Tech Problem Aggregator

# Infected with mstre19.exe and pp10.exe

Q: Infected with mstre19.exe and pp10.exe

I'm getting popups that my computer is infected with instructions to go to the security center to do a full free scan. Something is also trying to access hxxp://goscanwork.com/?uid=13300, but Trend Micro is blocking. Please let me know what other detailed information might be helpful. Thank you in advance for your help. Much appreciated.

DDS (Ver_09-05-14.01) - NTFSx86
Run by Daren Benson at 22:09:48.93 on Mon 06/08/2009
Internet Explorer: 8.0.6001.18372 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1170 [GMT -7:00]

AV: Trend Micro Internet Security Pro *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro Personal Firewall *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdnserv.exe
C:\WINDOWS\system32\lxdncoms.exe
C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Maxtor\ManagerApp\Onetouch.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lexmark 2600 Series\lxdnMsdMon.exe
C:\Program Files\QuickTime\QTTask.exe
C:\windows\pp10.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HPQ\shared\hpqwmi.exe
C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe
C:\Documents and Settings\Daren Benson\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Daren Benson\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://us.mg1.mail.yahoo.com/dc/launch?action=welcome&YY=1522597151&.rand=fsur96ibq0b96
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: TSToolbarBHO: {c1656cca-d2ea-4a32-94ae-ae0b180e6449} - c:\program files\trend micro\trendsecure\transactionprotector\TSToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [TrendSecure Remote File Lock] c:\program files\trend micro\trendsecure\remotefilelock\FLMain.exe
uRun: [SansaDispatch] c:\documents and settings\daren benson\application data\sandisk\sansa updater\SansaDispatch.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [MaxtorOneTouch] c:\program files\maxtor\managerapp\Onetouch.exe
mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe"
mRun: [WatchDog] c:\program files\intervideo\dvd check\DVDCheck.exe
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
mRun: [lxdnmon.exe] "c:\program files\lexmark 2600 series\lxdnmon.exe"
mRun: [lxdnamon] "c:\program files\lexmark 2600 series\lxdnamon.exe"
mRun: [FaxCenterServer] "c:\program files\lexmark fax solutions\fm3032.exe" /s
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [pp] c:\windows\pp10.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dvdche~1.lnk - c:\program files\intervideo\dvd check\DVDCheck.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: aol.com\free
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxp://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1186547253750
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\darenb~1\applic~1\mozilla\firefox\profiles\0dev75kf.default\
FF - prefs.js: browser.startup.homepage - hxxp://us.mg1.mail.yahoo.com/dc/launch?action=welcome&YY=1522597151&.rand=fsur96ibq0b96
FF - plugin: c:\program files\google\google earth plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll

============= SERVICES / DRIVERS ===============

R2 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
R2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [2008-10-5 98984]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2008-8-3 52624]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2008-2-16 36368]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2008-2-16 333328]
R3 TmPfw;Trend Micro Personal Firewall;c:\progra~1\trendm~1\intern~1\TmPfw.exe [2008-8-3 488768]
R3 tmproxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2008-8-3 648456]
S2 gupdate1c9ba4a28038d7c;Google Update Service (gupdate1c9ba4a28038d7c);c:\program files\google\update\GoogleUpdate.exe [2009-4-10 133104]
S3 P0630VID;Creative WebCam Live!;c:\windows\system32\drivers\P0630Vid.sys [2008-5-28 91830]

=============== Created Last 30 ================

2009-06-08 18:55 1 a------- c:\windows\9g2234wesdf3dfgjf23
2009-06-08 17:43 157 a------- C:\43454354.bat
2009-06-08 07:16 1 ----h--- c:\windows\msmark2.dat
2009-06-08 07:16 29,184 ----h--- c:\windows\mstre19.exe
2009-06-08 07:16 2 ----h--- c:\windows\ro122390.dat
2009-06-07 19:21 <DIR> --d----- c:\windows\system32\sysloc
2009-06-07 19:21 14,336 ----h--- c:\windows\pp10.exe
2009-06-03 19:24 54,156 a---h--- c:\windows\QTFont.qfn
2009-06-03 19:24 1,409 a------- c:\windows\QTFont.for
2009-06-02 14:19 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ThumbnailCache4R
2009-05-26 17:18 90,112 a------- c:\windows\system32\QuickTimeVR.qtx
2009-05-26 17:18 57,344 a------- c:\windows\system32\QuickTime.qts
2009-05-11 10:55 <DIR> --d----- c:\program files\windows media components
2009-05-10 22:52 <DIR> --d----- c:\windows\Cache
2009-05-10 22:52 <DIR> --d----- c:\program files\Coupons

==================== Find3M ====================

2009-04-01 20:15 201,728 a------- c:\windows\system32\PolarClock3.scr
2008-08-03 17:01 0 -c--h--- c:\docume~1\alluse~1\applic~1\PKP_DLds.DAT
2007-10-07 10:42 20 -c--h--- c:\docume~1\alluse~1\applic~1\PKP_DLec.DAT

============= FINISH: 22:11:05.56 ===============

A: Infected with mstre19.exe and pp10.exe

Hi,* Please download Malwarebytes' Anti-Malware from Here or HereDouble Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.In case you already used MBAM previously, please update it before proceeding with the scan. To do this, click the "Update" tab and click the "Check For updates" button.Once the program has loaded and updates were downloaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply along with a fresh HijackThis log.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.In case you lost internet access after performing above instructions:In IE: Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.In Firefox in Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection.

6 more replies
Answer Match 53.34%

Hello all, went to bed last night with zero problems, woke up with a slew of them. Not only do "they" apparently know I haven't renewed my virus software but they also know when I sleep. Not good.

My problem lies in my internet browser being hijacked. Search results from google are redirected by something called "nonstopwebspeedway.net" as noscript is telling me as it blocks it. I have not tried other search engines, and inputting a url or using a bookmark works just fine.

I have run Malwarebytes, my installed virus software (CA Internet Suite), and Spybot, and have removed everything except whatever is hijacking my browser and something called "mstre19.exe"; a running process. Search results (from another computer) seem to agree this is malware, but it wont go away. mstre19 will not show up in the log below as I terminated the process when I booted the computer up, or maybe it will, not really sure how you guys read this thing =D.

Any help would be appreciated, the Hijackthis log is below. As soon as I know my browser is secure I will renew my antivirus software.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:33:27 PM, on 6/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\... Read more

A:Browser Hijacked and mstre19.exe

I snooped around after making the thread, and noticed that this google virus seems to be a widespread problem, at least here on the boards. The only problem is there doesn't seem to be one way to fix it =[.

Although I can still visit sites fine, the browser has been noticeably slowed down, especially when there are videos involved such as on youtube.

The mstre19.exe is still there on system startup as well, and unless I terminate it I soon find something infected on a malware scan.

2 more replies
Answer Match 53.34%

I can not get online at all. I had the bavariax.exe according to AVG. The virus seems to be removed?? but I can't get online. Should I just restore my computer?Here is my hijack log:ogfile of Trend Micro HijackThis v2.0.2Scan saved at 5:36:12 PM, on 7/12/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\WINDOWS\sySTEM32\SvchoSt.ExEC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exeC:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exeC:\PROGRA~1\AVG\AVG8\avgemc.exeC:\PROGRA~1\AVG\AVG8\avgam.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\PROG... Read more

A:Bavariax/PP10

Hello bigworm,Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.Thanks,tea

2 more replies
Answer Match 52.5%

My laptop had a severe case of multiple smss.exe running in my process manager. Both pp10.exe and h36kdzr.exe were also on my computer. i tried removing with HJT but i am new to the program (should have consulted this forum first). Currently my computer will minimize my full screen programs almost randomly, it will play random sound files that are not on my computer overlaping with the currently playing audio and the system seems to slowly crash, losing my ability to open programs until the point when the mouse pad will not work and i have to do a forced shutdown. the one error message that always pops up is that the ihaupd32.exe has crashed, immediately after start-up.

I greatly appreciate all the hard work you fine folks do for the rest of us.
Thank you.

here is the dds.
DDS (Ver_09-06-26.01) - NTFSx86
Run by Thomas at 22:37:23.28 on Mon 07/13/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1247 [GMT -6:00]
============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\W... Read more

A:smss.exe, pp10.exe, and h36kdzr.exe

Hello and welcome to Bleeping Computer.My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I wouldbe grateful if you would note the following: Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
Copy and paste all logs requested in you reply, Do not attach them unless asked too.
If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
If I do not hear back from you within 5 days of my last post, then this topic will be closed.Please download Malwarebytes' Anti-Malware from HereNote: If you already have Malwarebytes' Anti-Malware, just update then run it.Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan (the scan may take some time to finish, so please be patient).When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be p... Read more

5 more replies
Answer Match 52.5%

Hello. I have been trying to get rid of these viruses (freddy46.exe, ld09.exe, and mstre19) for a while and neither Ad-Aware, McAfee, Malwarebytes, CCleaner, or HijackThis have been able to get rid of them from my registry. The problem originated when I went on a random website and suddenly my computer started giving me pop-ups saying that my computer was infected and that I needed to run an anti-virus program (one that I did not have). I ran McAfee and Malwarebytes and it deleted all of the viruses and trojans it detected except for the ones I have mentioned that seem to be stuck on my start-up registry.I also was not able to use Windows Live Messenger without Ad-Watch popping up detecting registry modifications and blocked cookies nonstop and I have since deleted the program from my computer (although an old version seems to have remained there?).I guess I should also mention that I am still able to use many major programs and the internet (using Firefox) without any problems, except for Windows Live Messenger.Any help would be much appreciated, thank you!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:33:51 PM, on 7/20/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16850)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svch... Read more

A:I can't remove freddy46.exe, ld09.exe, mstre19.exe from my registry.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

22 more replies
Answer Match 52.08%

Good day,Recently after running a keygen from some no so legit software, I noticed some strange processes running on my Windows XP machine, they are as follows: SYS32DLL.exe, pp10.exe and Pqarocuvuw yfyqu.exeI have tried running the "Rogers online protection" virus and anti-spyware scan tool which I have installed but it does not detect these processes as being malicious. The steps I have taken so far are:1) Block internet access to SYS32DLL.exe which kills browsing the internet on both IE and firefox2) Download HijackThis and re-name (One of the processes won;t let you run it when it has the original name)That's about it, here is the log file that HijackThis generate, any help would be greatly appreciated.---------------------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:36:27 AM, on 26/05/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16827)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Rogers Online Protection\Rogers Online Protection\Fws.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\eHome\ehRecvr.exe... Read more

A:SYS32DLL.exe, pp10.exe and Pqarocuvuw yfyqu.exe

Hello and to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.-----------------------------------------------------------We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, ... Read more

2 more replies
Answer Match 51.66%

My dad has a computer in his workshop and he's been complaining that his mcafee software keeps popping up that things are trying to access the internet.

I haven't seen this happen myself as I only work Saturday mornings. I have run a Hijack This log and I noticed freddy46.exe which I clicked fix and it seems to have gone. On further investigation I also found id09.exe and mstre19.exe are in the log file and after googling these are apparently infections too. The recent mcafee log also shows romeo15.exe has been trying to access the internet.

After removing the freddy46.exe file I thought I should ask for help on the others as I'm not really sure what I'm doing and after googling it's advised that you don't just delete things!

Please can someone help with how I remove these and other dodgy stuff if there's more than I think. It would be much appreciated.

Thanks,
H
DDS (Ver_09-05-14.01) - NTFSx86
Run by micky at 11:15:05.10 on 20/06/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.49 [GMT 1:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Pro... Read more

A:Pls help with removal. freddy46.exe id09.exe mstre19.exe romeo15.exe plus goodness knows what else!

Hello and welcome to the BleepingComputer.com! I will be helping you today. In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Please give me some time to look through your Log, I will reply to you soon.regards _temp_

7 more replies
Answer Match 51.24%

The problem:

-Virus/Trojan/Spyware/Malware (not certain which is the proper term, I'll just call it malware) which redirects my browser (IE) whenever I click on a Google search result link.
-Redirect seems to always take me to: lo-find (dot) com
-When my computer is connected to the internet, windows will open spontaneously, claiming my hard drive is full of trojans/etc., prompting me to run checks from the security center.
-task manager is frequently disabled. (I am unsure as to whether this is caused by the malware, or my computer's response to it...)

Some context and history:

Ever since my norton subscription ran out, I have been protecting my computer - or attempting to - with Spybot S&D alone. (TeaTimer thing running).
It asks me to manually allow or deny registry changes, which I habitually allow when installing updates and deny when browsing the web.
My computer caught this malware when I was simultaneously installing a microsoft-provided IDE for C++ (Microsoft Visual C++ 2008 Express Edition) and browsing the web. When a bunch of registry change requests came up, I assumed they were involved in the installation and allowed them.

Shortly afterwards, the problems began. So I disabled my internet connection and ran spybot. Spybot found two entries (something about "WindowsSecurityCenter") and claimed that it had fixed them.
I had my task manager back, as well.
But whenever I reconnected my internet, the problems would return and spybot would find the sa... Read more

A:Yet another case of the Google redirect - pp10.exe running.

Hi,* Please download Malwarebytes' Anti-Malware from Here or HereDouble Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.In case you already used MBAM previously, please update it before proceeding with the scan. To do this, click the "Update" tab and click the "Check For updates" button.Once the program has loaded and updates were downloaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply along with a fresh HijackThis log.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.In case you lost internet access after performing above instructions:In IE: Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > unche... Read more

4 more replies
Answer Match 26.04%

Already did some scans with tdsskiller and hitmanpro and they detected Trojan-Spy.Win32.Zbot, Rootkit.Win32.PMax.gen, and rootkit boot.cidox.b, I'm not sure how this machine got so badly infected. The user may have opened a link or some file by accident.

The infected svchost.exe is causing the most problems, creating multiple various connections and slowing down the internet connection. Explorer.exe would also crash and would create connections as well. Internet explorer would pop up to back-linking websites.

No restore cd for this computer. Although I do have a copy of xp meant for dell machines and this is a dell.

Just need to know how i can stop the svchost.exe from creating connections.

dds attached

dds1.txt   9.67KB
1 downloads

A:Infected with mutliple malware, Cidox,Trojan-Spy.Win32.Zbot,Infected svchost.exe

Hello! Welcome to BleepingComputer Forums!
My name is Georgi and and I will be helping you with your computer problems.
Before we begin, please note the following:
I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

Please download Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your re... Read more

15 more replies
Answer Match 26.04%

I have a mild adware infection that is affecting every computer that goes through my network. Superantispyware can find and remove ONE file(no active, no registry) that is associated with this attack and the problem is resolved (ie. it does not come back unless i log into this particular network, it's still gone when I restart the computer, etc). The adware does not affect any of my cleaned computers unless I am logged into MY network. A clean load of windows XP with service packs loaded will immediately be infected on my network without so much as going anywhere aside from google.com.

As best I can tell my hijack this log is clean, but here it is for those of you who are far superior at this than I am. This is from the machine I am using which is currently infected.

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 10:43:09 AM, on 12/24/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\TrendMicro\HiJackThis\HiJ... Read more

More replies
Answer Match 26.04%

DDS (Ver_09-05-14.01) - NTFSx86
Run by Bogdan at 0:21:16,39 on 30.07.2004
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1251.380.1049.18.223.55 [GMT 3:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
H:\FIX\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\b... Read more

A:Infected by the same flash drive as this http://preview.tinyurl.com/o3l47t one was infected

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_Sca... Read more

2 more replies
Answer Match 26.04%

I was at a hotel a few weeks ago, and afterwards firefox kept redirecting me to ad sites. I ran Microsoft Security Essentials and detected and removed (partially?) a program called Nimda, but the redirects continued. None of my security software indicated any other problem, and the redirects seemed to be to fairly harmless sites, so I figured I'd wait for my programmer brother to get home for thanksgiving to fix the issue. Today, firefox redirected to a site with the words "please wait, loading." I immediately closed out but my computer was already infected. A program called "privacy.exe" in taskmanager started up- it's your typical faux-security program that prompts you to "clean your computer" presumably by downloading all kinds of other awful crap. This particular program kept closing down taskmanager after a couple seconds every time I tried to open it, automatically closed security essentials, closed all my other background programs, and wouldn't let me open hijackthis or firefox. I restarted in safe mode and ran security essentials, which found and removed something called "VirTool:JS/Obfuscator.CE," then restarted normally, but the situation hadn't changed. After some trying, I was able to open taskmanager and manually shut down "privacy.exe" before it shut me out, and that's as far as I've gotten. Keep in mind when reading my DDS log that I shut this program down already, because it prevents me ... Read more

A:Infected with unknown trojan/malware, has infected pc with rogue:win32/fakerean, VirTool:JS/Obfuscator.CE, and others so far

Hi,BitTorrentAbove listed ones are P2P file sharing programs. P2P downloads are nowadays one of those things that most likely bring infection into the system. My recommendation is to uninstall these (and other if present) P2P file sharing programs.Please visit this webpage for download links, and instructions for running ComboFix tool:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully first.Please continue as follows:Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards.

Click Yes to allow ComboFix to continue scanning for malware.When the tool is finished, it will produce a report for you. Please include the following reports for further review, and so we may continue cleansing the system:C:\ComboFix.txtNew dds log.A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

2 more replies
Answer Match 26.04%

Hello, I have a gateway desktop computer with Winidows XP SP3, Internet Explorer 8, 2GB RAM, and 600GB Hard Drive.Avira Free Antivirus detected TR/Drop.daws.juu in my recovery partition (D:\) yesterday. MBAM detected PUM.Hijack.StartMenu on my regular partition. I removed these infections and proceeded to backup some files to my eternal hard drive. While doing so, Avira detected TR/Keygen.AQ.19 and TR/Tool.Keygen.517 in the "system volume information" folder on my eternal hard drive. I removed these as well.Lately I've noticed that my computer would behave strangely but more of the behavior is so subtle that it's hard describe it properly. Every now and then a process named mme.exe would show up in the task manager. I did a little bit of digging and everything I found suggested that it is maliciious.I am usually able to resolve stuff like this on my own, but this time I'm getting nowhere. I have never had an infection on anything other than the partitiion that my operating system is installed on. I am need of your help badly. Thank you for your time, here are the logs. -----------------------------------------------------------------------------------------------------------------.DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702Run by Owner at 5:50:25 on 2012-02-10Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2022.1348 [GMT -6:00].AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}.===... Read more

A:Multiple Infections - Regular Partition infected with "PUM.Hijack.StartMenu" - Recovery Partitiion infected with...

Hi there,

It appears that you are receiving help at another forum: http://forums.majorgeeks.com/showthread.php?t=253464

Having multiple topics open at different forums only serves to confuse matters and waste the volunteers' time. In addition, it seems that you have since reformatted your drive. As such, I will close your topic here.

Regards.

Casey

1 more replies
Answer Match 26.04%

Hello,

I was contacted by some friends last Sunday who said they received lots of wierd emails from my email account. The emails contained nothing but a link. I did not send any emails over the weekend so I don't know how this happened. This must be a virus, right? I noticed my antivirus (avast!) began (a few days back) blocking a couple of malwares when downloading emails to Outlook 2007 on my laptop. It identified a infection called "Win32-Malware-gen". It now does this everytime I try to download emails and I now have duplicate emails in my Inbox. My antivirus identified the infected emails having subject "DHL Express Delivery" or "FedEx Service Notification" and a document.zip attachment which I think contained document.exe if I'm reading the Avast! log correctly. I did not open any of these emails. The antivirus moved them to chest but it seems the problem wasn't resolved. I then get a microsoft message saying Outlook encountered a problem and cannot exit. It offers me an "End Now" button, but it seems to get into a loop and the whole scenario happens again whereby Outlook reloads and I get the malware messages again.

Another problem I noticed which might be connected is that in IE8, whenever I attempt to login to any site it blocks and reloads webpage with "This tab has been recovered - A problem with this website caused Internet Explorer to close and reopen tab" message. Then it asks me t... Read more

A:Infected with Win32-Malware-gen - Emails (Infected?) spammed from my email account to many recipients without my knowledge etc.

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

13 more replies
Answer Match 26.04%

Hello, I am new and hope I am in the correct forum. If not please direct me to the right place. I am going nuts here. I am running Windows XP. I keep getting an extremely annoying warning message which says the following: There is an "x" in red beside the message...."Your System was infected by zlob trojan. It's very dangerous for your system (critical data can be lost)!Click OK to download the antimalware application to clean your hard disk (Recommended)"So you can see it looks very official. It is constantly popping up, especially when I used internet explorer, but not when I use Mozilla Firefox. When I click OK it goes to : setup.exe and says that the application is from 89.149.227.195. I am afraid to click on the setup.exe because I figure it is trying to sell me something.I have Norton Antivirus which I keep updated, but it says it has taken care of all the potential problems of adware and trojans, but this popup continues. I downloaded Avgfree and Spybot Search & Destroy and they say everything is cleaned up too, but the pop up continues. I have done scan using other programs such as SpyDoc and among other things they say I have:Trojan.FakeAlertTrojan.GenericApplication.NirCmdAdware.BHO.GENI ran HiJackthis and this is what it said:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:32:40 PM, on 4/4/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16608)Boot mode: NormalRunning processes:C:\WINDO... Read more

A:Keep Getting Warning Message That I Have Been Infected With Zlobtrojan Other Says Infected By Trojan.fakealert, Etc

Hi,I see you are running Teatimer.I suggest you to disable it because it can interfere with the changes you'll make on your system.When everything is done and your log is clean again, you can enable it again.If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.How to disable TeaTimer <== click me for instructions.After you disabled Teatimer, download ResetTeaTimer.bat to your desktop. (In case you use Firefox, rightclick the link and choose "save as").Doubleclick ResetTeaTimer.bat and let it run.This will only take a few seconds.I notice from the log that there are running more than one different Anti-Virus programs with Auto-protect enabled. AVG and NortonNever install more than one Antivirus and Firewall! Rather than giving you extra protection, it will decrease the reliability of it seriously! The reason for this is that if both products have their automatic (Real-Time) protection switched on, your system may lock up due to both software products attempting to access the same file at the same time. Also because more than one Antivirus and Firewall installed are not compatible with eachother, it can cause system performance problems and a serious system slowdown. So you have to make a decision here and keep the Antivirus you prefer and uninstall the other one.Then reboot after uninstalling.Also,I see you have Viewpoint installed...Viewpoint Manager is considered as foistware instead of malware since i... Read more

5 more replies
Answer Match 26.04%

Hi, everyone... my name is Avi... and I'm running XP service pack II. I thought I was pretty good with computers, since I've been playing with them since the era of Wing Commander and Star Control II, and usually I can solve computer issues on my own. However, 2 days ago I noticed that my background had changed to a blue screen that said "Warning, Spyware detected your computer...", and I repetively get a "Blue screen of death" notice on my computer which indicates that its about to shut down, but... then it just goes back into windows. My system restore seems to have become disabled, and the background and screensaver modes on my display menu are not working. I have Kaspersky AV 7.0 installed, but I never installed the Kaspersky firewall cause i felt it slowed down my PC too much. I am running the windows firewall, though... and I have adaware. Please help me get my PC back to normal!I ran the Deckard's Scan, along with the Hijack This scan, and I have included main.txt and extra.txt in this post. Thanks so much!Deckard's System Scanner v20071014.68Run by Avishek on 2008-06-14 15:19:30Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Failed to create restore point; System Restore is disabled (service is not running).Backed up registry hives.Performed disk cleanup.System Drive C: has 15.3 GiB (less than 15%) free.... Read more

A:Infected With Trojan.win32.pakes.czg/warning Your Computer Has Been Infected...

Hello Ice9996 and welcome to BC. Let's see what we can find. Please follow the steps below in order:Before running a new scan let's clean out the temporary folders. Download ATF Cleaner to your Desktop.Double-click ATF-Cleaner.exe to run the program.Click Select All found at the bottom of the list.Click the Empty Selected button.If you use Firefox browser, do this also:Click Firefox at the top and choose Select All from the list.Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser, do this also:Click Opera at the top and choose Select All from the list.NOTE : If you would like to keep your saved passwords, please click No at the prompt.Close ALL Internet browsers (very important).Click the Empty Selected button.Click Exit on the Main menu to close the program.Now download OTScanIt from here or here to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.Note: You must be logged on to the system with an account that has Administrator privileges to run this program.Close ALL OTHER PROGRAMS.Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
In the Drivers section click on Non-Microsoft.Under Additional Scans click the checkboxes in front of the following items to select them:Reg - BotCheck
File - Additiona... Read more

1 more replies
Answer Match 26.04%

Here is my log using HijackThis. My contacts in Windows Live Messenger are receiving pop-up message notifications with infected links. Norton is not picking anything up, and computer is running really slow. Malware Bytes did not pick anything up either. Any help would be appreciated ... thanks!-------------------------------------------------------------------------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:42:41 PM, on 05/07/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16850)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Rogers Online Protection\Rogers Online Protection\Fws.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Rogers Online Protection\Rogers Online Protection\rps.exeC:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Prog... Read more

A:Spyware infected, MSN Live Messenger sending out IM with infected links

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 26.04%

WinXP Service Pack 3 Dell m4300 machine.Last week, let wife use machine, surfed to billboard.com and machine was infected with something.Could not open Task Manager among other things.Shut down, restarted, on restart, logged in to different local admin user and deleted all temp files from profiles. That stabalized machine. Updated McCafee and Ad-Aware. Scanned, no major issues uncovered first day.2nd day, same thing, updated McCafee, Ad-Aware, scanned. McCafee removed a virus, cannot recall which.Machine seemed stable.This week, started getting hijacked links in Firefox and IE. Also locked pop-ups with 'x' and 'cancel' loopping back to advertisement pop-ups.Also, evertime opened a new tab in firefox, a new firefox window would pop-up with a dozen or so tabs open to local files.I was in an urgent situation, so I ran Combofix, it found some stuff and removed it. The entire Combofix.log will be pasted below. Note, I could not figure out how to turn off McCafee on-access scan, so ran it with it on, and I could not download the 'update' for combo-fix, so it ran as I downloaded it.The machine is now stable, but I would like expert help making sure it is clean.After the Combofix log below, I have posted the DDS.scr and the RootRepeal.exe logs from this morning.Please let me know.Thank you, Pete.ComboFix 09-12-02.01 - pwood 12/02/2009 10:07.1.2 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.3072 [GMT -6:00]Running from: d:\downloads\cf\... Read more

A:Infected Machine - infected copy of atapi.sys found by Combofix

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until ... Read more

3 more replies
Answer Match 26.04%

I was infected with vundo, and I thought I cleaned most of it out using SpyDoctor, Spybot S&D, vundofix, etc. but whenever I log back on, I'm still infected.Please help!Here's my HJT log. Not sure what to do to get rid of this infection. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:15:55 AM, on 10/21/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Dell\Media Experience\PCMService.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Files\Intel\Modem Event Monitor\IntelMEM.exeC:\WINDOWS\System32\DSentry.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:... Read more

A:Infected with Vitrumonde. Used SpyBot, SpyDoctor, VundoFix, VirtuBGone, still infected

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you with your log.I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If you still need help, post a new HijackThis log.You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.Please take note of some guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself. Finally, p... Read more

16 more replies
Answer Match 26.04%

Hi, Our computer has been infected since yesterday with the SMART HDD virus, which has been hiding all programs. I also believe our computer is infected with a TDSS type of rootkit virus in reading thru you website, as we've been having redirects happening in the search results of Google and BING for quite a number of weeks now.

We have a WINDOWS XP Service Pack 3 computer.

The SMART HDD virus had (at first) completely hidden all the programs from me and made them in-accessible. (see below) I was able to "un-hide" the programs, which allowed me access to Internet Explorer, Outlook Express and a few other programs, but not access to the important virus programs such as Malwarebytes and it wouldn't allow me to run the TDSSkiller program (even with re-naming it.), DDS froze up my system twice so I've not tried it again.

What I've done so far:

From a work computer on a whole different network, I was able to read up on your site, good information on what is going on and the steps I needed to take. However, the system is not allowing me to take the necessary steps, so I'll definitely need your help in getting around these roadblocks. I have been running my computer in SAFE MODE and doing that - I was (at first) able to un-hide the programs that are non-accessible, by going to My Computer and following the steps your site says to do. That temporarly enabled me to un-hide the programs, but now, the programs are hidden again. Before the progra... Read more

A:Infected with SMART HDD and also appear to be infected with a rootkit (TDSS type of issue)

Hello and Welcome to Bleeping Computer!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE:... Read more

24 more replies
Answer Match 26.04%

So at first I had the "Internet Security 2010" bug, but I think I fixed that with rkill. But now I got the green desktop with the "system is infected" message. I have heard of people who have this problem trying to restart only to find their system totally screwed, so I'm scared to turn off/restart. I have run DDS and Root Repeal. I know its Christmas, but please help!!!
DDS (Ver_09-12-01.01) - NTFSx86
Run by Michael at 3:25:14.42 on Fri 12/25/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.44 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome... Read more

A:Infected, Big Time... Green Desktop with "Your System is Infected" Message

Visit below website. Understand on how to use ComboFix >> download and run the program >> post the log here http://www.bleepingcomputer.com/combofix/how-to-use-combofix

9 more replies
Answer Match 25.62%

SUPERAntiSpyware has found 5-6 instances of registry keys infected as unclassified.uknownorigin and appears to be unable to delete them despite repeated efforts.

I have run Advance Systemcare 3 in hopes of deleting it to no avail.

Any help would be greatly appreciated!

A:Infected? SUPERAntiSpyware finds infected registry keys

Hi and welcome to BleepingComputer The process of cleaning your computer may require temporarily disabliling some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Result... Read more

6 more replies
Answer Match 25.62%

Hi,My Dell Inspirion N400 notebook Running Windows 7 64 bit (Pro), [OS Version: 6.1.7601 ServicePack: 1.0] has become a playground of miscreants from four courners of earth and time is running out. It all started 2 months ago when I opened an email with title that my teenage daughter daughter sex video is on internet. I never would click such a link but it was forwarded by my mother so I was in distress, so I clicked a link in it. It was luckily daughter of someone else and not mine since I never been or had relations with anyone from Nigeria.But from that day slowly everything breaks. My virus killers (Kaspersky then Bit Defender, and Windows Defender and Titanium Trend Micro) get turned off or stop responding. Before I had 36 processes after starting up and now I have 60, and a half hour later over 100 processes that take 100% cpu, 100% of my 8gig memory, and 100% hard drive activity.I reinstalled operating system 3 times on C drive but I have on D drive all my things in storage and in matter of a day after reformatting C and reinstalling, the ghost in machine is back. I have sometimes 10-30 errors in my event logs on a good hour, and 2-3 critical errors every few days. My external monitor port on laptop stopped working, my network cable port (looks like telephone jack) stopped working and I use usb connection to adsl modem. My camera can not be found and is unknown device accepting no drivers but sometimes it turns on and looks at me.Criminal hacker gangs are locked in bat... Read more

A:Infected by 36 Viruses/Trojans/Malware - Infected My Professor

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

1 more replies
Answer Match 25.62%

Yesterday while on the computer I suddenly got the Positive Finds popups. I had malwarebytes premium running and it wasn't able to prevent it I guess.

Ran a scan with MBAM and it detected it, I restarted thought it would be fine but Positive Finds is still all over my browser

This is the first virus/spyware/adware I've gotten in years so I would like some assistance from you guys

Thanks

A:Infected with Positive Finds adware, already took some steps but still infected

Never mind all I had to do was reinstall Chrome and it's gone now

2 more replies
Answer Match 25.62%

computer started out with avg detecting several resident shield viruses. noticed ping.exe was using my entire system resources. Firefox was hijacked and started opening random pages. Shut computer down and rebooted into safe mode. Cannot do system restore, tried several restore points with no sucess. Ran AVG in safe mode, backdoor generic14.cbjj found and supposedly white listed as necessary. Ran spybot s&d couple of harmful intrys found. Ran Malewarebytes in safemode trojan horse c:\windows\sytem32\Drivers\netbt.sys. virus fsquirt.exe found and supposedly deleted. Now are booted into safe mode with no connectivity and still obvious that my computer is sick. Need help with how to get back online and get the tools to help me correct this virus. Got help from BC Advisor Broni as to tools to help get this started. Computer is now booted to regular mode and I have ran the requested tools and am posting results as follows

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_26
Run by Cara Leigh at 15:40:52 on 2011-12-13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1547 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\... Read more

A:Backdoor.Generic14.cbjj infected netbt.sys infected

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/432355 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

21 more replies
Answer Match 25.62%

Since today, my computer doesn't load the explorer anymore. I can still run it through Windows Task Manager though but running explorer.exe, but after it loads, my background has been changed to a message saying "WARNING! You're in Danger! Your computer is infected with Spyware! All you can do with computer is stored forever in your hard disk."
It also constantly badgers me with faulty anti-virus applications called "System Security."

Thank you very much for any help.

Update: I can't load up any applications or even task manager after explorer has started. An icon in the bottom right continues to state "Warning! Application cannot be executed. The file _______.exe is infected. Please activate your antivirus software."

A:Infected: WARNING! you're in danger! Your computer is infected with Spyware!

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:

Having problems with spyware and pop-ups? First Steps

link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

1 more replies
Answer Match 25.62%

Two days ago my computer got infected w/ Internet Security 2010. I did research online and found advice on threads to get rid of it by trying Malwarebytes Anti-Malware and it hasn't worked. I've ran 4 full scan's and each time it pops up with new infections. I have cut off all ties to the internet and have tried performing the "full scan" under safe mode but I still have the blue/green desktop w/ the "Your computer is infected" box in the middle of the desktop and the Internet Security 2010 Icon on the desktop. Now the pop-ups have stopped but how do I get rid of the icon and "box" in the middle of the desktop??? Please help, want to have my laptop back to normal!! :(

A:Infected w/ Internet Security 2010; tried Malwarebytes & still infected

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:

Having problems with spyware and pop-ups? First Steps

link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

1 more replies
Answer Match 25.62%

Directrdr has infected my computer. I run Firefox 3.5.3 and I cannot search with Google, Bing, or any other search engine that keep logs of my search history. Each time I use one of these search engines new tabs and/or new windows will open up to pages that I did not open myself. I can see the hxxp://www.directrdr.com . . . in the address bar and then it redirects to some other website that I did not authorize. I can use IXquick with few problems, it does not redirect to other pages, but sometimes new tabs will open anyway. When I run IE and try to navigate away from my homepage-MSN it redirects too. I have run Spybot, AVG, Malwarebytes, SDFix, and various others, tried cleaning in Safe Mode and I cannot get rid of this thing. Please help. Thank you for your time.I do not have a GMER file to attach because it keeps crashing. I tried to run it twice and each time it keeps stopping before it can complete its task, it will scan a few files and then stop. Error Message:gmer.exe has encountered a problem and needs to close. We are sorry for the inconvenience. DDS (Ver_10-03-17.01) - NTFSx86 Run by at 18:04:11.65 on Thu 07/01/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.446.68 [GMT -5:00]AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-5... Read more

A:Infected with directrdr browser hijacker?! Firefox & IE infected.

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.Note** If you are having problems posting the complete log into this thread upload them here http://www.rapidshare.com/ and post the links in this thread We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.I order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is ... Read more

42 more replies
Answer Match 25.62%

i was recently infected with a backdoor.trojan which norton anti virus quarantined and i subsequently deleted it in norton anti virus but i do not know if my system is clean or if it still infected. i would be very grateful if someone could take a look at my log below. thankyou.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 18:49:40, on 17/07/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exec:\APPS\Powercinema\Kernel\TV\CLCapSvc.exeC:&... Read more

A:Recently Infected With A Backdoor.trojan , Help Needed Please To See If Still Infected

Hello monkeyface, Sorry for the delay. We have many logs backed up. I am SifuMike and I will be helping you. Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update. Updating Java: Download the latest version of Java Runtime Environment (JRE) 6u2. Scroll down to where it says "Java Runtime Environment (JRE) 6u2". Click the "Download" button to the right. Check the box that says: "Accept License Agreement". The page will refresh. Click on the link to download Windows Offline Installation, Multi-language jre-6-windows-i586.exe and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Examples of older versions in Add or Remove Programs:
Java 2 Runtime Environment, SE v1.4.2
J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 6 Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6u2-windows-i586-p.exe to install the newest version.**********************You will need to use Internet Explorer for this scan. Disable your Norton Antiv... Read more

10 more replies
Answer Match 25.62%

Hi,
I have Dell Inspiron E1405 with Win XP SP3. For last 15 days I am infected with rootkit-agent.sys and tried every malware/antivirus/spyware tool suggested by "am i affected forum". since the rootkit could not be fixed, I was advised to visit HJT forum. need help.
I keep getting rootkit detected message by my AVG.
I am pasting DDS below and also attaching the "attach" file.
request your attention.
regards
g10

**************

DDS (Ver_09-06-26.01) - NTFSx86
Run by first at 22:50:06.40 on Thu 07/23/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.372 [GMT 5.5:30]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
... Read more

A:infected with rootkit-agent.di ndis.sys file is infected

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

11 more replies
Answer Match 25.62%

This is my first post!

It may be me just being paranoid, but around a month ago, I was on a japanese import website looking at cars and it told me to download the latest version of flash player and I thought it was legitimate.

Anyway, I downloaded off a mirror link to find that when I ran it I had a fake police "lockdown" on my machine.

I managed to remove it once, but it reappeared. I then the second time logged off my pc but did not "force log off" and managed to get around the fake "lock down" the virus had made.

I have managed to remove all of the startup entries of the virus programs and all of the original files.

However, now my MSCONFIG thinks that my Norton 360 is disabled on startup, yet it startsup fine?

I had to re-enable all of the services on my PC to make sure everything was working, but now my computer takes minutes to boot up with all programs working, as opposed to before the virus I could load norton instantly.

Any help would be great, I have done scans with Norton 360, Malware-Bytes and SpyBot Search and Destroy 2 since.

Thanks,
Stallzy.

A:Infected by Fake Police virus and removed, still think my PC is infected.

Hi stalzy ,, Lets look a bit farther.Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Download TDSSKiller and save it to your desktop.Extract (unzip) its contents to your desktop.Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.It may ask you to reboot the computer to complete the process. Click on Reboot Now.If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here....ADW CleanerPlease download AdwCleaner by Xplode and save to your Desktop.Double click on AdwCleaner.exe to run the toolClick on the Scan button.AdwClean... Read more

15 more replies
Answer Match 25.62%

Hi, Rigel has been trying to help me, but has now suggested I post here instead. Unfortunately, he was unable to help me.http://www.bleepingcomputer.com/forums/t/222246/infected-please-help/Log created by WinPatrol version 15.5.2008.0:15.5.2008.0Scan saved at 10:58:02 AM, on 5/18/2009Platform: Windows Vista SP1 Home Edition Service Pack 1 (Build 6001)MSIE: Internet Explorer (7.00.6000.16386)Boot mode: NormalRunning processes:C:\Windows\System32\taskeng.exeC:\Windows\System32\dwm.exeC:\Windows\explorer.exeC:\PROGRAM FILES\WINDOWS DEFENDER\MSASCui.exeC:\PROGRAM FILES\SIS VGA UTILITIES\SiSTray.exeC:\Windows\RtHDVCpl.exeC:\PROGRAM FILES\SPARE MESSAGING\MESSAGINGAPP.EXEC:\Windows\V0380Mon.exeC:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROL.EXEC:\PROGRAM FILES\Java\jre6\bin\jusched.exeC:\Windows\ehome\ehtray.exeC:\PROGRAM FILES\Creative\SHARED FILES\CTSched.exeC:\Windows\System32\wbem\unsecapp.exeC:\Windows\ehome\ehmsas.exeC:\PROGRAM FILES\WINDOWS MEDIA PLAYER\wmpnscfg.exeC:\PROGRAM FILES\INTERNET EXPLORER\ieuser.exeC:\PROGRAM FILES\INTERNET EXPLORER\iexplore.exeC:\Windows\System32\Macromed\Flash\FLASHUTIL9F.EXEC:\PROGRAM FILES\WINDOWS LIVE\MESSENGER\msnmsgr.exeC:\PROGRAM FILES\WINDOWS LIVE\Contacts\wlcomm.exeC:\PROGRAM FILES\COMMON FILES\Adobe\Updater5\ADOBEUPDATER.EXEC:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROLEX.EXER0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL... Read more

A:Infected, unable to identify. Moved from Infected Forum.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

48 more replies
Answer Match 25.2%

Hi there!I'm infected with some very annoying trojan, ive previously ran adaware, spybot search and destroy, avg free antivirus, avast. Some of these picked up the problem, but im still getting the "yourieprotect" homepage when i go on internet explorer.I have ran everything as per this link: http://www.bleepingcomputer.com/forums/t/63896/how-to-remove-virusburst-removal-instructions/This is my smit file: smitRem ? log file version 3.2 by noahdfearMicrosoft Windows XP [Version 5.1.2600]"IE"="6.0000"The current date is: Wed 11/29/2006 The current time is: 14:26:06.57Running fromC:\Documents and Settings\Mourad\Desktop\smitRem~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Pre-run SharedTask Export(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)Copyright? 2006 BleepingComputer.comRegistry Pseudo-Format Mode (Not a valid reg file):[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader""{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]@="%SystemRoot%\system32\browseui.dll"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]@="%SystemRoot%\system32\browseui.dll"~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Appinitdll check ........ Thank you Grinler!dumphive.exe ?2000-2004 Markus StephanyREG... Read more

A:I Am Also Infected With: Infected With W32/[email protected] A/k/a Zlob Trojan

Hi medicineman1984 and welcome to Bleeping Computer Please post a HijackThis log to here:Click here to download HijackThis.exe Save HijackThis.exe to your desktop. Create a new folder named HijackThis to your desktop. Move Hijackthis.exe into that folder. Run HijackThis.exeClick on the Do a system scan and save a log file button. It will scan and then ask you to save the log.Click Save to save the log file and then the log will open in notepad.Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.Come back here to this thread and Paste the log in your next reply.DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

1 more replies
Answer Match 25.2%

Hello! I am posting because I have offered to clean up a computer for a coworker, and want to make sure I do a thorough job. So far, I have seen indications of at least 4 separate malware programs. The first was Antivirus 360, which I believe I deleted for the most part via manually removing the files and registry values. I have also seen VirusProtect 3.8 and 3.9, though I had no luck locating the files I was told to delete...so I am not sure if the infection is there or not. His computer already has "Verizon Internet Security" installed, and I used that for an initial scan to see what it found. I deleted what it found, though that was done in safe mode, before I deleted all the files manually for AV360. When I enable Verizon Internet Security, it pops up two warnings, which mention a file by the name of Trojan.Win32.Monderb.xgy, in the C:\WINDOWS\system32\ljJCvSiI.dll. I looked up that file, and saw it was connected with the "Vundo" virus...or something along those lines. His computer is not connected to the internet at the moment. I am using my laptop to access the net, and transferring files via a flash drive to his computer. I have scanned with DDS, and will provide the log. I also have HJT ready to run on his desktop, as well as ComboFix. Here is the DDS log: DDS (Ver_09-01-19.01) - NTFSx86 Run by HP_Administrator at 16:34:39.23 on Mon 01/26/2009Internet Explorer: 7.0.5730.13Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033... Read more

A:Computer Infected/Possibly Infected With Various Malware

Hi,Your system is severly infected. I can see more malware present than anything else... Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.Also, I can't promise you we can repair all the damage it caused... Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution.So, we can try to clean this up and do what we can, but keep in mind that we can't solve ALL problems this malware already caused.In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start. Reason I am telling this is because when a system is so terribly infected and we try to clean this up manually, the damage that is already present may interfere with our removal attempts. Actually, this doesn't suprise me at all...From the log I see:AV: Authentium Antivirus *On-access scanning enabled* (Outdated)AV: Verizon Internet Security Suite Anti-Virus *On-access scanning disabled* (Outdated)FW: Verizon Internet Security Suite Firewall *disabled*What's the point in having a security Suite / Antivirus present if it's outdated and disabled.Most probably the sub... Read more

7 more replies
Answer Match 25.2%

Hi!

I seem to have been infected with some particularly vicious malware..

I get a red bubble with a white 'x' on my taksbar. The message 'your computer is infected! WIndows has detected a spyware infection! Click here to protect your computer with spyware!'

Anti - Vir is going nuts over it (It keeps on picking up trojans and worms) Malwarebytes' Anti-Malware can't get rid of it, and neither can spybot. It has turned off Windows firewall and won't let me turn it back on.

I use Windows XP, have automatic updates turned on, am running SP2 and update Antivir, Spybot and Malwarebytes' Anti-Malware regularly.

It won't let me run ad-aware or spybot.

If you require any further information, let me know!

Many thanks in advance for any help you can give me

Rob

DDS (Ver_09-07-30.01) - NTFSx86
Run by admin at 11:14:16.37 on 02/09/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.1023.453 [GMT 1:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.ex... Read more

A:I'm Infected with 'Your computer is infected' taskbar malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

13 more replies
Answer Match 25.2%

Hi all, sent here by Broni for elevated help.  Basically, to summarize, I got a worm possibly through a vulnerability in Flash and from an infected ad (I've only browsed legit websites and I have McAfee SiteAdvisor) and as is typical of people who have the worm, I can't remove it.  Apparently, it's infected my MBR and I was told to run DDS.

Here's DDS.txt

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16483  BrowserJavaVersion: 10.21.2
Run by Daniel at 18:10:34 on 2013-05-25
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.4093.1324 [GMT -4:00]
.
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system3... Read more

A:Infected MBR; Infected with MSIL/Necast.D worm

Hello DasNasty I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same"... Read more

12 more replies
Answer Match 25.2%

Looking for help to remove this dasterdly thing / Been several days on it.

Cannot go to Microsoft to download updates - "Internet explore cannot display this webpage"

system hangs badly

I.E. icon shows alot of activity in system tray

Thank you in advance

DDS Log below and Attach.txt, Attach.zip and Ark.txt attached also

DDS (Ver_10-10-21.02) - NTFSx86
Run by Mike at 16:05:53.54 on Sat 10/30/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.434 [GMT -4:00]

AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Worm Protection *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Micros... Read more

A:Infected with TDL4 Rootkit - MBR Possibly Infected

Hi there,I see you've run ComboFix....could you please post the report from it? Also, I see Geek Squad got you...or are you them???? I'd like to know if anything else was done is why I ask.Download TDSSKiller.zipExtract it to your desktopDouble click TDSSKiller.exePress Start Scan
If Malicious objects are found then ensure Cure is selectedThen click Continue > Reboot nowCopy and paste the log in your next reply
A copy of the log will be saved automatically to the root of the drive (typically C:\)Thanks,tea

10 more replies
Answer Match 25.2%

Posted about my main box and my vista spare part box.. this is to figure out whats up with one of three laptops that were all on a router together... This laptop crashed after getting the infection I recovered via the harddrive acer setup. No optical drive onstalled this is one of two acer netbooks we use in our family. Thoiught i reinstalled everything i believe a rootkit of some sort has ahold of this laptop...settings change on there own cpu usage is about 50% when just sitting idle from user stand point.

Please let me know what logs to provide.. Thanks again to all that have helped thus far and continue to be a great support.

btw: this laptop is an acer aspire one with win xp..

A:My laptop is infected... part of a group of pc's infected

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===
Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Delete tab follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).

Please download ComboFix from one of these locations:
Link 1
Link 2
IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.Double click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download a... Read more

32 more replies
Answer Match 25.2%

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:36:36 μμ, on 26/5/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16827)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Creative\Shared Files\CTAudSvc.exeC:\Program Files\Unlocker\UnlockerAssistant.exeC:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exeC:\Program Files\Motorola\SMSERIAL\sm56hlpr.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exeC:\Program Files\Creative\Sound Blaster X-Fi Surround 5.1\Console Launcher\CTAPR2.exeC:\Program Files\Creative\Shared Files\Module Loader\DLLML.exeC:\WINDOWS\system32\RunDll32.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Pr... Read more

A:Infected with a virus that causes NOD32 to remove any .exe that is not infected

Hello and to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.-----------------------------------------------------------We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, ... Read more

2 more replies
Answer Match 25.2%

hi

A:Steam infected with Adware (Chrome also was infected)

This topic will be closed due to presence of pirated content.

Piracy policy

1 more replies
Answer Match 25.2%

Here is my DDS log. Right now my desktop is pure white and I can't set a background image. Also I have a red X showing up in the tray saying "Your Computer is Infected - Click Here to Remove"

DDS (Ver_09-02-01.01) - NTFSx86
Run by Compaq_Administrator at 14:46:59.31 on Tue 02/10/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.606 [GMT -5:00]

AV: avast! antivirus 4.8.1296 [VPS 090210-0] *On-access scanning enabled* (Updated)
FW: Norton Internet Worm Protection *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSr... Read more

A:Infected with "Your computer is infected with a virus - Click Here"

Forgot to mention when I use google in Firefox, I have to open the link 6 or 7 times before it actually brings me to the link, other times it is redirected to a number of sites.

12 more replies
Answer Match 25.2%

I am finding increasingly more machines where antivirus can't seem to disinfect a machine, even with the latest definitions.

Is there a solution for this?

What is everyone else doing to cope with this problem?

I used to be able to disinfect an infected machine and really get it out. Now, after disinfection, I frequently see new alerts within just a few minutes for viruses that I know are included in the virus definition file.

Case in Point: I went on a service call today and found a dozen different viruses in over a hundred different files spread over an eight-computer LAN. After two and a quarter hours of defeat after defeat, I loaded up the entire network, router and all, and brought it back to my shop. This is a drastic step; but, I gotta' know for sure that they are clean when they go back and this is the only way I know to do it with certainty.

I have always been told that one should not run two antivirus programs at once. I'm now doubting one program can do it. Maybe two can't either; but, I am seeing situations where I believe two is better than one.

NTFS has only made it more difficult. I frequently have to remove an NTFS drive and connect it to a known-clean machine to remove viruses. But, that leaves all the virus-related lines in the registry of the non-active but suposedly disinfected drive.

Anyone have any suggestions how one can do a sure-clean on an infected NTFS machine without going to such drastic steps?

There's got to be a ... Read more

A:Infected, cleaned, still infected--can antivirus disinfect it any more?

7 more replies
Answer Match 25.2%

Referred here from: http://www.bleepingcomputer.com/forums/t/218785/i-think-i-have-a-keylogger-problem/ ~ OBHello there. I first posted on "Am I Infected" because I had a keylogger problem. That was solved, but apparently the member working with me said I was still infected which was the reason my computer slowed down in the past couple of weeks. He said he couldnt find the AntiVirusSentry file with all the MAMB and SAS scans I did after getting rid of my other problems, so he sent me here. I know my computer is slow, only have 512 of RAM and some of my drivers and BIOS need updates, but its never been this slow. Sometimes while opening a new window, the internet freezes (quite often lately), and sometimes I have to shut them down by using CTRL+ALT+DEL. Other times an error message about runtime appears and says the window has to be closed. I've read it was a problem with the latest Adobe, but I dunno. I just know its painfully slow at the moment. Please help me.DDS (Ver_09-03-16.01) - FAT32x86 Run by Andr? Caetano at 17:21:17,58 on 18-04-2009Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13Microsoft Windows XP Home Edition 5.1.2600.3.1252.351.2070.18.1014.418 [GMT 1:00]AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)AV: Avira AntiVir PersonalEdition Classic *On-access scan... Read more

A:I'm infected - "am I infected" couldnt solve the problem

Should I post a new log? A member told me after I post a log I shouldnt change anything but I did check the disk for errors and I disfragmented the disk. Not sure if that affects anything?

59 more replies
Answer Match 24.36%

Hello computer gods,I'm hoping you can fix my problem I've been infected with drsmartload, and I ran smitfraudfix. It said that it cleaned it up but it's still popping up as infected and I'm getting ridiculas adware and project 1 boxes. I will post my "hijack log" and hopefully this is the right forum if not please redirect me. Im looking foward to getting rid of this "Freakin" thing. CheersMSmitFraudFix v2.109Scan done at 20:14:36.00, Tue 10/10/2006Run from C:\Documents and Settings\Magg\Desktop\SmitfraudFix\SmitfraudFixOS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTFix run in safe mode???????????????????????? Before SmitFraudFix!!!Attention, following keys are not inevitably infected!!!SrchSTS.exe by S!RiSearch SharedTaskScheduler's .dll???????????????????????? Killing process???????????????????????? Generic Renos FixGenericRenosFix by S!Ri???????????????????????? Deleting infected filesC:\drsmartload?.exe DeletedC:\WINDOWS\keyboard1.dat DeletedC:\WINDOWS\newname.dat DeletedC:\WINDOWS\teller2.chk Deleted???????????????????????? Deleting Temp Files???????????????????????? Registry Cleaning Registry Cleaning done. ???????????????????????? After SmitFraudFix!!!Attention, following keys are not inevitably infected!!!SrchSTS.exe by S!RiSearch SharedTaskScheduler's .dll???????????????????????? End

A:Infected With Drsmartload Used Smitfraudfix Still Infected

I will post my "hijack log" and hopefully this is the right forum if not please redirect me.Please read and follow all instructions in the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". You may have performed some of these steps already. About half way down are instructions for downloading HijackThis and creating a log.When you have done that, post a log in the HijackThis Logs and Analysis Forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. Please include the top portion of the HijackThis log that lists version information. An expert will analyze your log and reply with instructions advising you what to fix.Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Te... Read more

2 more replies
Answer Match 24.36%

I have a badly infected computer that I would like to make a copy of the whole system to mail to one of the av/am vendors. I think it has some new variants on it.

Can the drive it self become infected so that I may not be able to trust that anything else I create with this drive will not be also infected?

While this drive is not really exspensive I do not really have the finances to casually replace it.

A:Can a USB Cd/rom be infected plugging into a infected system

Hello dannyboy950:

If your computer is badly infected, then backing up the system will just copy the infections to any backup DVDs, which you obviously know.  I don't think you need to worry too much about your external DVD drive being infected, per se.  That would only happen if one or more of the infections could compromise the DVD firmware or the USB driver(s).

You should be aware though that many variants of viruses and malware will disable the Windows Volume Snapshot Service (VSS) which will prevent the creation of backups and system restore points.

My advice would be to follow the directions here and submit an Farbar Recovery and Scan Tool (FRST) log to the trained Bleeping Computer Malware Response Team members in the Virus/Trojan/Spyware and Malware Removal Logs Forum.

You should be aware that the anti-malware response community shares their information with other anti-malware/virus vendors and experts.  If you have been infected with zero-day malware and/or viruses, that information will be shared with those concerned,  Importantly, we need to restore your computer to full functionality, so I do recommend that you get it "disinfected" here.

I hope this is of some help.  Forum rules prohibit the posting of FRST logs in this particular Forum - they are only dealt with in the Forum I mentioned.  I am still in training, so I won't be able to assist you in the other Forum.

Have a great day.
... Read more

5 more replies
Answer Match 24.36%

Hi,

My computer is infected with some kind of virus. One of the many, at least it seam like there is. The serious one creates an Internet Gateway at LAN Controller bootup. I cannot disable the Internet Gateway directly but I can disable the LAN Controller (Local Area Connection) then it disapears. The second I enable the LAN Controller the Gateway gets connected again.

Additionally, It seams I have over 70 processes running at any given time, if that helps. Dell tells me the only thing I can do is to reformat. Please Help, I would rather not like to format my system.

I am sure you will find more than just that after reviewing the HijackThis Log file.

Please help me as soon as possible.

Thank you in advance,

Jadecad

===================

Logfile of HijackThis v1.99.1
Scan saved at 10:36:50 PM, on 12/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AO... Read more

A:Infected BAD, Please Help Virus Infected -Multiple?

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted.

Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding. Please ensure that there aren't any any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

* * * * * * ADDITIONAL DOWNLOADS * * * * * * * * * * * * * *

Download & install CleanUp.exe (not recommended for WinXP64)

I need you to update your copy of Ewido. Please go to this website - http://www.ewido.net/en/download/updates/
Download the full updated database (Approximately 3600 KB) & install it unto your copy of Ewido.

Please download & Install - FixWareout.exe

When you reach the final page of the installation process, make sure "Run fixit" is checked.
Follow the on-screen prompts & reboot your computer when instructed to do so.

**Do not be alarmed if your computer takes longer than usual to load.

After you have restarted, wait for HijackThis to launch automatically.
With HiJackThis & place a check next to these items and select "Fix checked":

R3 - Default URLSearchHook is missing
O4 - HKCU\..\Run: [UnSpyPC] "C:\Program Files\UnSpyPC\UnSpyPC.exe"
O16 - DPF: {B49C4597-8721-4789-9250... Read more

6 more replies
Answer Match 24.36%

When Windows loads, the "performance monitor" component for the optimizer pro virus calims that 375 items need to be cleaned and potimized. closing it out does not reactivate it. Mcafee also frequently pops up, preventing unwanted software from running. below is a copy paste of frst.txt and atached is the addition.txt file. Thank you.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-08-2015
Ran by teacher (administrator) on RM305-PC (28-08-2015 01:27:23)
Running from E:\
Loaded Profiles: teacher (Available Profiles: Rm305 & teacher)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Nalpeiron Ltd.) C:\Windows\SysWOW64\ASTSRV.EXE
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelpe... Read more

A:Infected with Optimizer Pro and pop says I am infected with viruses

Hello neuropocalyptic I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "th... Read more

0 more replies
Answer Match 24.36%

I too was recently infected with XP Security Tool 2010 and I used the fix described on BC. I installed Malwarebytes and FixExe.reg. This seemed to get rid of the problem. But very soon after each time I clicked on any link on Google on Firefox or Internet Explorer I am redirected to seemingly random advertisement websites. I also use Avira Antivirus protection and it pops up saying: HTML/Infected.WebPage.Gen in file C:\Documents and Settings\Network Service\...\2[1].php. If I catch the Avira popup and click remove it will Quarantine. However within 2 to 6 hours it returns.Have copied and pasted DDS.txt log, gmer.txt log, OTL,txt log, Systemlook.txt log and TDSKiller.txt log. Also attached the attach.txt file and gmer(ark) txt file. Sorry, did not untick the IAT/EAT box in gmer. Those are the logs myrti requested from toomuchpoison.Hope I didn't overdue it.Thanks,MajazzleDDS.txt log DDS (Ver_10-03-17.01) - NTFSx86 Run by Matt at 16:47:53.63 on Thu 04/29/2010Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_18Microsoft? Windows Vista? Home Basic 6.0.6002.2.1252.1.1033.18.1915.1050 [GMT -4:00]SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\Microsoft.Net\Framework\v3.0\WPF\... Read more

A:Infected with HTML/Infected.WebPage.Gen

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

26 more replies
Answer Match 24.36%

Today, I used a pendrive of a friend on my computer, I had auto folder open on. the folder opened and later to find nothing on the pendrive but only a E:\ folder inside the pendrive, then when i clicked hidden items viewable, i saw the pendrive logo I went inside transferred my important document since it needed an immediate printing. My computer has turned very slow following that and there are various hidden documents now on my desktop like $w_microsoft.docx which are of names of files i had deleted long ago and several other files which i had created and used long back but never used in the near history. Please help me fix this , remove the virus and get back to my old computer speed. Thanks alot for help in advance ----FRST LOG------- Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:06-05-2016 Ran by ASRLAPTOP (administrator) on DEEPAK (05-05-2016 18:57:15) Running from C:\Users\ASRLAPTOP\Downloads Loaded Profiles: ASRLAPTOP & Administrator & Guest (Available Profiles: ASRLAPTOP & Administrator & Guest) Platform: Windows 10 Home Single Language Version 1511 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entr... Read more A:I think i have been infected by a worm from using an infected pendrive, need hel Hello imdeepster I am Marie Curie and will gladly help you with any malware-related problems.Please familiarize yourself with the following ground rules before you start.Read my instructions thoroughly, carry out each step in the given order.Do not make any changes to your system, or run any tools other than those I provided. Do not delete, fix, uninstall, or install anything unless I tell you to.If you are unsure about anything or if you encounter any problems, please stop and inform me about it.Stick with me until I tell you that your computer is clean. Absence of symptoms does not mean that your computer is free of malware.Back up important files before we start.-------------------------------------------------------------- Please read the following warnings before you proceed. ComboFix Warning------------------------------ I see you have run ComboFix, a powerful first-responder malware removal tool, designed to remove some of the toughest malware; including bootkits, rootkits and backdoors. As stated in the disclaimer, the tool should not be used by someone untrained in its usage. Doing so may cause unforeseen circumstances, and could render your machine unbootable. For more information on why you should not run ComboFix without supervision, please read the following article.Backdoor Warning------------------------------ One or more of the identified malware is known to use a backdoor, that allows attackers to ... Read more 9 more replies Answer Match 24.36% I'm not sure what caused this as I didn't do anything out of the ordinary with my computer yesterday, but when I opened up itunes a message popped up from my anti-virus avg saying there were infected files in itunes by a trojan. I then clicked to heal them and when I tried opening up itunes it wouldn't let me because some files were missing so it wouldn't start. I figured something was wrong so I started scanning my computer to see what I could find. First I used Malwarebytes' anti-malware and that didn't find any infections, then I scanned it with avg and that found over 500 infections, not all of them were serious ones but some of them were trojans with itunes files. This morning I tried uninstalling and then reinstalling itunes thinking that might solve the problem, but it didn't work and itunes still won't start. I hope someone can help me solve this problem as I am not the best when it comes to computers. If you need anymore info please just ask. DDS (Ver_09-06-26.01) - NTFSx86 Run by Zac at 7:40:37.82 on Sat 07/25/2009 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.388 [GMT -4:00] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe... Read more A:Trojan infected itunes may have infected more Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more 2 more replies Answer Match 24.36% Hi I've had a few viruses named HTML/Infected.WebPage.Gen recently and I would normally be able to remove them myself using hijack this. But unfortunately hijack this isn't working for me and is coming up with an error. My anti virus is finding the viruses and I am removing them with the anti virus but they keep coming back.As soon as I click hijack this this message appears:For some reason your system denied write access to the Hosts file.If any hijacked domains are in this file, HijackThis may NOT be able to fix this.If that happens, you need to edit the file yourself. To do this, click Start, Run and type: Notepad ?C:\Windows\System32\drivers\etc\hosts?And press Enter. Find the line(s) HijackThis reports and delete them.Save the file as ?hosts.? (with quotes), and reboot.I have tried to do as it says above but another error message tells me that i am unable to save the file.I then clcik "OK" and then this error message appears:An unexpected error has occurred at procedure:ModMain_CheckOther1Item()Error#75 ? Path/File access errorPlease email me at [email protected], reporting the following:*What you were trying to fix when the error occurred, if applicable*How you can reproduce the error*A complete HijackThis scan log, if possibleIt then produces the Hijack scan, so then I proceeded to fix the files that I think may need fixing which are these files:BHO: thesuperads search enhancer: {b2fe5f61-3eb4-4e22-7c84-f52993635f52} - c:\wi... Read more A:Infected with HTML/Infected.WebPage.Gen Ok after reviewing the DDS log I now have removed the virus lol but I still haven't worked out what's wrong with my hijackThis?===========Hello While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.We ask that once you have posted your log and are waiting, pl... Read more 3 more replies Answer Match 24.36% Logfile of HijackThis v1.99.1Scan saved at 4:53:51 AM, on 01/04/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\PC Tools AntiVirus\PCTAVSvc.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Opera\Opera.exeC:\Program Files\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157O2 - BHO: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file)O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dllO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dllO4 - HKLM\..\Run: [VTTi... Read more A:Was Or Is Infected Infected With Torpig.c.trojan (or The Like) 1. Download this file - combofix.exe2. Double click combofix.exe & follow the prompts.3. When finished, it shall produce a log for you. Post that log in your next reply with a new hijackthis log.Note:Do not mouseclick combofix's window whilst it's running. That may cause it to stall. 49 more replies Answer Match 24.36% heyy guys, okayy so about a month ago a trojan managed to get onto my netbook and i scanned with malwarebyte antimalware and super antispyware in safe mode which seemed to fix is for the most part, but im still getting some problems and avast, mbam and superantispyware are all coming up clean. the worst thing is my internet just cutting out after about 40 minutes of use, wireless zero configuration turns itself off and will not turn on and one of the svchosts using way too much memory and cpu, but i cant turn it off because that just messes up my netbook. soo yeah some help would be great cuz this is really getting on my nerves. More replies Answer Match 24.36% Every 10 minutes or so, a red pop up box appears saying my computer is infected and asks if I would like to remove - it is called PC Security Guardian. Then a minimized window opens and says "PC Guardian has detected suspicious software - click to remove." There was no data from the GMER scan, so the ARK.txt log will not attach. DDS.txt Log: . DDS (Ver_2011-06-03.01) - NTFSAMD64 Internet Explorer: 8.0.7600.16385 Run by Dunigan at 18:50:36 on 2011-06-08 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3839.2739 [GMT -5:00] . AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8} FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\syst... Read more A:Infected with a pop ups saying computer is infected followed by a pig squeel Hello rallysport1992 ,Please download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application. For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan ... Read more 4 more replies Answer Match 24.36% Hi, I have tried a few different anti virus downloads to try and rid my computuer of the virus to no avial. Even purchased one which I know now was also a fake. Please help. Rick Rootrepeal_report_08_30_09__20_35_13_.txt 5.08KB 2 downloads A:Infected with Fake virus infected pop ups Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more 2 more replies Answer Match 24.36% Let the ol' lady use my PC and ends up getting a 'HTML/Infected.WebPage.Gen notification from AVIRA. Everytime she hits her blogs on IE it ends in bad news. Here is the DDS log. Not sure if I require the Kasperesky scan. I don't have it but will see what you guys say first. Hope this helps. Please advise. Your assistance in this matter is greatly appreciated.DDS (Version 1.1.0) - NTFSx86 Run by ALAN WONG at 21:12:00.89 on Tue 12/23/2008Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.438 [GMT -8:00]AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated)FW: Sygate Personal Firewall *enabled*============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Sygate\SPF\smc.exesvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\AntiVir PersonalEdition Classic\avguard.exeC:\WINDOWS\Explorer.EXEC:\Program Files\AntiVir PersonalEdition Classic\avgnt.exeC:\WINDOWS\system32\VTTimer.exeC:\WINDOWS\system32\S3trayp.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Pr... Read more A:Infected with HTML/Infected.WebPage.Gen Hi,sorry for the delay in getting back to you.If you still needs help, please do next:Click here to download HijackThis.Save HJTInstall.exe to your Desktop.Double click on the HJTInstall.exe icon to start the program.By default it will install to C:\Program Files\Trend Micro\HijackThisAfter the final dialogue box it will launch HijackThis.Click on the scan button. It will scan and then ask you to save the log.Save the log, and post me it in your next reply. 1 more replies Answer Match 24.36% I believe I have an infection. When I open my Internet Explorer and browse the internet, after a bit of time a new IE browser window pops up with various ads, virus protection offers, google things etc. It happens every so often. I have tried Malwarebytes, and it did not find the virus. Other virus removal tools have indicated the following is infected:fsvga.sysThe anti virus tools do say they fix it, but it gets infected again afterwards.I have seen the following message:Infected copy of c:\windows\system32\drivers\fsvga.sys was found and disinfected Restored copy from - Kitty had a snack And it continues to be infected.According to GMER, as im sure you will notice, it does show the following:C:\WINDOWS\system32\DRIVERS\fsvga.sys suspicious modificationC:\WINDOWS\system32\drivers\atapi.sys suspicious modificationI have followed you instructions on posting virus removal help request, and the requested files have been attached. Here is also the DDS as follows. Thank you for your help in advance on this matter:DDS (Ver_10-03-17.01) - NTFSx86 Run by Joel at 14:48:26.03 on Wed 06/09/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1482 [GMT -5:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exeC:\W... Read more A:Infected With Unknown - Infected fsvga.sys Hi and welcome to the Virus/Trojan/Spyware/Malware Removal forum,I am thcbytes and I am here to help you!I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Please perform all steps in the order received and do not proceed if you need clarification.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.After 5 days if your topic is not replied I we assume it has been abandoned and I will close it.I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!Again I would like to remind you to make no further changes to your computer unless ... Read more 11 more replies Answer Match 24.36% Bit of a wierd 1. Turned on my machine today, went to the toilet and came back and Avast was asking to restart my computer and do a full scan from boot up. I said yes but cancelled it because it was taking too long. I go look in virus chest and I noticed that tier0_s.dll from my steam folder is sitting in there, and that it was transfered in there today. But where it says "Virus description", it says "--no virus--" What does this mean? Is it some kind of false positive? Did I screw things up by cancelling the scan? A:Avast says I have an infected file...which isn't infected O.k, bit of research and looking on the Avast forums and it looks like it's a false positive 2 more replies Answer Match 24.36% Hi, My friend brought me her HP laptop a few weeks ago because it had a virus. I saw Security Suite stuff pop up all over, and you couldn't run ANYTHNG, so I used the instructions on this site to get rid of it. I thought it was gone but she brought her computer back to me a couple of weeks ago because she was getting popups again. Btw, she actually paid the security suite site thingy 80$. I'm having her go through the steps to get her money back for that now.
So I rescanned with AVG and malwarebytes and it didn't come up with anything. I kept the computer for a few days and used it like normal but got no popups so I gave it back to her. So about a week ago she gave me back the computer as the IE would not work. So I scanned it again and both malwarebytes and AVG came up with a couple of things and got rid of them.
So now I'd like to see if the computer really is clean.
Also, I'd like to know what she needs on here to keep the computer clean?? She scans with both AVG and malwarebytes but I'm not sure that is enough if she keeps thinking she's getting infected. I know she does a lot of facebook apps.

Also, this computer absolutely refuses to scan gmer. The first time I downloaded and ran it it scanned for about an hour then spontaneiously the computer shut down. I didn't see any messages because I wasn't paying attention to it when it shut down. So the next day (today) I tried to scan again and it stopped very close to the ... Read more

A:Was infected with security suite, re infected?

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
Do not d... Read more

19 more replies
Answer Match 24.36%

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:42:12, on 6.3.2008Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16609)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\RtHDVCpl.exeC:\Program Files\QuickTime\qttask.exeC:\Windows\SYSTEM32\taskeng.exeC:\Program Files\McAfee.com\Agent\mcagent.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Windows\system32\igfxsrvc.exeC:\Program Files\IP Monitor\IPMonitor.exeC:\Program Files\Conceiva\DownloadStudio\DownloadStudioScheduleMonitor.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exeC:\Program Files\Windows Live\Messenger\msnmsgr.exeC:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exeC:\Program Files\RALINK\Common\RaUI.exeC:\Program Files\WinZip\WZQKPICK.EXEC:\Program Files\EarthView\EarthView.exeC:\Program Files\Microsoft Office\Office12\ONENOTEM.EXEC:\Program Files\U.S. Robotics\U.S. Robotics USB Phone\U.S.RoboticsUSBPhone.exeC:\Windows\system32\wbem\unsecapp.exeC:\Program Files\Mozilla... Read more

A:Infected Wih Html/infected.webpage.gen

Hello Braco and welcome to BleepingComputer!Apollogies for the delay. The forum has been very busy lately and. If you are still having problems, then please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic: Preparation Guide For Use Before Posting A Hijackthis Log. Please also post the problems you are having.If we do not hear back from you within a couple of days we will need to close your topic.Thanks,Johannes

1 more replies
Answer Match 23.94%

I'm at the end of my rope here. A "friend" gave me her computer to clean up. The thing was so full of malware it was unbeliveable. I've got most of it, but there is this one nasty bit of adware "Cool Web Search" that remains... I've tried running the latest versions of Ad aware, Spybot, and CWShredder. They seem to find and remove the cool web stuff, but when I shut down and start up again, it's back. I've gone to the trend micro site, but I keep getting a .dll error when I start downloading the definition files.

When I shut down, the machine hangs and tells me that it is waitng for a response from "Win Min".

It also occasionally freezes on startup, leaving me with a blue screen and a mouse pointer stuck in the middle. (This seems to be mitigated somewhat if I move the mouse around during startup!)

The log file from this machine is as follows.

Logfile of HijackThis v1.99.1
Scan saved at 10:03:03 PM, on 25/04/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\DE... Read more

A:Infected Windows Me PC Hangs on Shutdown - "Win Min" infected with Cool Web Search

Hi and Welcome
It may help you if you print out or copy this page for easy reference.. Make sure to work through the fixes in the exact order its listed..These instructions only apply to HJT v1.99.1

Please Keep your browser and all open programs closed (except firewalls and antivirus) when you are carrying out the fixes.

Download any of the required programs before attempting to start any of the fixes.

Turn off System Restore instructions (WinXP)
Rightclick My Computer | Properties | System Restore | check ?Turn off System Restore?, <Apply>, <OK>. Reboot. When we have confirmed that your log file is clean, you may renable System Restore and create a new restore point.

SHOW HIDDEN FILES AND FOLDERS.
To show hidden files instructions (WinXP)
Doubleclick My Computer | Tools | Folder Options | View tab
Select Show Hidden Files and Folders
Uncheck Hide extensions for known file types
Uncheck Hide protected operating system files (Recommended)
Select Apply to All Folders | Yes | Apply | OK
------------------------------------------------------------------

Download and run CWShredder (check for updates) for a preliminary cleanup first.Some files below may not be present after running the above programs.Full instructions below.

How to install and run CWShredder

Download CWShredder
Choose the stand alone version. This is free.
Save cwshredder.exe into its own directory, NOT in a TEMPorary folder or on the DESKTOP.
I recommend, c:/... Read more

15 more replies
Answer Match 23.52%

Hi
As my title suggests my bro's laptop has this annoying infection.
I have Avira like my logs will say and the infection seems to be in a firefox profile. (Can I reinstall Firefox to fix my problem?)
I use Firefox but my brother IE 8 (and so IE is default).
At random times and when connected to Internet, a popup appears with usually
a scanner showing you its scanning your computer or ad for bad, virulent AV software. I know it's bad so I click
the X button in corner and it will go for a variable amount of time.
Avira btw cannot get rid of it and in fact does not even find it after scanning with maximum options.
This also happens sometimes much rare tho: A message appears telling I have an infected computer and wants me to press OK and scan using IE. I click X and once it opened IE with scanning screen. I click X ASAP.

One more issue: Firefox sometimes will say "Firefox has stopped working.."
and that it will close. Right away a balloon pops up in tray telling me the browser was closed to protect me from Data Execution Prevention.

Avira sometimes at random times pops up saying Virus or unwanted program was found, right? It asks me what to do with this file.
Move to quarantine
Delete
Overwrite and delete
Rename
Deny access
Ignore

I usually picked delete or deny access
It found the virus in this file:
C:\Users\Piotrek\AppData\Local\Mozilla\Firefox\Profiles\jfyfitzg.default\Cache\34F11269d01

I understand I have Limewire. My brother uses it... Read more

A:[SOLVED] Infected with HTML/Infected.WebPage.Gen HTML script virus

Bump, please

16 more replies
Answer Match 22.68%

Here are a few things that may be relevant to the problem:

1) Computer unable to access certain websites. (Ex: yahoo, facebook, etc.)
2) I did a scan and my computer is supposedly infected with "zlob" and "adware.IpWins"
3) My computer is running significantly slower then a few weeks ago.
4) Tons of random pop-ups that I did not have a few weeks ago.
5) Full system Scanned with Lavasoft's Ad-Aware but problem persists.

Here is my HJT log:
--------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:43:18 PM, on 9/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG... Read more

A:Computer infected with spyware. Infected with "Zlob"?

11 more replies
Answer Match 22.26%

Hi I have posted to this site and have recieved great help and I am now suffering some issues again. After I recieved help last time everything was ok and then I started having problems so I just switched hard drives. I am now back on my hard drive and reset it up but now I think my computer is infected again. I have not downloaded any torrents files which was my problem last time. I installed Antivirus and Zone Alarm before going on the Internet and have made sure to only download from CNET as far as I can remember. I don't know what I'm doing wrong to keep getting infected, if in fact I am. So because I had recieved help previously with most of the same issues and with the advice of dell customer service I ran combofix. Here is that log. I have WindowsXP, Dell Dimension 3000, Avast Antivirus, ZoneAlarm. If this is the wrong place to post this could you please point me in the right direction. Thank you so much for your help.ComboFix 10-08-24.0A - Owner 08/25/2010 2:36.1.1 - x86Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.670 [GMT -7:00]Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\documents and settings\All Users\Application Data\1pdfdec.dllc:\program files\Common Files\Tempc:\program files\Common Files\Temp\Love's Power Mahjong SETUP.... Read more

A:Still Infected/Re-Infected, Combo Log

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

7 more replies
Answer Match 22.26%

I think my computer is on a couple different botnets, and i wouldn't be surprised to see other viruses =/Any help your be greatly appreciated.Edit; sorry, i didn't see the rule of what virus i had was supposed to go into the title untill it was too late Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:58:11 PM, on 6/23/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\Explorer.EXEC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\Digital Media Reader\readericon45G.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\Program Files\iTunes\iTunesHelper.exeC:\WINDOWS\zHotkey.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\acs.exeC:\Program Files\Common Files&#... Read more

A:Desktop infected/ Infected with a bot

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.??If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine.??Please perform the following scan:Download DDS by sUBs from one of the following links.??Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool.??No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

20 more replies
Answer Match 22.26%

My laptop got infected and I've slowly been able to clear most of viruses out of the system. Each time I clear something out, something else shows up the minute I try to get online. The last scans I've done haven't picked up anything else but I'm still getting redirected to other sites every time I try to perform a search on the internet. I don't know how to find what's causing it now.
hijackthis.log   11.51KB
0 downloads Help please!!!Tried running scans again, still showing clean but I got this message from norton, "An intrusion attempt by wwww.angrye.in was blocked" After I did the scan I went online to test out to see if I was still getting hijacked, that's how this message popped up. It also said, "The attack was resulted from \DEVICE\HARDDISKVOLUMNE2\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" Help!!!EDIT: Posts merged ~Budapest

A:Infected,Removed and still Infected

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

2 more replies
Answer Match 22.26%

hello ,
i was infected by virusburst and i did lots of instructions to solve my problem, I used malwarebytes anti malware and it cleaned all infected files but now my problem is the internet explorer still not working and even starting any more,
and in mycomputer each folder opens in it's own window even in options it's marked to open in the same window
but i don't see any fake alert any more ,
I'm using windows vista and now opera browser,each browser that i marked as default browser stopped working(internet explorer and mozilla ) ,
i dont know which kind of log i should post here so i wait for your requests.
i just wanna know if i'm still infected and what should I do ???
thank you for helping me !!

A:I Was Infected By Virusburst.am I Still Infected ?

Hello shimars,I see that you have an HJT log posted here:http://www.bleepingcomputer.com/forums/topic165409.html Because you have this log posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.If after 5 days yo... Read more

1 more replies
Answer Match 22.26%

I recently replaced my old desktop with a new desktop and when I made the switch the old computer was infected... here was the thread
http://www.bleepingcomputer.com/forums/t/615738/flashplayerexe-virus/

My new desktop attempted to download the flashplayer.exe file but was stopped by chrome. However, there was a file (crownload something or other and malwarebytes did remove this file.

Today on the new desktop, I had a popup that said URGENT CHROME UPDATE.  I immediately hit ALT F4 to close out chrome.  The fact this popped up makes me suspicious that something is still not right or this computer is infected.

Any help is appreciated.

More replies
Answer Match 21.42%

Hi, this is my first time posting here.

I'm running Windows XP Pro SP2, and my computer has a virus that, at first, was giving me a tool-tip-like message from the system tray saying "Your computer is infected! ..." and something about installing a scam antivirus program. I've done a lot of searching for this issue and have seen many cases of it. Posts on other forums offered specialized programs like "Smitfraudfix.exe" and others that I was unable to get to work.

I've updated my Java (which stopped the annoying "Your computer is infected!" popup), removed my Temporary Internet Files, and run Avast! and Avira every time I restart my computer, but each time there seems to be malware that needs removed. Can someone please help me clean this virus / trojan off of my machine completely?

Thank you for your time, here is a HJT log from the time of this post:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:10:53 PM, on 9/10/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files... Read more

A:"Your computer is infected!" Popup message. Computer infected with Trojan

16 more replies
Answer Match 18.06%

Hello:Let me say in advance I really appreciate any help you can give me. Today I was surfing the web and ripping CDs to my machine. The only surfing I was doing was locating album art images (nothing questionable - or so, I thought). I close my browser window (Mozilla) to go back to my Windows Media Player and see shortcuts on my desktop to porn sites. I immediately delete them (but they re-appear) and try to run Norton 360. When Norton did not respond (the hourglass appears but the program never launches) I ran Spybot and Lavasoft's Adaware. Both returned entries of: Virtumonde.generic, Microsoft Windows Security Center Disabled, Smitfraud-C, and Virtumonde. When I remove the entries they appear to be gone but come back after another scan with either program. I still cannot open Norton or any web page I try that involves anti-virus software. I uploaded PC Antivirus from another machine in my house (after saving it to a flash drive) but it finds no threats. I called a friend who emailed me the Vundofix program, but it finds no errors either. He then told me about this site and had me run your scan and save the log. It follows. I tried to do a ststem restore (I created a restore point just 3 days ago) but my I am told there are no restore points available. Can anyone please help me? Thanks!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:57:53 PM, on 1/4/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Bo... Read more

A:Help! I'm Infected!

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the ... Read more

2 more replies
Answer Match 18.06%

Hello

there a weird issue with a  machine we have in the office

the folder :

C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5

is getting filled up  is it normal or it's a sign of virus ^

Thanks

A:Maybe infected

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===It's probably normal. This scan will clean the IE Cache.Temporarily disable your AV program so it does not interfere.Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.Download Zeok tool from hereWhen the download appears, save to the Desktop.On the Desktop, right-click the Zoek.exe file and select: Run as Administrator(Give it a few seconds to appear.)Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns;b
Now...Close any open Browsers.Click the Run script button, and wait. It takes a few minutes to run all the script.When the tool finishes, the zoek-results.log is opened in Notepad.The log is also found on the systemdrive, normally C:\If a reboot is needed, the log is opened after the reboot.Please attach the zoek-results.log in your reply.Also, please provide an update on how the computer is behaving after running the above script.===p.s.The Temporary internet cache can be cleaned when you close the browser.Tools menu > Internet options > Advanced tabUnder the Security paneEnable the "Empty the Temporary Internet Files folder when browser is closed.===

20 more replies
Answer Match 18.06%

Hi Thanks for the help.Firefox browser keeps getting redirected. Can't go to Anti-Spyware sites. Can't Run Malwarebytes , Ad-aware or Spybot even after renaming.Managed to run Vundofix but it did not find anything.Here is my log...Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:44:57 PM, on 1/6/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\system32\PnkBstrA.exeC:\WINDOWS\system32\PnkBstrB.exeC:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exeC:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\Print Server\PTP\PSDiagnostic.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\WINDOWS�... Read more

A:Not sure what I am infected with

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instructed to do so! Let me know if any of the links do not work or if any of the tools do not work. Tell me about problems or symptoms that occur during the fix. Do not run any other programs or open any other windows while doing a fix. Ask any questions that you have regarding the fix(es... Read more

10 more replies
Answer Match 18.06%

Hello, i'm not sure if i'm infected or not, but i'm a bit worried i might be, becose lately i had to turn to the more hostile corners of internet.
First i noticed that one of my virtual machines (VirtualBox) tried to connect to the internet through the Notepad, so i decided to reformat my main machine, cose it needed a reinstall anyway. But today after a week things are a bit strange (i kept the probablly infected virtual machine (i don't move files inbetween them) to see what happens and today my main machine at startup connects to the same ip as the virtual machine's Notepad did), my firewalls (comodo has problems to start up, netlimiter won't notice throughgoing traffic at all(used to with no problem) and rubboted service also sometimes has some stratup issues.) and antivirus (avira acts as it is there, but i don't know about that) act very strange (for years of using them i had no such troubles with them).
I also ran 3 vendor-different rescue CDs, but they did not pick up anything. Atm i'm running the spybot S&D adware to scan, so far (almost finished) it only picked up one registry change of IE (which might not be it).
I might be all wrong in the assumption that i'm infected, cose my pc is kinda older and utill it "heats up" (takes 5 min/5 restarts(restart button)) it crashes (BSOD), and also cose i'm always very careful about all that i do, but still i can't be sure for sure as i usally am and i think i might go... Read more

A:Not sure if infected, HJT log

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/418988 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

2 more replies
Answer Match 18.06%

Well my computer seems a bit slower than a while ago.
Also, a week ago, while reading manga, my browser suddenly changed to some YOUR PC IS INFECTED page. Something about Windows Defender or something along those lines. It hasn't happened again, but I'm still worried.
I used to use ESET antivirus, but it ran out and i got Avast Free in the beginning of March.
Is there any good scan tools i should use to check for viruses/keyloggers?
I'm asking cause I use a credit card now and then, and this is my sole computer. I haven't used a credit card on it for a couple of months, but my private info might be stolen, please help?

A:Not sure if i'm infected?

Please download Malwarebytes Anti-Malware (v1.45) and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some tim... Read more

1 more replies
Answer Match 18.06%

Hi, I think my computer is quite infected. Firstly when i log on to my user account it takes a long time for the log in music to play and if i try and do anything before the music the computer freezes and has to be turned off at the wall.
System restore will not come up, a message comes up saying that it needs to be done by a computer administrator which is me. Lastly my firefox start will not come up but I can still use other websites off the browser.

Any help would be grately appreciated
Thanks
bob

ETA when system restore is brought up the message reads 'system restore has been turned off by group policy. to turn on system restore contact your domain administrator.

also when I try to go to certain websites, mainly via search engines its redirected to spam pages.

Thanks

More replies
Answer Match 18.06%

I'm trying to help my mother fix her laptop. Her OS is Windows Vista. When I start up the laptop not only does it take forever to load up, it won't open up any applications when clicked on. It will take several minutes before an application opens. As of recently it has also lost internet connectivity for no reason. I'm on a seperate laptop posting this topic so if I need to download anything please tell me. Thank you in advance

A:I'm infected...but I don't kow with what...

Hello Since it is taking forever to load (on boot), the first thing I would do is try to see what items are set to "run on boot",and temporarily disable unncessary startup items, because trying to fix a computer that is running slower than backwards is very aggravating. There are detailed instructions (including screen captures) for how to do msconfig in Windows Vista here:http://netsquirrel.com/msconfig/msconfig_vista.htmlDisable any unnecessary items (take checkmark OUT to temporarily disable), hit Apply, close the screen.Restart the computer.Upon restart, ignore the message "You have used System Configuration Utility.....".If it loads faster, that's a good start, and hopefully that will make fixing your mom's computer easier/less aggravating.Since mom's computer has lost internet connection, you will need to download ATF Cleaner, SUPERAnti-Spyware, and Malwarebyte's Antimalware and get it over to mom's computer (by way of a USB jump drive, or a cd). Make sure you download any updates for the programs also.I am copying/pasting instructions provided by boopme and quietman7 (Moderators on this site): If you have Spybot installed temporarily disable it.Next run ATF:Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".Please download ATF Cleaner by Atribune & save it to your desktop.Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected bu... Read more

3 more replies
Answer Match 18.06%

My computer went into safe mode an i can't get it out! what do i do?

A:am infected

Hello

How did it get there ? thru msconfig or using an F8 method.
Is this an XP,Vista etc... machine?

1 more replies
Answer Match 18.06%

First off i have another open thread that is not related to this computer. Just in case anyone notices.So recently my computer has been running a little slow, so i download this SuperAntiSpyware, which seems to be a popular application on this site and i ran it. It came up with : SUPERAntiSpyware Scan Loghttp://www.superantispyware.comGenerated 02/26/2010 at 02:24 AMApplication Version : 4.34.1000Core Rules Database Version : 4621Trace Rules Database Version: 2433Scan type : Complete ScanTotal Scan Time : 00:26:57Memory items scanned : 550Memory threats detected : 0Registry items scanned : 5257Registry threats detected : 0File items scanned : 23069File threats detected : 6Adware.Tracking Cookie C:\Documents and Settings\Pumpo\Cookies\[email protected][1].txt C:\Documents and Settings\Pumpo\Cookies\[email protected][2].txt C:\Documents and Settings\Pumpo\Cookies\[email protected][2].txt C:\Documents and Settings\Pumpo\Cookies\[email protected][2].txt C:\Documents and Settings\Pumpo\Cookies\[email protected][2].txtTrojan.Agent/Gen-PennyStockChaser C:\SYSTEM VOLUME INFORMATION\_RESTORE{612F964E-9002-42F1-8B0D-875486B962CA}\RP335\A0103924.EXEThe application said it had quarantine the item ( Trojan.Agent/Gen-PennyStockChaser ). I tried to look this up but i was unable to find anything. So that is why i am asking here.Any help would be g... Read more

A:Am i infected?

The detected _restore{GUID}\RP***\A00*****.xxx file(s) identified by your scan are in the System Volume Information Folder (SVI) which is a part of System Restore. The *** after RP represents a sequential number automatically assigned by the operating system. The ***** after A00 represents a sequential number where the original file was backed up and renamed except for its extension. To learn more about this, refer to:Restore Point ForensicsForensic Analysis of System Restore Points in Microsoft Windows XPSystem Restore is the feature that protects your computer by monitoring a core set of system and application files and by creating backups (snapshots saved as restore points) of vital system configurations and files before changes are made. These restore points can be used to "roll back" your computer to a clean working state in the event of a problem. This makes it possible to undo harmful changes to your system configurations including registry modifications made by software or malware by reverting the operating systems configuration to an earlier date. See What's Restored when using System Restore and What's Not.System Restore is enabled by default and will back up the good as well as malicious files, so when malware is present on the system it gets included in restore points as an A00***** file. If you only get a detection on a file in the SVI folder, that means the original file was on your system in another location at some point and probabl... Read more

1 more replies
Answer Match 18.06%

Hello,

When I am browsing in Internet Explorer, I get this annoying page with a red background which advises me that the web site I am trying to access is unsafe, and I should go back to the home page. The sites that I am trying to access are trusted sites e.g microsoft.com.

I have tried to get rid of it by going to the microsoft site and down loading the latest updates, performing full scan etc.

I paid $29.99 to Uniblue for their Registry Booster - but it could not get rid if the red page/screen message. There are many products on the market which provide free scan, but want you to buy their package before they clean the virus. They inform me that my computer is infected and needs to be cleaned up. At this point, I don't mind paying another$30 to get rid of the problem, but I am not sure if any of these packages will be able to solve the problem. How many should I buy or which one, and one which will clear up the problem.

Thank you very much.
nashnn

A:Am I also infected?

Hello, let's do these first.. all free. :step1:First run Download TDSSKiller and save it to your Desktop.Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here. RKill....Please download Rkill by Grinler and save it to your desktop.Link 2Link 3Link 4Double-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them ... Read more

1 more replies
Answer Match 18.06%

hey guys, having a problem on my laptop. running windows xp and whenever i start my computer i get error messages that mcshield is missing pieces of itself. if i hit ok it will continue to pop up unless i delete it from task manager. Then about a minute after those errors pop up my desktop goes into the white screen where it asks to recover your background. My computer runs extremely slow in the first 5-10 minutes. Also any time i put it in hibernate, when the bar for resuming windows goes all the way, the computer shuts off and turns back on and i can't go back and must restart my computer all over again.heres a picture!

More replies
Answer Match 18.06%

Hello and sorry for my bad english my pc running slowly

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 05.8.2014 г. 05:32:02
System Uptime: 07.1.2015 г. 20:01:52 (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. |  | P5KPL-AM SE
Processor: Intel® Celeron® CPU        E3300  @ 2.50GHz | Socket 775 | 2520/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 55 GiB total, 26,472 GiB free.
D: is FIXED (NTFS) - 49 GiB total, 28,925 GiB free.
E: is FIXED (NTFS) - 15 GiB total, 1,226 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: ACPI\ATK0110\1010110
Manufacturer:
Name:
PNP Device ID: ACPI\ATK0110\1010110
Service:
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: VPN Client Adapter - VPN
Device ID: ROOT\NET\0000
Manufacturer: SoftEther VPN Project
Name: VPN Client Adapter - VPN
PNP Device ID: ROOT\NET\0000
Service: Neo_VPN
.
==== System Restore Points ===================
.
RP80: 17.12.2014 г. 14:54:24 - System Checkpoint
RP81: 19.12.2014 г. 02:29:50 - System Checkpoint
RP82: 20.12.2014 г. 02:43:07 - System Checkpoint
RP83: 28.12.2014 г. 18:21:44 - System Checkpoint
RP84: 29.12.201... Read more

A:I think I am infected

Hey my friend,

my Name is Machiavelli and I will assist you with your problem.    The fixes are specific to your problem and should only be used for the issue on your machine!

I'm in the 'Malware Staff Team' and will provide you with advice:
To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.

You must reply to posts within 4 days. If you haven't replied within 4 days your topic will be closed. If you go away for some time please let me know. Communication is a important part here! If you are unsure about something - STOP - and ask me. No need to be afraid of asking - better ask than doing a mistake. Mistakes can lead to an unbootable PC! I would recommend to follow the topic by clicking on the Follow this topic button - you will get notified when I have replied to your topic.

Below are a few tips Removing Malware is usually very difficult.
We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!Please follow these instructions
If you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be v... Read more

26 more replies
Answer Match 18.06%

basically the computer takes like 10 min. to open anything and the laptop is only 1 and 1/2 years old..it can not get on the internet as in it wont open it up no problems with the nic card or wireless or firewalls or anything like that..this computer is pretty messed up hoping you guys can help
DDS (Ver_09-01-07.01) - NTFSx86 MINIMAL
Run by costco at 1:51:01.18 on Sat 01/17/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1774 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Documents and Settings\costco\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pa... Read more

A:Infected-not sure what

Hello Goch and welcome to Bleeping Computer,1. Please download GooredFix and save it to your Desktop.Select "2. Fix Goored" by typing 2 and pressing Enter. Make sure all instances of Firefox are closed at this point. Type y at the prompt and press Enter again. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system. Please also allow any registry changes that may be prompted by any of your security programs.2. Please read [url="http://"http://www.bleepingcomputer.com/combofix/how-to-use-combofix"]this tutorial[/url] carefully to download ComboFix from one of the locations specified, and save it to your Desktop.Double click the ComboFix icon to run it.If ComboFix askes you to install the Recovery Console, please do so..The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you.Once the Recovery Console is installed, continue with the malware scan.Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. If you have any questions along the way, STOP and ask them before proceeding &... Read more

7 more replies
Answer Match 18.06%

I think my PC has been infected by Virus as my PC speed has reduced considerably and also some programs aren't running properly. I have original Windows XP SP3 and Norton Antivirus 2009. Recently i took some data from my friend's pen drive which had almost 6-7 virus. Though Norton detected them and removed them i still feel that 1 or 2 viruses might be hiding in my PC. So i request to help me!!!!!

Thanking in advance
Ravi!!!

A:Am I Infected?

Scan for Spyware/Adware Malwarebytes' Anti-Malware a.k.a. MBAM - Download Free Version - HomepageWhy? Malwarebytes' Anti-Malware is very good at removing the zlob trojan, virtumonde, and most other current infections. This single tool has replaced multiple tools that have been required in the past. 1. Double-click mbam-setup.exe and follow the prompts to install the program. At the end, confirm a check mark is placed next to the following:
Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-Malware2. At the end, confirm a check mark is placed next to the following:3. Then click Finish.4. If an update is found, it will download and install the latest version.5. Once the program has loaded, select Perform quick scan, then click Scan.6. When the scan is complete, click OK, then Show Results to view the results.7. Be sure that everything is checked, and click Remove Selected.8. When completed, a log will open in Notepad. The rogue application should now be gone.Note: Some infections will prevent MBAM from running. If MBAM won't run, try renaming the file mbam-setup.exe to a random name, and then try again.Note:Reinstall MBAM if you installed and ran a scan in safe mode. Doing this is usually not advised as MBAM is designed to be at full power when running in normal mode and loses some effectiveness for detection & removal when used in safe mode. Therefore, after completing a scan it is recommended to uninstall MBAM, then reinstall it in normal mode and perform anothe... Read more

7 more replies
Answer Match 18.06%

Hello,
My admin password for my Windows 7 account was changed. I travel for work my computer never leaves my side. I used a work around to get past it and reset it back.
However with Malwarebytes I can not find any known virus. I need advanced help on this one not sure if it is a rootkit or not.

Thank you.

A:Am I infected?

Hello, Appears we will need more info and a deeper look. Please follow this Preparation Guide and post in a new topic. Let me know if all went well.

1 more replies
Answer Match 18.06%

I recently had an issue with Antivirus 2009 and I believe my sister may have reinfected the system.Heres a HJT log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 23:47:19, on 1/2/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\COMODO\COMODO Internet Security\cmdagent.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exeC:\Program Files\Common Files\Protexis\License Service\PsiService_2.exeC:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exec:\Pro... Read more

A:Re-infected :(.

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you with your log.I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following so I can have a look at the current condition of your machine.You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.Download and Run DDSIf you already have a copy of DDS, there is not need to download a new one.Download DDS by sUBs from any of the links below:DDS.com, DDS.scr, DDS.pifDouble click its icon to run it. If you are using Windows Vista, right click it and select "Run as Administrator".When the scan is finished, two logs will open.Post DDS.txt directly into your reply. Attach Attach.txt.Download and Run Scan with GMERWe will use GMER to scan for rootkits.Please download GMER.zip to your desktop from any of the links below:LINK1, LINK2Right click on GMER.zip and select "Extract All".Close all other open programs as there is a slight chance your computer will crash.Double click GMER.exe. If you are using Windows Vista, right click the icon and select "Run as Administrator". Your security programs may detect GM... Read more

20 more replies
Answer Match 18.06%

Saintly Protectors of the Technically Inept,
I've recently moved to a country where internet connections are more or less a bad joke. The internet is very slow and, quite often, going to a web address I know to be good will result one of two messages: 'can't find the server,' consistent with a bad internet connection, or 'connection to server interrupted.' Whatever comes up is always very slow. It dawned on me that I might have a virus when I compared my computer side-by-side with a colleague's, who was on the same connection. Pages on his computer didn't have the same connection problems. Two AVG scans, one regular and one command line in Safe Mode came back with nothing. So I downloaded MBAM and ran a full MBAM scan, which came back with this:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4122

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

5/21/2010 4:25:41 PM
mbam-log-2010-05-21 (16-25-41).txt

Scan type: Full scan (C:\|)
Objects scanned: 266528
Time elapsed: 1 hour(s), 22 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 8
Files Infected: 13

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{01bcb858-2f62-4f06-a8f4-48f927c15... Read more

More replies
Answer Match 18.06%

hi

A:Am I infected?

In order to assist you effectively, we need more specific information. Please read Before you post about a problem, Some simple guidelines and How To Not Get or Give Technical Assistance on Usenet and Web Forums.? What OS (Win 2K, XPsp1, XPsp2, Vista) are you using? ? What issues/symptoms of infection do you have?? What actions (security tools, scans have you taken so far?

1 more replies
Answer Match 18.06%

When I log on to computer a window pops up Your computer may be at risk antivirus might not be installed. Also i get another window securty alert that computer is infected. I am uable to get on line.I tried to download Superantispyware to usb and download to computer.When I do this another window pops up says file is infected do you want to activate your antivirus software now? Another window pops upATTENTION! SPYWARE ALERT vulnerabilities found Your computer is infected by spyware-34 serious threats have been found etc. at bottom you have options of activate your antivirus software and stay unprotected. It also redirect you to another site this time Viagra.This is a Acer travelmate 2200 windows xp severice pack 3. Thank you so much for your help.

A:I am infected

safe mode
thats the only word the "admin" let me say :D

12 more replies
Answer Match 18.06%

I'm on a fresh install. No more than 2 weeks old. I did an Avira Full Scan today and got this: tr/crypt.xpack.gen in my driver.cab. I have no idea what would have infected me. This is what I have installed:

XP SP3 fully updated
Avira AntiVirus
Omega Radeon Drivers
Firefox
VLC
Winamp
CDBurnerXP
CDex CD Ripper
Hoyle Card Games
MalwareBytes
Spybot
MediaCoder
Handbrake
7-Zip
MP3Tag

Could any of those be the issue? Other than that I'm very confused.

A:What could have infected me?

Hello Outdated programs can let "bad things" into your computer.Do you have the most recent version of Adobe Reader?See article on the main page of this site:Adobe issues updates to Reader and Acrobat to address critical vulnerabilitieshttp://www.bleepingcomputer.comDo you have the most current Java ?Go to:http://www.java.com/en/Click "Do I have Java" (under the big red button).It will tell you if you have the most current Java.- - - - - - - - - - - - - - - - - - - - - - - - - - - Are you using a firewall (Windows firewall, or a program that you installed) ?- - - - - - - - - - - - - - - - - - - - - - - - - - - Please see post # 14 by quietman7 (Global Moderator) :Tips to protect yourself against malware and reduce the potential for re-infection:http://www.bleepingcomputer.com/forums/ind...p;#entry1648786- - - - - - - - - - - - - - - - - - - - - - - - - - - Run ATF Cleaner:(temp file cleaner)http://www.atribune.org/index.php?option=c...5&Itemid=25Instructions on web page.Read this topic in its entirety:(including the Troubleshoot section, proxy settings, and use of Rkill):How to use Malwarebytes' Anti-Malware to scan and remove malware from your computerPosted by Grinler on February 16, 2010http://www.bleepingcomputer.com/virus-remo...alware-tutorialRun Rkill:http://www.technibble.com/rkill-repair-tool-of-the-week/"Rkill is a small, freeware and portable tool designed to terminate active malware processes allowing you to use other removal tools. Rkill is made by a Microsof... Read more

2 more replies
Answer Match 18.06%

My virus scan keeps finding a file named called aupd.exe. Can anyone tell me how to get rid of this? I am using Windows Vista and it comes up on my CA anti-virus scan.

A:Infected

Please download CKScanner and save it to your Desktop. <-Important!!!Double-click on CKScanner.exe and click Search For Files.If using Vista, right-click on it and Run As Administrator.After a very short time, when the cursor hourglass disappears, click Save List To File.A text file will be created on your desktop named ckfiles.txt. Click OK at the file saved message box.Double-click the ckfiles.txt icon on your desktop to open the log and copy/paste the contents in your next reply.Please download Malwarebytes Anti-Malware (v1.44) and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK ... Read more

1 more replies
Answer Match 18.06%

Hello,

I am sorry to have to ask this, but I need some help to understand.
My question is very simple: do I need to worry, or not?

These are the strange things happening:
- When I do shutdown, the icon of the last used program blinks twice
- The Hard disk runs for a very long time at startup
- The Media center is sharing something, when I connet to internet.
- Some programmes cannot be unistalled. Right now is Silverlight, for instance. And I do not remember having installed it in the first place, where does it come from?
- I cannot run the onecare safety scan from Windows, or other online scanning tools.
- Even when I am logged in as administrator, some programmes refuse my orders, claiming that I do not have enough previleges.

My fear is that there is some kind of malware on my PC, which keeps installing itself under new versions using different languages. The last one I think I found was with C++, which at some point appeared on the list of installed programmes without me requesting it. Now is with Silverlight, maybe. Or with NVIDIA?

My configuration:
- HP Pavillion Entertainment PC, bought one year ago, very fast.
- The external language of Vista is English, but I think the background is German, because sometimes I get German messages.
- Vista 32 bit installed.
- Antivirus is now Kaspersky, and it runs happily without detecting anything.
- Installed external software: Thunderbird for email, Explorer for Internet. Two printers. i do not install anything else until I ... Read more

More replies