Tech Problem Aggregator

Protection System infection

Q: Protection System infection

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

A: Protection System infection

Due to the lack of feedback, this Topic is now closed.In case you still have problems, please send me a Private message to reopen this topic within the next 5 days. Beyond that point, please start a new topic.Orange Blossom

2 more replies
Answer Match 63%

Protection System has installed itself and seems to be keeping me from running Malwarebytes to clean it up. Every time I try to run it, I get a split-second hourglass, then nothing.
I managed to get Malwarebytes installed by renaming it, but that cute little trick didn't work for executing the program.
I get frequent pop-ups and system stalls. Any help would be greatly appreciated.

DDS is pasted below, and rootrepeal report is attached.

Thank you!
DDS (Ver_09-07-30.01) - NTFSx86
Run by Administrator at 23:00:03.54 on Wed 09/09/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.255.18 [GMT -5:00]

AV: Protection System *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}
AV: eTrust EZ Antivirus *On-access scanning enabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
FW: eTrust Personal Firewall Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
D:\WINDOWS\system32\spoolsv.exe
svchost.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\CA\eTrust EZ Armor ... Read more

A:Protection System Infection

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.??If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine.??Please perform the following scan:Download DDS by sUBs from one of the following links.??Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool.??No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 62.58%

Hello, and thank you for reading my tale of woe. Some of my understanding may be incorrect, and some of my memory may be faulty; I apologize for that. This happened about a month ago, but after banging my head against it for several days, I just took the thing off-line and resorted to using my laptop all the time. I've forgotten some of what I have tried to run or do, but I think I can relate the most significant aspects. Most things I tried either failed to run or had no effect and I reversed them.

I know how I got infected and won't be doing those particular things again.

PC in question: Windows XP Pro SP3, Norton Anti-V Corporate, System and apps installed on separate partitions, Boot from D:\. Please ask about anything I have forgotten to include.

My desktop PC started to get wacky, with this Protection System fake virus/spyware/fake software taking over. It has the system tray item and many random pop-ups. Google search results were mis-directing. Desktop shortcuts to porn and Protection system being generated on startup. General mayhem. In the process of trying to fix things I disabled a process called "##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##" and most of this behavior stopped.

Some other things make me think there's something else going on. I can't run/install Malwarebytes, rootrepeal, combofix, and some others. Combofix Blue-screened the few times I tried to run it. Renaming things made no difference. ... Read more

A:Protection System infection, and probably something worse

Please download Win32kDiag.exe by AD and save it to your desktop.alternate download 1alternate download 2This tool will create a diagnostic report Double-click on Win32kDiag.exe to run and let it finish. When it states Finished! Press any key to exit..., press any key on your keyboard to close the program. A file called Win32kDiag.txt should be created on your Desktop.Open that file in Notepad and copy/paste the entire contents (from Starting up... to Finished! Press any key to exit...) in your next reply.-------------------------------------- Go to > Run..., then copy and paste this command into the open box: cmdClick OK.At the command prompt C:\>, copy and paste the following command and press Enter:DIR /a/s %windir%\scecli.dll %windir%\netlogon.dll %windir%\eventlog.dll >Log.txt & START notepad Log.txtA file called log.txt should be created on your Desktop.Open that file and copy/paste the contents in your next reply.==================================Please download peek.bat and save it to your Desktop. Double-click on peek.bat to run it. A black Command Prompt window will appear indicating the program is running. Once it is finished, copy and paste the entire contents of the Log.txt file it creates in your next reply.If you encounter a problem downloading or getting peek.bat to run, go to > Run..., and in the open box, type: NotepadClick OK.Copy and paste everything in the code box below into the Untitled - Notepad.@ECHO OFF... Read more

6 more replies
Answer Match 61.74%

Hello

My laptop is infected with Protection System and Total Security malware.

I have been able to run ComboFix and Malwarebytes and things are much better but not sure that is all I need to do?

Thanks in advance for any help.

Windows XP Professional on a network.

A:Protection System / Total Security Infection

Moved from HJT to a more appropriate forum. Tw

2 more replies
Answer Match 60.9%

2 nights ago I started seeing Windows Police Pro, Protection System and Security Alert System popping up. They also had me locked out task manager, Spybot and MalwareBytes. Since then the Police Pro seems to be gone, but the others are still popping up. Task manager is available now, but the security programs are not. I am also getting shortcuts to porn sites installed on my desktop. That has only happened twice, but thankfully my wife didn't see any of them . I have attached and posted the logs from the recommended scans. Any help would be appreciated.

Thanks,
Cliff
DDS (Ver_09-07-30.01) - NTFSx86
Run by MSHOH - PCCC at 16:35:56.82 on Sun 09/06/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.196 [GMT -5:00]

AV: Norton 360 *On-access scanning enabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symante... Read more

A:Protection System and Security Alert Center Infection and maybe others

Good morning,
Last night when I went to bed I logged off the laptop but did not shut it down. This morning I had a new virus. Advanced Virus Remover. The entire desktop had been changed. all of the programs, files and scan reports were gone as well as my background picture. all of my personal settings have been changed. When I ran Firefox, it ran like it was the first time. None of my bookmarks are there now, as well as the quick launch buttons I had on the task bar. Windows police pro has now returned in the start menu. Protection system has also installed itself in the start menu. They had shortcut icons on the desktop as well as the 3 porn icons again.

If i find anything else new I will add it to the post.

Thanks,

37 more replies
Answer Match 59.64%

I am having an issue which is causing computer slow downs, pop ups and all sorts the main information is as follows:
- Constant pop ups from malware bytes blocking websites, most notably :\Windows\System32\svchost.exe and (x86)\Google\Chrome\Application\chrome.exe

I have tried various scans from malware bytes, bitdefender, avast, AVG, TDSSKiller. All to no avail. I wasn't using any of these antivirus software in conjunction with one another.
 

A:Malicious Website Protection pop up all the time. Possible infection. Cant remove. System 32 issue

These are the pop ups i am getting.

Malwarebytes Anti-Malware
www.malwarebytes.org
Detection, 14/03/2016 17:15, SYSTEM, PETER-PC, Protection, Malicious Website Protection, Domain, 204.13.194.231, ad.directrev.com, 63501, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 14/03/2016 17:15, SYSTEM, PETER-PC, Protection, Malicious Website Protection, Domain, 204.13.194.231, ad.directrev.com, 63501, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 14/03/2016 17:15, SYSTEM, PETER-PC, Protection, Malicious Website Protection, Domain, 204.13.194.231, ad.directrev.com, 63502, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 14/03/2016 17:15, SYSTEM, PETER-PC, Protection, Malicious Website Protection, Domain, 204.13.194.231, ad.directrev.com, 63503, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 14/03/2016 17:15, SYSTEM, PETER-PC, Protection, Malicious Website Protection, Domain, 204.13.194.231, ad.directrev.com, 63504, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 14/03/2016 17:15, SYSTEM, PETER-PC, Protection, Malicious Website Protection, Domain, 204.13.194.231, ad.directrev.com, 63554, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 14/03/2016 17:15, SYSTEM, PETER-PC, Protection, Malicious Website Protection, Domain, 204.13.194.231, ad.directrev.com, 63555, Outbound, C:\Pro... Read more

1 more replies
Answer Match 47.04%

HP dv4-1365dx laptop
Windows Vista 64 bit

The original problem was an infection of AV Protection 2011, but the laptop owner tried to fix it himself and failed.

This machine will not boot normally nor in safe mode.
It will go into the "repair my computer" mode at which time it says it can't repair it.
I have tried the simple stuff like command prompt "bootrec /fixboot", but no joy.

Also, the owner of this machine had tried installing Norton without UNinstalling AVG first.
It was somewhere around this point that it failed to boot.
Instead of letting me fix a relatively easy but annoying malware infection, he tried to do it himself and effectively bricked his machine.
He handed it to me to get it fixed. I don't want to muck it up so I am asking for help.

Since it will not boot except to the repair options, the scans listed in the instructions are not directly available to me at this point.
I have an idea how to make them work, but at this point since it has already been "handled" by someone else, I don't want to risk further damage and would rather proceed with guided help.
I am in the process of backing up whatever the HP utility will save before proceeding.
Any help is greatly appreciated.

A:AV Protection 2011 infection

Do you have a Vista disk at hand?

Can you try safe mode? Does that appear to start normally, or does it hang/reboot?

25 more replies
Answer Match 47.04%

Have tried following a few tutorials on how to remove this infection. Tried downloading and installing Malwarebytes. It installs but closes after a few seconds of running. It will not reopen when I click on it (access denied). I have tried renaming the folder .exe file and the installation .exe file. This results it no access/permission denied again. Tried inherit.exe to resolve that problem; no luck. Rkill seems to have no effect. Also google search redirects to other sites so I tried tdsskiller. It seems to find the same problem every time and even offers the cure option, but the problem persists. I have tried all of this in normal mode and safe mode.

I have pasted the dds.txt log and attached the attach.txt log. I tried running the gmer program over night but it crashed during the night. I watched it for a while, and it seemed to loop in my call of duty world at war folder. Im going to try running it again, but for now I posting this topic without that information. I will post it if I get a complete run through this time.
DDS.txt log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Zakgord at 1:44:02 on 2011-09-04
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2697 [GMT -4:00]
.
AV: Spyware Doctor with AntiVirus *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Proce... Read more

A:Security Protection Infection

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it Click the "Scan" button to start scan. Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANTPlease post the contents of that log in your next reply.There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.===Please download ComboFix from one of these locations:Link 1Link 2* IMPORTANT !!! Save ComboFix.exe to your Desktop DO NOT RUN IT YET. I WILL TELL WHEN TO PROCEED LATER.Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboF... Read more

46 more replies
Answer Match 47.04%

After indirect question in this thread I am asking question about Webroot protection here.

I have chat with Biozfear who suggest me to open seperate thread in which members who use or have knowledge about the product can describe the method and clear my doubts.

My query is :

Suppose my computer get infection and I already have Webroot secureanywhere complete on it and its unable to detect the threat ( Please don't say that even if you have "X" av and it will miss,the test done at various labs and here at MT shows webroot misses many).

According to rollback features how will Webroot protect during time of no detection until it gets detected, considering upon detection scan will kick in and roll back any changes.

What happen to my sensitive data during the infection period

I read that there is encryption of your sensitive data but how I believe as I don't find any specific software like "safemoney" "safezone" where my data are safe even my machine is infected.

How come webroot able to know which are my sensitive data?

Thanks
 

A:Protection during the infection period?

you have Safe Start Sandbox and Identity Shield (that show the lock in the tray icon when you are active on your browser) , you can adjust the level abd create rules for the websites you visit.

Now for files in your HDD, i dont see any visible setting except the Core Shield. Maybe it is done in the background.

i will ask in the beta tester channel
 

1 more replies
Answer Match 47.04%

i cant access malwarebytes and it will allow me to pull up the internet but locks up half way through bleepingcomputer.com front page load. I was going to follow instructions and download removal tools from a previous post but i cant get to the page from the infected computer.what now?

A:personal protection infection

locks up half way through bleepingcomputer.com front page load.Try this tutorial. It should help you to connecthttp://www.bleepingcomputer.com/virus-remo...irus-system-pro

1 more replies
Answer Match 47.04%

How do I get rid of security protection, after all the normal means have failed?

1. I noticed pops about security problems.
2. rkill without finding anything.
2. I ran MBAM and if found 4 things. I removed them and rebooted and it came back with a vengeance.
3. I noticed and ICON that said "Security Protection" and the class descriptions on the web are consistent with the pops ups I see.
4. I couldn't run mbam or rsetup any more.
5. I rebooted in safe mode and could run things again, albeit with redirection.
6. tdsskiller.zip didn't find anything.
7. DeFogger did not give me an option to reboot.
8. GMER did not find anything.
9. I cannot figure out how to attached my other logs to this post (DDS, Attach, mbam output which still found 4 items.

A:security protection infection

Running windows 7.
Could load the microsoft anti-malware tool in safe mode.

3 more replies
Answer Match 47.04%

Hello bleepingcomputer whizzes,

I'm running Windows XP and tonight had something called Antispyware Protection install itself on my PC. Keeps popping up warnings about malicious content, etc... and has disabled all other programs e.g. if I attempt to open anything I get a warning message saying for example "File firefox.exe is infected byW32/Blaster.worm Please activate Spyware Protection to protect your computer"

I followed the steps in this page on your site:

http://www.bleepingcomputer.com/virus-removal/remove-spyware-protection

...and ran a full scan in safe mode with MBAM which identified and removed 48 infections. Rebooted and went back into normal operating mode and found that the problem had not gone away. I still can't open any files or programs in normal mode.

Here is my DDS text log:

a.
DDS (Ver_11-03-05.01) - NTFSx86 NETWORK
Run by Owner at 1:11:37.98 on Sat 19/03/2011
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.511.321 [GMT 10.5:30]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Owner\Desktop\dds.scr
.
==... Read more

A:Infection with Antispyware Protection

Hi LaChilindrina and I will be handling your log to help you get cleaned up.Please give me some time to look it over and I will get back to you as soon as possible.Regards,Georgi

24 more replies
Answer Match 47.04%

My friend PC has been infected with "Live Protection 2.1"I reviewed the topics in "Spyware and Malware Removal Guides and Reading Room"and found the following subject: http://www.bleepingcomputer.com/forums/t/95984/how-to-remove-system-live-protect-removal-instructions/but the subject there is about: How to remove System Live Protect (Removal Instructions)Is this the same process for cleaning his PC?I would like to assist him .Thanks for assistance

A:Live Protection 2.1 - Infection

Hello and welcome. This is actually a new variant the SpySherrif infection. Let's see what we do do with some scans and logs.Please start here using these instructions How to remove the Spysheriff NEXT:Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Acan" option is selected.Then click on the Scan button.The next screen will ask you to select the drives to scan. Leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Re... Read more

1 more replies
Answer Match 46.62%

I've had the System Integrity Scan Wizard, PC-Antispyware, and Security System Protection Control Panel popups. They've been very stubborn but after reading some of the posts here and running Spybot, Adaware, SmitfraudFix, Panda Activescan, Housecall, Stinger Avert, Windows Defender, and SDFix, I am now getting only one popup, which shows up as a blank white rectangle in the center of the screen (and now I can't click "Close" to get it off the screen, since the "Close" option is missing). From the size & shape, I believe it's the Security System Protection Control Panel. Would you please review my HijackThis log? Also, in some of the posts I've noticed recommendations to update Java. Is that needed in my case? Thanks very much for your help.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:55:55 PM, on 3/28/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Sh... Read more

A:System Integrity Scan Wizard, Security System Protection Control Panel

The blank popup appeared to be repopulated with information over time...apparently the spyware refreshed itself. I also learned from Task Manager that all of my popups were from the System Integrity Scan Wizard. After some more searching, I found the name (in my case, yzqrqzkp.exe) and told Norton Firewall to block it from accessing the internet. I used HijackThis to fix it and then deleted it and a namesake (YZQRQZKP.EXE-1253B76A.pf) from Windows\Prefetch (not sure that was necessary but deleted it anyway). My only concern is that from what I read, there should have been another copy in \Local Settings\Application Data, which I didn't find. I updated Java per instructions in another post, also turned System Restore off and on. I think the PC is now clean, but would you review my latest HijackThis log to be sure? Thanks very much.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:05:26 AM, on 3/30/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Syman... Read more

14 more replies
Answer Match 46.62%

I've had the System Integrity Scan Wizard, PC-Antispyware, and Security System Protection Control Panel popups and my backround change to a blue colour. After reading some of the posts here and running Spybot Search and Destroy, Ad-Aware 2007, RegCure and Malwarebytes Anti-Malware it seems as if that problem was solved, but now everytime I put my pc on I get these messages:The first one says "rundll32.exe - Bad Image : The application or DLL C:\WINDOWS\system32\qpfrsnow.dll is not a valid Windows image. Please check this against your installation diskette" and the second one says "RUNDLL -Error loading C:\WINDOWS\system32\qpfrsnow.dll%1 is not a valid Win32 application".The disk that I got when I bought my pc was Windows XP Home Edition SP1. I downloaded SP2 from the internet.I'm attaching all of the logs you need to assist me, because I don't know if and how badly my pc is still infected.I attached 4 log files: 1. DSS Main.txt 2. DSS Extra.txt 3. Kaspersky 4. DSS Main.txt - after the Kaspersky reportThank you for taking the time to look into my problem.DSS MAIN.TXTDeckard's System Scanner v20071014.68Run by Parratjie on 2008-04-17 09:29:31Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------... Read more

A:System Integrity Scan Wizard, Security System Protection Control Panel

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Run Hijackthis again, click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =O4 - HKLM\..\Run: [e43075dd] rundll32.exe "C:\WINDOWS\system32\qpfrsnow.dll",b================Click Start -> Control Panel -> Add Remove Programs and uninstall these programs:J2SE Runtime Environment 5.0 Update 11 Java? 6 Update 2 Java? 6 Update 3 Java? SE Runtime Environment 6 Update 1Reboot and post a new hijackthis log.

37 more replies
Answer Match 46.62%

I have windows 7 home premuim 64 bit
I went to create restore point on my new dell and after about an 1/2 hour of waiting for SR to open up I got this:

You have no Restore Points. Use System Protection to create restore point.
When I attempt to turn on System Protection, it doesn't show any drives available when it opens -- it just says that it's searching for available drives and it keeps searching and doesn't stop. Eventually, I'll receive the following Error Message:

"There was an unexpected error in the property page: System Restore encounter an error. Please try to run System Restore again (0x81000203)." also all button are greyed out. I wanted take an image to show you but that's not working either. Is there hope?

Thank you.

 

A:Windows 7 Home Premuim System Restore and System Protection not working.

16 more replies
Answer Match 46.62%

My PC is infected with 3 malware popups named Security System Proctection Control Panel, System Integrity Scan Wizard and Security System Warning (the last one telling me I have Abebot). I have tried to get rid of them with Kaspersky Antit-Virus, Adaware, spyware sweeper, and SpybotSD, but they are still running. I didn't run the online scan by Kaspersky because I have the most recent version installed and running on my PC. When I ran a rootkit scan with KAV, it took just over four hours and reported my PC was clean. So for whatever reason Kaspersky is not picking up these three forms of malware. Following all other directions on your preliminary instruction list I used Deckard's System Scanner to make two Hijack This files. They are pasted in below. Please take a look and tell me what I should do to get rid of this malware. Thank you very much for this valuable service you are providing.-- Dark EagleDeckard's System Scanner v20071014.68Run by Perry H. Chesnut on 2008-04-18 23:11:18Computer is in Normal Mode.--------------------------------------------------------------------------------Backed up registry hives.Performed disk cleanup.-- HijackThis (run as Perry H. Chesnut.exe) ------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:47:35 PM, on 4/18/2008Platform: Windows 2000 SP4 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Boot mode: NormalRunning processes:F:\WINNT\System32\smss.exeF:\WIN... Read more

A:Security System Protection Control Panel & System Integrity Scan Wizard Popups

Hello Dark Eagle. to BleepingComputer.comMy name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)Please give me some time to look over your computer's log(s).Please take note of the following:In the meantime, please refrain from making any changes to your computer.Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Finally, please reply using the button in the lower left hand corner of your screen.See you soon,Billy3

2 more replies
Answer Match 46.62%

Hello,

Yesterday I was trying to repair a friends computer that had a possible infection of PC Protection Center 2008. Let me list the basic details of what I see occuring.

Wallpaper on desktop was hijacked and set to a active desktop wallpaper displaying a blue and yellow advertisement that says the following, "Your computer has several fatal errors due to spyware activity". Along with "Update your anti-spyware protection".

Then there are the traditional balloons in the lower right hand corner saying there's an infection with the exclamation point warning sign. Then with a about 3 minutes it opens a Window asking to install PC Protection Center 2008.

I tried booting into Safe Mode and the infection prevents me from doing so. It just sits at the black screen with the Safe Mode text border. I tried the Diagnostics boot and the infection didn't like that either. The virus/malware still loaded and it messed with Windows Genuine Advantage. Windows now thinks that the hardware drastically change and we now have 3 days to verify the copy Windows. Trying to Verify it again just results in it saying there's an Active X issue and that it can't.

I also tried accessing TaskManager to see if the process was running but it disabled my ability to access TaskManager saying the Administrator disabled it even though I was on a Administrator account. So instead I tried Proc Explorer but I couldn't find anything in there that was suspicious.

I trie... Read more

A:Possible PC Protection Center 2008 Infection?

You could try renaming the .exe files for SAS and MBytes. Right click on the files, choose rename and name them something like lastchanceone and lastchancetwo. Then double click on the .exes to run the install.

3 more replies
Answer Match 46.62%

I've gotten a couple of instances where a program suddenly pops up on my screen, telling me that my computer may be infected with viruses and wanting to run a scan of ny hard drive, etc., etc. My Internet connection is through ATTUverse and they "give" you McAfee, which updates daily, almost. I've run scans on my drives and found nothing, but McAfee isn't perfect - nothing is. As I don't know the program that keeps wanting to run, I cancel, close and do everything possible to finally stop the program from being on the screen. However, I don't know how to get rid of it. Thanks.

DDS.txt file

DDS (Ver_09-07-30.01) - NTFSx86
Run by Christine at 8:24:12.36 on Sun 09/13/2009
Internet Explorer: 8.0.6001.18813
Microsoft? Windows Vista? Home Basic 6.0.6002.2.1252.1.1033.18.3573.1978 [GMT -5:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\sys... Read more

A:Possible infection by Antispy Protection 2009

Hello Chris E and welcome to Bleeping Computer!! I will be handling your log to help you get cleaned up. I apologize for the delay but the forum is very busy. As you can see the logs we ask for are very extensive and take a lot of time to investigate. In addition, since I am still in training all of my responses have to be reviewed by our excellent expert staff so there may be a delay in response time. The advantage is that your log will be evaluated by two sets of eyes and two brains. If you haven't already you can keep the link to this topic in your favorites. Alternatively, you can click the Options button at the top bar of this topic and Track this Topic, where you can choose email notifications. Please give me some time to look it over and I will get back to you as soon as possible. Please make sure Word Wrap in notepad is turned off when copying and pasting logs and only attach logs if asked to. Paste them directly into the reply box.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad wi... Read more

2 more replies
Answer Match 46.62%

Hello there,

I have tried Mcafee, Malawarebytes,Glary Utilities, Microsoft Windows Malicious Software Removal Tool, along with Rkill. AV software says no infections. Problem I am having is homepage was redirected to Babylon.com. Reading on the virus, it hides itself from virus protection? The computer is running slow and changing the web page adds to computer enhancement links.
I am running Windows XP,

any info on this would be appreciated

thanks

A:Virus protection(s) show no infection

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results here.If you get crashes in normal mode,run it in safemode with networkingDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

17 more replies
Answer Match 46.62%

I have this protection bar thing on my IE i dont know how to get rid of this thing. it slows down my computer and internet a lot. It says remove adware popups, SPAM protection, Scan for spyware, and Security Test.I have my Hijackthis Log Hopefully you can help me! Logfile of HijackThis v1.99.1Scan saved at 7:55:47 PM, on 10/23/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\PROGRA~1\SYMANT~2\VPTray.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Lexmark 3400 Series\ezprin... Read more

A:Protection Bar Infection/malware/adware

hello snwbrdr484, Please download SmitfraudFix (by S!Ri) Extract the content (a folder named SmitfraudFix) to your Desktop. Open the SmitfraudFix folder and double-click smitfraudfix.cmd Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present). Please copy/paste the content of that report into your next reply. Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

4 more replies
Answer Match 46.62%

Last night my computer was infected with the AV Protection 2011. I have followed steps 1-8 as outlined herehttp://www.bleepingcomputer.com/virus-removal/remove-av-protection-2011And am currently at this point:"If after running TDSSKiller, you are still unable to update Malwarebytes' Anti-malware or continue to have Google search result redirects, then you should post a virus removal request using the steps in the following topic rather than continuing with this guide: Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help Topic"Per the latter topic, I was able to run DDS & get both logs to pop up, however when I tried to save dds.txt, AV Protection intervened & closed it. I was able to save attatch.txt - the log is below.AV Protection similarly closed GMER before I was able to run a scan.I rebooted the computer in Safe Mode & was able to run a HijackThis scan (log is also below)Assistance to help remedy this would be greatly appreciated.[hijackthis]Logfile of Trend Micro HijackThis v2.0.4Scan saved at 4:29:11 PM, on 11/18/2011Platform: Windows Vista SP2 (WinNT 6.00.1906)MSIE: Internet Explorer v9.00 (9.00.8112.16421)Boot mode: Safe modeRunning processes:C:\Windows\Explorer.EXEC:\Windows\helppane.exeC:\Windows\system32\igfxsrvc.exeC:\Users\Prince\Desktop\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = PreserveR1 - HKCU... Read more

A:Vista | AV Protection 2011 Infection

I have now resolved this issue. If any of the Moderators have the ability to close this thread, please do. Thank you for your help.

2 more replies
Answer Match 46.62%

Hello there,brief story before posting the requested log.I would consider myself > power user but by no means an expert. minimal programming experience but definitely know my way around a system, and as such act as tech support for my extended family.I am posting from my parents computer. They received an email titled: "Unable to deliver package FedEx [some number]"Attached was an "invoice.exe" which they *large sigh* opened.It immediately opened a new anti virus which they hadn't seen before so they called me and i unplugged the ethernet and powered down.i restarted into the account that was infected and it began running again, "Smart Protection 2012". It would kill taskmanager when i tried to run it, so i switched user into my administrator account and was able to kill the process and find its file location from there. I renamed and then shift deleted the file which stopped it in its tracks. A full system scan using AVG (latest definitions) and Spybot S&D (latest definitions) was run and apart from some tracker cookies system was found to be clean.At this point i would normally call it a job well done, but a few google searches tell me the "fedex virus" is a backdoor for stealing banking details and that Smart Protection 2012 is merely a front to distract.This computer is used for online banking and i don't want to declare it clean without some expert knowledge.I had all banking passwords changed from an unrelated compu... Read more

A:Smart Protection 2012 infection

Hi,That looks pretty good, but let's be sure: Download aswMBR.exe to your desktop.Double click the aswMBR.exe to run itYou will be asked if you want to use Avast! Free anti virus for scanning - select NoClick the "Scan" button to start scanOn completion of the scan click save log, save it to your desktop and post in your next reply. Please download Malwarebytes' Anti-Malware to your desktop.Double-click mbam-setup.exe and follow the prompts to install the program.At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select Perform full Scan, then click Scan.When the scan is complete, click OK, then Show Results to view the results.Uncheck any entries from C:\System Volume Information or C:\QooboxBe sure that everything else is checked, and click Remove Selected.When completed, a log will open in Notepad. Please post the results. Please go to here to run an online scan with ESET. Turn off the real time scanner of any existing antivirus program while performing the online scanTick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the activex control to installClick StartMake sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checkedClick on Advanced Settings and ensure these op... Read more

7 more replies
Answer Match 46.62%

Last night my computer was infected with the AV Protection 2011.

I was able to run DDS & get both logs to pop up, however when I tried to save dds.txt, AV Protection intervened & closed it. I was able to save attatch.txt - the log is below.

AV Protection similarly closed GMER before I was able to run a scan.

I rebooted the computer in safe mode & was able to run HijackThis (log is also below)

Assistance to help remedy this would be greatly appreciated.

[hijackthis]
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:29:11 PM, on 11/18/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Safe mode

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\helppane.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\Prince\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ed.msnbc.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople_f08
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/... Read more

A:Vista | AV Protection 2011 Infection

16 more replies
Answer Match 46.62%

A coworker brought his dell laptop in to me, he is having problems with constant pop ups about infection and remote connections offering to block it with Windows Protection Suite. I have attempted to run Malwarebytes Anti-Malware on this machine it found numerous problems and attempted to remove them, but they are still present after reboot and the pop ups and "system alerts" continue.

I've talked to him about the dangers of randomly downloading junk that's supposed to do all kinds of cool illicit stuff. Hopefully, he gets its, but I'd just like to get his computer running for him again.

here is the log info:
DDS (Ver_09-07-30.01) - NTFSx86
Run by Troy at 8:42:22.50 on Thu 08/27/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.482 [GMT -4:00]

AV: Windows Protection Suite *On-access scanning enabled* (Updated) {7F8373D7-C043-47AC-89B1-61EB797425C0}
FW: Windows Protection Suite *enabled* {ECF7A635-CB75-413E-BD32-58106F1E28DD}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS... Read more

A:Windows Protection Suite pop up infection

Please close.

5th time is a charm, after running the malwarebytes program one final time it was able to remove the problems.

2 more replies
Answer Match 46.62%

Hi all,

About a week ago I posted on this forum about a program called Spyware Protection (http://www.bleepingcomputer.com/forums/topic372296.html).

I ran a scan with Malwarebytes Antimalware and it came across these two programs:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Spyware Protection (Rogue.SecurityCentral) -> Value: Spyware Protection -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DesktopUserRpl (Trojan.Agent) -> Value: DesktopUserRpl -> Quarantined and deleted successfully.

After that my computer seemed to work fine, however the program 'spyware protection' was still listed in my start menu, and my antivirus software (McAfee) was not working. I ran system recovery (that removed 'Spyware Protection' from my start menu) and reinstalled McAfee. My computer seemed to work fine until last nights security update (maybe it's coincidence, but I logged in at the same location (same modem/ip-address? as where I got the infection).
Now McAfee real time scanning is turned off (when I try to turn it on, it is turning itself off after a few seconds) and also Windows defender doesn't seem to be working. It seems my firewall is still active.

Could you please look into this? Thanks a lot!!!

I've completed the steps in the guideline. Below is the DDS log file.
Edit: I noticed that some lin... Read more

A:Malware infection (Spyware Protection)

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

14 more replies
Answer Match 46.62%

Hello

My computer was infected with a fake antispyware scam virus Spyware Protection, probably from an infected link. I may have removed it, but how can I ensure the computer is clean?

Symptoms were that the program Spyware Protection appeared in the Start menu, along with an icon on the windows 7 toolbar from which pop ups emerged telling me that several programs were infected with a virus, and that to get rid of it I had to register Spyware Protection.

I downloaded Malware Bytes. It was blocked from downloading and installing until I renamed the install file and then ran it. It then installed. I tried then to run the program, but it was blocked. I renamed the program itself, and then it ran.

It found Rogue.SecurityCentral in a file called defender.exe and as a registry value as
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Spyware Protection

What steps should I now take to ensure the system is clean?

System: Windows 7 64-bit Home Premium 6.1.7600
Antispy/Antivirus/Firewall: Kaspersky Pure 9.0.0.192
Laptop Model Toshiba Satellite A500

Thanks for your help!

A:Infection with Spyware Protection virus

Hello,Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Orange Blossom

2 more replies
Answer Match 46.62%

I getting this dialog box, see attachment.

Your browser is under the threat of infection. Windows requires your permission to install online protection tool.

This is intermittent when browsing to various sites. Since getting this I'm not able to update my Trendmicro Internet Security or my Malwarebytes Anti-Malware.

Please Help!!!

A:Online Protection Tool infection

"BUMP, please"

1 more replies
Answer Match 46.62%

Hello,

I have recently just successfully cloned my Old primary 1TB Western Digital HDD onto my new 1TB Samsung EVO SSD to increase hard drive performance to give it a quick boot up and to enable Windows and my programs to load a lot quicker and perform better with multi tasking. My laptop is one of the bigger 17inch Acer models which comes with two hard drive bays. So once I had wiped my older WD HDD I then inserted a new 2 TB Seagate hard drive into the second bay to be able to store it for personal and media files, and any other imprtant data, to keep it the SSD as the primary hard drive and just for OS and programs only. My system runs the Windows 8.1 OS and is 64 bit.

However, I wanted to create a restore point and upon doing so, I found that System protection was turned off for all my both my hard drives.

I thought I had managed to somehow enable system protection on my C:/ Dive (including the partioned / drive on the same hard drive) on my SSD, and yet though it shows them enabled, it shows the word missing next to them, and I am assuming this is telling me the previous restores are missing; whether as a result of cloning I don't know. The other weird thing is further up the properties page it also shows the C\ and D:\ Drive but turned off.

So I thought I would try increasing the disk space usage, since it was showing it at 0, and it would allow me to do so and returned the message: 'There was an unexpected error in the property page: The system cannot fin... Read more

More replies
Answer Match 46.62%

Hello,
 
I have recently successfully cloned my Old primary 1TB Western Digital HDD onto my new 1TB Samsung EVO SSD to increase hard drive performance to give it a quick boot up and to enable Windows and my programs to load a lot quicker and perform better with multi tasking. My laptop is one of the bigger 17inch Acer models which comes with two hard drive bays. So once I had wiped my older WD HDD I then inserted a new 2 TB Seagate hard drive into the second bay to be able to store it for personal and media files, and any other imprtant data, to keep it the SSD as the primary hard drive and just for OS and programs only. My system runs the Windows 8.1 OS and is 64 bit.
 
However, I wanted to create a restore point and upon doing so, I found that System protection was turned off for all my both my hard drives.
 
I thought I had managed to somehow enable system protection on my C:/ Dive (including the partioned :D/ drive on the same hard drive) on my SSD, and yet though it shows them enabled, it shows the word missing next to them, and I am assuming this is telling me the previous restores are missing; whether as a result of cloning I don't know. The other weird thing is further up the properties page it also shows the C\ and D:\ Drive but turned off.
 
So I thought I would try increasing the disk space usage, since it was showing it at 0, and it would allow me to do so and returned the message: 'There was an unexpected error in the property page: The system... Read more

More replies
Answer Match 46.62%

Hello,

I have recently just successfully cloned my Old primary 1TB Western Digital HDD onto my new 1TB Samsung EVO SSD to increase hard drive performance to give it a quick boot up and to enable Windows and my programs to load a lot quicker and perform better with multi tasking. My laptop is one of the bigger 17inch Acer models which comes with two hard drive bays. So once I had wiped my older WD HDD I then inserted a new 2 TB Seagate hard drive into the second bay to be able to store it for personal and media files, and any other imprtant data, to keep it the SSD as the primary hard drive and just for OS and programs only. My system runs the Windows 8.1 OS and is 64 bit.

However, I wanted to create a restore point and upon doing so, I found that System protection was turned off for all my both my hard drives.

I thought I had managed to somehow enable system protection on my C:/ Dive (including the partioned / drive on the same hard drive) on my SSD, and yet though it shows them enabled, it shows the word missing next to them, and I am assuming this is telling me the previous restores are missing; whether as a result of cloning I don't know. The other weird thing is further up the properties page it also shows the C\ and D:\ Drive but turned off.

So I thought I would try increasing the disk space usage, since it was showing it at 0, and it would allow me to do so and returned the message: 'There was an unexpected error in the property page: The system ca... Read more

More replies
Answer Match 46.2%

No programs will run in 'Normal Mode'; therefore I restsarted and initiated 'Safe Mode'. It never boots into safe mode; before it even finishes loading the drivers it restarts.

Please Help!!

A:Security Protection Malware/Spyware Infection

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/424320 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

26 more replies
Answer Match 46.2%

I am asking for help in determining if I have successfully removed all the infections on a computer. I started with a computer that definitely had Smart Internet Proctection 2011 among other infections. I removed it with the latest Malwarebytes in safe mode. I am sorry that I do not have a complete history of all the infections. I only started taking notes after realizing I was reinfected. At the time I started this process of making this help request the only sign of infection is the fact that XP Security Center reports that I am running two firewalls one of which is Smart Internet Proctection 2011 firewall. Currently Microsoft Essentials, Malwarebytes and IO Bit Security 360 complete scans ok.
After I started taking notes I found the following in Microsoft Essentials history:

Pup.Dealio
Roque:win32/FakeVimes
Trojan Downloader:HTML/Remos.R
Exploit:Java/CVF-2010-0840.AA

I also know there were at least two search engine redirects. Findgala.com and Lappili.com.

Again there were other infections that Malwarebytes removed but I failed to document them.
Again I would appreciate any and all help.

DDS (Ver_10-12-12.02) - NTFSx86
Run by Owner at 17:34:14.62 on Thu 02/03/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2199 [GMT -8:00]

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Smart Internet Protection 2011 *Enabled/Updated* {B1FFC698-C832-4176-81E5-535050FCBBF4}
A... Read more

A:Smart Internet Protection 2011 Infection

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.We need to create a New FULL OTL ReportPlease download OTL from here if you have not done so already:
Main MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Change the "Extra Registry" option to "SafeList"Push the button.Two reports will open, copy and paste them in a reply here:
OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedAfter downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconne... Read more

21 more replies
Answer Match 46.2%

Hi, I managed to catch some type of redirect/false security alert malware today. It started with a different package and I found a removal instructions post for it, followed it and used MalwareBytes to clean it up. Apparently, that didn't clean it all up, because a little while later, Privacy Protection was telling me about all the viruses I have and I couldn't open up any programs etc. I found the removal post for Privacy Protection, booting in Safe Mode with Networking, ran TDSSKiller, but it did not find any root kits. I ran MalwareBytes again and it found 4 things and it deleted those. So that is where I am at... I attached the aswMBR log since this issue seems very similar to another post being worked today.
Thanks in advance!!

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26
Run by asp at 22:31:20 on 2011-12-07
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3894.2611 [GMT -5:00]
.
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32&#... Read more

A:Redirect issues, Privacy Protection infection

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly ... Read more

45 more replies
Answer Match 46.2%

Hi
 
My computer recently got the Smart Guard Protection scamware program infection, though i managed to find its containing folder, renamed it then deleted it which allowed me to use the computer (since the program prevents me from opening malwarebytes, task manager, etc.). Although before this, something strange was happening when i was surfing with google chrome. When i search anything in google chrome's search bar, i keep getting redirected to Adobe flash player to download its latest update. I ignored it thinking that i could just update later anyways but whenever i search anything in chrome's search bar it keeps redirecting me to that page and would sometimes automatically download the program. I did not run the program though and kept deleting it as i get redirected to that page. During that time as well i could not access gmail. However at this time, i could also not use google.com but can go to other sites like yahoo.com and facebook (both in chrome and in firefox). as well as still get redirected to that adobe flash player download page (Also reinstalled chrome and firefox, uninstalled adobe flash player).
 
*Edit - just happened again. A pop-up appeared on chrome while i was editing this post, asking me to download adobe flash player again. Its some form of browser hijacking going on...and even if i clicked on the "x" button, it went ahead and downloaded it. Malwarebytes also detects the file as a trojan horse.  
 
*Edit 2 - its blocking anythin... Read more

A:post-Smart Guard protection infection

Hello john1816,Welcome to Bleeping Computer.My name is fireman4it and I will be helping you with your Malware problem.Please take note of some guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.If you do not understand any step(s) provided, please do not hesitate to ask before continuing.Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.Finally, please reply using the Post button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.1.Download AdwCleanerDouble click on AdwCleaner.exe to run the tool.***Note: Windows Vista and Windows 7 users:Right click in the adwCleaner.exe and select "Run as administrator"Click the Scan button.Once the scan complees click CLEAN to remove anything found.A logfile will automatically open after the scan has finished.Please post the content of that logfile in your next reply.Or you can find the logfil... Read more

20 more replies
Answer Match 46.2%

It all started when a popup started up on it's own and my system started a 'security scan'. It installed the "user protection" fake security program. Using MBAM, I managed to clean up almost all of that - MBAM found a lot of real problems besides user protection that I fixed. But...1. MBAM can not delete js.mui and 2 instances of wmpscfgs.exe. It reboots the system, but I think the startup programs (#2 below) reinfect the system.2. I have found some exe files that have been duplicated and renamed, adding a space before the suffex ( .exe). Here are a couple...C:\program files (x86)\avg\avg9\avgtray .exeC:\program files (x86)\elaborate bytes\virtualclonedrive\vcddaemon .exeC:\program files (x86)\itunes\ituneshelper .exeC:\program files (x86)\adobe\acrobat 9.0\acrobat\acrotray .exeI'm running windows 7 64bit with NBAM, firefox, AVG installed. I got as far as I know how... Please help!MarkCODEMalwarebytes' Anti-Malware 1.44Database version: 3922Windows 6.1.7600Internet Explorer 8.0.7600.163853/28/2010 3:36:51 PMmbam-log-2010-03-28 (15-36-51).txtScan type: Quick ScanObjects scanned: 107681Time elapsed: 2 minute(s), 42 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected:... Read more

A:User Protection, js.mui & wmpscfgs.exe trojan infection

I have managed to solve this. Thanks!Mark

2 more replies
Answer Match 46.2%

I have a Windows Vista machine infected with a rouge calling itself "Security Protection". Along with the rogue, Google search results are being hijacked in both Firefox and IE.I have run rkill before Malwarebytes, Spybot S&D, and AVG on rescue CD. Each has found and removed infections but they return after reboot. I also tried TDSSKiller before the above but I am not sure if it ever ran properly, it always returned nothing found..DDS (Ver_2011-06-23.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26Run by Jing at 20:00:06 on 2011-07-05AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssc:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_d0e22e95\STa... Read more

A:Security Protection infection with Google hijack

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

16 more replies
Answer Match 46.2%

My computer is infected with the "Security Protection designed to protect" malware described at the bleepingcomputer web page, http://www.bleepingcomputer.com/virus-removal/remove-security-protection

However, I was not able to remove it using the instructions from the web page.

The first thing I tried was starting up the computer in Safe Mode and using System Restore to go back 2 days in time. That didn't fix it. Then I found the bleepingcomputer web page, which exactly described the symptoms: fake scan window, can't run programs, and web pages redirected to strange ad web sites.

I tried running TDSSKiller, but it will only scan for a few seconds, and then it suddenly stops running and disappears.

When I try to run Malwarebyes, the same thing happens. It scans for awhile, maybe 20 seconds, then dies and disappears.

When I try running rkill, I get a popup that says Installation Failed, but it still seems to run. Then all the desktop icons disappear, and I get the "Windows is running in safe mode" window, like Safe Mode is restarting from the beginning. I click Yes to start Safe Mode, and I'm back to where I started.

I attempted to do the steps in the bleepingcomputer "Preparation Guide for Use Before Using Malware Removal Tools and Requesting Help". I enabled the Windows firewall (it was already enabled), ran DeFogger (it didn't find anything to disable), and ran DDS successfully, which created the log files DDS.txt and... Read more

A:"Security Protection designed to protect" infection

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/414933 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

16 more replies
Answer Match 46.2%

Tech Guys, please help me. My desktop PC has been infected by this viurs or malware. I dont know the difference.

My PC is now very slow, I cant get any sound, I cant get to some web pages like google. My internet browser has lost its configuration. It has disabled my McAfee and my speaker icons. I am now afraid to use my pc to do anything, fearing that this virus will capture my email and other data.

Can someone rescue me.

Here follows my hijack this scan,

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:31:10 AM, on 6/6/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBServ... Read more

A:Help needed !!! Virus - Malware Protection Infection

Please can someone respond to thuis request.
 

1 more replies
Answer Match 46.2%

Please help!!! Pics included to explain the situation
Basically after installing some new software for my phone my windows 7 laptop crashed - it flashes a blue screen and restarts on boot up I can get to image 1 page to try a system repair
But then I need to enable system protection.. Image 2
Is there any way I can do this through a command prompt??
Thank you in advance!!!

A:Enable system protection to preform system restore

Sorry images didnt upload???

9 more replies
Answer Match 46.2%

I've tried to open System Protection in System in the Control Panel but it will not work. It gives an error of 0x81000203. I've rebooted and attempted but get the same thing each time.

A:System Protection not working in System Control Panel

Follow instructions on this page error code 0x81000203__ - Microsoft Community

Scroll to the 2nd answer by Meghmala

6 more replies
Answer Match 45.78%

Our laptop is infected with Privacy Protection. I went into the BC removal guide and followed it according to the instructions. I ran TDSSKiller and added the two other scanning options and nothing has been found after several scans. Also ran Rkill and the IExplore programs but they both gave me an "Access Denied" message and the logs come up with nothing found. I tried to load the newest version of MalwareBytes and just as its about to load, I get a "Setup Denied" message and the program is shut down. I do have SUPER Antispyware which is also not allowed to update its definitions but I ran it twice and it did find two trojans but it looks like they are not Privacy Protection. After I rebooted from those scans, all of the anti malware programs also have a mini Privacy Protection shield on them (TSDDKiller, MiniToolBox, 123.com, Iexplore). I did delete the Privacy Protection.exe from the startup folder so the faux scan doesn't show up on normal reboot now. However, in the start menu there are no programs listed under the Programs directory under the Start Menu anymore. It just says Empty.

I also did all of the steps requested to create logs but the GMER log only said "Nothing has been changed on your computer" and then didn't allow me to save the log. When I attempted to select some of the boxes shown in your tutorial to set up the scan, I was not allowed to click them so I'm not sure if that is an issue about why I couldn't save.... Read more

A:Privacy Protection Infection Not Responding to Fix & Mbam disabled

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/435934 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

13 more replies
Answer Match 45.78%

Antivirus Security Protection kept popping up on our desktop last night. Ran Malwarebytes, cleaned 14 or so items, rebooted and it was still there. Did some research then ran Malwarebytes in safe mode, found one more trojan, followed with RKill which found no processes. Rebooted and still there. Decided to try again in the morning, so shut down. Now it won't boot at all. Tried safe mode (each option), but it just hangs on the next screen. Is there anything I can burn to CD (I'm on my laptop now) that will boot the desktop?

It's an older computer, running XP. Tried booting up from AVG, but it gets hung halfway through.

A:Malware infection (antivirus protection) now computer won't boot

Hi jaazmom ,Welcome to Virus/Trojan/Spyware/Malware Removal (VTSMR) forum. I am going to assist you with your problem.Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. In case of making changes I shall assume my assistance is not needed any more.Now it won't boot at all. Tried safe mode (each option), but it just hangs on the next screen.Please tell me precisely what happens, how far it goes?Also tell me what is your operating system, Home Edition or Pro edition and if you have a Windows CD.

5 more replies
Answer Match 45.78%

I am using Windows XP home version; Computer has been a little slower than usual and locking up occasionally; The following screen showed up last nite: "AntiVirus Verizon Yahoo Online Protection Infection Alert" The file info provided by CA (Computer Associates); Two files were quarantined and one was infected; The exact way it was written for the infected one is as follows: File name : Set 190.tmp Location : C:\windows\system 32\ Infection: Win 32/Glenwiry.P Type: File Status: Infected;
Engine version 31.1.0 Signature: 5870 Scanner Type: Real-Time;
The two that were listed as quarantined were: A) C:\Windows\System32\wextract and B) C:\Windows\system 32\dllcache\wextract.exe; The infection for both was Win 32/Glenwiry.P

My question is what do I do and is this any form of ID theft or something I can pass on to any of my friends??? Thanks for any help
 

More replies
Answer Match 45.78%

Hi

Our laptop is infected with Privacy Protection. I went into the BC removal guide and followed it according to the instructions. I ran TDSSKiller and added the two other scanning options and nothing has been found after several scans. Also ran Rkill and the IExplore programs but they both gave me an "Access Denied" message and the logs come up with nothing found. I tried to load the newest version of MalwareBytes and just as its about to load, I get a "Setup Denied" message and the program is shut down. I do have SUPER Antispyware which is also not allowed to update its definitions but I ran it twice and it did find two trojans but it looks like they are not Privacy Protection. After I rebooted from those scans, all of the anti malware programs also have a mini Privacy Protection shield on them (TSDDKiller, MiniToolBox, 123.com, Iexplore). I did delete the Privacy Protection.exe from the startup folder so the faux scan doesn't show up on normal reboot now. However, in the start menu there are no programs listed under the Programs directory under the Start Menu anymore. It just says Empty.

This is a nasty one. Please let me know if you can help. Much appreciated.

A:Privacy Protection Infection Not Responding to Fix & Mbam disabled

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

2 more replies
Answer Match 45.78%

"[SID:23674] System Infected: Virut Request 2 detected" keeps popping up every few minutes. I have windows 7 and use firefox as main browser. Symantec was updated 3 days ago automatically. I can see a large amount of events in Client management security log with the full message: "[SID: 23674] System Infected: Virut Request 2 attack blocked. Traffic has been blocked for this application: \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSWOW64\SVCHOST.EXE."
 
Is this a sign of infection or is my virus protection actively fighting an intruion? Is there anything I can do?

A:Symantec Endpoint Protection keeps detecting infection every few minutes

Welcome aboard  Virut (if confirmed) is a very bad news because it's not curable. Please run a free online scan with the ESET Online ScannerDisable your antivirus programTick the box next to YES, I accept the Terms of UseClick StartIMPORTANT! UN-check Remove found threatsAccept any security warnings from your browser.Check Scan archivesClick StartESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.When the scan completes, push List of found threatsClick on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. 

1 more replies
Answer Match 45.78%

SVChost.exe gets deleted by malwarebytes and gets resurrected.

I am currently in safe mode because of the malicious process so if you need the log while in normal mode I can reply modify the post with that information.

Being on a 64bit system I didn't run the GMER as indicated in the instructions.

Thank you,

Thomas Le

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421
Run by Thomas at 17:40:18 on 2011-09-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6132.4769 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
-netsvcs
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\conhost.exe
C:\windows\system32\svchost.exe -k LocalService
C:\windows\... Read more

A:"Security Protection" Infection... svchost.exe resurrecting itsself

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

3 more replies
Answer Match 45.78%

Originally on my Toshiba netbook I had a pop up window for Security Protection and any executable I tried to run was being terminated . Could not install malwarebytes in safe mode so I removed the hard drive and scanned externally with malwarebytes via another computer and removed multiple infections.

Upon reconnecting hard drive to the netbook, normal mode was once again usable; however, if I install malwarebytes and update it, it shuts down about 10 seconds into a scan and the icon on both the desktop and the program folder give the message "windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item." I tried reinstalling mbam and changing the name of the .exe but I have the same problem.

I have also run TDSS killer and it finds two infections called rootkit.win32.zaccess.c and another suspicious item c:\windows\3539339392:2146896173.exe. If I attempt to remove these infections using tdss killer it says infections cured but gives the message " c:\windows\system32\DRIVERS\ipsec.sys- processing error". If I scan again using tdsskiller, both infections are still present.

Any advice? I would appreciate it.

A:Security protection and rootkit.win32.zaccess.c infection

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

4 more replies
Answer Match 45.78%

My apologies, I was not able to get back to the other computer until this morning. However the problem is back.Here is the link to the original post.http://www.bleepingcomputer.com/forums/topic460216.htmlHere are the new infections:Filename Risk Action Risk Type Original Location StatusDWH3D.tmp Trojan.Gen.2 Pending Analysis File C:\Documents and Settings\Trumpf.CUSTOMFAB\Local Settings\Temp\ InfectedDWH7.tmp Trojan.Gen.2 Pending Analysis File C:\WINDOWS\Temp\ InfectedDWH5.tmp Trojan.Gen.2 Pending Analysis File C:\WINDOWS\Temp\ InfectedDWH1D.tmp Trojan.Gen.2 Pending Analysis File C:\Documents and Settings\Trumpf.CUSTOMFAB\Local Settings\Temp\ InfectedAlso...the virus scan now seems to be getting hung and not completing the full scan - I think because it cannot access the file that it is trying to scan. At least it comes up with "Cannot Delete DWH18:Access is denied" when I try to manually delete it after I cancelled the virus scan. Noviciate has been informed of your new topic.If he is busy I will take over.Stay tune.

A:Trojan.gen resurgence? Virus Protection doing its job vs lingering infection

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/461404 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

4 more replies
Answer Match 45.36%

Hi Everyone

I went on my laptop this morning and it said I needed to run a system restore. Unfortunately when I try to it says I need to enable system protection on my C drive. I've been searching the web for a solution for the past couple of hours and it seems like quite a common problem. However I've tried all of the suggested solutions and nothing seems to work. I'm not the most computer literate so some of the suggested didn't make the most sense. If anyone has any suggestions to help the matter it would be very much appreciated.

Thanks

A:How do I enable system protection for system restore?

System Protection - Turn On or Off

3 more replies
Answer Match 45.36%

I have a Win10 Pro and ran MR to create a system image backup.
It went well but it turned of system protection.
A message shows up with a warning yellow triangle that reads.
Using system protection on a drive that contains system image backups will cause other shadow copies to be deleted faster than normal.
--- How do I stop system protection from being turned off?

I have another Win10 computer and created a MR system image backup on that one also.
System protection wasn?t turned off on that one.

I do not use shadow copies: If shadow copies are in use on my computer it doesn?t matter to me if that is the case as I don?t know how to use them anyway. I just don?t want system protection turned off.

A:I donít want system protection turned off when I do a MR system image

Hi,

The available disk space on the pc with the warning issue is probably too small to store both backup images (MR) and system protection image.






I do not use shadow copies:



Actually you do. System Protection is a form of Shadow Copying.

Furthermore, it's not wise policy to store backups on the same physical drive as your system. Still better than nothing but all in all not sound practice.
Better to store back up on an ext. removable drive.

In the mean time you could reduce the amount of space allocated to System Protection and see if that helps any.

Cheers,

1 more replies
Answer Match 45.36%

My Toshiba Notebook (x64) (running Windows 7) has stopped being able to open/run programs. I've been using safe mode to try and find a cure, and safe mode works fine. I ran a few antivirus programs that detected a few things, but none of them solved this issue. Using System Restore seems to be the only thing I can really do, but I've been having some troubles with it.

Only one System Restore point shows up, and it's only from a few days ago, which isn't far back enough to fix my problem (I've already tried restoring it to that point). There are no other options as you can see here and here.

I tried to create my own restore point, but ran into some problems. When I go into "System" the "System Protection" option is missing. I only have these three options:

When I use the search bar to find it instead, "Create a restore point" comes up, but when I click and it opens System Properties, the "System Protection" tab is missing.

When I looked it up, someone had suggested running Regedit and checking HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\SystemRestore\DisableSR but I couldn't get that far.

If anyone could help me out, it would be greatly appreciated.

A:Troubles with System Restore/System Protection

Hello esu and welcome to Seven Forums.

Have you verified that System Protection is turned on? (If it is, try turning it off, restarting the computer, turning it back on, and restarting the computer one more time.)

System Protection - Turn On or Off

See if you can manually create a restore point.

System Restore Point - Create

If not, your computer may have damaged or corrupt sytem files. Try running a system file checker scan from an elevated command prompt (option two.) If problems are found, run the scan 3 times and make sure to reboot the computer immediately after each of the scans.

SFC /SCANNOW Command - System File Checker

4 more replies
Answer Match 45.36%

 I have a screen shot of it.  There is the Local Disk (C:) listed and then this other.
 Capture.PNG   126.43KB
  0 downloads

A:Under System Prop, and System Protection what is (C:) Missing ?

Post an Image from Disk Management Screen.
 
Control Panel / Administration Tools / Computer Management / Disk Management.
 
This will show all current active drives.
 
 
 

11 more replies
Answer Match 45.36%

I need help on how to remove the (system reserved) folder under Available Drives in protection settings. On all my other computers it is not shown. Not sure why it is there as it does not show anywhere else on computer as a drive. I guess it just bugs the hell out of me not knowing why it's there. Any help would be appreciated.

A:In System Protection under Available Drives (System Reserved)

Look in Disk Management and see if the Reserve has a partition letter.

9 more replies
Answer Match 45.36%

Hi, I defragged my registry (castigate me later, please), and well, my system crashed. I'm running Windows 7 Home Premium 64 bit on a Lenovo laptop, and on startup, I get a blue screen claiming that the OS couldn't boot, and the option to try a system repair. After analysis, it says that it can't repair the system automatically, and offers more advanced options. I can try a system restore, but after selecting a restore point (clearly the one created before defragging the registry), system restore says that I must enable system protection on the drive. I don't remember disabling it, and I don't know how to enable it without access to the desktop.
From those same advanced recovery options, I can use a system image recovery (don't have an image to recover from), the windows memory diagnostic (it claims there's no memory error), or the command prompt. I know very little about using the command prompt, but I can open the task manager at least, though not explorer.exe or msconfig.exe (the prompt claims they're invalid commands).
I've tried booting in safe mode, with the last known good configuration, with boot logging, and everything else from that menu, as well as a Windows 7 recovery disc (though I believe this disc just provides the same options as those installed on the laptop.
If possible, I'd like to know how to enable system protection from the command prompt window so that I can continue with the system restore. I'm quite certain that the error lies in the defragmentation... Read more

A:System Restore - Enabling System Protection

right click my computer/properties/advanced system settings/system protection/ high light your drive, click configure,now click( restore system settings and previous versions of files)
OK and exit

7 more replies
Answer Match 44.94%

I have tried to do as much as I can on my own, but I'm stumped. After many hours of reading blogs, running all kinds of scanning software and trying work-arounds, I can't elminate from my browser using go.google.com to redirect the urls that show from a Google search. At one point it thought I had fixed it, but it is back even worse.

In addition, I cannot run my disk defragmenter, I cannot run in safe mode (hangs at driver Mup.sys and then I get a dreaded blue screen that says 'A problem has been detected and Windows has been shut down to prevent damage to you compter. Etc.'), and I cannot run a couple of malware correction / protection programs (Malwarebytes' Anti Malware, the program many have said solves the redirecting problem, and Spybot).

I don't know if these things are all related, but they are all part of the same experience.

I am posting and attaching the files as directed. Here is the log from RSIT.

Logfile of random's system information tool 1.04 (written by random/random)
Run by Daryl E. Vorce at 2008-10-26 14:00:25
Microsoft Windows XP Professional Service Pack 3
System drive C: has 45 GB (63%) free of 72 GB
Total RAM: 1023 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:00:27, on 10/26/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.ex... Read more

A:go.google.com infection, can't boot in safe mode, can't run some protection programs

Hello, and Welcome to TSF.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------
Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Place combofix.exe on your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
Double click on combofix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





The Windows recovery console will allow you to boot up into a special recovery mode tha... Read more

2 more replies
Answer Match 44.94%

Not sure how I got this virus. Microsoft Security Essentials found Exploit:Java/CVE-2010-0840.BJ and Exploit:Java/CVE-2010-0840.CR . Your TDDSKiller program didn't find anything. I get the weird error messages in tons of pop-up wndows like in your AV Protection 2011 tutorials, like "Windows Detected a Hard Disk Problem" and the weird message about hard drive clusters (can't see the exact text of the second message right now). DDS Txt Log is below. Thank you so much!!!

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by EkaterinaiNicholas at 7:47:14 on 2011-11-22
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2018 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows&... Read more

A:AV Protection 2011 / Exploit:Java/CVE-2010-0840.BJ Infection

Hello and welcome to the forum. I apologize for the delay in responding to your request for help but it is very busy here and we can get overwhelmed at times.If you have since resolved the original problem you were having, we would appreciate you letting us know.If you still do need our help, please note the following:While working we us, please refrain from running tools or applying updates other than those we suggest while we are cleaning your computer.
The reason for this is so we know what is going on with the machine at any time.
Some programs can interfere with others and hamper the recovery process.Please perform all steps in the order received and do not proceed if you need clarification.Please also include a clear description of the problems you're having.After 5 days if your topic is not replied I will assume it has been abandoned and will close it.Please be patient while I analyze your logs. All of my fixes are checked by higher level forum members before posting.Thank you.DR

9 more replies
Answer Match 44.94%

My PC was infected with the User Protection virus/trojan and i was able to remove it (with some difficulty). I then had to attend to a Login/Logout loop, which i was able to fix. But now that i have everything running relatively normal my applications give me a "not a valid Win32 application" error when trying to open them or an associated file. This is happening with nearly all previously installed 3rd party applications.note: i received a blue error screen when trying to run GMER - IRQL_NOT_LESS_OR_EQUAL STOP: 0x0000000Ai hope you guys can help as i can't seem to fix this and its on my work PC.Thanks a lot!DDS (Ver_10-03-17.01) - NTFSx86 Run by Derek Bosomworth at 9:46:20.51 on 07/04/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3455.2903 [GMT -4:00]============== Running Processes ===============C:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\Program Files\AVG\AVG8\avgrsx.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\RUNDLL32.EXEsvchost.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\System32\svchost.exe -k imgsvcC:\WINDOWS\system32\wsc... Read more

A:cleaned User Protection infection, now "not a valid Win32 application"

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

3 more replies
Answer Match 44.94%

I need some help. I'm infected with a virus. I've been working on this for 2 days now. Originally, it was redirecting my homepage to another website called protectionband.com. I was continually getting pop-ups saying that I was infected by various different viruses. I followed the instructions given by symantec to redirect my homepage back to yahoo. It worked but i'm still getting messages saying that I have a virus. I noticed several new programs installed:
1. on the start menu is 2 shields, one is blue with an ! that says Online Security Guide, the other is green with a check mark that says Security Troubleshooting---both are for a website called protectionfield.com
2. I noticed Safety Alerter 2006 on the add/remove program list and am unsure of what this is
3. I deleted Video Access ActiveX Object from the add/remove program list

Someone please help.

Logfile from hijack this:
Logfile of HijackThis v1.99.1
Scan saved at 5:10:40 PM, on 3/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Sy... Read more

A:Protection Field and Safety Alerter 2006 virus infection

12 more replies
Answer Match 44.52%

All,

1) Thank you in advance for any aid you can give. I have followed the "5 steps" as best I could, although my infection did stop me from reaching the Panda site.

2) I am running this repair remotely on a coworker's computer in another country. I am using the LogMeIn system. It does allow me to remotely reboot and reconnect as needed, but it may add some challenges. Also there are some processes that show up as "lmi_" and these are part of LogMeIn.

3) The PC is running Windows XP Pro SP3. When I first connected and tried to resolve, there was no anti-spy nor anti-virus program running. Now I have installed AVG AntiVirus 7.5 Network Edition (paid) and Spybot S&D. Both scans did find threats the first time through, including the fake-utility XPSecurityCenter. Now both scans come up clean.

4) The main remaining symptom is that several support websites -- including grisoft.com, support.microsoft.com, trendmicro.com, etc -- are blocked. Both IE and Firefox show the "page cannot be displayed" error, but only for those specific sites. To install AVG and S&D, I had to download them locally and use LogMeIn to push them to the remote PC that I am fixing. I've read in other places that this is sometime the result of a virus altering the "hosts" file. However, the hosts file appears unmodified.

5) Finally, my HJT log from my first scan is below.

-- ThePaladinGuild

------------------------------
---------------------... Read more

A:[SOLVED] Unknown infection is blocking access to support and protection websites

Thank you to anyone who looked at this. A friend of mine has a paid subscription to another help site, so I used that. I apologize if anyone has already spent time on this.

I enjoy this forum and appreciate everyone who works on it.

-- ThePaladinGuild

2 more replies
Answer Match 44.1%

Hi guys, the answer to the question is probably yes, but i want to be sure. I'm running windows 7 64 bit sp1, and this is what happened (there will be some missing information, but pc stopped working in middle of night and I was a little in panic, so I may have forgot something.) Note: My OS is in Italian, so the system messagges are not exactly the same of an english version because I'm traslating them.
 
The short version is: Realtime protection of antivirus doesn't works (tried both with avast and then avira, reinstalling/cleaning doesn't works), windows update doesn't work, and microsoft fixit can't fix it :D. I don't know if there is a problem with admin rights or something like this (the first error i got was from dropbox that couldn't obtain admin rights) or it is a malware.
 
 
The long (watch out, is a wall of text) version with everything i tried until now is here:

 

Step 1: programs stopped working, just after I installed mass effect 3 from origin, but this could be unrelated, I wasn't using pc because i was waiting for ME3 to finish the download. I remember that i couldn't launch firefox anymore, pc started to go very slow, task manager didn't start and windows updates message popped up, and another strange thing, i couldn't use the keybord combination using "alt gr" (on the italian keyboard the @ must be done with the alt gr). So i rebooted the system. Note: I have windows update set to manual (I have to chose what do download, so when the m... Read more

A:Windows update doesn't work/Antivirus realtime protection stopped. Infection?

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.* Double-click mbam-setup.exe and follow the prompts to install the program.* At the end, be sure a checkmark is placed next to Up... Read more

18 more replies
Answer Match 43.68%

Hi,
I wanted to start system restore. The window shows: to create a restore point

open System Protection.

When this link is clicked, the System Properties dialog is opened by

SystemPropertiesProtection.exe

But the Tabs "System Protection" and "Remote" are missing in this dialog.

Something is wrong with the installation, but I cannot do new clean installation as many software is installed upon the platform. I have mounted the Vista installation DVD with "GImageX", but I do not know which files or Registry Entries I have to extract.

Any ideas? Thanks in advance for any help.

More replies
Answer Match 43.68%

Oh i can not get system restore to open but it works in safe mode not in regular mode.

A:Need help system protection not there on system properties

Hi,

Welcome to Seven Forums.

Run Regedit and check the following registry key:

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\SystemRestore\DisableSR.

If the key is present and has any value other than 0 then system restore is disabled and the system protection tab will be hidden.

Viruses often disable this by setting this registry key. Often they will also disable the task manager and regedit too.

If you get a message saying regedit has been disabled by your administrator then it's quite possible you have been targeted by a virus, in which case a full scan of your system is a good idea.


As always, before making changes to your registry, back it up.

hth
Tanya

4 more replies
Answer Match 43.26%

Hi all
I want to disable "hardware, Advanced, System Protection, Remote" tabs from system properties dialog box( screen shot attached).
The user should only able to access change computer name feature. Other feature should be disabled/removed.
I there any way to achieve it?
thanks in advance.


IMG]https://social.technet.microsoft.com/Forums/getfile/703346[/IMG]

A:disable "hardware, Advanced, System Protection, Remote" tabs in system

I'm inclined to say no, for a very simple reason.
Changing the computer name requires administrator access. Given that, the user already has full control over the entire computer, therefore he can change whatever he wants.
What's the purpose of such "limitation"?

4 more replies
Answer Match 43.26%

Hello everyone ... Really hoping you can help me.

I use Firefox browser and gmail or yahoo for mail. I have Fix-It Professional 6 which I just ran for any viruses, mal ware, spy ware and ad ware.

For about the past week or so, every time I start my machine, I get a window called Windows PC Defender inside of which is a"My Computer" window. I cannot close this window but I can minimize it and open an additional window.

This address appears in the location window -
hxxp://my-systemprotection.net/?p=WKmimHVl...nBkaF%2FEkKE%3D

In the My Computer it shows the Windows shield logo along with System Folders, My Documents, Hard Drive and Security. Next to each, flashing in red is notification that I have 5 viruses in the System Folders, 7 in My Documents, 12 in my Hard Drive and that "Security has been damaged by virus" in the Security. Additionally, below that is a separate window "Your Computer is Infected" and shows a long list -

W32.Benjamin.Worm Virus High
Trojan virtumonde Virus Critical
AdvWare.Hotbar Virus High
[email protected] Virus Medium
Trojan.Qoologic - Key Logger Virus High
SHeur.ZSQ Virus High
Adware.Win32.Winad Virus Critical
Trojan-PSW.Win32.LdPinch.abm Virus Critical
Backdoor.Win32.Haxdoor.gu Virus High
Magic DVD Ripper Virus High
Trojan.Fakealert.355 Virus Medium
Trojan-Downloader.Win32.Small.dge Virus High

Recommend: Click "Start Protection" button to erase all threats
When I have clicked on "Star... Read more

A:my-system protection

Hi Cailleach Echo, welcome to BC I have moved your topic to the "Am I infected? What Do I Do?" forum since you appear to be infected by a rogue security product. This will allow our members who specialize in malware removal to find your topic more easily.I've always been warned not to open anything that ends with ".exe"Sound advice. You're infected with some sort of rogue security program. These programs falsely warn that your computer is infected (like in the list of baddies you were given) and then prompt the user (you) to download a file to "clean" the computer. Do not download anything it asks you to. Do not purchase any program it recommends. It is a scam and will only serve to make the situation worse.

3 more replies
Answer Match 43.26%

Yesterday I, as always before, was going to do monthly Macrium Reflect system backup. As per usual I did all the AV, HW and software checks, made sure windows and SW was up to date, absolutely everything works as good as ever. At the end of those checks I did sfc /scannow but would not go past 58%. Dism also got stuck at some 20% on or offline, in safe mode too.
All disks are in perfect shape and so are drivers etc.
Before I do something radical like restoring last moth's Macrium backup or doing windows repair I would like to see if there's something less radical to troubleshoot this problem.
I still have W10 on another disk to fall back to if necessary so in no way I could be left without OS on this computer. Willing to try anything. Any ideas ?

A:System protection

Hi Mike,
Personally I don't have a problem with this but some people do with:
The Scoop On KB 3022345 System File Corruption
You might want to uninstall this update if installed.

3 more replies
Answer Match 43.26%

Why can I not save restore  points when I have it set to restore previous versions of files only?  It shows system protection turned off when set this way. Only way it will show turned on is if I have setting and files turned on.

A:System Protection

Hi -
System Restore is just that - System Restore -
I have not been able to set mine to restore only one file / folder to an earlier time, unless I have a backup made.
 
However I may have missed a setting that I could not find, but I can only set mine to System Restore -
 
More general information ..............

 What files are changed during a system restore ?
 

System Restore affects Windows system files, programs, and registry settings. It can also make changes to scripts, batch files, and other types of executable files created under any user account on your computer. System Restore does not affect personal files, such as e-mail, documents, or photos, so it cannot help you restore a deleted file.
NOTE :: If you have backups of your files, you can restore the files from a backup.

 
Always create a backup of your system prior to doing any System Restore
 
Open System Restore and follow the links in that area as to what you will restore and what you can do there.
There is a lot of helpfull information listed there -
 
Thank You -

1 more replies
Answer Match 43.26%

I am running Vista Home premium, but see no evidence that it is creating restore points automatically every 24 hours. I can create restore points manually but they are the only ones that show under system protection. Should I not be seeing, "system scheduled checkpoint" in system restore? Thanks.

A:System Protection

I suspect that a system setting has been changed that prevents this from occurring - have you changed any of the system settings/services or used a tweaking/protection utility that might have caused this?

1 more replies
Answer Match 43.26%

No matter what I do system protection somehow always manages to turn it self back on

How can I PERMANTLY KILL THIS PROCESS? Is it a service?



I WANT IT GONE FOR GOOD

A:Ive had it with System Protection...

Go to control panel, admin tools, services, volume shadow copy, but that may cause more problems than it solves.

9 more replies
Answer Match 43.26%

How do I go about turning ON System Protection.

When I go to restore my system from a Restore Point, I get a popup saying "System Protection" is turned OFF and I need to turn it back ON.

A little help please. Thank you.

More replies
Answer Match 43.26%

How to turn on System protection using/through Ubuntu?

A:System Protection

Look over here:
The Ubuntu Forum Community - Ubuntu Forums

2 more replies
Answer Match 43.26%

How does System Protection work...does it save information to a separate partition?

I have a 7gb partition on my drive that I do not know what it is for. I deleted it and was am thinking of adding it to my main C: partition. Did destroy the System Protection partition?

A:System Protection?

That partition was likely put there by the manufacturer to help you restore the PC to factory specs if you ever needed to do that.

If you in fact deleted the partition and do not have "recovery disks", you will have problems restoring to factory specs.

Do you have any install discs at all? What happens if your hard drive fails in 30 minutes?

System protection is not the same as "system restore", which you may be thinking of. System restore returns the operating system to the way it was on the date the restore point was made---typically somewhere in the last couple of weeks-----not to factory specs. System restore points are stored on your C drive along with Windows.

Can you post a screen shot of Disk Management?

9 more replies
Answer Match 43.26%

I am curious I was reading a previous thread which concerned a Teacher, Wendy and her issues with her current computer instructor. When following the thread a program I have never heard of, HijackThis was mentioned several times. Is this a program that just simplly reports problems to the user or is it like Spybot S&D(which I am currently using) in that it can also fix any possible security issues. If HijackThis can do the previous: fix report and whatever else; then what additional advantages does it provide the user that Spybot doesn't support, and would U use this in place of Spybot S&D or something else.
 

A:system protection?

It is not an automated tool, and provides no judgement or recommendations on removal. It simply shows what is present in several locations of the registry and file system - you have to know what you're looking at to use it to delete entries.
When I think it's preferable that dll's are unregistered etc., I will often recommend that SpyBotSD be run first and then use HJT to look and see if it missed something.

You can see some instructions at http://tomcoyote.org/hjt/ if you want to look at it.
 

1 more replies
Answer Match 43.26%

Ive noticed every once in a while that my system protection keeps turning it self on, even though I have manually shut it off?

What could be affecting this? (I want it off because I back up regularly)
 

A:System Protection...

I don't have an answer but do have some advice.

System protection is different than backing up data, system protection backs up critical system registries and other settings normal backups do not, it would be wise to leave this setting On.

.
 

1 more replies
Answer Match 43.26%

Hey all, I've ran into a huge problem... My aunt dropped off her family computer yesterday and I've been working on it for a few hours now and to say the least I'm completely stumped. There's this fake anti virus program called Protection System which does it's thing, I'm sure you know all about it. Anyway, I've done a few hours worth of research, read countless "fix it" articles and forum post and nothing has worked yet. At this point I need to rest my eyes and my mind and ask you all for your help.The biggest problem is no programs that could solve the problem or aid in solving the problem work. The real anti virus was disabled and broken, malwarebytes wouldn't install so I renamed it, it then installed halfway before freezing. I played around with that for a while and I got it to install. Couldn't run the program after that, so I renamed the that. It finally opened but as expected the scan shut the program down. After it crashed during the scan malwarebytes was completely inoperable, couldn't even delete it with out a restart. At that point I had enough, I was preparing to post a topic in the "HijackThis Logs and Virus/Trojan/Spyware/Malware Removal" forum but after several attempts it appears that not even your DDS Tool works. I'm just so frustrated right now...To clear a few things up. I've been trying everything in and out of safe mode, same results. Also, all the games on the computer appear to work, iTunes works, Quickbooks work, AIM works. I'm pretty sure every progr... Read more

A:Protection System

Hi Mike,

do you still have your aunt's PC and do you still need help?

regards _temp_

3 more replies
Answer Match 43.26%

How do I go about turning ON System Protection.

When I go to restore my system from a Restore Point, I get a popup saying "System Protection" is turned OFF and I need to turn it back ON.

A little help please. Thank you.

A:System Protection

  
Quote: Originally Posted by huffman


How do I go about turning ON System Protection.

When I go to restore my system from a Restore Point, I get a popup saying "System Protection" is turned OFF and I need to turn it back ON.

A little help please. Thank you.


See this tutorial.

System Protection - Turn On or Off

2 more replies
Answer Match 43.26%

I was looking around in system properties and under system protection, device updates the top box was checked, I changed it to what it is now and want to make sure this is ok.
 

A:System Protection

It's far better than just "OK" when you have the system running satisfactorily. It's the only way to avoid the nasty surprises when Windows "updates" to incorrect drivers.
 

3 more replies
Answer Match 43.26%

Hey all, I've ran into a huge problem... My aunt dropped off her family computer yesterday and I've been working on it for a few hours now and to say the least I'm completely stumped. There's this fake anti virus program called Protection System which does it's thing, I'm sure you know all about it. Anyway, I've done a few hours worth of research, read countless "fix it" articles and forum post and nothing has worked yet. At this point I need to rest my eyes and my mind and ask you all for your help.The biggest problem is no programs that could solve the problem or aid in solving the problem work. The real anti virus was disabled and broken, malwarebytes wouldn't install so I renamed it, it then installed halfway before freezing. I played around with that for a while and I got it to install. Couldn't run the program after that, so I renamed the that. It finally opened but as expected the scan shut the program down. After it crashed during the scan malwarebytes was completely inoperable, couldn't even delete it with out a restart. At that point I had enough, I was preparing to post a topic in the "HijackThis Logs and Virus/Trojan/Spyware/Malware Removal" forum but after several attempts it appears that not even your DDS Tool works. I'm just so frustrated right now...To clear a few things up. I've been trying everything in and out of safe mode, same results. Also, all the games on the computer appear to work, iTunes works, Quickbooks work, AIM works. I'm pretty sure every progr... Read more

A:Protection System

We Need to check for Rootkits with RootRepealDownload RootRepeal from the following location and save it to your desktop.Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorExtract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).Open on your desktop.Click the tab.Click the button.Check all seven boxes: Push OkCheck the box for your main system drive (Usually C:), and press Ok.Allow RootRepeal to run a scan of your system. This may take some time.Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.----------------------------------Please note: If Rootrepeal fails to run, try this step: Click Settings - Options. Set the Disk Access slider to HighAlso try: right-click on rootrepeal.exe and rename it to tatertot.scr

4 more replies
Answer Match 43.26%

I have been infected with protection system and the instructions say to run malwarebytes but when I try to run it it just stops. Is there another way to get around this. I work from home and this is ruining my day. I also tried to use spyware doctor but I can download the updates to run the program... I'm hoping somebody can help Edit: Moved topic from XP to the more appropriate forum. ~ Animal

A:protection system

Did you rename Mbam.exe to something else? Name it tatertot.scr and try to run itAlso try Dr Web Cureit:Please download Dr.Web CureIt, the free version & save it to your desktop. DO NOT perform a scan yet.Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".Scan with Dr.Web CureIt as follows:Double-click on launch.exe to open the program and click Start. (There is no need to update if you just downloaded the most current versionRead the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.The Express scan will automatically begin.
(This is a short scan of files currently running in memory, boot sectors, and targeted folders).If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All.When complete, click Select All, then choose Cure > Move incurable.
(This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)Now put a check next to Comple... Read more

1 more replies
Answer Match 43.26%

I just finished "cleaning out" an old Dell desktop. I deleted a lot of files. I don't intend to un-delete any of them (couldn't anyway, because I did a wipe of the free space), but the thought occurred to me, what if I wanted to un-delete one of them? In the old DOS days, I could do that without software (like Recuva). But with NTFS file systems, I note that there is a system setting called System Protection that provides a built-in way to recover deleted files, as long as you haven't overwritten them. I checked the settings for this app on my desktop. System Protection is Off for both of my drives, so that's apparently the default.

Question: What are the downsides of turning that On? My guess would be that it burdens the MFT with more entries, thereby slowing drive performance. Is that true and are there any other downsides?

A:System Protection

The only real downside to turning on System Protection is that is consumes some disk space but you can control that. The impact on performance is insignificant.

5 more replies
Answer Match 43.26%

In my system properties under system protection, the c drive sys pro is on but on my d drive (restore) the sys pro is off. Should i turn it on?Is it able to vreate sys restore points when the sys protection is off?

A:my system protection

Hello @hunterm1 Welcome to the HP Support forum. Thank you for your post.Probably you have one HDD drive and C:\, D:\, etc.. - these are not called drives but partitions - part of the whole thing - one HDD. No problem. The D:\ partition is usually your recovery partition and Windows System Restore is off there for a reason - you should not and need not to attempt to turn it on. This drive should have no changes usually - its purpose is to keep the original version of your operating system, settings, drivers, original image and to be able to restore your PC to factory default condition.  Let me know if you have any other questions.

1 more replies
Answer Match 43.26%

My System in "System Properties" has its "Protection" as OFF
Start > Control Panel > System > System Protection > System Properties (dlg) > System Protection (tab)


I am trying to clean up my Registry after uninstalling "CutePDF"
- three lots of bundleware with one double negative opt-out that I thought I had outsmarted
- CutePDF do not supply an "uninstaller" any more for their free CutePDF
- Revouninstaller did not detect any registry items
- CCleaner does not find any of the CutePDF registry entries
- a manual trawl/search has found two keys each with 29 data entries
- created a restore point, as insurance
- disabled the "CutePDF" keys by renaming the keys with a "_obs" affix string
- rebooted and no problems
Q1: Should the "System" protection be Off or ON
- my inclination is to change it to ON
- but I would like to check with those who really know first (no guesses)

I know ... I know ... an image would have been simpler
- but I am not "there" yet ... when my busy meter slows down to insane

A:System Protection is OFF

It should be on if you want the protection of system restore.

9 more replies
Answer Match 43.26%

What would be the best antivirus for pc.I need a antivirus that is not slow and that protects my pc very good.I need sugestions!

A:System Protection

Welcome
First forget best, it is subjective.
However, I and many members use the free
Microsoft Security Essentials
Free Malwarebytes and the Windows Firewall
I also use winpatrol. It takes a picuture of your HD. Anything is installed, it asks if you want it. If you say no, it restores what you had. Has other features too.
http://www.av-comparatives.org/
This list is already outdated. Microsoft has just finished testing on 2.0. It is now available.

2 more replies
Answer Match 43.26%

Hi. I suddenly got a ?Security Center Alert? pop-up in my computer. I have tried what other users tried before. The thing is that now it uninstall Avast antivirus, don?t let me install MBAM (or any program at all), can?t connect to the Internet or access the Windows Task Manager. I also tried to run the Hjack but it simply won?t run.

Please help.

A:Protection System Again

Welcome to BCTry to run both of these and save the logsWe Need to check for Rootkits with RootRepealDownload RootRepeal from the following location and save it to your desktop.Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorExtract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).Open on your desktop.Click the tab.Click the button.Check all seven boxes: Push OkCheck the box for your main system drive (Usually C:), and press Ok.Allow RootRepeal to run a scan of your system. This may take some time.Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.-----------------------------------------------1. Download Win32kDiag from any of the following locations and save it to your Desktophttp://ad13.geekstogo.com/Win32kDiag.exehttp://download.bleepingcomputer.com/rootr.../Win32kDiag.exe2. Double-click Win32kDiag.exe to run Win32kDiag and let it finish.3. When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.4. Double-click on the Win32kDiag.txt file that is locate... Read more

1 more replies
Answer Match 42.42%

I am trying to do a system restore. When I get to the screen titled 'confirm disks to restore' it says 'you must enable System Protection on this drive'. I am unable to enable System Protection thru normal means because the tab isn't showing up. I searched the forum and found an answer in the following thread that I thought would help:

Can't access System Protection options

There's probably a value in the registry called "DisableConfig" or "DisableSR" at HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\SystemRestore. Open regedit, browse to that key, and if either value exists, delete and reboot the PC. You should get your System Restore tab back after doing this.
Last edited by cluberti; 08-27-2010 at 05:55 AM.. Reason: Seems there's a second value - updating thread

Unfortunately, I have HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\

but no SystemRestore after that.

Can anyone help me????

A:Need to turn on System Protection

Hi garzon6, welcome to the forums

It sounds like 'Systems Restore' has been disabled. To enable it just follow the steps below...

1 Click Start and right-click 'Computer' & select 'Properties'

2 Select 'System Protection'

3 Click 'Configure'

4 Select the first option in the list then click 'Apply' then 'Ok'

Hope this helps






Quote:
I am unable to enable System Protection thru normal means because the tab isn't showing up


Can you show a snip regarding the lack of options above too?

OS

9 more replies
Answer Match 42.42%

I have an awful virus...please help me before my boyfriend gets home. He allowed me to use his computer and this Protection System 2010 virus has taken over.

It won't allow me to open Mbam or hijackthis...hijackthis will start and then just disappear.

I have tried everything that my feable mind can think of. I downloaded the SuperAntivirus, but it won't open and I can't delete it so I can't reinstall it.
I am working within safe mode with networking at this moment.

Please HELP!

A:Help Me Please Protection System 2010

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

1 more replies
Answer Match 42.42%

Hello

This is the first time I've had a virus so I'm a little new to the technical terms and am trying to follow the advice given on this forum.
(BTW - the advice has been v clear and easy to follow - thanks!!)
I have had the 'Protection System' virus since yesterday (the one that masquarades as an anti-virus). I havent accepted anything nor bought it but it keeps putting distasteful shortcuts on my desktop, has cut me off from the internet, disabled some of my own scanware and keeps putting up pop-ups pushing me to buy it.

I read your threads and tried to install the Malwarebyte' Anti-Malware but it won't run and closes after 5 seconds. I then ran a CD with AVG as suggested on one of the threads. After this ran, I still was unable to run the Malware software - even in safemode.

I am using my friends computer and have downloaded the DDS screen saver and have managed to run it on this (healthy) PC and obtain the log files with ease. On my PC I have tried several times and rebooted, but no logs are being produced. Indeed after some time of trying - even that welcome message isnt displayed and it just closes without warning.

I dont really know where to go from here. Im not overly technical so I dont know if there is somewhere I should be looking to start with. Any help would be much appreciated.

PS I am running on Vista.

Thanks

A:'Protection System' virus

Welcome to BCWe Need to check for Rootkits with RootRepealDownload RootRepeal from the following location and save it to your desktop.Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorExtract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).Open on your desktop.Click the tab.Click the button.Check all seven boxes: Push OkCheck the box for your main system drive (Usually C:), and press Ok.Allow RootRepeal to run a scan of your system. This may take some time.Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.----------------------------------Please note: If Rootrepeal fails to run, try this step: Click Settings - Options. Set the Disk Access slider to HighAlso try: right-click on rootrepeal.exe and rename it to tatertot.scr==========================Please download Win32kDiag.exe by AD and save it to your desktop.alternate download 1alternate download 2This tool will create a diagnostic report Double-click on Win32kDiag.exe to run and let it finish. When it states Finished! Press any key to exit..., press any key on ... Read more

6 more replies
Answer Match 42.42%

I am running Windows XP using Firefox. I got the System Progressive Protection virus. I ran Malwarebytes and can use the computer now but "iexplore.exe" is still running in the background. Also, Microsoft Security Essentials pops up every few minutes with a "Detected threats are being cleaned" message. What do I do now?
Thanks, in advance.

A:System Progressive Protection

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply.====================================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next t... Read more

1 more replies
Answer Match 42.42%

After reading your website I am sure I have System Progressive protection. I read the user guide written by Lawrence Abrams and have tried it a couple of times. I am using windows XP. I have followed the steps each time, but it does not seem to work. I boot into safe mode and then download one of the RKill downloads and it does it's thing and then posts a report on my desk top. Each time I have attempted to remove the vius/worm I have tried a different version of RKill. So then I move on to scanning my computer. I use Microsoft Security Essentials. I have run full scan twice and found and removed "unwanted software". Then when I have removed it I am prompted to "restart" the computer to let changes take effect. When it boots back up in normal mode the System Progressive Protection thing pops up again and obviously I did not get rid of it. I would guess one of two things is going on. Either it is not stopping the virus when I run RKill or I am rebooting back into normal mode and I should not be doing that. What should I do? With this description can you tell what I might be doing wrong? I know this is not a really serious problem but I would prefer to get rid of it. I am so close to fixing this issue but I can't seem to completely get rid of this thing. Please help. By the way. Thanks for the site. You all do wonderful work here. Thanks again. Looking forward to hearing from someone.

A:System Progressive Protection

Can anyone help me with the issue I am having? Thanks.

5 more replies
Answer Match 42.42%

Hello-
I am trying to fix a friends' laptop that appears to have been infected with Protection System malware. PC Info: Dell Vostro 1500, Windows XP Home, SP2.

At the moment, I cannot seem to get the laptop to access the internet, whether itís because of the virus or because it is not set up to access my cable modem. I have left it disconnected from our network to avoid any cross infections with my good pc. Can I download programs to a USB stick using the good pc, and transfer them to the sick pcís desktop- if you donít see a problem with this method, then Iíd prefer to continue using it.

When I try to install Malware Bytes from the .exe on the desktop, the install procedure seems to begin, then disappears completely from view, and doesnít even appear in Task Manager.

HijackThis seems to install ok from the desktop, but when I try to run the program, I can see it begin to list programs, but the after less than 2 seconds it, too closes and disappears.

Other issues: Restarting/Shut Down gets stuck and I have to hold down the power button to shut off.

Would greatly appreciate any help you can give.
 

More replies
Answer Match 42.42%

Here is my log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:44:04 PM, on 6/30/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exec:\Program Files\Common Files\Symantec Shared\ccProxy.exec:\Program Files\Common Files\Symantec Shared\ccSetMgr.exec:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exec:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\HPZipm12.exec:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\ehome\ehtray.exeC:\Program Files\Java\jre1.5.0\bin\jusched.exeC:\windows\system\hps... Read more

A:Protection System Malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies