Tech Problem Aggregator

Infected w/ Protection System and I can't get rid of it

Q: Infected w/ Protection System and I can't get rid of it

I have a many pop ups that say Security Center Alert Do you want to block suspicious software? Name: Virus.Win32.Hala.a, Net-Worm.Win32.Mytob.t; Protection System Network Security Alert, Network attack rejected!, and continuous pop ups asking me to activate Protection System antivirus software. The pop ups start whenever I turn my computer on. I do not even open a browser. Here is my DSS.txt log
DDS (Ver_09-07-30.01) - NTFSx86
Run by abc at 18:04:05.71 on Thu 08/27/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.225 [GMT -7:00]

AV: Protection System *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\Iexplore.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Protection System\psystem.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\wscsvc32.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\abc\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: MSNToolBandBHO: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\msn toolbar\01.02.5000.1021\en-us\msntb.dll
BHO: c:\windows\system32\tajf83ikdmf.dll: {bf56a325-23f2-42ad-f4e4-00aac39caa53} - c:\windows\system32\tajf83ikdmf.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AOL Toolbar: {4982d40a-c53b-4615-b15b-b5b5e98d167c} - c:\program files\aol toolbar\toolbar.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: MSN: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\msn toolbar\01.02.5000.1021\en-us\msntb.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Protection System] "c:\program files\protection system\psystem.exe" -noscan
mRun: [Samsung Common SM] "c:\windows\samsung\comsmmgr\ssmmgr.exe" /autorun
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0\aoltray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\interv~1.lnk - c:\program files\intervideo\common\bin\WinCinemaMgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: &aol toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - c:\program files\aol toolbar\toolbar.dll
Trusted Zone: aol.com\free
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
DPF: {8ad9c840-044e-11d1-b3e9-00805f499d93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
DPF: {cafeefac-0016-0000-0015-abcdeffedcba} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {cafeefac-ffff-ffff-ffff-abcdeffedcba} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
STS: c:\windows\system32\tajf83ikdmf.dll: {bf56a325-23f2-42ad-f4e4-00aac39caa53} - c:\windows\system32\tajf83ikdmf.dll

============= SERVICES / DRIVERS ===============

R0 xmasbus;xmasbus;c:\windows\system32\drivers\xmasbus.sys [2004-3-26 140800]
R0 xmasscsi;xmasscsi;c:\windows\system32\drivers\xmasscsi.sys [2004-3-26 5248]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-6-17 55656]
S1 avgio;avgio;\??\c:\program files\avira\antivir desktop\avgio.sys --> c:\program files\avira\antivir desktop\avgio.sys [?]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;"c:\program files\avira\antivir desktop\sched.exe" --> c:\program files\avira\antivir desktop\sched.exe [?]
S2 evdoserver;evdoserver;c:\windows\system32\svchost.exe -k netsvcs [2002-9-10 14336]
S3 AntiVirService;Avira AntiVir Guard;"c:\program files\avira\antivir desktop\avguard.exe" --> c:\program files\avira\antivir desktop\avguard.exe [?]
S3 arvroyzi;arvroyzi;c:\windows\system32\drivers\arvroyzi.sys --> c:\windows\system32\drivers\arvroyzi.sys [?]
S3 batqmrjv;batqmrjv;c:\windows\system32\drivers\batqmrjv.sys --> c:\windows\system32\drivers\batqmrjv.sys [?]
S3 bbwlexjz;bbwlexjz;c:\windows\system32\drivers\bbwlexjz.sys --> c:\windows\system32\drivers\bbwlexjz.sys [?]
S3 blcgdvbn;blcgdvbn;c:\windows\system32\drivers\blcgdvbn.sys --> c:\windows\system32\drivers\blcgdvbn.sys [?]
S3 eusnlqko;eusnlqko;c:\windows\system32\drivers\eusnlqko.sys --> c:\windows\system32\drivers\eusnlqko.sys [?]
S3 fqnotkid;fqnotkid;c:\windows\system32\drivers\fqnotkid.sys --> c:\windows\system32\drivers\fqnotkid.sys [?]
S3 grlqcycu;grlqcycu;c:\windows\system32\drivers\grlqcycu.sys --> c:\windows\system32\drivers\grlqcycu.sys [?]
S3 hjiddecu;hjiddecu;c:\windows\system32\drivers\hjiddecu.sys --> c:\windows\system32\drivers\hjiddecu.sys [?]
S3 ieerghnd;ieerghnd;c:\windows\system32\drivers\ieerghnd.sys --> c:\windows\system32\drivers\ieerghnd.sys [?]
S3 iieluola;iieluola;c:\windows\system32\drivers\iieluola.sys --> c:\windows\system32\drivers\iieluola.sys [?]
S3 jyutevoa;jyutevoa;c:\windows\system32\drivers\jyutevoa.sys --> c:\windows\system32\drivers\jyutevoa.sys [?]
S3 kacuhjos;kacuhjos;c:\windows\system32\drivers\kacuhjos.sys --> c:\windows\system32\drivers\kacuhjos.sys [?]
S3 kghxelzl;kghxelzl;c:\windows\system32\drivers\kghxelzl.sys --> c:\windows\system32\drivers\kghxelzl.sys [?]
S3 kunpwdwl;kunpwdwl;c:\windows\system32\drivers\kunpwdwl.sys --> c:\windows\system32\drivers\kunpwdwl.sys [?]
S3 kwapbfwr;kwapbfwr;c:\windows\system32\drivers\kwapbfwr.sys --> c:\windows\system32\drivers\kwapbfwr.sys [?]
S3 mhvmdtna;mhvmdtna;c:\windows\system32\drivers\mhvmdtna.sys --> c:\windows\system32\drivers\mhvmdtna.sys [?]
S3 ndwuwbec;ndwuwbec;c:\windows\system32\drivers\ndwuwbec.sys --> c:\windows\system32\drivers\ndwuwbec.sys [?]
S3 nynqpcse;nynqpcse;c:\windows\system32\drivers\nynqpcse.sys --> c:\windows\system32\drivers\nynqpcse.sys [?]
S3 pflvkpon;pflvkpon;c:\windows\system32\drivers\pflvkpon.sys --> c:\windows\system32\drivers\pflvkpon.sys [?]
S3 rkrgrfid;rkrgrfid;c:\windows\system32\drivers\rkrgrfid.sys --> c:\windows\system32\drivers\rkrgrfid.sys [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 suojpnzx;suojpnzx;c:\windows\system32\drivers\suojpnzx.sys --> c:\windows\system32\drivers\suojpnzx.sys [?]
S3 vjloqktt;vjloqktt;c:\windows\system32\drivers\vjloqktt.sys --> c:\windows\system32\drivers\vjloqktt.sys [?]
S3 vszzejmm;vszzejmm;c:\windows\system32\drivers\vszzejmm.sys --> c:\windows\system32\drivers\vszzejmm.sys [?]
S3 xknjzivx;xknjzivx;c:\windows\system32\drivers\xknjzivx.sys --> c:\windows\system32\drivers\xknjzivx.sys [?]
S3 zlbplwky;zlbplwky;c:\windows\system32\drivers\zlbplwky.sys --> c:\windows\system32\drivers\zlbplwky.sys [?]
S3 zmzsijnt;zmzsijnt;c:\windows\system32\drivers\zmzsijnt.sys --> c:\windows\system32\drivers\zmzsijnt.sys [?]

=============== Created Last 30 ================

2009-08-25 17:24 31,232 a------- c:\windows\system32\wingenocx.dll
2009-08-25 17:23 <DIR> --d----- c:\program files\Protection System
2009-08-24 03:58 <DIR> --d-h--- c:\windows\system32\GroupPolicy
2009-08-24 03:23 120 a------- c:\windows\Wwoqagidim.dat
2009-08-24 02:58 664 a------- c:\windows\system32\d3d9caps.dat
2009-08-23 20:34 723,456 a------- c:\windows\system32\wscsvc32.exe
2009-08-23 20:34 257,536 a------- c:\windows\system32\resdll.dll
2009-08-23 20:24 62,464 a------- c:\windows\system32\OLD13.tmp
2009-08-23 20:23 102,988 a------- c:\windows\system32\drivers\97c9b68f.sys
2009-08-07 08:41 436,224 a------- c:\windows\isvchost.exe

==================== Find3M ====================

2009-08-05 19:11 55,656 a------- c:\windows\system32\drivers\avgntflt.sys
2009-08-03 13:36 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 13:36 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-06-26 09:18 659,456 a------- c:\windows\system32\wininet.dll
2009-06-26 09:18 81,920 -------- c:\windows\system32\ieencode.dll
2009-06-16 07:55 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 07:55 82,432 a------- c:\windows\system32\fontsub.dll
2009-06-08 08:10 155,136 a------- c:\windows\PEV.exe
2009-06-03 12:27 1,290,752 a------- c:\windows\system32\quartz.dll
2007-05-08 21:00 20,408 a------- c:\docume~1\abc\applic~1\GDIPFONTCACHEV1.DAT

============= FINISH: 18:05:14.68 ===============

Thank you for your help. Any guidance would be greatly appreciated.

A: Infected w/ Protection System and I can't get rid of it

Hi, waxeddental Welcome.Please read and follow all these instructions very carefully. Please download Malwarebytes' Anti-Malware from Here.Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.=====================================================================Please download ComboFix from Here or Here to your Desktop.**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**If you are using Firefox, make sure that your download settings are as follows:Tools->Options->Main tabSet to "Always ask me where to Save the files".During the download, rename Combofix to Combo-Fix as follows:

It is important you rename Combofix during the download, but not after.Please do not rename Combofix to other names, but only to the one indicated.Close any open browsers.Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------Close any open browsers. WARNING: Combofix will disconnect your machine from the Internet as soon as it startsPlease do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.If there is no internet connection after running Combofix, then restart your computer to restore back your connection.-----------------------------------------------------------Double click on combo-Fix.exe & follow the prompts.When finished, it will produce a report for you. Please post the "C:\Combo-Fix.txt" .**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.Please do not install any new programs or update anything unless told to do so while we are fixing your problem.

20 more replies
Answer Match 60.06%

Hello-
I am trying to fix a friends' laptop that appears to have been infected with Protection System malware. PC Info: Dell Vostro 1500, Windows XP Home, SP2.

At the moment, I cannot seem to get the laptop to access the internet, whether itís because of the virus or because it is not set up to access my cable modem. I have left it disconnected from our network to avoid any cross infections with my good pc. Can I download programs to a USB stick using the good pc, and transfer them to the sick pcís desktop- if you donít see a problem with this method, then Iíd prefer to continue using it.

When I try to install Malware Bytes from the .exe on the desktop, the install procedure seems to begin, then disappears completely from view, and doesnít even appear in Task Manager.

HijackThis seems to install ok from the desktop, but when I try to run the program, I can see it begin to list programs, but the after less than 2 seconds it, too closes and disappears.

Other issues: Restarting/Shut Down gets stuck and I have to hold down the power button to shut off.

Would greatly appreciate any help you can give.
 

More replies
Answer Match 60.06%

I have been on your site all day trying various ways to remove Protection System. Is there anyone who can help?! It's driving me crazy!!

A:Infected With "Protection System"

Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The... Read more

1 more replies
Answer Match 59.64%

I was surfing the internet and all of a sudden this protection system prompt popped up. I thought it was a legitimate windows prompt and thus clicked on it. It seems to have installed itself into my computer and has shut off my legitimate anti virus software. The Protection System program slows down my computer and it sometimes makes my screen go black and pops up with a prompt asking me to download more anti virus software. Sometimes it gets really bad with the pop ups and it doesn't allow me to do anything. I tried to download malwarebytes in order to solve this problem. I installed it successfully however, the protection system doesn't allow me to run malwarebytes. Same goes for my McAfee AV. Both are installed and neither one is allowed to run. Hope you guys can help with this problem. Thanks

A:Infected with Protection System Malware

We have a self-help area for removing common malware. Please see the tutorial How to remove Protection SystemWhen done, click the Logs tab and copy/paste the contents of the new report in your next reply.Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

3 more replies
Answer Match 59.64%

I am infected with what I believe to be is the Protection System virus/malware. It looks almost identical to Windows Security Center and I get about 3 or 4 different "alerts" from it wanting me to enable protection or install now. It also put a few porn icons on my desktop and will install itself on its own every once in awhile after I delete it. When it installs it tries to delete all my antivirus software. So I tried deleting it and running McAfee last night but neither worked so I ended up doing a system recovery (I think the virus deleted, or blocked, my restore points as well as the partitioned space on my hard drive for restores/recovery but I was able to perform it from the start up screen with F10) but I still have the darn thing on my computer.

It has taken me all day to find out info on this thing because it also blocks any programs or websites that have anything to do with getting rid of it. It even blocks it in safe mode. But finally thanks to a guide I read on this site I was able to run Malwarebytes by changing the name in its program files folder.

I ran a quick scan in safe mode and thought I had gotten rid of it since it found and quarantined 22 items but after the restart it was still there. Then nothing shows up when I run a full scan.

*Edit* I ran a full scan in safe mode and it found 22 items again but the same thing happened, I deleted/quarantined them then the protection system was still there after the restart.

I am getting very sick of... Read more

A:Infected with ~~~Protection System~~~ Windows XP MCE

Update* I ended up wiping my hard drive clean and re-installing Windows. That was a nasty virus and was really stressing me out having that thing on there. Sorry for taking things into my own hands after I requested help on here and thanks to anyone who viewed this thread.

2 more replies
Answer Match 59.64%

My husband's computer is once again infected. We know it's definitely got the fake 'virus' programs Protection System and Antivirus Pro, but there may be more. I have tried using the removal guides for both of the above, however we can't get MalwareBytes to run. After a lot of praying, we were able to run the DDS program, however I've only been able to run the Rootkit Reveal in SafeMode, so I'm not sure if the results will be valid.

Any help will be appreciated if it will keep my husband from throwing his laptop out the window.

Here are the logs:

-----------------------------------

DDS (Ver_09-07-30.01) - NTFSx86
Run by Ray at 20:44:07.39 on Wed 08/19/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.593 [GMT -4:00]

AV: Protection System *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS&#... Read more

A:Infected - Antivirus Pro & Protection System

Hi, lexibelle Welcome.Please download the Win32kDiag.exe tool from any of the following locations and save it to your desktop:http://rootrepeal.psikotick.com/Win32kDiag.exehttp://download.bleepingcomputer.com/rootr.../Win32kDiag.exehttp://ad13.geekstogo.com/Win32kDiag.exeOnce downloaded, double-click on the program and let it finish. When it states Finished! Press any key to exit..., you can press any key on your keyboard to close the program. On your desktop should now be a file called Win32kDiag.txt.. Post its contents in a reply,

8 more replies
Answer Match 59.64%

Hello,

This is the first time I have experienced anything like this. I am lost!!

System:

Microsoft Windows XP -Media Center Edition
Version 2002
Service Pack 3

Dell Inspirion l6400 (supposed to be E1505)
Genuine Intel® CPU
T2300 @ 1.66 GHz (this is all very suspect to me)
1.66 GHz, 504 MB of RAM

Have McAfee AV running, constantly updating. I also allow Windows to download updates and then I choose when to install them.
I was current at the time of this event.
Symptoms:

Started with a click on link on a Myspace page.
Computer "locked up"
Upon hard boot, after displaying Windows Starting Screen, Screen went black
Pop up window: "services.exe - Bad Image" followed by: "The application or DLL C:\WINDOWS\System32\rukohayo.dll is not a valid Windows image. Please check this against your installation diskette."
clicking the "x" in the upper right brings up another; "lsass.exe - Bad Image"

This continues for ~35 windows all with different ".exe" names but the same message.

After clicking through the first 2 I get t the Windows Logon Screen - I close 2 more then I can enter my password
Then after 30+ more my desktop appears.

Attempted:
Run McAfee scan: stopped after short run and will no longer launch
downloaded Hijackthis.exe: ran the Scan and Save Log : appeared to run log file disappears - can no longer run
downloaded Malwarebytes.exe: wouldn't run
Went to Add Rem... Read more

A:I believe my laptop is infected - Protection System?

Install RootRepealClick here - Official Rootrepeal Site, and download RootRepeal.zip. I recommend downloading to your desktop. Fatdcuk at Malwarebytes posted a comprehensive tutorial - Self Help guide can be found here if needed.: Malwarebytes Removal and Self Help Guides.Click RootRepeal.exe to open the scanner. Click the Report tab, now click on Scan. A Window will open asking what to include in the scan. Check the following items: DriversProcessesSSDTStealth ObjectsHidden ServicesClick OKScan your C Drive (Or your current system drive) and click OK. The scan will begin. This my take a moment, so please be patient. When the scan completes, click Save Report. Name the log RootRepeal.txt and save it to your Documents folder - (Default folder). Paste the log into your next reply.Please note: If Rootrepeal fails to run, try this step: Click Settings - Options. Set the Disk Access slider to High

5 more replies
Answer Match 59.64%

Well, I use avast, it detected it and deleted it, but..... I just saw that each time I type google.com in IE, Firefox the there is a message that says

ATTENTION!
Your PC is Infected!
You can loose all your Secure data from bank details to
e-mail or social network password:

Please activate System Protection 2012 to
REMOVE Infection from your PC.

So I thought it was internet explorer, but my firefox was the same, it looks like someone has changed the view of my google.com, but when I type Google, it works fine.

When I open the internet explorer or firefox and see the source of the page it says this.

<table width="100%" height="750" border="0">
<tr>
<td width="100%" align="center" valign="middle">
<div class="main"><div class="main2"><div class="main3">
<div class="top">Items Detected</div>
<div class="header"><img src="images/logo.jpg" class="logo" />ATTENTION!</div>
<div class="fcontent">Your PC is Infected!</div>
<div class="content">
You can loose all your Secure data from bank details to <br />
e-mail or social network password:
<br />
<br />
Please activate <font color="#FF0000">System Protection 2012</font> to<br />
REMOVE Infection from you... Read more

A:Infected with System Protection 2012

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and
Quote:




Having problems with spyware and pop-ups? First Steps




a link at the top of each page.

Please follow our pre-posting process outlined below. Use a USB flash drive to download and transfer the tools to the affected machine, if necessary. You might like to run the Flash_Disinfector.exe on the clean machine and the flash drive first to protect against any possible transfer of infection via USB.


NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

1 more replies
Answer Match 59.64%

my computer was infected by Rogue "System Progressive Protection"
but it was protected by my NOD32 antivirus.
therefore some of it left on my computer eg. it's icon and some file without extension
on my C:\Documents and Settings\All Users\Application Data\(random number)

i am not sure that my computer is slower than before or not!!

i attached hijack this log file along with my post..
please help me to check is my computer still in good condition or not??...
Many thanks in advance
===============================================================================
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:22:37, on 3/11/2555
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Lenovo\Bluetooth Software\... Read more

A:infected with System Progressive Protection

Hi jackoff

I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible.

White Warrior

6 more replies
Answer Match 59.64%

Hi, all. First, thank you for everything you do. I've come to this site a couple of times over the years and everyone has been incredibly helpful. I really appreciate it.

Now I come once again with a malware issue. I thought Spyware Doctor had gotten rid of all of Protection System, but it seems there are still residual traces wreaking havoc. I can hear different programs clicking on & off in the background, but nothing shows up in task manager. Spyware Doctor is finding a new Trojan or spyware about once an hour. Firefox Google Search doesn't seem to work and when I go to Google directly, I'm sometimes redirected to a different site & another Google tab opens up. When I reboot, I get half a dozen of memory errors.

I ran DDS, but GMER just would not run at all. I can download the zip file, but the program itself just won't initiate an install. I have the same issue with MalwareBytes--it seems something is preventing these programs from loading.

If you have any insight as to what is going on, I'd appreciate any sage advice you have to offer. Thank you.

DDS.txt:


DDS (Ver_09-06-26.01) - NTFSx86
Run by Brigid Fitch at 19:22:51.92 on Mon 07/13/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.313 [GMT -4:00]

AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: Protection System *On-access sc... Read more

A:Infected with Protection System malware

hi.

Let run your gmer in a different way. Follow the instructions below;

If you have the gmer.exe now, delete it please.

Redownload GMER from here:
http://www.gmer.net/files.php

Unzip it to the desktop.

---------------------------------
Open Notepad and copy/paste the contents in the code box below, into Notepad.

Code:
@copy /y gmer.exe gamer.exe
@Start gamer.exe -protect
Save this as kyrie.bat Choose to "Save type as - All Files"

It should look like this:

Place the batch next to gmer & double click kyrie.bat to launch it.

--------------------------------------------------------------------------

When the program opens and click on the Rootkit tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for 'Show All'.
Click on Scan.
Once done click on the [Save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop.
Attach that ARK.txt in your next reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Mark

19 more replies
Answer Match 58.8%

Hi. I have been getting help from rigel over in the "Am I Infected?" forum, Topic referenced is here: http://www.bleepingcomputer.com/forums/t/243208/trouble-getting-ride-of-protection-system/ ~ OB but he has suggested I post over here, as they were unable to totally remove it with the tools available to them. The link to the thread is . I have taken no actions not detailed in the thread since it started, and I have been using Safari solely as a browser, since the one time I tried using IE to install Eset, it unleashed its bucketload of porn.DDS log:DDS (Ver_09-06-26.01) - NTFSx86 Run by jnymd at 20:30:36.75 on Wed 07/29/2009Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.479.170 [GMT -8:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}AV: Protection System *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exesvchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\PROGRA~1\COMMON~1\mc... Read more

A:Infected with Protection System and TDSS Variant

Hello Lonegungirl,I need for you to go offline completely and disable ALL your protective programs after you download ComboFix, but before you run it. Sometimes those programs interfere with it, and we don't want that! If McAfee still gives you problems then you may have to temporarily uninstall it. This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.1. Download this file - combofix.exe http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe 2. Double click combofix.exe & follow the prompts.3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.Note:Do not mouseclick combofix's window while it's running. That may cause it to stall.Please do this:1. Download HijackThis? here:http://www.trendsecure.com/portal/en-US/th.../hijackthis.php2. Click 'Do a System Scan and Save log'.The HJT log will open in notepad.Thanks,tea

18 more replies
Answer Match 58.8%

Please help me out. I have a virus. Every time I turn my computer on I get a message saying some error has occurred and giving me the option to "terminate" or "debug". Then I get pop ups advertising/telling me to download "protection system" software and saying my computer is infected. I also get pop up fake security alerts. Also, when I do a google search and try to click on a link it redirects me to fake ad web sites. I ran hijack this and malwarbytes antimalware.. I don't know if this is important or not but at first I couldn't even get malwarebytes to open. I had to go into program files and rename the file to get it to open so I could run the quick scan. UPDATE: I think this thing is really smart.. I was away from my computer for maybe 5 mins. and wasn't around to close the pop ups from the virus and "protection system" downloaded onto my computer and sent me a message saying "are you sure you want to uninstall malwarebytes anti-malware and all of its components?" It's trying to get rid of my anti-malware! Someone please help.. I want this thing gone.Here are my logs:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:59:33 PM, on 9/2/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS ... Read more

A:Please Help-- Computer infected with "protection system" virus

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until ... Read more

2 more replies
Answer Match 58.38%

I went to start my netbook today and both of these issues were loaded onto my computer. I tried malwarebytes and just about every other free anti-malware program out there and it will not let me even run the programs. I ran a dds report, but the computer would not let me run the rootrepeal portion.

DDS (Ver_09-07-30.01) - NTFSx86 NETWORK
Run by Mobile 1 at 16:08:01.50 on Mon 08/31/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.661 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscsvc32.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Documents and Settings\Mobile 1\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.g... Read more

A:computer infected with both protection system and pc antispyware 2010

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 58.38%

Hello,My computer seems to be infected by Windows Police Pro and Protection System. I was able to install Malwarebytes but only by renaming the installer. I am not able to run Malwarebytes', though, even after renaming it. These malware are preventing me from running most programs such as anti-virus software and firefox. Whenever I try to run a program, such as MBAM, a command prompt window pops up for 1 second with the heading "C:\\Windows\System32\desote.exe". I did some searching and found that this is linked to the Windows Police Pro virus.Here is my HijackThis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:10:10 PM, on 9/3/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\system32\brsvc01a.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\brss01a.exeC:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrc... Read more

A:Computer infected by Windows Police Pro and Protection System

Update: Well, since I couldn't run MBAM, I uninstalled it then reinstalled it and used the option to start it when installation was finished. It started up, and I was able to fully scan. MBAM detected a bunch of malware and removed them. I rebooted my computer, as stated by MBAM, which deleted some more malware and now my computer seems back to normal. Here's my MBAM log for you guys to review in case some more steps should be taken.

Malwarebytes' Anti-Malware 1.40
Database version: 2738
Windows 5.1.2600 Service Pack 3

9/3/2009 10:51:56 PM
mbam-log-2009-09-03 (22-51-56).txt

Scan type: Full Scan (C:\|)
Objects scanned: 253363
Time elapsed: 1 hour(s), 31 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 9
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 5
Files Infected: 68

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Program Files\Protection System\coreext.dll (Rogue.ProtectionSystem) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{506n5j14-c3ux-5rr7-l566-0opw4cv875jx} (Generic.Bot.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{76dc0b63-1533-4ba9-8be8-d59eb676fa02} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentV... Read more

3 more replies
Answer Match 57.54%

Hi I have had the Security System Protection Control Panel popup where it prompts me to go download an anti-spyware program come up a few times. Also my computer starts running at 100% randomly and I get random popups. Here is my HijackThis log. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:05:25 PM, on 4/28/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exec:\PROGRA~1\mcafee.com\vso\mcvsrte.exeC:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\svchost.exec:\PROGRA~1\mcafee.com\vso\mcshield.exeC:\Documents and Settings\All Users\Application Data\uhenotij\urubulmh.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\iTunes\iTunesHelper.exeC:\WINDOWS\system... Read more

A:Infected With Security System Protection Control Panel, Among Other Things

this is kaspersky
KASPERSKY ONLINE SCANNER REPORT
Monday, April 28, 2008 8:05:56 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 29/04/2008
Kaspersky Anti-Virus database records: 729653
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target Critical Areas
C:\WINDOWS
C:\DOCUME~1\WEICHE~1\LOCALS~1\Temp\
Scan Statistics
Total number of scanned objects 12558
Number of viruses found 12
Number of infected objects 15
Number of suspicious objects 0
Duration of the scan process 00:14:23

Infected Object Name Virus Name Last Action
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Installer\{cde98ea8-b2f8-45e1-8fb5-ef3f345d6f40}\zip.dll Infected: Trojan-Dropper.Win32.Agent.qfy skipped
C:\WINDOWS\npqtsrak.exe Infected: Trojan.Win32.Vapsup.eet skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\AWTTUUSP.DLL.del Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb... Read more

19 more replies
Answer Match 52.5%

Thanks in advance to the BleepingComputer users for helping me and others with this malware/virus problem: On December 14, 2011, the System Fix Virus & Privacy Protection Virus hijacked and infected my system: WinXP (64-bit). They've caused my default web browser to change frequently (each time I reboot my PC). So I've been having trouble getting rid of all of this malware/viruses from my system, since I use Windows XP x64. The latest version(s) of ComboFix and TDSSKiller don't work on the 64-bit version of Windows XP, but they are compatible with other versions of Windows: 98, XP, VISTA, 2000, 2003, 2008 and Windows 7! The following programs were made for other operating systems, so I need a solution to these 3 problems (listed below)e: ComboFix.exe and TDSSKiller.exe are not compatible with my Windows XP 64-bit system. So how do I get rid of the malware/viruses from this computer without those apps that were made to get rid of the following problems on other Windows OS's?:1. System Fix Virus (reference: http://www.bleepingcomputer.com/forums/topic432547.html)2. Privacy Protection Virus (reference: http://www.bleepingcomputer.com/forums/topic432664.html)3. Google-Redirect Malware (reference: http://www.bleepingcomputer.com/forums/topic416561.html)

A:Infected WinXP 64-bit with "System Fix Virus" & "Privacy Protection Virus" (Malware)

That is coorect they will not.. If you need to remove malware stiil then please go here....Preparation Guide ,do steps 6 - 9.Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.If Gmer won't run,skip it and move on.Include a link back to this topic.Let me know if that went well.

1 more replies
Answer Match 46.62%

I've had the System Integrity Scan Wizard, PC-Antispyware, and Security System Protection Control Panel popups and my backround change to a blue colour. After reading some of the posts here and running Spybot Search and Destroy, Ad-Aware 2007, RegCure and Malwarebytes Anti-Malware it seems as if that problem was solved, but now everytime I put my pc on I get these messages:The first one says "rundll32.exe - Bad Image : The application or DLL C:\WINDOWS\system32\qpfrsnow.dll is not a valid Windows image. Please check this against your installation diskette" and the second one says "RUNDLL -Error loading C:\WINDOWS\system32\qpfrsnow.dll%1 is not a valid Win32 application".The disk that I got when I bought my pc was Windows XP Home Edition SP1. I downloaded SP2 from the internet.I'm attaching all of the logs you need to assist me, because I don't know if and how badly my pc is still infected.I attached 4 log files: 1. DSS Main.txt 2. DSS Extra.txt 3. Kaspersky 4. DSS Main.txt - after the Kaspersky reportThank you for taking the time to look into my problem.DSS MAIN.TXTDeckard's System Scanner v20071014.68Run by Parratjie on 2008-04-17 09:29:31Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------... Read more

A:System Integrity Scan Wizard, Security System Protection Control Panel

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Run Hijackthis again, click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =O4 - HKLM\..\Run: [e43075dd] rundll32.exe "C:\WINDOWS\system32\qpfrsnow.dll",b================Click Start -> Control Panel -> Add Remove Programs and uninstall these programs:J2SE Runtime Environment 5.0 Update 11 Java? 6 Update 2 Java? 6 Update 3 Java? SE Runtime Environment 6 Update 1Reboot and post a new hijackthis log.

37 more replies
Answer Match 46.62%

I've had the System Integrity Scan Wizard, PC-Antispyware, and Security System Protection Control Panel popups. They've been very stubborn but after reading some of the posts here and running Spybot, Adaware, SmitfraudFix, Panda Activescan, Housecall, Stinger Avert, Windows Defender, and SDFix, I am now getting only one popup, which shows up as a blank white rectangle in the center of the screen (and now I can't click "Close" to get it off the screen, since the "Close" option is missing). From the size & shape, I believe it's the Security System Protection Control Panel. Would you please review my HijackThis log? Also, in some of the posts I've noticed recommendations to update Java. Is that needed in my case? Thanks very much for your help.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:55:55 PM, on 3/28/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Sh... Read more

A:System Integrity Scan Wizard, Security System Protection Control Panel

The blank popup appeared to be repopulated with information over time...apparently the spyware refreshed itself. I also learned from Task Manager that all of my popups were from the System Integrity Scan Wizard. After some more searching, I found the name (in my case, yzqrqzkp.exe) and told Norton Firewall to block it from accessing the internet. I used HijackThis to fix it and then deleted it and a namesake (YZQRQZKP.EXE-1253B76A.pf) from Windows\Prefetch (not sure that was necessary but deleted it anyway). My only concern is that from what I read, there should have been another copy in \Local Settings\Application Data, which I didn't find. I updated Java per instructions in another post, also turned System Restore off and on. I think the PC is now clean, but would you review my latest HijackThis log to be sure? Thanks very much.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:05:26 AM, on 3/30/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Syman... Read more

14 more replies
Answer Match 46.62%

I have windows 7 home premuim 64 bit
I went to create restore point on my new dell and after about an 1/2 hour of waiting for SR to open up I got this:

You have no Restore Points. Use System Protection to create restore point.
When I attempt to turn on System Protection, it doesn't show any drives available when it opens -- it just says that it's searching for available drives and it keeps searching and doesn't stop. Eventually, I'll receive the following Error Message:

"There was an unexpected error in the property page: System Restore encounter an error. Please try to run System Restore again (0x81000203)." also all button are greyed out. I wanted take an image to show you but that's not working either. Is there hope?

Thank you.

 

A:Windows 7 Home Premuim System Restore and System Protection not working.

16 more replies
Answer Match 46.62%

My PC is infected with 3 malware popups named Security System Proctection Control Panel, System Integrity Scan Wizard and Security System Warning (the last one telling me I have Abebot). I have tried to get rid of them with Kaspersky Antit-Virus, Adaware, spyware sweeper, and SpybotSD, but they are still running. I didn't run the online scan by Kaspersky because I have the most recent version installed and running on my PC. When I ran a rootkit scan with KAV, it took just over four hours and reported my PC was clean. So for whatever reason Kaspersky is not picking up these three forms of malware. Following all other directions on your preliminary instruction list I used Deckard's System Scanner to make two Hijack This files. They are pasted in below. Please take a look and tell me what I should do to get rid of this malware. Thank you very much for this valuable service you are providing.-- Dark EagleDeckard's System Scanner v20071014.68Run by Perry H. Chesnut on 2008-04-18 23:11:18Computer is in Normal Mode.--------------------------------------------------------------------------------Backed up registry hives.Performed disk cleanup.-- HijackThis (run as Perry H. Chesnut.exe) ------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:47:35 PM, on 4/18/2008Platform: Windows 2000 SP4 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Boot mode: NormalRunning processes:F:\WINNT\System32\smss.exeF:\WIN... Read more

A:Security System Protection Control Panel & System Integrity Scan Wizard Popups

Hello Dark Eagle. to BleepingComputer.comMy name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)Please give me some time to look over your computer's log(s).Please take note of the following:In the meantime, please refrain from making any changes to your computer.Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Finally, please reply using the button in the lower left hand corner of your screen.See you soon,Billy3

2 more replies
Answer Match 46.62%

Hello,

I have recently just successfully cloned my Old primary 1TB Western Digital HDD onto my new 1TB Samsung EVO SSD to increase hard drive performance to give it a quick boot up and to enable Windows and my programs to load a lot quicker and perform better with multi tasking. My laptop is one of the bigger 17inch Acer models which comes with two hard drive bays. So once I had wiped my older WD HDD I then inserted a new 2 TB Seagate hard drive into the second bay to be able to store it for personal and media files, and any other imprtant data, to keep it the SSD as the primary hard drive and just for OS and programs only. My system runs the Windows 8.1 OS and is 64 bit.

However, I wanted to create a restore point and upon doing so, I found that System protection was turned off for all my both my hard drives.

I thought I had managed to somehow enable system protection on my C:/ Dive (including the partioned / drive on the same hard drive) on my SSD, and yet though it shows them enabled, it shows the word missing next to them, and I am assuming this is telling me the previous restores are missing; whether as a result of cloning I don't know. The other weird thing is further up the properties page it also shows the C\ and D:\ Drive but turned off.

So I thought I would try increasing the disk space usage, since it was showing it at 0, and it would allow me to do so and returned the message: 'There was an unexpected error in the property page: The system ca... Read more

More replies
Answer Match 46.62%

Hello,

I have recently just successfully cloned my Old primary 1TB Western Digital HDD onto my new 1TB Samsung EVO SSD to increase hard drive performance to give it a quick boot up and to enable Windows and my programs to load a lot quicker and perform better with multi tasking. My laptop is one of the bigger 17inch Acer models which comes with two hard drive bays. So once I had wiped my older WD HDD I then inserted a new 2 TB Seagate hard drive into the second bay to be able to store it for personal and media files, and any other imprtant data, to keep it the SSD as the primary hard drive and just for OS and programs only. My system runs the Windows 8.1 OS and is 64 bit.

However, I wanted to create a restore point and upon doing so, I found that System protection was turned off for all my both my hard drives.

I thought I had managed to somehow enable system protection on my C:/ Dive (including the partioned / drive on the same hard drive) on my SSD, and yet though it shows them enabled, it shows the word missing next to them, and I am assuming this is telling me the previous restores are missing; whether as a result of cloning I don't know. The other weird thing is further up the properties page it also shows the C\ and D:\ Drive but turned off.

So I thought I would try increasing the disk space usage, since it was showing it at 0, and it would allow me to do so and returned the message: 'There was an unexpected error in the property page: The system cannot fin... Read more

More replies
Answer Match 46.62%

Hello,
 
I have recently successfully cloned my Old primary 1TB Western Digital HDD onto my new 1TB Samsung EVO SSD to increase hard drive performance to give it a quick boot up and to enable Windows and my programs to load a lot quicker and perform better with multi tasking. My laptop is one of the bigger 17inch Acer models which comes with two hard drive bays. So once I had wiped my older WD HDD I then inserted a new 2 TB Seagate hard drive into the second bay to be able to store it for personal and media files, and any other imprtant data, to keep it the SSD as the primary hard drive and just for OS and programs only. My system runs the Windows 8.1 OS and is 64 bit.
 
However, I wanted to create a restore point and upon doing so, I found that System protection was turned off for all my both my hard drives.
 
I thought I had managed to somehow enable system protection on my C:/ Dive (including the partioned :D/ drive on the same hard drive) on my SSD, and yet though it shows them enabled, it shows the word missing next to them, and I am assuming this is telling me the previous restores are missing; whether as a result of cloning I don't know. The other weird thing is further up the properties page it also shows the C\ and D:\ Drive but turned off.
 
So I thought I would try increasing the disk space usage, since it was showing it at 0, and it would allow me to do so and returned the message: 'There was an unexpected error in the property page: The system... Read more

More replies
Answer Match 46.2%

I've tried to open System Protection in System in the Control Panel but it will not work. It gives an error of 0x81000203. I've rebooted and attempted but get the same thing each time.

A:System Protection not working in System Control Panel

Follow instructions on this page error code 0x81000203__ - Microsoft Community

Scroll to the 2nd answer by Meghmala

6 more replies
Answer Match 46.2%

Please help!!! Pics included to explain the situation
Basically after installing some new software for my phone my windows 7 laptop crashed - it flashes a blue screen and restarts on boot up I can get to image 1 page to try a system repair
But then I need to enable system protection.. Image 2
Is there any way I can do this through a command prompt??
Thank you in advance!!!

A:Enable system protection to preform system restore

Sorry images didnt upload???

9 more replies
Answer Match 45.36%

The System Fix Virus & Privacy Protection Virus hijacked and infected my system: WinXP (64-bit). They've caused my default web browser to change frequently (each time I reboot my PC). So I've been having trouble getting rid of all of this malware/viruses from my system, since I use Windows XP x64.

ComboFix.exe and TDSSKiller.exe are not compatible with my Windows XP 64-bit system. So how do I get rid of the malware/viruses from this computer without those apps that were made to get rid of the following problems on other Windows OS's?:

The latest version(s) of ComboFix and TDSSKiller don't work on the 64-bit version of Windows XP, but they are compatible with other versions of Windows: 98, XP, VISTA, 2000, 2003, 2008 and Windows 7!

1. System Fix Virus (the first virus that affected my Windows system, 2 days ago.)
2. Privacy Protection Virus (behaves almost exactly like the aforementioned virus)
3. Google-Redirect Malware (redirects all my searches to this site: 63.209.69.107)

Thanks in advance to ANY users for helping me and others with this malware/virus problem: I understand and read the previous pinned-thread about the revelant malware/virus issue that Windows-users solved with the programs I've been unable to install on my system. The aforementioned malware/viruses began to infect my PC on December 14, 2011 (since that day, I haven't found a single anti-virus program that can detect the Google-redirect malware/virus on my system).
&nbs... Read more

More replies
Answer Match 45.36%

My Toshiba Notebook (x64) (running Windows 7) has stopped being able to open/run programs. I've been using safe mode to try and find a cure, and safe mode works fine. I ran a few antivirus programs that detected a few things, but none of them solved this issue. Using System Restore seems to be the only thing I can really do, but I've been having some troubles with it.

Only one System Restore point shows up, and it's only from a few days ago, which isn't far back enough to fix my problem (I've already tried restoring it to that point). There are no other options as you can see here and here.

I tried to create my own restore point, but ran into some problems. When I go into "System" the "System Protection" option is missing. I only have these three options:

When I use the search bar to find it instead, "Create a restore point" comes up, but when I click and it opens System Properties, the "System Protection" tab is missing.

When I looked it up, someone had suggested running Regedit and checking HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\SystemRestore\DisableSR but I couldn't get that far.

If anyone could help me out, it would be greatly appreciated.

A:Troubles with System Restore/System Protection

Hello esu and welcome to Seven Forums.

Have you verified that System Protection is turned on? (If it is, try turning it off, restarting the computer, turning it back on, and restarting the computer one more time.)

System Protection - Turn On or Off

See if you can manually create a restore point.

System Restore Point - Create

If not, your computer may have damaged or corrupt sytem files. Try running a system file checker scan from an elevated command prompt (option two.) If problems are found, run the scan 3 times and make sure to reboot the computer immediately after each of the scans.

SFC /SCANNOW Command - System File Checker

4 more replies
Answer Match 45.36%

I have a Win10 Pro and ran MR to create a system image backup.
It went well but it turned of system protection.
A message shows up with a warning yellow triangle that reads.
Using system protection on a drive that contains system image backups will cause other shadow copies to be deleted faster than normal.
--- How do I stop system protection from being turned off?

I have another Win10 computer and created a MR system image backup on that one also.
System protection wasn?t turned off on that one.

I do not use shadow copies: If shadow copies are in use on my computer it doesn?t matter to me if that is the case as I don?t know how to use them anyway. I just don?t want system protection turned off.

A:I donít want system protection turned off when I do a MR system image

Hi,

The available disk space on the pc with the warning issue is probably too small to store both backup images (MR) and system protection image.






I do not use shadow copies:



Actually you do. System Protection is a form of Shadow Copying.

Furthermore, it's not wise policy to store backups on the same physical drive as your system. Still better than nothing but all in all not sound practice.
Better to store back up on an ext. removable drive.

In the mean time you could reduce the amount of space allocated to System Protection and see if that helps any.

Cheers,

1 more replies
Answer Match 45.36%

Hi, I defragged my registry (castigate me later, please), and well, my system crashed. I'm running Windows 7 Home Premium 64 bit on a Lenovo laptop, and on startup, I get a blue screen claiming that the OS couldn't boot, and the option to try a system repair. After analysis, it says that it can't repair the system automatically, and offers more advanced options. I can try a system restore, but after selecting a restore point (clearly the one created before defragging the registry), system restore says that I must enable system protection on the drive. I don't remember disabling it, and I don't know how to enable it without access to the desktop.
From those same advanced recovery options, I can use a system image recovery (don't have an image to recover from), the windows memory diagnostic (it claims there's no memory error), or the command prompt. I know very little about using the command prompt, but I can open the task manager at least, though not explorer.exe or msconfig.exe (the prompt claims they're invalid commands).
I've tried booting in safe mode, with the last known good configuration, with boot logging, and everything else from that menu, as well as a Windows 7 recovery disc (though I believe this disc just provides the same options as those installed on the laptop.
If possible, I'd like to know how to enable system protection from the command prompt window so that I can continue with the system restore. I'm quite certain that the error lies in the defragmentation... Read more

A:System Restore - Enabling System Protection

right click my computer/properties/advanced system settings/system protection/ high light your drive, click configure,now click( restore system settings and previous versions of files)
OK and exit

7 more replies
Answer Match 45.36%

I need help on how to remove the (system reserved) folder under Available Drives in protection settings. On all my other computers it is not shown. Not sure why it is there as it does not show anywhere else on computer as a drive. I guess it just bugs the hell out of me not knowing why it's there. Any help would be appreciated.

A:In System Protection under Available Drives (System Reserved)

Look in Disk Management and see if the Reserve has a partition letter.

9 more replies
Answer Match 45.36%

Hi Everyone

I went on my laptop this morning and it said I needed to run a system restore. Unfortunately when I try to it says I need to enable system protection on my C drive. I've been searching the web for a solution for the past couple of hours and it seems like quite a common problem. However I've tried all of the suggested solutions and nothing seems to work. I'm not the most computer literate so some of the suggested didn't make the most sense. If anyone has any suggestions to help the matter it would be very much appreciated.

Thanks

A:How do I enable system protection for system restore?

System Protection - Turn On or Off

3 more replies
Answer Match 45.36%

 I have a screen shot of it.  There is the Local Disk (C:) listed and then this other.
 Capture.PNG   126.43KB
  0 downloads

A:Under System Prop, and System Protection what is (C:) Missing ?

Post an Image from Disk Management Screen.
 
Control Panel / Administration Tools / Computer Management / Disk Management.
 
This will show all current active drives.
 
 
 

11 more replies
Answer Match 44.94%

I have a friend that just called to say they have the pav.exe infection on there system. Lots of pop ups about Personal Antivirus. They quickly realized that the virus was showing false infections and trying to get them to pay something.Anyway - I had previously installed MBAM, SAS and Avira Free on this machine. Also Spywareblaster and all Windows updates to SP3, including IE8. All updates were done within the past 2 weeks. All scans were clean.I asked them if Avira had any warnings - none that they noticed.A quick run of MBAM seemed to have cleaned the PAV.exe.My question is HOW did they get infected?? If this machine had Spywareblaster and Avira - how did pav.exe get started? Is it because they clicked on the original popup? The users said they were on a Christian book web site. I'm going to look at the browser history to see if I can spot any strange searches or mistyped URL's.Aloha

A:Got infected with pav.exe - even with protection

Hi , I believe this to be part of a Rogue Antivirus application. It may be something else and legitimate. So I want to check. If it is the rogue then someone had to click pon the Ok botton on reply tp a popup or they searched and installed it. But we'll know after this. I will assume this is an XP machine.

Search and see if this fille exists on the PC, thanks. Probably in C:\
Program Files\Common Files\Uninstal\PAV\Uninstall.exe

If it exists ,Run the file Uninstall.exe

1 more replies
Answer Match 44.1%
A:Infected with Privacy Protection

Hello and welcome. Please follow these guidelines while we work on your PC:Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I?ve given you the ?All clear.? Absence of symptoms does not mean your machine is clean! Please do not run any scans or install/uninstall any applications without being directed to do so.Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed. Download Combofix from either of the links below, and save it to your desktop. Link 1Link 2**Note: It is important that it is saved directly to your desktop**--------------------------------------------------------------------IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link--------------------------------------------------------------------Double click on ComboFix.exe & follow the prompts. If you have trouble, stop and post back. Do not try to repeatedly run comboFix!When finished, it will produce a report for you..Please include the following in your next post:ComboFix log

4 more replies
Answer Match 44.1%

Hi, after going online i had a pop up of the Digital Protection virus. I closed down went into safe mode and and used Malwarebytes' Anti-Malware to get rid of it. It detected some nasty stuff and wiped them on re-start.The problem was on re-start was that Digital Protection came back. I went back into safe mode and done the same again but with the same result so I am now seeking help from anyone who knows how I can get rid of this pest without having to reformat.The following is my DDS log.DDS (Ver_10-03-17.01) - NTFSx86 NETWORK Run by ratch at 11:50:28.71 on Thu 05/06/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1754 [GMT 1:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\Documents and Settings\ratch\Desktop\dds.scr============== Pseudo HJT Report ===============uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1700389uInternet Settings,ProxyOverride = *.localuURLSearchHooks: H - No FileuURLSearchHooks: H - No FileuURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d... Read more

A:Infected with Digital Protection

Hello ratchvaux, Welcome to Bleeping Computer. My name is fireman4it and I will be helping you with your Malware problem.Please take note of some guidelines for this fix: Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". Finally, please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.1.Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.Link 1Link 2Link 3Link 4 Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how. Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator) A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed. If ... Read more

7 more replies
Answer Match 44.1%

My computer is just 1 year old I have security shield 2008 just expired on 9-11 So I renewed subscription and am told to uninstall the 2008 version first. Their program would not let me uninstall 2008 I called their free help line and then they had me log into some Iyogi.... they checked my computer and said I was infected! I said isn't the virus protection supposed to solve that they said my protection expired. i SAID "JUST TODAY THATS WHY I AM RENEWING" Now they want to charge me $150 to help me fix the issues. BUNCH OF BULL!!! I asked "If I run a malware scan on my own and remove that should solve my problem right?" and they danced around and just wanted to charge me for their help! I guess I'm looking for help if there is a place to find malware removal items. The guy said it was malware or spyware something like that. It is even keeping me from certain websites that I was able to go to fine until they were on my computer.

Any help would be greatly appreciated!!!

Thanks,

Jessica

I remember they were in regedit under software and showed me two "bad ones"

A:Infected while virus protection is on!

Hello let's clean this and then maybe we'll use a different AV.Next run MBAM (MalwareBytes):NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin a... Read more

1 more replies
Answer Match 44.1%

The Cloud Protection malware has the computer so locked up I had to use clean boot to start the machine just to navigate around, so these files were collected after the clean boot start. I tried using TDSSkiller to no avail. I also tried to restore to an earlier restore point but I gave up after five or so unsuccessful attempts. I kept getting an error message that the restoration was not complete.

Attached below as instructed is the text file from DDS, and the "Attach" file is attached along with the ark.txt file.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Run by Ruth at 13:19:10 on 2011-10-15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.766.447 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report =========... Read more

A:Infected with Cloud Protection

Hello and Welcome to the forums!My name is Gringo and I'll be glad to help you with your computer problems.Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 31. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the runn... Read more

4 more replies
Answer Match 44.1%

Hi
Sorry I posted this in the wrong place first time around.
My Mums laptop running on XP is infected with Security center.It wont allow me to run anything.I have followed the removal instuctions as far as running rkill from a disk which stopped the pop ups but it still wont allow me to run Malwarebytes or any other anti virus.It just keeps saying"Widows cannot access the specified path or file,You may not have the appropriate permissions to access them".Im not very computer savvy so any help and advice would be very gratefully appreciated.Thanks

A:Infected with Security Protection!!Help!!

With the information you have provided I believe you will need help from the malware removal team. Please make sure that you read the information about getting started first.Then start a new thread HERE and include or required logs.Including a link to this thread will be helpful. Good luck and be patient. Help is on the way!

1 more replies
Answer Match 44.1%

Hi all,

My PC is is/was infected by "Best Malware Protection". I've run Malwarebytes Anti malware and Combofix which seems to gotten rid of the annoying pop-ups - and to all intents and purposes has fixed the problem. I manually removed via HiJackthis's delete on reboot feature the hosts file that was permanently locked.

However when I now run Combofix it still tells me that a real time scanner is active - and tells me it is called Best Malware protection - asks me to disable this before continuing.

I cant seem to disable and am hoping someone can explain what i need to do to remove/disable. Besides this, computer seems to be running fine again.

Thanks everyone,
Mark

A:Infected by Best Malware protection

Sorry - neglected to say am running XP Service Pack 3
Mark

4 more replies
Answer Match 44.1%

My Computer got infected with a program called Security Protection. I've tried following the guides in the malware removal forum but nothing works. Also, it is not letting any antivirus run for more than a few seconds. So Malwarebytes or Microsoft Security Essentials will run for a few seconds and then stop. And when I try to run them again it says access denied, or windows cannot access the specified device path or file.

I was able to follow most of the instructions regarding posting a new topic, but whatever the virus is it won't allow the GMER rootkit to complete its scan and it shuts it down and won't allow me to restart it, saying "Windows cannot access the specified drive path or file. You may not have the appropriate permissions to access the item." I have attached the dds.txt and attach.txt logs.

Any help would be greatly appreciated.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Owner at 0:20:16 on 2011-09-06
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2020.1412 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\4248017714:3445935106.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:... Read more

A:Infected with Security Protection

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

3 more replies
Answer Match 44.1%

Hello,

Broni instructed me to make a new post in this forum. My old topic can be seen here: http://www.bleepingcomputer.com/forums/topic466913.html
Started all this morning. I got a prompt about something to be installed and when my eyes saw the driver was signed by Microsoft I just instinctively clicked yes on the UAC prompt. That's when my browser auto closed. Got a prompt about unsigned drivers not being able to installed and my computer restarted. I scanned with malwarebytes and came up with this: http://i.imgur.com/Q5161.jpg and removing them is no good since they keep coming back. MSE reports my real time protection is off even though it has a check in the settings page and it can't update definitions due to no internet connectivity even though I can browse normally. Also this error began popping up whenever I reboot my computer: http://i.imgur.com/kfzJ5.jpg. Followed this guide linked by Broni for posting a new topic here http://www.bleepingcomputer.com/forums/topic34773.html.

Here are some logs:

DDS:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Anjo at 20:38:06 on 2012-08-29
Microsoft Windows 7 Professional 6.1.7601.1.932.81.1033.18.8154.6023 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7... Read more

A:Infected. Not sure what name. MSE protection disabled.

Please do the following:download Farbar Recovery Scan Tool and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) ... Read more

12 more replies
Answer Match 44.1%

I have a Dell Dimension 8200 with XP, SP2 with AVG, A-Squared, Spybot Avast, Kapersky and Comodo with DSL connection. I noticed my computer it was unusually slow lately even with only (1) program running. I realized part of the problem is that I only have 256MB of RAM which I'm upgrading but I thought perhaps I might have infected with a virus or malware. So I posted my problem to http://groups.google.com/group/microsoft.p...5f61e71c36c6947after going through a series of steps to identify the problem suggested by one of the membersI now suspect that I'm infected with the following:O3 - Toolbar: (no name) - {a2595f37-48d0-46a1-9b51-478591a97764} - (no file) "ProtectionBar, rogue 'security software', related to the notorious PS_Guard/SpywareQuake/WinAntivirus foistware and detected as a variant of the FakeAle aka Zlob or Puper trojan." Here is my Hijackthis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:50:40 AM, on 1/15/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC... Read more

A:Infected With 'protection Bar' Malware

The problem has been resolved using SUPERAntispware.

2 more replies
Answer Match 44.1%

Hi, my dad recently got a virus on his computer, privacy protection. I have tried the uninstall guide already, but I cannot run MBMA. I run it in safe mode and used the TDSSkiller and it is successful on the scan, but trying to use Rkill it just terminates and doesn't do anything. I have made a dss log, but I can not make a gmer log because it just closes while scanning. Please help. Thank you

A:Infected with Privacy Protection

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/426606 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

2 more replies
Answer Match 44.1%

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Please DownloadTDSSKiller.zip>>> Double-click on TDSSKiller.exe to run the application.Click on the Start Scan button and wait for the scan and disinfection process to be over.If an infected file is detected, the default action will be Cure, click on Continue
If a suspicious file is detected, the default action will be Skip, click on Continue
If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it Click the "Scan" button to start scan. Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANTPlease post the contents of that log in your next reply.There shall also be a file on your desktop named MBR.dat. Righ... Read more

A:Infected with "Best Virus Protection"

Here are the logs

14:15:43.0906 0704 TDSS rootkit removing tool 2.7.25.0 Apr 3 2012 13:42:32
14:15:43.0906 0704 ============================================================
14:15:43.0906 0704 Current date / time: 2012/04/03 14:15:43.0906
14:15:43.0906 0704 SystemInfo:
14:15:43.0906 0704
14:15:43.0906 0704 OS Version: 5.1.2600 ServicePack: 3.0
14:15:43.0906 0704 Product type: Workstation
14:15:43.0906 0704 ComputerName: WORKSTATION11
14:15:43.0906 0704 UserName: User
14:15:43.0906 0704 Windows directory: C:\WINDOWS
14:15:43.0906 0704 System windows directory: C:\WINDOWS
14:15:43.0906 0704 Processor architecture: Intel x86
14:15:43.0906 0704 Number of processors: 2
14:15:43.0906 0704 Page size: 0x1000
14:15:43.0906 0704 Boot type: Normal boot
14:15:43.0906 0704 ============================================================
14:15:44.0250 0704 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:15:44.0265 0704 Drive \Device\Harddisk1\DR3 - Size: 0x7A1FC000 (1.91 Gb), SectorSize: 0x200, Cylinders: 0xF9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:15:44.0265 0704 \Device\Harddisk0\DR0:
14:15:44.0265 0704 MBR used
14:15:44.0265 0704 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1F608, BlocksNum 0x94DF3B5
14:15:44.0265 0704 \Device... Read more

18 more replies
Answer Match 43.68%
A:Infected with Online Protection Tool

see post#3

5 more replies
Answer Match 43.68%

Hi , i just got infected with malware protection 2008. Please help me get rid of it, following is my DSS logDeckard's System Scanner v20071014.68Run by acer on 2008-06-08 20:38:11Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 2 Restore Point(s) --2: 2008-06-09 00:38:20 UTC - RP5 - Deckard's System Scanner Restore Point1: 2008-06-09 00:08:14 UTC - RP4 - System CheckpointBacked up registry hives.Performed disk cleanup.-- HijackThis (run as acer.exe) ------------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 20:41:18, on 6/8/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\WINDOWS\system32\PnkBstrA.exeC:\WINDOWS\system32\svchost.exeC:\WIND... Read more

A:Infected With Malware Protection 2008

Hello Sukrit01 and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is complete... Read more

7 more replies
Answer Match 43.68%

Hello,The infected computer is running Windows XP SP2. My father?s computer has become infected with what I believe is the rouge-ware known as ?Total Virus Protection.? He opened the file, so it has become active, but he did not buy the fake software. The symptoms include a significant slowdown in running programs, and non-stop pop-ups advising that I buy the program and claiming that the system is failing. There is also a fake button in the start bar, which came with a fake windows alert. In addition to these issues, I have also been unable to start the task-manager through any means. It has been completely disabled and the system does not recognize the account as an administrator. All of these problems also are apparent in Safe-Mode. When I ran my virus scanner, Asquared, it detected over 30 viruses that had come in with it and removed them. However, my scanner has been unable to remove ?Total Virus Protection.? In addition to the DDS log I am also including a HJT log. Thank you very much for taking the time to read this and help me out. You are the best. DDS (Ver_09-02-01.01) - NTFSx86 MINIMAL Run by Administrator at 21:56:21.45 on Tue 03/03/2009Internet Explorer: 7.0.5730.13Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1535.1094 [GMT -5:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchC:\WINDOWS\system32\svchost -k rpcssC:\WINDOWS\system32\svchost.exe -k netsvcsC:\... Read more

A:Infected with 'Total Virus Protection'

This computer is heavily infected, including variants of Infostealer.Banker.C, Backdoor.IRC.Zapchast and Infostealer.Ldpinch.I am sorry to inform you that one or more of the identified infections on your system is a Backdoor Trojan.Backdoor Trojans are the most dangerous and most widespread type of Trojan. Backdoor Trojans provide the author or "master" of the Trojan with remote "administration" of victim machines. Unlike legitimate remote administration utilities, they install, launch and run invisibly, without the consent or knowledge of the user. Once installed, Backdoor Trojans can be instructed to send, receive, execute and delete files, harvest confidential data from the computer, log activity on the computer and more.I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.In addition to the Backdoor Trojans that have been identified, your computer is afflicted with multiple other infections. Although we can make an attempt to clean this machine, we cannot guarantee that it will be secure afterwards. Your best and safest course of action is a reformat and reinstallation of the Windows operating system.If you do decide to attempt cleaning ... Read more

4 more replies
Answer Match 43.68%

When browsing the internet I encounter the following fake popup that appears to be a Windows Internet Security message: The title of the message is "Your Browser is under Threat of Infection Windows Requires Permission to Install Online Protection Tool. I have not installed the program in the fake popup. Another poster is encountering the same problem. He has a screen shot of the popup at http://www.bleepingcomputer.com/forums/t/305177/online-protection-tool/.I use Norton 360 and the computer has been protected by it. A norton 360 scan does not reveal any infections. It appears to be automatically updating.I have run Super Anti-Spyware but it found nothing. I was not able, however, to obtain an update to the program. When I attempted to I received the message: "There was an error trying to retrieve definitions. Make sure your firewall is not blocking Super Anti-Spyware from accessing the Internet."I also ran Malabytes scan. It found nothing. Again, however, I was not able to obtain updated definitions. I received error code: 732 (12007, 0).Before I came to this forum I did run a combofix scan and I can post this log. The log did include the following message: "c:\windows\System32\FirewallSettings.exe . . . is infected!!"I have run a DDS scan. The logs are copied or attached below. I was not able to run a gmer scan. On two occasions while attempting run GMER, I got a blue screen stating that windows was shutting down to prevent damage to the system. On anot... Read more

A:Infected with online protection tool

A little update. I created a new network on my wireless router and reset it to factory defaults. Since this was done, I have not seen the online protection tool popup. I don't know whether this entirely fixed the problem, but it seems to have eliminated one symptom

5 more replies
Answer Match 43.68%

hello i am looking for help to fix my wife's laptop. it has multiple pop ups that warn of window security alerts and asking if i want to run antivirus software . also fake system virus scans run occasionally.also popups warning that files are infected.it won't let me access internet thru internet explorer unless i agree to purchase there antivirus program. when i click on buy ,it opens a site titled "powerfull pc protection!!!"with a address of protectep.com. i didn't buy of course but don'tknow what steps to take from here.since i can't access my internet,i am posting this from a borrowed pc.i used this site "bleeping computer" to find info to remove a different virus in the past with great results didn't find any results in the forum search so am hoping someone can help me again thanks for your time .

A:infected by ransomware 'powerfull pc protection'

Hello,Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Orange Blossom

1 more replies
Answer Match 43.68%

Hello!I got a trojan the other night where a program just started telling me that it had detected an attack, click here to scan/install/upgrade ...Did my usual panic and disconnected the network cable to isolate the machine. A window pops up saying that mcafee is corrupt and needs to be uninstalled. Then mcafee's uninstall pops up for confirmation. I canceled and closed all these warnings but could not get any action out of mcafee even in safe mode. Took a whack at ccleaner to try to get the bugs out and get mcafee going. As things got worse I ...Tried some bad advice to remove registry keys for User Protection directly. No real help Then found bleepingcomputer on another pc...Used the instructions for removal of User Protection aka Malware Defense aka Paladin...all these names were reported in various logs and all use the same play book. The below symptoms are what is left after these treatments. Followed the "preparation guide for use before using malware removal tools and requesting help" . Gee, with a name like that you'd think it would be the first step... Prepared this message. symptoms-Have to make Firefox my default browser over and over. will not navigate to bleepingcomputer.com malwarebytes gmer rkill all had to be run with fake namesworst- cannot reinstall Mcafee antivirus. It gives incompatable software error and suggests that I use add/remove programs to uninstall user protection. User protection did not uninstall when I trie... Read more

A:infected by trojan user protection

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

8 more replies
Answer Match 43.68%

I am infected with the security protection virus. My computer has google redirect and also will not allow me to run DDS or download or run any .exe files. Also, I cannot get rkill to run either and I am following the proper instructions and running in safe mode and leaving the warning up. Any help would be much appreciated.

A:Infected with security protection virus

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/415636 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

2 more replies
Answer Match 43.68%

I posted something last night in the wrong forum. It was moved by Hamlius to this form and apparently closed. I've done some things since then so I'm starting a new post.

After encountering an aggressive malware that continuously asked me to install a malware detector (and it would not allow me to run any executables such as Notepad or Windows Explorer) I did a Windows XP Restore Point to one day back and recoverd to the point where I am able to run executables and successfully download software from the Internet. Unfortunately, I cannot reinstall my Mcafee from their website. TheMcAfee installer is saying it cannot run javascript on my machine.

I have run ATF Cleaner and SAS from Safe Mode with no browsers open and other than tracking cookies, nothing is found. I also ran MalwareBytes and nothing was found on a quick scan. I'm not satisfied that I have ridded myself of the malware because of the McAfee problems.

Can someone suggest some other steps I should take. Thanks.

Curt

A:Infected by Fake Virus Protection

Hello,I think it was accidentally closed,I will remove that topic.>>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
If nothing happens or if the tool does not run, please let me know in your next replyDo not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.Please see if you can run FakeAlert Stinger.Now an online scan with ESETPlease perform a scan with Eset Online Antiivirus Scanner.(Requires Internet Explorer to work. If given the option, choose "Quarantine" instead of delete.)Vista users nee... Read more

1 more replies
Answer Match 43.68%

Running Win XP Home Edition Version 2002 SP3. Something called STOPzilla was saying DrgToDsk.exe is infected with W32/Blaster.worm. Was able to remove STOPzilla, as well as the Roxio programs, including Drag to Disk. Updated logs attached and dss.txt pasted below were run after removing these programs via Control Panel Add/Remove Programs. Now there is something called Spyware Protection that is claiming multiple infections. Note updated gmer run did not find anything so ark.txt is empty.


.
DDS (Ver_2011-08-26.01) - NTFSx86 MINIMAL
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Run by Administrator at 20:57:10 on 2011-09-04
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1793 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080430
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc7... Read more

A:Malware - infected with Spyware Protection

Hi tamaru, was there any reason you ran our tools in Safe Mode? If you're able, please re-run DDS in Normal Mode and repost DDS.txt.

GMER will usually produce a log, even if no malware is found. Please try running GMER again using the following instructions, if you get a blank ark.txt again please let me know and we will try a different scanner.

Download GMER Rootkit Scanner from here and Save it to your Desktop. Double-click gmer.exe to run it. If asked to allow gmer.sys driver to load, please consent.
First, gmer will run a short, initial scan.
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.



Click the image to enlarge it


In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and attach it to your next reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

------------------------------------------------------

19 more replies
Answer Match 43.68%

I've already done everything as described inhttp://www.bleepingcomputer.com/virus-remo...rotection-suite,but the Suite is still here.DDS (Ver_09-10-26.01) - NTFSx86 Run by HenTam at 9:18:04.59 on Sat 11/21/2009Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2037.945 [GMT -8:00]AV: Windows Protection Suite *On-access scanning enabled* (Updated) {F36AE18F-3E1E-4F1E-BC42-D1D1350D69F5}FW: Windows Protection Suite *enabled* {85B67291-644C-4B4D-8FF4-658BDABDC7D8}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\system32\igfxsrvc.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exeC:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\WINDOWS\system32\RunDLL32.exeC:\Program Files\Creative&... Read more

A:Infected with Windows Protection Suite

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may ta... Read more

2 more replies
Answer Match 43.68%

Hi there, yesterday my pc caught a bug, possibly several. It appears to be infected with x2 pieces of spyware, namely Security Sphere 2012 and AV Protection online. I have followed your very comprehensive instructions in how to remove but no matter what i do, these infections will not allow me to run any anti virus software from either malwarebytes, spybot, kapersky or avg. I have tried using tdss root killer and although it identifies x2 threats it asks me to reboot and when i do, we return to the normal fake security scan screens exactly as detailed in your forum as well as google redirects and slow running. The only small success i have had is using your rkill exe which stops the flashing screens and enables me to use the internet. I do hope you can help, i hate troubling you and can normally sort these things our myself with your instructions. Please find attached the requested .txt logs, the GMER exe will not run for me, it terminates as soon as i open it! Thanks in advance, Richard.

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Richard Deane at 14:26:55 on 2011-10-23
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3292.2656 [GMT 1:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\747063... Read more

A:infected with Av Protection Online malware

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

3 more replies
Answer Match 43.68%

Hey all would really appreciate some help,

Okay so 2 days ago my computer started getting all of these pop ups, turns out it was Antivirus Win 7, Went thru all the hassles to get it off and after hours of trying I succeeded... Sorta. I know have another virus called USER PROTECTION and I'm having some trouble removing it. I have scanned multiple times with MBAM and every time I scan it finds more and more stuff so to me it looks as if it isn't helping at all. So my question to you is what should I do? What is the best route to take on this virus? SHould I do A system recovery? keep scanning? Would be a great help if you guys could walk me through the process.

Thanks in Advance

More replies
Answer Match 43.68%

Hello and thanks for the help!The in-laws computer got infected with Windows Protection suite and while I was able to kill the main program with Malwarebytes it appears my hosts file is still infected and The computer is still getting redirects to malware filled pages. I tried making my own hosts file with all the bad redirect links deleted but the redirects still happen and they are still getting detected with spybot S&D. While spybot detects them, it is unable to fix them as it says access to the hosts file is prevented. As well, when I run GMER it starts with this error "C:\Windows\system32\config\system: The system cannot find the file specified." Under the main rootkit/malware tab, the only boxes on the right that are even tickable are "services", "registry", "files", the drives, "ADS" and "show all." All others are grayed out and unselectable (systems, sections, IAT/EAT, Devices, Modules, Processes, Threads, Libraries). When I try to run a scan I get the error "C:\Windows\system32\config\system: The process cannot access the file because it is being used by another process." GMER still runs a scan, but finds nothing. That's about as much info I can think might be helpful, please let me know if you need any other information### DDS.txt log ###DDS (Ver_10-03-17.01) - NTFSX64 Run by Anne at 16:45:27.22 on Wed 07/07/2010Internet Explorer: 8.0.7... Read more

A:Infected with Windows Protection Suite

Hello and welcome to Bleeping ComputerPlease refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please download OTL from this link.Save it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Under the Custom Scan box paste this in:netsvcsmsconfigdrivers32 /all%systemroot%\system32\*.dll /lockedfiles%systemroot%\system32\*.sys /90%systemroot%\Tasks\*.job /lockedfiles%systemroot%\System32\config\*.sav %SYSTEMDRIVE%\*.*%systemroot%\system32\Spool\prtprocs\w32x86\*.dll%systemroot%\*. /mp /s/md5starteventlog.dllscecli.dllnetlogon.dllcngaudit.dllsceclt.dllntelogon.dlllogevent.dlliaStor.sysnvstor.sysatapi.sysIdeChnDr.sysviasraid.sysAGP440.sysvaxscsi.sysnvatabus.sysviamraid.sysnvata.sysnvgts.sysiasto... Read more

9 more replies
Answer Match 43.68%

I have been infected by the "Software Protection" malware.

When I login, I get that popup and I cannot kick off any other program.

I went into "SafeMode with Networking" to run DSS, however the program just gets stuck and does not popup any log files (the dos screen does come up and it does run with the hashes but no log files are produced), which is why I did not post any DSS logs. I also went into "SafeMode" and same thing happened.

I was however able to run GMER and log file is posted.

A:Infected by "Software Protection" malware

Welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please download OTL from... Read more

32 more replies
Answer Match 43.68%

OK, so I guess it started out with Google redirecting me and then Cloud Protection started up. Having a little experience with malware I ran rkill then Malwarebytes. No effect on the symptoms. Then I looked up Cloud Protection on bleepingcomputer.com and found the uninstall instructions. After running rkill and then TDSSkiller I noticed an effect on Google searches but then Malwarebytes didn't find anything else. A Cloud Protection icon is still shown on my desktop. Also, I attempted to enable firewall through Windows Vista but it gave me a message saying "Windows Firewall service cannot be displayed because the associated service is not running. Do you want to start the Windows Firewall service?" When I click yes it says, "Windows cannot start the Windows Firewall service."

Thank you for your help and I eagerly await your reply.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_19
Run by Ben at 22:11:32 on 2011-10-20
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.4026.3017 [GMT -7:00]
.
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C... Read more

A:Infected with TDSS as well as Cloud Protection

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

23 more replies
Answer Match 43.68%

Hello All,

Yesterday I my laptop got infected with the Security Protection Malware.

I attempted to follow the uninstall guide posted by Grinler with no luck.

My issue is that nothing seems to work.

Rkill, TDSSkiller and any anti-malware/anti-viral software I have tried will not scan, will not open, or will shut down once it starts scanning.

After the initial part where it was trying to get me to purchase the fake software, that has not reoccured, however I have been getting a couple of redirects and there is an odd process running in task manager. (2643737432:2814667618.exe) that I cannot terminate.

Any help would be appreciated.

Thanks,

A:I think Im infected.... Security Protection Malware but cannot get rid of it

With the information you have provided I believe you will need help from the malware removal team. Please make sure that you read the information about getting started first.Then start a new thread HERE and include or required logs.Including a link to this thread will be helpful. Good luck and be patient. Help is on the way!

3 more replies
Answer Match 43.68%

My computer was infected with Personal Protection malware and it could not be completely removed by my anti-malware software, CA California Associates Security Suite. The technician at CA informed me that a root kit was on my machine and advised me to run ComboFix after he noticed some entries in the GMER log with filenames including the characters atapi...for example atapi.sys. He said he could not run the third party software combofix for me, so I followed the instructions and ran it. While running combofix it stated that a root kit was detected and then rebooted my machine and continued the scan. I have attached the resulting log.txt file. I then ran GMER again and did not appear to have the atapi files anymore, but was informed in a pop up window "WARNING!!! GMER has found system modifications caused by ROOTKIT activity. The combofix instructions stated that I should post the logs at one of these forums.I then proceeded to follow the instructions, Preparation Guide For Use Before Using Malware removal Tools and Requesting Help, although I already ran combofix as advised by the CA technician. I would like someone to look at the logs I created after running combofix and let me know what else needs to be done to clean this computer. Thank you very muchDDS (Ver_10-03-17.01) - NTFSx86 Run by The Love's at 14:54:38.20 on Sat 07/03/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Professional 5.1.2600.3.1252.1.... Read more

A:Was? Infected with Personal Protection malware

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you let... Read more

10 more replies
Answer Match 43.68%

Hello! First of all, THANK YOU in advance for your help. My wonderful wife was browsing and fell for one of the online scanner programs. After downloading this we experienced several problems on the PC:- Spybot Search & Destroy detected 1. My Security Shield and 2. Windows Protection Suite- Symantec Anti-Virus won't start on bootup- Task Manager will not openI tried using the uninstall guides for My Security Shield and Windows Protection Suite. I used Malwarebytes per the instructions. It appears that the program successfully removed My Security Shield (it did not show up on subsequent Spybot searches). However Windows Protection Suite still show ups on Spybot.Thank you again, I appreciate your help.Here is the DDS log, the Attach and Ark file are attached:DDS (Ver_10-03-17.01) - NTFSx86 Run by Bar at 15:26:10.64 on Sat 09/25/2010Internet Explorer: 6.0.2900.5512Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.327 [GMT -4:00]AV: My Security Shield *On-access scanning enabled* (Updated) {925E9980-49A2-4A01-B57E-1B44E2F033B0}AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}FW: My Security Shield *enabled* {9DB719D4-24BD-4202-BFDA-E889534BF397}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Intel\WiFi\bin\S2... Read more

A:Infected w/Windows Protection Suite

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

12 more replies
Answer Match 43.68%

Was infected with AV Protection 2011 which was causing false 'infection' (firefox.exe is infected and running of application is impossible) messages and prompting me to purchase a virus protection program. Have run RKill, MalwareBytes and Webroot. All were unsuccessful. Left computer off overnight and upon reboot in Normal Mode this morning was not able to run any applications at all except IE which was 'not responding' after the window opened. Rebooted in Safe Mode and was able to complete the steps in the Preparation Guide. Followed all instructions in the guide, ran into problems with the GMER (not sure if i have 64bit, but very likely)- the Rootkit/Malware tab does not let me select anything except Services, Registry, files, c:\ and ADS. When the scan completed it says "GMER hasn't found any system modifications"
.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 8.0.7601.17514

BrowserJavaVersion: 1.6.0_26
Run by IvieSeale at 11:40:41 on 2011-11-23
Microsoft Windows 7 Home Premium

6.1.7601.1.1252.1.1033.18.5992.4889 [GMT -

6:00]
.
AV: Webroot AntiVirus with Spy Sweeper

*Enabled/Updated* {53211D91-0C31-95F2-E3A5-



7661FB22889E}
SP: Windows Defender *Enabled/Updated*

{D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor *Enabled/Outdated*

{94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Webroot AntiVirus with Spy Sweeper

*Enabled/Updated* {E840FC75-2A0B-9A7C-D915-



4D1380A5C223}
.
=======... Read more

A:Infected with AV Protection 2011, possible rootkit

Hi,If help still needed re-run DDS. Make sure that notepad has word wrap disabled to get logs in readable format, please.

15 more replies
Answer Match 43.68%

My name tells it all. I cannot open internet explorer. I can not open any malwarebyte, bitdefender, or other scanners for this virus. When I do, if they start, after 10 seconds, they close. I can open firefox, and go to any website, but the "noblesearchsystem.com" website pops up every 5 minutes. When I tried to scan with gmer, it closed after 10 seconds. After renaming to merg, it closed after 10 seconds. Also, I have to logon as anksnother user, disable defender.exe in task manager before I can open task manager or firefox as my user name. And I cannot stop the process that is all numbers. Thanks for looking at this and for your help.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11
Run by Hansel at 20:36:38 on 2011-10-15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1227 [GMT -5:00]
.
AV: BitDefender Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: AVG Anti-Virus Free *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: BitDefender Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\623904815:3505901530.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel ... Read more

A:Infected with Security Protection/Defender.exe

Hello lostinhell ! Welcome to BleepingComputer Forums! My name is Georgi and and I will be helping you with your computer problems. Before we begin, please note the following:I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.The logs can take some time to research, so please be patient with me.Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.Instructions that I give are for your system only!Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Please perform all steps in the order received. If you can't understand something don't hesitate to ask.Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.IMPORTANT NOTE: One or more of the identified infections is related to the rootkit ZeroAccess. Rootkits, backdoor Trojans, Botnets, and IRCBots are very dangerous because they compromise system integrity by making changes that allow it to be used be the attacker for malicious purposes. Rootkits are used be Trojans to conceal its presence (hide from view) in order to prevent detection of an attacker's software and make removal more difficult. Many rootkits can hook into the Win... Read more

71 more replies
Answer Match 43.68%

Here is the DDS log... i don't know what to do with it. please help.

A:infected with "virus protection" blocking ie

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instruc... Read more

2 more replies
Answer Match 43.68%

Found this site on the web.

I followed the instuctions to remove this but was unsuccessful and had various problems. I downloaded the TDSS Killer, renamed it, but it won't run. It says it isn't a valid system 32 application. I tried several times and renamed it different things--still didn't work.

rkill seemed to work fine.

I went ahead and tried to run Malwarebytes (I already had it installed), but after about 10 seconds it closed and now won't open. I followed the link to download it again. When trying to run the setup, I get the "not a valid system 32 app" message.

I was not able to backup my data. I get the "not a valid 32..." message when trying to install the software. The standard version that came with XP is hiding from me.

The windows firewall is enabled(and has been all along)

DDS seemed to work fine. see below

GMER downloaded fine. I started the scan and it ran for about 30 seconds (LOTS of things populated) then it just closed. Now it won't run at all. I re-downloaded it with the same result.

Thanks so much for taking a look!

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702
Run by Administrator at 17:12:29 on 2011-10-15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1501 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\syst... Read more

A:Infected with Cloud Protection virus

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===In Internet Explorer go to Tools - Internet Options - Connections Tab - Lan Settings and remove the reference to 127.0.0.1:61455 if found, then uncheck "Use a proxy server" and check "Automatically detect settings".===If you use Firefox in Tools Menu > Options... > Advanced Tab > Network Tab > Connection > Settings. Select the Auto-detect proxy settings for this network option. Or no proxy if you do not need it.===Your logs indicate that a ZeroAccess infection is present on your computer:Please download DummyCreator.zip and unzip it.Run the tool.Copy and paste the following into the edit box:

C:\WINDOWS\3203397148
Press Create button and post the content of the Result.txt.

Important: Restart the computer.===Please download AntiZeroAccess by Webroot to your DesktopDouble-click antizeroaccess.exe to run the program.NOTE: If running Vista or Windows 7, make sure to Right-click on it and select Run as an Administrator.
At the black window, type y and then press Enter.Once AntiZeroAccess has finished scanning, a report AntiZeroAccess_Log.txt will be created in the same location as the program.Please post the contents of the report in your next reply, and let me know how your system is running now. :thumbup:<<<>>&... Read more

42 more replies
Answer Match 43.68%

Oh i can not get system restore to open but it works in safe mode not in regular mode.

A:Need help system protection not there on system properties

Hi,

Welcome to Seven Forums.

Run Regedit and check the following registry key:

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\SystemRestore\DisableSR.

If the key is present and has any value other than 0 then system restore is disabled and the system protection tab will be hidden.

Viruses often disable this by setting this registry key. Often they will also disable the task manager and regedit too.

If you get a message saying regedit has been disabled by your administrator then it's quite possible you have been targeted by a virus, in which case a full scan of your system is a good idea.


As always, before making changes to your registry, back it up.

hth
Tanya

4 more replies
Answer Match 43.68%

Hi,
I wanted to start system restore. The window shows: to create a restore point

open System Protection.

When this link is clicked, the System Properties dialog is opened by

SystemPropertiesProtection.exe

But the Tabs "System Protection" and "Remote" are missing in this dialog.

Something is wrong with the installation, but I cannot do new clean installation as many software is installed upon the platform. I have mounted the Vista installation DVD with "GImageX", but I do not know which files or Registry Entries I have to extract.

Any ideas? Thanks in advance for any help.

More replies
Answer Match 43.68%

Everytime I start up my desktop, a fake windows security center message comes up trying to get me to install a fake protection system software. When this windows security center message comes up, it also adds three shortcuts to my desktop to porn sites. This virus is hindering me from using various software such as Malwarebytes, Spybot, and it wont let me install Hijack this. Also, this virus is making Internet Explorer practically unusable (using Safari right now). Please help me, it would be greatly appreciated.

A:infected with fake protection system/ fake windows security center/ fake security center alerts

I forgot to put this, but I am using Windows XP
One of the sample messages from Security Center Alter asks if I want to block a suspicious software called Trojan.Win32.Agent.dcc. This "Alert" has popped up many time, but warning me about different trojans.
Also, in the lower-right tray, messages are continuously coming up saying stuff like keyloggers, exploits, and etc have infected your computer.

4 more replies
Answer Match 43.26%

Hi all
I want to disable "hardware, Advanced, System Protection, Remote" tabs from system properties dialog box( screen shot attached).
The user should only able to access change computer name feature. Other feature should be disabled/removed.
I there any way to achieve it?
thanks in advance.


IMG]https://social.technet.microsoft.com/Forums/getfile/703346[/IMG]

A:disable "hardware, Advanced, System Protection, Remote" tabs in system

I'm inclined to say no, for a very simple reason.
Changing the computer name requires administrator access. Given that, the user already has full control over the entire computer, therefore he can change whatever he wants.
What's the purpose of such "limitation"?

4 more replies
Answer Match 43.26%

Hello,I believe that I am infected with something, because I have a window that pops up shortly after each start up that shows "Spywareguard Browser Protection Alert!"! An attempt to change Internet Explorer settings has been detectedWarning! Your IE default search url has been changed!Your Internet Explorer local machine default search url has been changed fromhttp://www.microsoft.com/isapi/redir.dll?prd=iear=iesearchtohttp://go.microsoft.com/fwlink/?LinkId=54896I cannot get rid of this window; either another one pops up if I hit "Restore old value" or "Keep new value" or the system freezes. Also, I cannot open IE7, and after this window pops up my CPU usage flatlines at 100%. Please help!!!!After performing all of the requested scans/tasks asked on the "read this topic" page (except for those that require IE to work, since I can't open it - currently using Firefox), here is my HijackThis log:Logfile of HijackThis v1.99.1Scan saved at 10:47:13 PM, on 2/15/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0011)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\syst... Read more

A:"spywareguard Browser Protection Alert!" - Infected With Something But Don't Know What!

Here is an updated HiJackThis log, in case it is needed:Logfile of HijackThis v1.99.1Scan saved at 6:05:04 AM, on 2/20/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\S24EvMon.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Cisco Systems\VPN Client\cvpnd.exeC:\Program Files\ewido\security suite\ewidoctrl.exeC:\Program Files\Panda Software\Panda Antivirus 2007\PsCtrls.exeC:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exeC:\Program Files\Panda Software\Panda Antivirus 2007\AVENGINE.EXEC:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exeC:\WINDOWS\system32\RegSrvc.exeC:\WINDOWS\... Read more

18 more replies
Answer Match 43.26%

i aquired this virus a day ago and fell for the scam before looking up some information about it. Im not sure how to delete it. The warning signs i read about are happening such as, redirecting websites pages, especailly emails and other password protected sites. task manager was disabled. the computer is brand new and is running alot slower now than it did just a week ago.I eventually restored my computer to the day before but im pretty sure that didnt completely remove it. i have no important files on the computer, completely wiping the computer would be an option but i dont have any disks which came with the computer. if some computer wizz could give me some advice Thank you !!the dds files as requested below. and i attached the ARK.txt file
 ARK.txt   143.77KB
  2 downloadsDDS (Ver_10-12-12.02) - NTFSx86 Run by Toby at 13:50:00.59 on Wed 16/02/2011Internet Explorer: 8.0.7600.16385Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.1976.1183 [GMT -8:00]AV: McAfee? Total Protection? Service *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: McAfee? Total Protection? Service *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}FW: McAfee? Total Protection? Service *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}============== Running Processes ===============C:\windows\system32\wininit.exeC:\windows\system32\lsm.e... Read more

A:infected with microsoft internet protection 2011

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!These instru... Read more

2 more replies
Answer Match 43.26%

I picked up the "Personal Protection" malware program two days ago.I used Malware Byte to remove the problem, but since then my computer has been running very very slowly, particularly on startup (it takes about 15 min. to boot up) and when shifting tasks such as starting a new program, or shifting from one program to another.

Any help would be much appreciated.

Steve

A:Infected with "Personal Protection" malware/Ransom where

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/427149 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

21 more replies
Answer Match 43.26%

Hello to all. I hope someone can help me here. I have windows vista ultimate 64 bit.....I was recently infected with the Windows Protection Suite but ONLY on my firefox browser. I have tried every program i know--all in safe mode, to remove any and all infections associated with this but to NO avail.....UUUGGG!! Here is my Log--Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:58:24 PM, on 9/16/2009Platform: Windows Vista SP2 (WinNT 6.00.1906)MSIE: Internet Explorer v8.00 (8.00.6001.18813)Boot mode: NormalRunning processes:C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files (x86)\McAfee.com\Agent\mcagent.exeC:\Program Files (x86)\McAfee\MBK\McAfeeDataBackup.exeC:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exeC:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\ASUS\AASP\1.00.64\aaCenter.exec:\windows\syswow64\mlmdcnf\atisvc_eerrqg.exeC:\Program Files\Logitech\SetPoint\x86\SetPoint32.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exeC:�... Read more

A:Firefox infected with Windows Protection Suite

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Pleaseinclude a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner o... Read more

2 more replies
Answer Match 43.26%

Hello,

Security essentials real time protect is reporting to be off with the big turn on button even though if I go to the settings page the check box has a check on it. Whenever I try to update virus definitions it fails saying no connection can be made even though I can browse normally. Also, did a scan with malwarebytes and it turned up this: http://i.imgur.com/Q5161.jpg . Not sure what this virus/malware is called. Everytime I try to delete it using malwarebytes it keeps popping back up. Any help would be appreciated.

A:I have been infected. MSE not able to update. Real time protection is off

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply.====================================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next t... Read more

4 more replies
Answer Match 43.26%

Windows Vista

nothing works
have used another computer per bleeping instructions to download malware bytes onto portable storage
and cannot install the mbam setup or FIX EXE from portable drive- no programs work
was on Firefox and clicked website for ModX
nothing works except IE
firefox web browser does not work
fake windows security shield and "Full PC scan"
tried to start a fake scan and stopped but it was showing the fake files that are infected

I stopped the fake progam scan and did not "purchase" their security program

everything I do generates a balloon about "---.exe cannot start is infected with W32 BLASTER WORM (this is fake I guess?) ..." "security warning-malicious has been detected click here to protect your computer"

also firewall warnings

cannot take a screen shot

A:SCAREWAREVam infected FAKE Spyware Protection

UPDATE

it is the next morning

seems the warnings have stopped

was able to start malwarebytes from the portable
it is scanning now

though I forgot the part where they say to open any program

the fake Windows security shield icon has gone

as if after enough hours this thing gives up and goes away if you do not PURCHASE?

maybe I did not get infected?

21 more replies
Answer Match 43.26%

Any time i am on the computer, i keep getting pop-ups saying that i have been infected with 25 viruses. most of the time it says the trojan virus. it also tells me that it is infecting my contacts on my email. it would not let me get on the internet at first. it said the http. is invalid. my zone alarm was asking me to accept or deny lots of addresses as the pop-ups were occuring, i just kept on denying them access. i talked to people on livechat with zonealarm and that is how i got to start this. i was told that malware protection is not good for the computer. they told me this is how i can remove it and the viruses. thanks!
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Jillian at 16:25:50.82 on Fri 03/25/2011
Internet Explorer: 8.0.6001.19019
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.2036.887 [GMT -5:00]
.
AV: ZoneAlarm Antivirus *Enabled/Updated* {E9467272-859A-F159-FA9E-55E7E32D7A25}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Anti-Spyware *Enabled/Updated* {52279396-A3A0-FED7-C02E-6E9598AA3098}
FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\... Read more

A:infected with trojan viruses from malware protection

Hello and welcome. Please follow these guidelines while we work on your PC:Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean! Please do not run any scans or install/uninstall any applications without being directed to do so.Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed. Download Combofix from either of the links below, and save it to your desktop. Link 1Link 2**Note: It is important that it is saved directly to your desktop**--------------------------------------------------------------------IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link--------------------------------------------------------------------Double click on ComboFix.exe & follow the prompts. If you have trouble, stop and post back. Do not try to repeatedly run comboFix!When finished, it will produce a report for you..Please include the following in your next post:ComboFix log

30 more replies
Answer Match 43.26%

My computer seems to have windows protection suite. I downloaded malwarebytes anti-malware, but it can not delete the one.
Pop up window came all the time saying that my computer is infected.

Following are message from DDS.

DDS (Ver_09-07-30.01) - NTFSx86
Run by shizuw at 21:10:07.10 on 2009/09/07
Internet Explorer: 7.0.6002.18005
AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FW: ウイルスバスター2008 (パーソナルファイアウォール) *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\TAMSvr.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows... Read more

A:Infected with windows protection suite -coming with pop up-

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 43.26%

I believe I have been infected with XP Antivirus Protection virus/spyware/malware.

I have downloaded and ran HijackThis and here is my log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:38:17 PM, on 3/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\RioMSC.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Intel\Intel Applicat... Read more

A:Infected with XMP Antivirus Protection malware/spyware - Help please

11 more replies
Answer Match 43.26%

My computer was infected with malware protection malware bundled with google redirects. I followed the removal guide and was able to remove malware protection using Malwarebytes in safe mode with networking. However I couldn't remove google redirecting malware. TDSSKiller.exe, which I changed the name, won't run when I double click it. One day later, the malware protection came back again.

Thank you very much!
.
DDS (Ver_2011-06-01.06) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Run by AUS17 at 12:31:56 on 2011-06-01
Microsoft Windows XP Professional 5.1.2600.3.936.86.1033.18.2046.1336 [GMT -4:00]
.
AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\ArcSoft ... Read more

A:Infected with google redirects and malware protection

Hello dawnriver and welcome to BC.

Sorry about the delay, do you still need help?

18 more replies
Answer Match 43.26%

My laptop, running Windows Vista, has recently been infected with some sort of fake Antivirus program. When I am on my laptop I am almost constantly bugged by popup windows saying things like "Application cannot be executed. The file werfault.exe is infected. Do you want to activate your antivirus software now?". However, the file it says is infected constanly changes so do not look to much into that. I am assuming if I were to press yes it would either fry my laptop or infect my laptop with a worse virus that only it could fix. I tried downloading Web Root but it always says a certain file could not be located which I have assumed is due to the fake antivirus blocking it from working. I am wondering how to fix this, such as is there a file or program I can download? I saw an old post about something called ComboFix but I would need someone on here to walk me through it, if that would even help me at all. Also, I have access to another computer with which I can download things onto and transfer to my laptop via USB.
 

A:Need Help, infected by fake virus protection program

The name of the fake antivirus software is Anitvirus Live.
 

2 more replies
Answer Match 43.26%

I keep getting annoying little pop ups in the bottom of my screen that says windows has detected spyware, or your computer is infected! another says your computer is making unautherised copys of something. I have scanned the computer and found a couple of trojan horses and removed them and as far as i can tell there is nothing left, but the stupid pop ups wont go and it keeps trying to take me to download something to remove this "spyware" which im guessing will just screw me over even more. I've read through other posts and i've downloaded hijackthis. This is my scan result

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:11:15 AM, on 8/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\csrss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Windows Defender\MsMpEng.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
F:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
F:\PROGRA~1\Grisoft\AVG7\avgemc.exe
F:\Program Files\Bonjour\mDNSResponder.exe
F:\Program Files\Google\Com... Read more

A:My computer has been infected fake virus protection

9 more replies
Answer Match 43.26%

For the last couple weeks I have been having Google redirect issues. For instance, every 3rd or 4th time I click on a Google result, it takes me to a different page than the one I was looking for, usually some sort of weird ad page. In addition, sometimes when I get redirected, a program called "Security Protection" opens up on my computer and starts really screwing with my system. When this happens I am able to use Malwarebytes in safe mode, and remove the "Security Protection" program. I have also tried running Malwarebytes, Hitman, and TDSSKiller to try to stop the Google redirect problem, but none of them have helped. I have run all three of these programs normally, and also in safe mode. None of them can find any infected files. I am running Windows Vista.

Here is a copy of my DDS report, and I have attached the two requested files.

Thank you
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windo... Read more

A:Infected with "Security Protection" and Google keeps redirecting

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

14 more replies
Answer Match 43.26%

Started having trouble booting system and had to use the XP cd. However, now it will start normally without the cd.Was getting popup windows that appeard to be the Data Protection malware that you show. Ran AVG and was able to clean some files. It identifies atapi.sys as infected, but won't clean because it is "whitelisted". Have run Malwarebytes, and it has identified malware, but when you click "Show Results", the program terminates. Also have been unable to start in Safe Mode. Performed steps in your Preparation Guide. Ran Defogger & DDS. Tried to run GMER twice, but both times the system locked up when it completed. Message said rootkit discovered, but I couldn't save ark.txt file. Don't know if it means anything, but I saw several references to "PRAGMAinixrxerci".I have used your website for before to solve problems, but have never had one serious enough to use the forum. I would appreciate any help you can offer.Thanks.DDS (Ver_10-03-17.01) - NTFSx86 Run by Doug at 11:27:53.45 on Thu 05/20/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.186 [GMT -4:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}AV: McAfee VirusScan *On-access scanning enabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}============== Running Processes =========... Read more

A:Data Protection malware - atapi.sys infected?

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens. Somethings to remember while we are working together.1.Please do not run any other tool untill instructed to do so!2.Please reply to this thread, do not start another!3.Please tell me about any problems that have occurred during the fix.4.Please tell me of any other symptoms you may be having as these can help also.5.Please try as much as possible not to run anything while executing a fix.If you follow these instructions, everything should go smoothly.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Gmer is the best but can be hard to get a log lets try this and see what we get.Scan With RKUnHookerPlease Download Rootkit Unhooker Save it to your desktop.Now double-click on RKUnhookerLE.exe to run it.Click the Report tab, then click Scan.Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.Wait till the scanner has finished and then click File, Save Report.Save the report somewhere where you can find it. Click Close.Copy the entire contents of the report and paste it in a reply here.Gringo

9 more replies
Answer Match 43.26%

My personal computer has been infected with a virus of some sort, popping up with a window that looks like Windows Protection software program.

I have run ComboFix once, then downloaded some anti-malware/virus software, then it popped back up again.
Any suggestions? I am also wondering if I can recover any of my files that I have on this computer, since I know the virus can affect files on my computer. Is all lost?
Should I go ahead and reformat my hard drive?

Thanks

A:Windows Protection fake- infected with a virus

Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The... Read more

1 more replies
Answer Match 43.26%

I hope I can get this log on, my computer is in rough shape. How I got this darn thing, who knows. I have tried all the fixes, at one time I had Antimalware Doctor, and Digital Protection virus at the same time. I have tried the web fixes to no avail. I have used TDSS Killer/Rkill/Malwarebytes updated/eset online scanner/Superantispyware/I have Avira as my antivirus(updated). It`s like the computer is in a loop, about the time I think I am getting the best of it, bam, the virus comes right back. I`m not sure if I have the right hijack this log, if not, let me know. Wifes computer, so who knows what it got into. Thanks for your time.Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:23:30 AM, on 4/12/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Digital Protection\digprot.exe
... Read more

A:Infected badly(digital protection virus)

Hello there Sorry your thread was missed.
My name is NeonFx. I'll be glad to help you with your computer problems. Logs can take some time to research, so please be patient with me.
Please note the following:

The fixes are specific to your problem and should only be used on this machine.
Please continue to review my answers until I tell you your machine appears to be clean. Absence of symptoms does not necessarily mean that the system is completely clean.
It's often worth reading through these instructions and printing them for ease of reference. I may ask you to boot into Safe Mode where you will be unable to follow my instructions online.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please refrain from doing any fixing of your own while I am assisting you with this problem. I need to keep track of what is going on as the order in which we do things can often be important.
If this is a company owned system or a work computer let me know.
Please reply to this thread. Do not start a new topic.

Step 1

Download OTS to your Desktop
Close ALL OTHER PROGRAMS.
Double-click on OTS.exe to start the program.
Check the box that says Scan All Users
Under Basic Scans please change the radio button under Registry from Safe List to All.
Under Additional Scans check the following:
Reg - Desktop Components
Reg - Disabled MS Config Items
Reg - NetSvcs
Reg - Shell Spawning
Reg - U... Read more

1 more replies
Answer Match 43.26%

I just finished "cleaning out" an old Dell desktop. I deleted a lot of files. I don't intend to un-delete any of them (couldn't anyway, because I did a wipe of the free space), but the thought occurred to me, what if I wanted to un-delete one of them? In the old DOS days, I could do that without software (like Recuva). But with NTFS file systems, I note that there is a system setting called System Protection that provides a built-in way to recover deleted files, as long as you haven't overwritten them. I checked the settings for this app on my desktop. System Protection is Off for both of my drives, so that's apparently the default.

Question: What are the downsides of turning that On? My guess would be that it burdens the MFT with more entries, thereby slowing drive performance. Is that true and are there any other downsides?

A:System Protection

The only real downside to turning on System Protection is that is consumes some disk space but you can control that. The impact on performance is insignificant.

5 more replies
Answer Match 43.26%

Ive noticed every once in a while that my system protection keeps turning it self on, even though I have manually shut it off?

What could be affecting this? (I want it off because I back up regularly)
 

A:System Protection...

I don't have an answer but do have some advice.

System protection is different than backing up data, system protection backs up critical system registries and other settings normal backups do not, it would be wise to leave this setting On.

.
 

1 more replies
Answer Match 43.26%

What would be the best antivirus for pc.I need a antivirus that is not slow and that protects my pc very good.I need sugestions!

A:System Protection

Welcome
First forget best, it is subjective.
However, I and many members use the free
Microsoft Security Essentials
Free Malwarebytes and the Windows Firewall
I also use winpatrol. It takes a picuture of your HD. Anything is installed, it asks if you want it. If you say no, it restores what you had. Has other features too.
http://www.av-comparatives.org/
This list is already outdated. Microsoft has just finished testing on 2.0. It is now available.

2 more replies
Answer Match 43.26%

Yesterday I, as always before, was going to do monthly Macrium Reflect system backup. As per usual I did all the AV, HW and software checks, made sure windows and SW was up to date, absolutely everything works as good as ever. At the end of those checks I did sfc /scannow but would not go past 58%. Dism also got stuck at some 20% on or offline, in safe mode too.
All disks are in perfect shape and so are drivers etc.
Before I do something radical like restoring last moth's Macrium backup or doing windows repair I would like to see if there's something less radical to troubleshoot this problem.
I still have W10 on another disk to fall back to if necessary so in no way I could be left without OS on this computer. Willing to try anything. Any ideas ?

A:System protection

Hi Mike,
Personally I don't have a problem with this but some people do with:
The Scoop On KB 3022345 System File Corruption
You might want to uninstall this update if installed.

3 more replies
Answer Match 43.26%

Why can I not save restore  points when I have it set to restore previous versions of files only?  It shows system protection turned off when set this way. Only way it will show turned on is if I have setting and files turned on.

A:System Protection

Hi -
System Restore is just that - System Restore -
I have not been able to set mine to restore only one file / folder to an earlier time, unless I have a backup made.
 
However I may have missed a setting that I could not find, but I can only set mine to System Restore -
 
More general information ..............

 What files are changed during a system restore ?
 

System Restore affects Windows system files, programs, and registry settings. It can also make changes to scripts, batch files, and other types of executable files created under any user account on your computer. System Restore does not affect personal files, such as e-mail, documents, or photos, so it cannot help you restore a deleted file.
NOTE :: If you have backups of your files, you can restore the files from a backup.

 
Always create a backup of your system prior to doing any System Restore
 
Open System Restore and follow the links in that area as to what you will restore and what you can do there.
There is a lot of helpfull information listed there -
 
Thank You -

1 more replies