.

I cant seem to disable and am hoping someone can explain what i need to do to remove/disable. Besides this, computer seems to be running fine again.

Thanks everyone,
Mark

A:Infected by Best Malware protection

Sorry - neglected to say am running XP Service Pack 3
Mark

4 more replies
Answer Match 44.52%

Should i use AVG or Avast! i use AVG at the moment but i heard avast is pretty good

A:Virus/Malware Protection?

It's always a balance between performance, protection level, and compatibility.

The last one is really key as I have seen systems that will flat crash using one antivirus but work fine with another that has essentially all the same features.
At the end of the day I've finally just left it to personal preference.
MSE remains the lowest resource hog, but it's still behind some of the big names in detection.

If you keep windows completely up to date a lot of exploits will be patched which also helps security against viral and script attacks.

3 more replies
Answer Match 44.52%

This program continuously pops-up warnings about infections and trojans, wants me to download its software to "correct" (I haven't). Below is the DDL log, attached is the ark.txt log.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by pasquale piscitelle at 15:56:59.82 on Sun 05/01/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.992.690 [GMT -4:00]
.
AV: Best Malware Protection *Enabled/Updated* {ABF9A7D4-391C-4281-A67C-B29DAB3938B5}
FW: Best Malware Protection *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\iPod\bin\iPodService.exe
C:\Docume... Read more

A:Best Malware Protection loaded itself

Please ignore this request for now, a local computer shop may be able to help. If I need assiatance, I will re-post. Thanks

2 more replies
Answer Match 44.1%

I recently installed a new virus protection program(Norton Internet Security Online) and have been having problems eversince. I now get a message that my computer has had a serious error and wants me to send a message to Microsoft, also it shuts down and reboots seemingly at random. I tried to run a scan using the new virus program but the computer shuts down and reboots after it scans a particular number of files, then I tried running Windows Malware Removal Tool that also makes it shutdown and reboot. I'm including the files in the error report, the error signature, and a logscan from Hijack this. Hopefully you can give me some help.

THANKS
haneline
files included in error report
C:\DOCUME~1\Larry\LOCALS~1\Temp\WERe270.dir00\Mini012810-16.dmp
C:\DOCUME~1\lARRY\LOCALS~1\Temp\WERe270.dir00\sysdata.xml
error signature
BCCode: 9c BCP1 : 00000002 BCP2 : 8054E0F0 BC3 : F6002000
BCP4 : 0000017A OSVer : 5_1_2600 SP : 3_0 Product :256_1
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 2:50:13 PM, on 1/28/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\Progra... Read more

More replies
Answer Match 44.1%

Had McAfee antivirus installed but some how it got through. It will not let me on the internet and I can only load programs through the USB. It blocks .exe programs and any internet access.

.
DDS (Ver_11-03-05.01) - NTFSx86 NETWORK
Run by Danica at 11:58:43.50 on 26/03/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2003.1724 [GMT -4:00]
.
AV: McAfee VirusScan Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\taskmgr.exe
K:\Utilities\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.facebook.com/
uInternet Connection Wizard,ShellNext = hxxp://www.emsb.qc.ca/
uInternet Settings,ProxyOverride = 10.*;*.local
uURLSearchHooks: H - No File
uWinlogon: Shell=explorer.exe,c:\documents and settings\danica\application data\microsoft\windows\shell.exe
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHel... Read more

A:XP Total Protection Trogen Malware

Hiare you able to connect in safemode?To Enter Safemode Go to Start> Shut off your Computer> RestartAs the computer starts to boot-up, Tap the F8 KEY repeatedly,this will bring up a menu.Use the Up and Down Arrow Keys to scroll up to Safemode with networking Then press the Enter Key on your Keyboard go into your usual accountIf not > transfer a renamed combofix over via USBPlease do the following:Download Combofix from either of the links below. You must rename it to iexplore before saving it. Save it to your desktop. Change the save as file type to "all files"**Note: In the event you already have Combofix, delete it, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**If you are using Firefox, make sure that your download settings are as follows:
Tools->Options->Main tabSet to "Always ask me where to Save the files". Link 1 Link 2-----------------------------------------------------------Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

--------------------... Read more

6 more replies
Answer Match 44.1%

I installed Norton Security Suite 4 on my computer for virus protection because, nothing else would install properly.

But after installing it, I got two BSODs:

1. BHDr86.sys
2 0x00000A

I looked at the system requirements of Norton Security Suite 4 and, my system meets every requirement.

PIII-933
OS: XP Pro
RAM: 1GB
RAID-0(striped array)

I would appreciate some ideas.

PS. I already tried the free versions of AVG n' AVAST. Neither one would install.

A:Protection from viruses, spyware n' malware?

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

1 more replies
Answer Match 44.1%

Hi there, yesterday my pc caught a bug, possibly several. It appears to be infected with x2 pieces of spyware, namely Security Sphere 2012 and AV Protection online. I have followed your very comprehensive instructions in how to remove but no matter what i do, these infections will not allow me to run any anti virus software from either malwarebytes, spybot, kapersky or avg. I have tried using tdss root killer and although it identifies x2 threats it asks me to reboot and when i do, we return to the normal fake security scan screens exactly as detailed in your forum as well as google redirects and slow running. The only small success i have had is using your rkill exe which stops the flashing screens and enables me to use the internet. I do hope you can help, i hate troubling you and can normally sort these things our myself with your instructions. Please find attached the requested .txt logs, the GMER exe will not run for me, it terminates as soon as i open it! Thanks in advance, Richard.

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Richard Deane at 14:26:55 on 2011-10-23
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3292.2656 [GMT 1:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\747063... Read more

A:infected with Av Protection Online malware

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

3 more replies
Answer Match 44.1%

I have apparently received a virus that has downloaded a program onto my computer that keeps popping up that I have malicious programs on my computer and wants me to download malware protection software. I have run my McAfee and it was unable to detect the virus. I have attempted to connect to the internet, but it will not allow me to open IE and it has changed my background. It will also not allow me to run safe mode, open task manager or to do a system restore. Since I cannot get on the internet, I have not been able to download the required software or post the required logs.

Any assistance will be greatly appreciated!!

A:Malware protection virus download

Attempted to run dds from a disk and a pop-up came up saying "file dds/scr is infected by w32/blaster.worm please activate Malware Protection to protect your computer". there is also a pop-up constantly saying "security warning!" "Malicious program has been detected. Click here to protect your computer". I also have boxes popping up: 1 says, "Malware protection has found 58 useless and UNWANTED files on your computer!" and has a button to activate now. 2: Firewall warning with malware detection warning.

1 more replies
Answer Match 44.1%

What if I am using a purchased Malware protection program? (Malwarebytes - Pro - 'lifetime purchase')
Is it advisable, to disable the MSE (Microsoft security essentials)
And what are your thoughts on the 'proficiency' of Malwarebytes? (I have used this for years and they/it has protected me from 'numerous' threats)
Charles F. Ward

More replies
Answer Match 44.1%

My system is infected with "Privacy Protection" malware, and .exe's have become disabled, along with downloading apps in IE in safe mode with networking.

I've been trying to follow the instructions to remove in: http://www.bleepingcomputer.com/virus-removal/remove-privacy-protection

Booted in safe mode w/networking, and am attempting to do step 3 or there
abouts, trying to run TDSSKiller. Unfortunately, all exe files are failing
to be able to run by the fact that they are all now type EXE. I can't even
take the work around to rename TDSSKiller.exe on my desktop to something else
like randomname.com and this still fails to reset the type of the file from
being EXE. Can't make it execute...

At my wit's end!!! help!!!!

A:"Privacy Protection" malware with all exe.s disabled

I'll get this topic moved to the Am I Infected? forum.

In the meantime, re-name the intended download (tdsskiller.exe) before you actually download/save it to your computer. Your browser would need to be configured to always ask what you want to do before downloading (if it is not already configured this way). You can then save as <file renamed to 132.com> to your Desktop.

3 more replies
Answer Match 44.1%

Hello,I have a Dell Dimension 9150, 160GB WD1600JS-75NCB1 Caviar, 3gb RAM and XP Pro, SP3 logged into a Microsoft SBS2003 server domain as Administrator.Somehow I acquired malware called DoomJuice and from what was suggested by repliers to posts made here and on MSDN, I should wipe out my hard drive and reinstall my operating system.Others have suggested that, at the very least, I should get another hard drive, install the operating system on it and carefuly move the needed files from the old infected hard drive to the new hard drive and that is the route that I chose to take.I disconnected my old infected hard drive and installed a one 1TB, WD10EARS hard drive and installed Windows 7 Ultimate on it. I also plan to freshly install all of the other software that I need to do my work.I sometimes disconnect my new hard drive and connect to my old infected drive and bootup so that i can do some of the things that are not ready in the new Windows 7 drive. I never have both drives connected at the same time.What I would like to do is copy the needed files from the old infected hard drive to a Sony CD/DVD rewritable disc and reboot to the new Windows 7 system then copy them in, unless somebody has another suggestion about doing that.When I do that, I want to scan the files being copied so that I am sure I am not putting infected files on the new Windows 7 hard drive.Should I buy a good virus/malware scanner to do that or can I stay with the free versions, MS Security Essentials, S... Read more

A:Buy new or use free versions of malware protection?

Lots of people wonder how they get spyware when they have a product in place to protect them...Just my opinion, but I believe you would have gotten infected whether you were using AVG free or a $40 Norton product. It could have been caused by an ad banner you clicked on, there's no telling how you got infected....You may as well stick with MSSE, that's one that I like. It's kind of a personal preference thing. This might be a good read for you http://www.bleepingcomputer.com/forums/topic407147.html
I would make sure your AV is installed first, so you can scan the storage media with your old files before copying. Any media will do, a DVD or CD is no safer than a flash drive or external...all are valid attack vectors.

2 more replies
Answer Match 44.1%

Hi! I'm going crazy here!! I'm running at least 4 different programs for virus/malware/spyware/etc.. My family has two desktops, A Gateway 560GE, and a custom PC i pieced together for gaming. Also an old Dell Inspiron 1100 laptop, It appears no matter how much i do to keep them running fast, something allways goes wrong. We've had many viruses, worms, etc. I am able to quarantine them, but would like to totaly remove them and even stop them from being installed. Even when all shows clean we still have misc. problems here and there on all 3 computers! I'm running a purchased version of "Advanced System Care Pro", A purchased version of "Malwarebytes anti-malware", A free version of "Avir AntiVir Personal - free Antivirus", and A free version of "Dr.Web Anti-virus First Aid". Also purchase "Driver Detective" and many other freebies have come and gone.. Which ones are worth buying, or using for free in combination or an all in one? I'm more than willing to pay for software, but am now some what gun-shy about what to use.. Thanks!!!

A:Virus/malware/spyware protection

if you already have the full version of MBAM, then use that with the free version of avira you have and you will be good. With MBAMs ip protection, its very hard to get an infection in the first place unless you purposely try to get one.

You can also use Dr. Web if you want as it is very good with rootkits, but i wouldnt worry about that until you actually have one.

3 more replies
Answer Match 44.1%

http://www.zdnet.com/news/malware-writers-using-copy-protection/500345Malware writers are lifting anti-piracy technology embedded in some of the world's most popular software to protect their own work, according to Symantec. The antivirus company said writers of complex malware toolkits can embed measures to prevent users from stealing their work. "They are using the same Digital Rights Management (DRM) technology as major software," said Craig Scroggie, managing director of Symantec Pacific. "They will build their own DRM, steal it from the big names or cobble it together." Most would-be buyers of the toolkits lack the technical understanding to reverse-engineer the DRM measures. The price of a malware toolkit has risen substantially, Scroggie said, from about $15 in 2006 to more than $8000 today. "The premium is because of the success rate," Scroggie said. For more on this story, read Malware toolkits guarded with stolen DRM on ZDNet Australia.

A:Malware writers using copy protection

Have read many an article that not only are the Blackhats targeting the average User, they are targeting each other as well. Almost like turf wars with your PC being the turf.

4 more replies
Answer Match 44.1%

My computer was infected with Personal Protection malware and it could not be completely removed by my anti-malware software, CA California Associates Security Suite. The technician at CA informed me that a root kit was on my machine and advised me to run ComboFix after he noticed some entries in the GMER log with filenames including the characters atapi...for example atapi.sys. He said he could not run the third party software combofix for me, so I followed the instructions and ran it. While running combofix it stated that a root kit was detected and then rebooted my machine and continued the scan. I have attached the resulting log.txt file. I then ran GMER again and did not appear to have the atapi files anymore, but was informed in a pop up window "WARNING!!! GMER has found system modifications caused by ROOTKIT activity. The combofix instructions stated that I should post the logs at one of these forums.I then proceeded to follow the instructions, Preparation Guide For Use Before Using Malware removal Tools and Requesting Help, although I already ran combofix as advised by the CA technician. I would like someone to look at the logs I created after running combofix and let me know what else needs to be done to clean this computer. Thank you very muchDDS (Ver_10-03-17.01) - NTFSx86 Run by The Love's at 14:54:38.20 on Sat 07/03/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Professional 5.1.2600.3.1252.1.... Read more

A:Was? Infected with Personal Protection malware

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you let... Read more

10 more replies
Answer Match 44.1%

Helloi have this rogue antispyware program that got on my computer yesterday and im really struggling to get rid of it. its called spyware protection spyare protection . . Thats the closest thing on the internet i could find to what i have. that one is spyware protection 2009 and apparently there is a spyware protection 2010. my one however is neither it just says spyware protection. it is more or less the same program though. ive looked on the internet for solutions and tried the spyware protection 2010 removal guides but they didnt work. ive downloaded malwarebytes antimalware and installed it and ran it in safe mode but that didnt work however i did not install the updates. i couldnt install the updates becuase they will not install in safe mode with networking and i cant even open malwarebyted malware program in normal mode because the program stops me. i cant open anything in normal mode except internet explorer. Chrome does not work for some reason. ive also tried spyware doctor and some other program and they both didnt work. ive tried downloading rkill.com, rkill.scr, rkill.exe, eXplorer.exe, iExplore.exe programs and none of them work, the program just comes up with a little bubble down the bottom right saying "rkill.com cannot start". "file rkill.com is infected by W32/Blaster.worm". Hijackthis program doesnt work, my sophos anti virus software doesnt work, dds.scr doesnt work, so i cant post the logs from that up!pls someone help me i cant d... Read more

A:Spyware protection malware. really hard to get rid of!!

never mind I system restored the sh1t out of it fo shizzle. problem solved.
man I gotta stop looking up these F&@#ed up porn sites though aye.

2 more replies
Answer Match 44.1%

Hi , i just got infected with malware protection 2008. Please help me get rid of it, following is my DSS logDeckard's System Scanner v20071014.68Run by acer on 2008-06-08 20:38:11Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 2 Restore Point(s) --2: 2008-06-09 00:38:20 UTC - RP5 - Deckard's System Scanner Restore Point1: 2008-06-09 00:08:14 UTC - RP4 - System CheckpointBacked up registry hives.Performed disk cleanup.-- HijackThis (run as acer.exe) ------------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 20:41:18, on 6/8/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\WINDOWS\system32\PnkBstrA.exeC:\WINDOWS\system32\svchost.exeC:\WIND... Read more

A:Infected With Malware Protection 2008

Hello Sukrit01 and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is complete... Read more

7 more replies