Computer Support Forum

Protect.antivirus Malware Infection

Question: Protect.antivirus Malware Infection

Hello,I recently managed to aquire a virus that seems to have taken over my computer. There's a bar that appears right below the address bar for internet explorer telling me to download the latest antispyware to protect my computer. I cannot pull up my Task Manager, my computer prompts me that it has been disabled by my administrator. My desktop background has been changed to a message stating the computer has several fatal errors. and occasionally music will play at random that i've never heard before.here is my log:Deckard's System Scanner v20071014.68Run by Josh UWL on 2008-04-09 16:35:51Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --49: 2008-04-09 21:36:32 UTC - RP521 - Deckard's System Scanner Restore Point48: 2008-04-08 16:12:26 UTC - RP520 - Restore Operation47: 2008-04-08 16:08:59 UTC - RP519 - Last known good configuration46: 2008-04-08 16:08:42 UTC - RP518 - Restore Operation45: 2008-04-08 16:08:41 UTC - RP517 - Last known good configuration-- First Restore Point -- 1: 2008-04-08 16:08:11 UTC - RP473 - System CheckpointBacked up registry hives.Performed disk cleanup.Percentage of Memory in Use: 85% (more than 75%).Total Physical Memory: 447 MiB (512 MiB recommended).-- HijackThis Clone ------------------------------------------------------------Emulating logfile of Trend Micro HijackThis v2.0.2Scan saved at 2008-04-09 16:47:55Platform: Windows XP Service Pack 2 (5.01.2600)MSIE: Internet Explorer (7.00.6000.16608)Boot mode: NormalRunning processes:C:\WINDOWS\system32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\acs.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\AOL\ACS\acsd.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Toshiba\Power Management\CeEPwrSvc.exeC:\Program Files\Toshiba\ConfigFree\CFSvcs.exeC:\nav\DefWatch.exeC:\WINDOWS\system32\DVDRAMSV.exeC:\nav\SavRoam.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\ltmoh\ltmoh.exeC:\WINDOWS\agrsmmsg.exeC:\Program Files\Apoint2K\Apoint.exeC:\Program Files\EzButton\EzButton.EXEC:\Program Files\Toshiba\E-KEY\CeEKey.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Toshiba\TouchPad\TPTray.exeC:\Program Files\Toshiba\Touch and Launch\PadExe.exeC:\Program Files\Toshiba\Power Management\CePMTray.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\nav\VPTray.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\QuickTime\QTTask.exeC:\Program Files\iTunes\iTunesHelper.exeC:\TOSHIBA\Ivp\Swupdate\swupdtmr.exeC:\Program Files\Zune\ZuneLauncher.exeC:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\AIM6\aim6.exeC:\WINDOWS\system32\qhyloxwz.exeC:\nav\Rtvscan.exeC:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exeC:\WINDOWS\system32\RAMASST.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\WINDOWS\wanmpsvc.exeC:\WINDOWS\system32\ZuneBusEnum.exeC:\Program Files\Apoint2K\ApntEx.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeC:\Program Files\AIM6\aolsoftware.exeC:\Program Files\iPod\bin\iPodService.exeC:\TOSHIBA\Ivp\ISM\Ivpsvmgr.exeC:\Documents and Settings\Josh UWL\Desktop\dss.exeC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\explorer.exeC:\Program Files\Internet Explorer\iexplore.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/searchR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uwlax.edu/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157O2 - BHO: (no name) - {01A33D85-4706-452A-B71A-99510ADA8C0C} - C:\WINDOWS\system32\iifCVllJ.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dllO2 - BHO: (no name) - {B69570BC-5929-4F0D-8E7E-384DAA87ED73} - C:\WINDOWS\system32\cbXRlIyV.dllO3 - Toolbar: IE Custom Tools - {6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16} - C:\Program Files\Video Add-on\ictmdl.dll (file missing)O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dllO4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeO4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exeO4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exeO4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exeO4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXEO4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exeO4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exeO4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exeO4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exeO4 - HKLM\..\Run: [Pinger] C:\TOSHIBA\IVP\ISM\pinger.exe /runO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [vptray] C:\nav\VPTray.exeO4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imAppO4 - HKCU\..\Run: [hcdedraq] C:\WINDOWS\system32\qhyloxwz.exeO4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Video Add-on\icthis.exeO4 - HKLM\..\Policies\Explorer\Run: [bpx2OaC3Z0] C:\Documents and Settings\All Users\Application Data\shkrkdsr\uxyraxsj.exeO4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exeO4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXEO4 - Global Startup: RAMASST.lnk = ?O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exeO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {01016526-5E80-11D8-9E86-0007E96C65AE} (SmartAccess Ctl Class) - https://install.charter.com/diskless/bin/ssctlsma.dllO16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1160728476593O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/flash...ent/swflash.cabO16 - DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} (WebBasedClientInstall Class) - https://antivirus.uwlax.edu/WebInst/WebInst.cabO18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.0.0812.00.dllO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.0.0812.00.dllO18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLLO18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLLO18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLLO20 - Winlogon Notify: iifCVllJ - C:\WINDOWS\system32\iifCVllJ.dllO21 - SSODL: DriveDrive - {a700a67e-9582-4c8e-844d-bdf611ed6c3b} - C:\WINDOWS\Resources\DriveDrive.dllO23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exeO23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\acsd.exeO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\ati2evxx.exeO23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exeO23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\Toshiba\ConfigFree\CFSvcs.exeO23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\nav\DefWatch.exeO23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXEO23 - Service: SavRoam - symantec - C:\nav\SavRoam.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: Swupdtmr - Unknown owner - C:\TOSHIBA\Ivp\Swupdate\swupdtmr.exeO23 - Service: Symantec AntiVirus - Symantec Corporation - C:\nav\Rtvscan.exeO23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exeO23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe--End of file - 11819 bytes-- File Associations -----------------------------------------------------------All associations okay.-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------R0 giveio - c:\windows\system32\giveio.sysR0 speedfan - c:\windows\system32\speedfan.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>R1 ECioctl - c:\windows\system32\drivers\ecioctl.sys <Not Verified; TOSHIBA; >R1 meiudf - c:\windows\system32\drivers\meiudf.sys <Not Verified; Matsubleepa Electric Industrial Co.,Ltd.; >R1 SrvcEKIOMngr - c:\windows\system32\drivers\ekiomngr.sys <Not Verified; COMPAL ELECTRONIC INC.; Compal IoManager Application>R1 SrvcEPIOMngr - c:\windows\system32\drivers\epiomngr.sys <Not Verified; COMPAL ELECTRONIC INC.; Compal IoManager Application>R1 SrvcSSIOMngr - c:\windows\system32\drivers\ssiomngr.sys <Not Verified; COMPAL ELECTRONIC INC.; Compal IoManager Application>R1 SrvcTPIOMngr - c:\windows\system32\drivers\tpiomngr.sys <Not Verified; COMPAL ELECTRONIC INC.; Compal IoManager Application>R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.9) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.9>R2 Netdevio (TOSHIBA Network Device Usermode I/O Protocol) - c:\windows\system32\drivers\netdevio.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Network Device Usermode I/O protocol>R2 TBiosDrv - c:\windows\system32\drivers\tbiosdrv.sysR3 EPOWER (Compal E-POWER Driver) - c:\windows\system32\drivers\hkdrv.sys <Not Verified; Compal Electronic Inc.; EPOWER>R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>S3 EMSCR - c:\windows\system32\drivers\ems7sk.sys <Not Verified; ENE Technology Inc.; ENE PCI Memory Stick Card Reader Driver>S3 ESDCR - c:\windows\system32\drivers\esd7sk.sys <Not Verified; ENE Technology Inc.; ENE PCI Secure Digital Card Reader Driver>-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------R2 ACS (Atheros Configuration Service) - c:\windows\system32\acs.exeR2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>R2 CeEPwrSvc - c:\program files\toshiba\power management\ceepwrsvc.exe <Not Verified; COMPAL ELECTRONIC INC.; CeEPwrSvc Module>R2 CFSvcs (ConfigFree Service) - c:\program files\toshiba\configfree\cfsvcs.exe <Not Verified; TOSHIBA CORPORATION; ConfigFree™>R2 DVD-RAM_Service - c:\windows\system32\dvdramsv.exe <Not Verified; Matsubleepa Electric Industrial Co., Ltd.; >R2 Swupdtmr - c:\toshiba\ivp\swupdate\swupdtmr.exeR2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>-- Device Manager: Disabled ----------------------------------------------------No disabled devices found.-- Scheduled Tasks -------------------------------------------------------------2008-02-21 22:47:03 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job-- Files created between 2008-03-09 and 2008-04-09 -----------------------------2008-04-09 16:08:00 0 d-------- C:\WINDOWS\LastGood2008-04-08 01:29:12 1718 --ahs---- C:\WINDOWS\system32\VyIlRXbc.ini22008-04-08 01:29:05 267776 --a------ C:\WINDOWS\system32\cbXRlIyV.dll2008-04-08 01:25:00 4096 --a------ C:\WINDOWS\userconfig9x.dll2008-04-08 01:25:00 4096 --a------ C:\WINDOWS\system32winlogonpc.exe2008-04-08 01:25:00 4096 --a------ C:\WINDOWS\FVProtect.exe2008-04-08 01:24:59 4096 --a------ C:\WINDOWS\system32hoproxy.dll2008-04-08 01:24:57 4096 --a------ C:\WINDOWS\system32taack.exe2008-04-08 01:24:57 4096 --a------ C:\WINDOWS\system32taack.dat2008-04-08 01:24:57 4096 --a------ C:\WINDOWS\system32sncntr.exe2008-04-08 01:24:57 4096 --a------ C:\WINDOWS\system32mwin32.exe2008-04-08 01:24:57 4096 --a------ C:\WINDOWS\a.bat2008-04-08 01:24:56 4096 --a------ C:\WINDOWS\system32psoft1.exe2008-04-08 01:24:56 4096 --a------ C:\WINDOWS\system32psof1.exe2008-04-08 01:24:56 4096 --a------ C:\WINDOWS\system32ps1.exe2008-04-08 01:24:56 4096 --a------ C:\WINDOWS\system32hxiwlgpm.exe2008-04-08 01:24:56 4096 --a------ C:\WINDOWS\system32hxiwlgpm.dat2008-04-08 01:24:56 4096 --a------ C:\WINDOWS\system32bsva-egihsg52.exe2008-04-08 01:24:56 4096 --a------ C:\WINDOWS\iTunesMusic.exe2008-04-08 01:24:56 0 d-------- C:\Documents and Settings\Josh UWL\Desktopvirii2008-04-08 01:24:55 4096 --a------ C:\WINDOWS\system32msnbho.dll2008-04-08 01:24:53 4096 --a------ C:\WINDOWS\system32temp#01.exe2008-04-08 01:24:53 4096 --a------ C:\WINDOWS\system32ssurf022.dll2008-04-08 01:24:53 0 d-------- C:\WINDOWS\system32smp2008-04-08 01:24:53 4096 --a------ C:\WINDOWS\system32netode.exe2008-04-08 01:24:53 4096 --a------ C:\WINDOWS\system32mtr2.exe2008-04-08 01:24:53 4096 --a------ C:\WINDOWS\system32msgp.exe2008-04-08 01:24:53 4096 --a------ C:\WINDOWS\system32medup020.dll2008-04-08 01:24:53 4096 --a------ C:\WINDOWS\system32medup012.dll2008-04-08 01:24:53 4096 --a------ C:\WINDOWS\[email protected]@@k.dll2008-04-08 01:24:53 0 d-------- C:\Program Files\Inet Delivery2008-04-08 01:24:52 4096 --a------ C:\WINDOWS\system32dpcproxy.exe2008-04-08 01:24:51 4096 --a------ C:\WINDOWS\system32thun32.dll2008-04-08 01:24:51 4096 --a------ C:\WINDOWS\system32thun.dll2008-04-08 01:24:51 4096 --a------ C:\WINDOWS\system32ssvchost.exe2008-04-08 01:24:51 4096 --a------ C:\WINDOWS\system32ssvchost.com2008-04-08 01:24:51 4096 --a------ C:\WINDOWS\system32regm64.dll2008-04-08 01:24:51 4096 --a------ C:\WINDOWS\system32regc64.dll2008-04-08 01:24:51 4096 --a------ C:\WINDOWS\system32msvchost.exe2008-04-08 01:24:51 4096 --a------ C:\Documents and Settings\Josh UWL\Desktopfilemanagerclient.exe2008-04-08 01:24:50 4096 --a------ C:\WINDOWS\system32Rundl1.exe2008-04-08 01:24:50 4096 --a------ C:\Documents and Settings\Josh UWL\DesktopFWebdEditor.exe2008-04-08 01:24:50 4096 --a------ C:\Documents and Settings\Josh UWL\Desktopfwebd.exe2008-04-08 01:24:49 4096 --a------ C:\WINDOWS\winsystem.exe2008-04-08 01:24:49 4096 --a------ C:\WINDOWS\system32vcatchpi.dll2008-04-08 01:24:49 4096 --a------ C:\WINDOWS\system32newsd32.exe2008-04-08 01:24:49 4096 --a------ C:\WINDOWS\system32emesx.dll2008-04-08 01:24:49 4096 --a------ C:\WINDOWS\system32anticipator.dll2008-04-08 01:24:49 4096 --a------ C:\WINDOWS\system32akttzn.exe2008-04-08 01:24:49 4096 --a------ C:\WINDOWS\mssecu.exe2008-04-08 01:24:48 4096 --a------ C:\WINDOWS\system32WINWGPX.EXE2008-04-08 01:24:48 4096 --a------ C:\WINDOWS\system32winsystem.exe2008-04-08 01:24:48 4096 --a------ C:\WINDOWS\system32sysreq.exe2008-04-08 01:24:48 4096 --a------ C:\WINDOWS\system32mssecu.exe2008-04-08 01:24:48 4096 --a------ C:\WINDOWS\system32bdn.com2008-04-08 01:24:48 4096 --a------ C:\WINDOWS\bdn.com2008-04-08 01:24:46 4096 --a------ C:\WINDOWS\system32awtoolb.dll2008-04-08 01:24:45 4096 --a------ C:\WINDOWS\system32vbsys2.dll2008-04-08 01:24:45 0 d-------- C:\WINDOWS\mslagent2008-04-08 01:24:43 0 d-------- C:\Program Files\akl2008-04-08 01:24:31 0 --a------ C:\WINDOWS\vnbptxlf.dll2008-04-08 01:24:31 0 --a------ C:\WINDOWS\qdnkewfa.dll2008-04-08 01:24:31 217088 --a------ C:\WINDOWS\mgsvflkw.dll2008-04-08 01:24:31 0 --a------ C:\WINDOWS\apoxqwfv.exe2008-04-08 01:24:07 0 d-------- C:\Documents and Settings\All Users\Application Data\shkrkdsr2008-04-08 01:24:05 98304 -----n--- C:\WINDOWS\system32\qhyloxwz.exe2008-04-08 01:23:54 36352 --a------ C:\WINDOWS\system32\iifCVllJ.dll2008-03-12 13:43:40 0 d-------- C:\ad12ef0a22bd7b20336569894853-- Find3M Report ---------------------------------------------------------------2008-02-20 02:36:19 0 d-------- C:\Program Files\AIM62008-02-06 14:25:11 664 --a------ C:\WINDOWS\system32\d3d9caps.dat2008-01-09 06:18:12 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll2008-01-09 06:16:10 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>2008-01-09 06:16:10 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>2008-01-09 06:16:02 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>2008-01-09 06:16:02 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX?>2008-01-09 06:16:02 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX?>2008-01-09 06:16:02 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX?>-- Registry Dump ---------------------------------------------------------------*Note* empty entries & legit default entries are not shown[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01A33D85-4706-452A-B71A-99510ADA8C0C}]04/08/2008 01:23 AM 36352 --a------ C:\WINDOWS\system32\iifCVllJ.dll[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B69570BC-5929-4F0D-8E7E-384DAA87ED73}]04/08/2008 01:29 AM 267776 --a------ C:\WINDOWS\system32\cbXRlIyV.dll[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]"{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}"= C:\Program Files\Video Add-on\ictmdl.dll [ ][-HKEY_CLASSES_ROOT\CLSID\{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [04/22/2004 12:10 AM]"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [09/26/2003 06:43 PM]"AGRSMMSG"="AGRSMMSG.exe" [02/20/2004 06:00 PM C:\WINDOWS\agrsmmsg.exe]"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [10/30/2003 07:46 PM]"EzButton"="C:\Program Files\EzButton\EzButton.EXE" [05/14/2004 01:29 PM]"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [05/06/2004 04:12 PM]"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [03/15/2004 02:17 PM]"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [02/03/2004 05:47 PM]"CeEPOWER"="C:\Program Files\TOSHIBA\Power Management\CePMTray.exe" [05/20/2004 12:21 PM]"@"="" []"Pinger"="C:\TOSHIBA\IVP\ISM\pinger.exe" [03/17/2005 04:37 PM]"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [03/07/2006 03:02 PM]"vptray"="C:\nav\VPTray.exe" [03/17/2006 08:34 AM]"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [01/14/2005 01:05 AM]"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [11/08/2006 07:37 PM]"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" []"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 03:06 AM]"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM]"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [08/15/2007 08:15 PM]"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [11/15/2007 10:51 PM][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [09/05/2003 06:24 AM]"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]"Aim6"="C:\Program Files\AIM6\aim6.exe" [01/03/2008 11:15 AM]"hcdedraq"="C:\WINDOWS\system32\qhyloxwz.exe" []C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Clean Access Agent.lnk - C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe [9/17/2007 4:48:50 PM]Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [8/6/2003 4:23:32 PM]RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [12/2/2003 5:45:18 PM][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]"DisableTaskMgr"=1 (0x1)[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]"some"=C:\Program Files\Video Add-on\icthis.exe"bpx2OaC3Z0"=C:\Documents and Settings\All Users\Application Data\shkrkdsr\uxyraxsj.exe[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]"{01A33D85-4706-452A-B71A-99510ADA8C0C}"= C:\WINDOWS\system32\iifCVllJ.dll [04/08/2008 01:23 AM 36352][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]"DriveDrive"= {a700a67e-9582-4c8e-844d-bdf611ed6c3b} - C:\WINDOWS\Resources\DriveDrive.dll [04/08/2008 01:24 AM 13866][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifCVllJ] iifCVllJ.dll 04/08/2008 01:23 AM 36352 C:\WINDOWS\system32\iifCVllJ.dll[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]"Authentication Packages"= msv1_0 C:\WINDOWS\system32\cbXRlIyV[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]@="Volume shadow copy"[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]Usnsvc usnsvc[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]AutoRun\command- E:\LaunchU3.exe -a-- End of Deckard's System Scanner: finished at 2008-04-09 16:51:50 ------------

Relevance 100%
Preferred Solution: Protect.antivirus Malware Infection

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Protect.antivirus Malware Infection

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download ComboFix and save it to your desktop.Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.Double click combofix.exe and follow the prompts.When it's done running it will produce a log for you. Please post that log in your next reply.Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

10 more replies
Relevance 79.95%

The volunteer helping me on the "Am I infected" forum recommended I move my problem over here to this part of the site. I'm not sure if I'm at the point where I should reformat my computer, hope someone can help.Here's my original problems and the logs and help I've received so far: http://www.bleepingcomputer.com/forums/t/208885/ms-antivirus-2009-which-turned-into-another-one-and-now-its-that-nfrdll-error-and-malarebytes-and-superantispy-got-their-butts-kicked/I assume that you'll probably get a better explanation from my problems there, but here's the quick and dirty:Dell Laptop, currently disconnected from the Internet. (It was unable to access the bleeping computer forum anyway--just this site specifically, sites like Google, blogs, those kinds of things worked fine.)The problems started with the MS Antivirus 2009 fake spyware stuff, than the browser hijacks (I shut off proxy servers before coming to the forums), and then I got the Spyware Protect 2009 version of malware, and was only able to get Malwarebyte's to run by changing the extension to .bat after reading it here. Since I started working on these forums with DaChew, I've only followed his instructions.Currently working off my wife's computer, a Mac. Using a USB flash drive that DaChew had me immunize so that I can download the programs on this Mac and transfer them over to the infected Dell. Than I copy the logs onto the flash and move them here.Here's my DDS file, i've changed my name on it to USER.DDS (Ver... Read more

Answer:Serious Malware Infection, started with MS Antivirus 2009, Spyware Protect 2009, nfr.dll

Hello Thefactualopinion and welcome to Bleeping Computer,1. Please download GooredFix and save it to your Desktop.Select "2. Fix Goored" by typing 2 and pressing Enter. Make sure all instances of Firefox are closed at this point. Type y at the prompt and press Enter again. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system. Please also allow any registry changes that may be prompted by any of your security programs.2. Please read this tutorial carefully to download ComboFix from one of the locations specified, and save it to your Desktop.Double click the ComboFix icon to run it.If ComboFix askes you to install the Recovery Console, please do so..The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you.Once the Recovery Console is installed, continue with the malware scan.Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. If you have any questions along the way, STOP and ask them before proceeding !!Greetings,Thunder

6 more replies
Relevance 64.78%

Hello all! I'm posting here because I'm trying to take care of my brother's laptop. On Friday (Christmas Eve) he let me know that he'd gotten what appeared to be a malware and or virus attack which appeared initially as a fake anti virus scan ("AntiVirusDoctor") -generating numerous pop-ups and so forth. This was an older Dell (running Windows XP) of his that he'd had to switch to as his newer one is out of service for the moment-so the usual security software he uses and such had either not been reinstalled or not updated for a very long time with the exception of AviraAntivirus (it had just updated itself an hour or so before hand). Avira's gaurd seemed to have caught about 20-30 files trying to come in -almost all of these were tojan's. He'd started it's scan and had found 3 or 4 infections but I suggested he stop the scan and reboot into safe mode so he could run it from there. Meanwhile I went back to my computer and downloaded the newest version of Malwarebytes and after running his Avira again in safe mode ran a full-system scan on his computer in Malwarebytes. This found around 250 or so more infections. I saved the log files from the two malwarebytes scans I ran (I'd forgotten to ensure that all the files had been selected for removal the first time round & when I saw this immediately rescanned and then removed them). I&#8217;ve a decent amount of experience in dealing with computers but not so much ... Read more

Answer:Malware/Virus Infection: AntiVirus Doctor & other possibly dangerous malware/viruses

16 more replies
Relevance 61.91%

Hi

A few days ago my PC was infected with what I think is the msa.exe Anti virus virus? I'm not very good with this so finding it hard to explain. I keep having random IE pop ups and a lot of notifications that my files are corrupt (AOL being one) I cant install any programs and every time I try to go and search on all files and folders I have the blue screen of death! I also have a message saying Windows XP cannot find my profile and loads without all my files.

Please can anyone help?

Thanks

Answer:msa.exe antivirus malware infection

Hello escapetbsLet's see what MBAM finds please download Malwarebytes from here http://www.malwarebytes.org/mbam.phpupdate it and post it's log back to this thread.if Malwarebytes will not run please try this Rename this file:C:\Program Files\Malwarebytes' Anti-Malware\mbam.exeto this:winlogon.exeThen double-click the renamed file and see if it will run. Regards D_N_M

13 more replies
Relevance 61.09%

While running a search for moving companies in my town, I clicked on the first search item. I was using AOL and immediately upon opening the page I recieved a pop-up saying "Warning!!! Your computer contains various signs of viruses and malware programs..." I am unable to cancel the window and continue using AOL. Using Internet Explorer, I found the directions on downloading and running Malwarebytes. It ran and found a few infected files; but, after rebooting and starting AOL again, I recieved the same pop-up. Below is the DDS.txt file. Please provide me some help. Thank you.
DDS (Ver_09-05-14.01) - NTFSx86
Run by cr at 16:02:37.55 on Fri 05/15/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.459 [GMT -4:00]

AV: Kaspersky Anti-Virus *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Virus *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\a... Read more

Answer:Antivirus 2009 Malware Infection

bump

4 more replies
Relevance 61.09%

Hi, well this antivirus live thing showed up on my computer and started popping up with warnings about viruses, I keep closing it and clicking no. Then after a bit where I try to go into my set programs access and defaults to see if any weird programs have been install it starts to give me errors. For about everything, then about 20 of them keep popping up and popping up.I went into safe mode and ran Malwarebytes' Anti-Malware it found some trojans and deleted them, I then went to restart my computer in normal mode. No pop ups are coming up or anything like before, I idk if I'm still infected so want to check.Thanks for readingDDS (Ver_09-12-01.01) - NTFSx86 Run by admin at 13:20:34.10 on Wed 01/27/2010Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_13Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1214 [GMT -8:00]AV: avast! antivirus 4.8.1368 [VPS 100127-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}============== Running Processes ===============C:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\Explorer.EXEC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\Program Files&#... Read more

Answer:Malware infection "antivirus live"

Anyone? Here is the log I got when I ran mamMalwarebytes' Anti-Malware 1.42Database version: 3348Windows 5.1.2600 Service Pack 3 (Safe Mode)Internet Explorer 6.0.2900.55121/27/2010 12:08:54 PMmbam-log-2010-01-27 (12-08-54).txtScan type: Full Scan (C:\|)Objects scanned: 323290Time elapsed: 1 hour(s), 18 minute(s), 9 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 1Registry Values Infected: 2Registry Data Items Infected: 0Folders Infected: 0Files Infected: 1Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_CURRENT_USER\SOFTWARE\AvScan (Trojan.FakeAlert) -> Quarantined and deleted successfully.Registry Values Infected:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dmofscon (Trojan.FakeAlert) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dmofscon (Trojan.FakeAlert) -> Quarantined and deleted successfully.Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:C:\Documents and Settings\admin\Local Settings\Application Data\rycobj\lfbbsysguard.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

4 more replies
Relevance 61.09%

I started getting pop-ups and warnings advertising the Soft Antivirus. I have norton, so I figured this was malware and googled how to get rid of it. I've tried Malwarebytes and Spyware doctor with no success. I also ran Hijackthis, but none of the file names matched the listed ones for this malware, so I was hesitant to start getting rid of files! Still running in Safemode, as the pop ups and warnings drive me batty otherwise. Hijackthis sent me here...any help would be appreciated! Thanks! GraceDDS (Ver_09-12-01.01) - NTFSx86 NETWORK Run by Melissa at 20:21:27.07 on Wed 02/17/2010Internet Explorer: 8.0.6001.18882 BrowserJavaVersion: 1.6.0_07Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.2006.1279 [GMT -8:00]AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}SP: Norton Internet Security *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestric... Read more

Answer:Soft antivirus malware infection

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEnetsvcsmsconfigsafebootminimalsafebootnetworkactivexdrivers32%systemroot%�... Read more

2 more replies
Relevance 61.09%

hello, thank you in advance for your help. I have used Smitfraud, Malwarebytes, rkill and tried to install RegistryRevival to remove the virus. DDS (Ver_09-12-01.01) - NTFSx86 NETWORK Run by HP_Administrator at 17:57:36.26 on Fri 03/05/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.730 [GMT -8:00]AV: avast! antivirus 4.8.1368 [VPS 100303-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\system32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\Documents and Settings\HP_Administrator\Desktop\dds.scr============== Pseudo HJT Report ===============uStart Page = hxxp://www.msnbc.com/uInternet Settings,ProxyServer = http=127.0.0.1:5555uInternet Settings,ProxyOverride = <local>uURLSearchHooks: H - No FileBHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dllBHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dllBHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dllBHO: Google Toolbar Helper: {... Read more

Answer:Antivirus Soft malware infection

Hello and and Welcome to BleepingcomputerPlease note we are very busy, so if I don't hear from you within 5 days the topic will be closed, If you have since resolved your issues I would appreciate if you would let me no so I can close this topic.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Under the Custom Scans/Fixes box at the bottom, paste in the following bold text.%systemroot%\system32\*.dll /lockedfiles%systemroot%\Tasks\*.job /lockedfiles%SYSTEMDRIVE%\*.exenetsvcsmsconfig/md5startproquota.exeeventlog.dllscecli.dllnetlogon.dllcngaudit.dllsceclt.dllntelogon.dlllogevent.dlliaStor.sysnvstor.sysatapi.sysIdeChnDr.sysviasraid.sysAGP440.sysvaxscsi.sysnvatabus.sysviamraid.sysnvata.sysnvgts.sysiastorv.sysViPrt.sys/md5stopCREATERESTOREPOINTPush the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedThanks

10 more replies
Relevance 61.09%

Hello,Judging by a friend who is more computer savvy than I am, it appears that I have a malware infection. A number of things have happened, which I will try to describe here.First, McAfee (which is out of date and not, to my knowledge, working on my machine) launched, and boxes began appearing saying that "__.exe is infected". A number of things appeared in that box, including mcagent.exe, rundll32.exe, mcvsescn.exe. I also got boxes that said "antivirus software alert" and "infiltration alert." A bubble came up from the bottom toolbar on the right hand side that referred to "BankerFox A" as a possible infection.A number of virus scans were suggested, including "Antivirus Live", which I have never heard of. I did click on a McAfee scan and probably another one that was not legit. Infections were found, but as I am apparently not bright enough to have renewed my subscription to the virus software, there was no way to use even the McAfee software to clean the infections out.I downloaded malwarebytes' anti-malware software, but have been unable to run it. When I try to do so, I get an error message "Error code: 707 (3, 0)". with my friend's help, I tried to run the malwarebytes software while in safe mode. I also renamed it as a number of things, inlcuding explorer.exe, to try to run it, but the same error code persists.I had a hard time running the DDS and RootRepeal programs, but was eventually able... Read more

Answer:Malware Infection, with Antivirus Live?

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 61.09%

Hello all, thanks in advance for your help. My computer was infected yesterday with the "antivirus soft" worm/malware. Before finding out about this forum, I saw a post somewhere about directions on removing it using a combo of rkill and malware bytes anti-malware. Rkill stopped the processes, and malware found i believe 8 threats/files which it removed for me. It required a reboot to finish. Upon rebooting, I was assaulted with a barrage of fake windows security alerts, antivirus soft alerts, and popups. Rkill again stopped the processes, but re-running malware bytes again didn't find any more threats. Basically this is where I am at now. I've reinstalled avg 9.0 free with current updates installed, and a scan did reveal that it has found some threats which it can remove me, but previous problems have told me avg doesn't cure everything, and i wanted to make sure there weren't more things lurking underneath. The logs of found problems are below, thanks again for your help. (*NOTE: I was allowed to upload the required attach.txt but was not allowed to upload the Ark.txt. It said: Upload failed. You are not permitted to upload this type of file. Couldn't figure out why this was. Instead I copied and pasted the results below, under the DDS log.)DDS (Ver_09-12-01.01) - NTFSx86 Run by Compaq_Owner at 11:35:41.37 on Wed 02/17/2010Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_17Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.... Read more

Answer:Antivirus Soft pop-ups, malware infection

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEnetsvcsmsconfigsafebootminimalsafebootnetworkactivexdrivers32%systemroot%�... Read more

2 more replies
Relevance 61.09%

I am working on a friend's computer, Dell Inspiron Mini running WIN XP Home SP3. No Anti Virus software installed but it does appear to have most of the required updates.I got the unit with a complaint there was pop up fake antivirus program that locked up the PC. It was registered in the Control Panel and was removed through the Add/Remove programs. They dont remember exactly what it was.Here is what I see. Everything seemed normal at first. I loaded all the windows updates needed, no problem. I loaded the Windows security tools, it started to run once and will not start. I get several re-directs when surfing for Anti Malware software. Cannot run any of my standard tools. Spybot installs, runs but terminatesMalwarebytes installs, runs but terminates at about 9 seconds, unable to run again without reinstalation.Hijack runs and terminates.I have tried each of these with alternate names and extensions (.scr or .com) Nothing seems to run.I have been through the running processes and don't see anything obvious. I've looked up everything running and again nothing obivious (I'm guessing it's named to look like a valid process.)I picked up a copy of Rkill. It ran but nothing changed in the symptoms. I do have one clue. I used a removable drive to install the tools on the Dell Mini. After working last night I plugged the same drive into my laptop and my Antivirus Software picked up on an infection on the Drive (Bloodhound.expolit343)Scan type: Auto-Protect ScanEve... Read more

Answer:Malware Infection with Fake Antivirus please help

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Please take note:If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available.If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply'... Read more

54 more replies
Relevance 61.09%

[size="4"][size="4"]Hi,Yesterday my daughter downloaded a free song while on the Google Chrome browser. A pop-up appeared saying "computer not protected". My wife determined it was "Antivirus System Pro 2010". Malwarebytes fixed it. Then today a new window popped up: at first a CNN page, but now random advertisements. Malwarebytes no longer works, the error message reads "cannot find malwarebytes.exe." Since then Task Manager, Internet Explorer and Google Chrome have stopped working. McAfee says I'm unprotected (computer and files, and e-mail and IM, but internet and network section is covered. The McAfee "Fix" problems button cannot fix the problem. Script scanning is disabled, as is systems guard, and buffer overflow protection is diabled. McAfee performed a quick scan in safe mode, but found nothing.I Have not been able to get Malwarebytes to work by changing the name of the program.Malwarebytes is not working in safemode, but I'm able to use IE and connect to the internet. Ads still pop up periodically in Safe Mode.Today found tokivafa.dll in startup.I was able to download Highjack This in safe mode.Hope someone might be able to help!Thanks-MikeHere are the requested logs:DDS Text log:DDS (Ver_09-10-26.01) - NTFSx86 NETWORK Run by Administrator at 22:25:27.65 on Mon 10/26/2009Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.191... Read more

Answer:Possible Antivirus Pro 2010 malware infection

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.We need to create an OTL ReportPlease download OTL from hereSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Under the Custom Scan box paste this in

netsvcs
%systemdrive%\*.exe
%systemroot%\system32\drivers\*.sys


Click the "Quick Scan" button.The scan should take just a few minutes.Please copy and paste both logs back here in your next reply.=============The next log will show us any hidden files that are present.Download RootRepeal from the following location and save it to your desktop.Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorExtract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).Open on your desktop.Click the tab.Click the button.Check all seven boxes: Push OkCheck the box f... Read more

10 more replies
Relevance 61.09%

First of all, thanks for any help you can offer. This has been such an irritation

and time consuming process.

My PC is an HP Pavilion dv5000 laptop, about 5 years old.

System:
Microsoft Windows XP Media Center Addition
Version 2002 Service Pack 3
(other than automated microsoft updates, what came on the computer).

CPU: Intel T2400 @ 1.83GHz, 1.99GB RAM

As a user of Comcast CableModem, I use the McAfee Security Center that Comcast provides for free. Have had this installed and running for at least 2 years. here is a rundown of the installed components:
SecurityCenter: v9.15
VirusScan: v13.15
Personal Firewall: v10.15
Perental Control: v11.15
Backup and Restore: v3.15
To the best of my knowledge it is fully activated (seems to always alert me to fix
things when they somehow get shut off). It seems to update it's threat logs at about
2PM every afternoon (I get a notification when this occurs).

Here is what happened. The evening of November 27, 2009, I was doing some work with Visio and I got an alert saying that Antivirus System Pro had detected an infected file. I was not aware that I had Antivirus System Pro installed on my computer. I looked in my system try and McAfee was no longer there and apprared to have been replaced by anothr icon, which I assume is this new program. I started getting virus alerts like crazy. Wanted me to purchase their product for more info. I suspected that Antivirus System Pro is a hoax. Tried to open a browser to investigate, wh... Read more

Answer:Antivirus System Pro Malware Infection

Have confirmed that my browsers (IE, FireFox) are still being hijacked when using search engines. But only on some searches.

18 more replies
Relevance 61.09%

Connectivity issues: IE will not connect, Malwarebytes and spybot will not update.Wireless adapter is hokeyI have checked offline status and windows firewall. Microsoft Security Essentials didn't see any problem at all (of course). Malwarebytes found a hkey override but that was all. Malwarebytes log at the bottom.Any help you could offer would be greatLogfile of Trend Micro HijackThis v2.0.2Scan saved at 2:58:59 PM, on 2/19/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exec:\Program Files\Microsoft Security Essentials\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Dyyno\Dyyno Broadcaster\launcherd.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files... Read more

Answer:"Antivirus" malware infection - Hijackthis Log

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEnetsvcsmsconfigsafebootminimalsafebootnetworkactivexdrivers32%systemroot%�... Read more

11 more replies
Relevance 61.09%

Hi,I've been sharing my desktop with a few pals that I room with and it they left me this mess. Every few moments, I get taken to a blue screen saying that it detected spybot.infostealer and then to the black windows logo loading screen. At the bottom it states that I have an unregistered Rapid Antivirus (which I know I didn't get) and that I should activate it.After that I'm taken to the screen I was working with and bubble system tray messages appear warning of malware infection.I ran Spybot S&D and followed the preparation and I'm still having this problem. Housecall detected Troj.Dloader.dkb and could not delete/clean it. Spybot also detected AdDestination which could not be fixed even at start-up. Please help.HJT Log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:33:01 PM, on 11/23/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\COMMON~1\AOL\ACS\... Read more

Answer:Rapid Antivirus Malware Infection

Hello fridaymoon,Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.Thanks,tea

2 more replies
Relevance 61.09%

I am working on a friend's computer, Dell Inspiron Mini running WIN XP Home SP3. No Anti Virus software installed but it does appear to have most of the required updates.

I got the unit with a complaint there was pop up fake antivirus program that locked up the PC. It was registered in the Control Panel and was removed through the Add/Remove programs. They dont remember exactly what it was.

Here is what I see. Everything seemed normal at first. I loaded all the windows updaate needed, no problem. I loaded the Windows security tools, it started to run once and will not start. I get several re-directs when surfing for Anti Malware software. Cannot run any of my standard tools.

Spybot installs, runs but terminates
Malwarebytes installs, runs but terminates at about 9 seconds, unable to run again without reinstalation.
Hijack runs and terminates.

I have tried each of these with alternate names and extensions (.scr or .com) Nothing seems to run.

I have been through the running processes and don't see anything obvious. I've looked up everything running and again nothing obivious (I'm guessing it's named to look like a valid process.)

I picked up a copy of Rkill. It ran but nothing chnaged in the symptoms. I do have one clue. I used a removable drive to install the tools on the Dell Mini. After working last night I plugged the same drive into my laptop and my Antivirus Software picked up on an infection on the Drive (Bloodhound.expolit343)

Sca... Read more

Answer:Malware Infection with Fake Antivirus

http://www.bleepingcomputer.com/forums/topic376427.htmlNow that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MR Team member is already assisting you and not open the thread to respond.To avoid confusion, I am closin... Read more

1 more replies
Relevance 60.27%

Hi, I'm running on windows xp, I've followed the guide posted on here to get rid of the malware, but so far it hasn't worked. It will go away after I run MBAM but once I reboot the computer after replacing the Hosts file, the malware returns. Any help would be greatly appreciated! I'll post the log of the most recent scan as soon as it is done

Answer:Antivirus Action Virus/malware Infection

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5245

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

12/5/2010 5:00:00 AM
mbam-log-2010-12-05 (04-59-51).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|)
Objects scanned: 167849
Time elapsed: 44 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Spyware.Passwords.XGen) -> Value: svchost -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\Fraga\application data\microsoft\conhost.exe (Spyware.Passwords.XGen) -> No action taken.
c:\documents and settings\Fraga\local settings\Temp\csrss.exe (Trojan.Agent) -> No action taken.Also, after I ran it again, it asked me to reboot which I did, the malware is still there, I had to run rkill again just to access the internet.

1 more replies
Relevance 60.27%

Hi There. I have a Dell Inspiron laptop circa 2006, that has a bad malware infection called "Antivirus Scan." I am running XP Pro 2002. The machine is not a big loss, but I want to be able to clean the infection and recover the files. The system is paralyzed, won't let me access programs or functions except IE to go to their website to purchase "Antivirus Scan." I read this is a known malware infection, if you buy the software then blue screen after that. "Windows" alerts keep popping up about a malicious malware infection on my system, and the only function that is active is to go to their website. Obviously I am writing from a different system. What I want is to download a virus removal program and burn it to disc. The USB ports on my Dell are blocked by the virus, and I figure I need to boot directly from a disc. I just want to recover my files. I don't care if the hard drive is toast.Edit: Moved topic from XP to the more appropriate forum. ~ Animal

Answer:"Antivirus Scan" Malware Infection Need Removal

Take a look here: Remove Antivirus Scan (Uninstall Guide)

1 more replies
Relevance 60.27%

Infected by means of a "video e-mail" according to my son who was using the PC at the time. I've removed "XP Antivirus 2007" but haven't been able to clear the below symptoms. I know there are more AV products running than I should have, this is a result of trying to fix this mess. Normally, Trend Micro Internet Security will be running (it was disabled at the time of infection).Changed Homepage to "softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2"Created three (3) destop shortcuts (these reappear at reboot if deleted manually):1) Error Cleaner "viruswebprotect.com/shandler.php?sid=0&said=0&aid=0&pn=&sg=1"2) Privacy Protector "viruswebprotect.com/shandler.php?sid=0&said=0&aid=0&pn=&sg=0"3) Spyware&Malware Protection "viruswebprotect.com/shandler.php?sid=0&said=0&aid=0&pn=&sg=2"Two (2) popups at various intervals:1) Spyware Alert which claims Worm.Win32.NetSky is present on the PC, when it is not, as other scans do not find it. I have also run "Netskyfix" from Symantec.2) Windows Security alert "Windows has detected an Internet attack attempt... Somebody's trying to infect your PC with spyware or harmful viruses. Run full system scan now to protect your PC from Internet attacks, hijacking attempts and spyware. Click here to download spyware remover for total protection."One (1) System Tray notification at various intervals: ... Read more

Answer:Malware Infection (xp Antivirus 2007) Related?

Hello Ocotillo and welcome to BC My name is SNOWHITE and I will be helping you with your Malware problem.Please follow the steps below exactly in the order they are written:Step #1Please download SmitfraudFix (by S!Ri) to your Desktop.Double-click SmitfraudFix.exeSelect option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.NOTE: If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.NOTE: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.http://www.beyondlogic.org/consulting/proc...processutil.htmStep #2Please download Deckard's System Scanner (DSS) and save it to your Desktop.Close all other windows before proceeding. Double-click on dss.exe and follow the prompts.When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.What DSS will do:create a new System Restore point in Windows XP and Vista.
clean your Temporary Files, Downloaded Program Files... Read more

22 more replies
Relevance 60.27%

Hi, I used to have a winxp antivirus problem when my wife followed the prompts on an email. I believed at the time I had removed the infection and this was about 4-5 months ago. Just recently, I had a new problem of google links not working properly, ie click on a link and takes you to random website after title bar scrolls through 8-9 different links. I googled this hijack links problem and worked out that cutting and pasting the correct link will take me to where I want to go. Well it took me to this forum where I read a few other people problems and found that I needed to run Hijack this etc. Found I still had WinXP antivirus problem (or maybe my kids reinfected the computer) ran the fix suggested (fixwareout - my computer kept not booting after runnign this program. It said it could take a while to reboot but mine just had a dark screen with mouse hourglass. Rebooting usually got me back to login screen but this hanging boot problem kept recurring even after runnign fixwareout) and anyway, things seemed ok for a few days - looked like the problem had gone. Then problem resurfaced. Ran another hijack this log and found a "fixnetdir" problem i think it was. Sorry for being a little vague but we are going back a number of days now and I foolishly didn't write down the problem exactly. The next problems I noticed on my computer were inability to connect to the internet. I could ping the ip address of my modem but even though I was connected at 100MBps I... Read more

Answer:Malware infection (previously winXP antivirus but now not sure)

Hi,
Not sure if it's relevant but just remembered I tried a system restore also. A long time ago, I had set system restore to "maximum available disk space" which was about 50 GB. However when I opened up system restore yesterday there were only 2 restore points available and neither would work. With it set to max, system restore should have had multiple restore points dating back for months. The weird thing was - it would let me select the restore points but it wouldn't let me go any further, ie clicking "next" didn't work. So sys restore never actually attempted to restore anything. This may also help with identifying my infection.

PS zone alarm didn't find any trojan when it scanned for spyware.

12 more replies
Relevance 60.27%

Hello, my name is Curtis and thanks for your help in advance. I believe I followed all the required tasks to the letter and hope to receive some help @ removing this annoying pest of a malware virus. I downloaded MalwareBytes and ran a deep scan on my system. It found and quarantined some files but it was not completely removed. The kill file is great at keeping the malware at bay. Attached are the requested log/.txt files.

Answer:Antivirus Studio 2010 Malware infection

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

40 more replies
Relevance 60.27%

Hi,

Today AntiVirus Suite popped up on my computer, and said it has a virus, please buy this program, etc.
It locked me out of all programs, and I followed this to remove it in XP safemode, (http://www.bleepingcomputer.com/virus-removal/remove-antivirus-suite)
but when I booted back into regular XP it was there again.



I am afraid its in my registry or will come back again since I have no idea how it came on in the first place, and it came back after I removed it in SafeMode.

Any help would really be appreciated. I have done the recommended cleanings, and here are the logs.

Thank you in advance very much.
 

Answer:Rogue AntiVirus Suite Malware Infection

Your logs are clean but for one file. Use windows explorer to find and delete:
c:\documents and settings\James\Local Settings\Application Data\slatwsyp

Now, please put ComboFix directly to the desktop, not here:
Running from: c:\documents and settings\James\Desktop\Virus Removal Tools\ComboFix.exe

If you are not having any other malware problems, it is time to do our final steps:

We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)

Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
"%userprofile%\Desktop\combofix" /uninstall

Notes: The space between the combofix" and the /uninstall, it must be there.
This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
Go to add/remove programs and uninstall HijackThis.
Goto the C:\MGtools folder and f... Read more

5 more replies
Relevance 59.86%

Hello,

I am infected with a nasty trojan. I have tried to clear it up with all kinds of removal tools with no success! I have tried spybot, ad-aware, my intivirus..bitdefender, and malawarebytes. Malawarebytes seems to be the only program picking it up know and says I have trojan.vundo and malaware.trace in my computer. When I press the fix button it says it has quarantined and removed the infection. When I go back to use firefox, or explorer, the pop ups keeps appearing and eventually antivirus 360 comes up again as well. Nothing has worked please help!!!!

Here are my logs.
DDS (Version 1.1.0) - NTFSx86
Run by Daniel Beam at 12:01:41.09 on Sat 12/27/2008
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1534.939 [GMT -7:00]

AV: Bitdefender Antivirus *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Apple\Mob... Read more

Answer:Antivirus 360/Trojan vundo/Malware.trace infection

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable ... Read more

3 more replies
Relevance 59.86%

Antivirus Security Protection kept popping up on our desktop last night. Ran Malwarebytes, cleaned 14 or so items, rebooted and it was still there. Did some research then ran Malwarebytes in safe mode, found one more trojan, followed with RKill which found no processes. Rebooted and still there. Decided to try again in the morning, so shut down. Now it won't boot at all. Tried safe mode (each option), but it just hangs on the next screen. Is there anything I can burn to CD (I'm on my laptop now) that will boot the desktop?

It's an older computer, running XP. Tried booting up from AVG, but it gets hung halfway through.

Answer:Malware infection (antivirus protection) now computer won't boot

Hi jaazmom ,Welcome to Virus/Trojan/Spyware/Malware Removal (VTSMR) forum. I am going to assist you with your problem.Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. In case of making changes I shall assume my assistance is not needed any more.Now it won't boot at all. Tried safe mode (each option), but it just hangs on the next screen.Please tell me precisely what happens, how far it goes?Also tell me what is your operating system, Home Edition or Pro edition and if you have a Windows CD.

5 more replies
Relevance 59.04%

Greetings from Corporate America!
 
Long time listener, first time caller.
 
One of my users complained to me that our AV kept popping up and wouldn't let him open anything. Naturally, I knew right away that wasn't our AV solution, and when I went back and checked, I regrettably confirmed this notion. It was 'Antivirus Security Pro', and I had recognized a few of the symptoms from other Malware I've dealt with in the past.
 
I performed my usual RKill >> MBAM solution (which works most of the time to at least get me into a workable state for deeper cleaning), however I noticed a couple things that were troubling about this particular instance. Firstly, RKill did not fully kill all malicious processes, as AVSP popped right back up after RKill did its work (I was able to kill it via Process Explorer manually, but not until after running RKill a second time, overwriting the original log). Secondly, I noticed a very troubling few lines in the RKill log, which I've pasted below, along with the MBAM Full Scan log. 
 
This is a Win 7 x64 laptop running on a Windows Domain. Our network AV is Trend Micro. I recommend to all of our users to use Chrome or FireFox, however it seems this one was using IE (IE 9, to be specific).
 
Important Note: The issues caught by MBAM where no action was taken are Group Policy implements within our domain; as far as know these are nothing to worry about, except the "don't load|wscui.cpl", I was a little unsure of thi... Read more

Answer:ZeroAccess Infection Discovered by RKill after 'Antivirus Security Pro' Malware

Hello! Welcome to BleepingComputer Forums!
My name is Georgi and and I will be helping you with your computer problems.
Before we begin, please note the following:
I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.
 
 
Please download Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your re... Read more

44 more replies
Relevance 59.04%

I'm assuming antimalware bytes. Full version would be better? Which anti virus. AVG free? or Avast full version? Do I need to select anything to constantly monitor.

last time I had Spybot tea timer running protecting the registry and that did nothing to help.

Answer:What are the essential antivirus/malware programs needed to prevent infection

At a minimum you need to use a good anti-virus suite and a firewall. I use AVG Free and Zonealarm because... well...they are free.....and I have had very good success with protection on multiple computers using them. I do not run any real time malware\spyware scanners. I do use the immunize option on spybot but not the tea timer. I do an occasional scan with malwarebytes and\or Asquared as a preventive measure as well.

10 more replies
Relevance 58.63%

Hi,I'm new to BC and i'm here because i desperately need help. Have been trolling around Google and other forums but to no avail. Hopefully i might receive some help that might fix the problems that i'm encountering. Thanks to all in advance.I believe i have been infected some sort of virus. The first thing that i encountered was that my Windows Automatic Updates was turned off. The red symbol with an 'X' appeared in the taskbar and when i tried to go to Security Centre to turn it back on, it just doesn't register. It remains off. I ran services.msc to switch on BITS and AU (according to the Microsoft site). While i managed to turn on BITS, AU could not be started (Error 1058: The service cannot be started, Either because it is disabled or because it has no enabled devices associated with it.).And throughout all this while, a separate web browser tab keeps opening up randomly prompting me to install 'Antivirus 2009' and warning me about detecting malicious malware and trojans on my computer. I closed all the associated windows and did not install any of the software that they prompted me to. I proceeded to use Spybot Search & Destroy to attempt to remove the virus. It did detect some viruses (a total of 26 problems on the first run and 9 on the second). I remembered that one of the viruses was Virtumonde or something along those lines and another Smith-something (sorry i did not take down the results). BitDefender Antivirus did not detect any viruses on its full system sc... Read more

Answer:Antivirus 2009 Popup/Automatic Updates can't be enabled/Other malware infection

Please download Malwarebytes' Anti-Malware from HERE or HERENote: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.NEXTPlease download RSIT by random/random and save it to your Desktop.Double click on RSIT.exe to run RSITBefore you click "Continue", make sure you change the List files/folders created or modified in the last 3 monthsClick Continue at the disclaimer screen.Once it has finished, two lo... Read more

15 more replies
Relevance 58.63%

Hey Bleeping Computer Expert!

I'm freaking out here, I visited the site mp3000.net and afterwards I've come down with the following symptoms:

1. Wallpaper changes to blue and in the middle it says WARNING! Spyware detected on your computer in a yellow box and underneath in a blue box it says to install antivirus.

2. ZoneAlarm keeps detecting this threat, but I can't seem to find it on Google - lphcvq3j0eecn.exe

3. Upon booting the computer the following windows scripting error appears - tt3.tmp.vbs not found

4. Upon booting the BIOS had some errors but I wasn't able to write them down

5. Antivirus 2008 XP just came up as well

I've downloaded the necessary programs and I await your response.

Answer:Wallpaper Turns Blue & Antivirus 2008 Xp Malware Infection - Going To College Soon!

http://www.bleepingcomputer.com/forums/ind...st&p=876163run MBAM, let it reboot to finish removal, then run it againpost both logsfast track

5 more replies
Relevance 53.71%

Over the weekend I clicked on something I know I shouldn't have, and my computer became infected with the "Vista Antivirus 2008" malware.  At the same time the stupid WGA thing started acting up (which I had never seen before), telling me my copy of XP wasn't valid.  So all of this starts happening at the same time.  Windows and alerts were popping up all over the place, and when my wallpaper got changed to something else, that was when I hit the reset button (since the power button wasn't having any response), and pulled the power plug on my modem.  After that, I haven't been able to launch Firefox at all.  I double-click on the icon, and I get an hourglass for a brief moment and then nothing happens.  Other applications have the same thing occur when I try to launch them (including some of the programs you recommended in your "Before asking for help" post (http://www.computerhope.com/forum/index.php/topic,46313.0.html).On Monday, I did locate a program to remove the WGA stuff called "Remove WGA 2.1" (located here: http://www.softpedia.com/get/Tweak/Uninstallers/RemoveWGA.shtml) and was able to remove that, and haven't had an occurrence of the WGA since then.  I also turned off the Auto-install updates.On Monday as well, I was able to get my older version of HJT working as well as Registry Mechanic, which I'd had on the computer for a little while, though non of my other programs (... Read more

Answer:Still trying to recover computer after "Vista Antivirus 2008" malware infection.

Download Combofix by sUBs from one of the below links.(Try all three if necessary)Link #1 Link #2Combofix MUST be saved to the desktop. Close all other browser windows.  Go to Start > Run and copy/paste in the following:"%userprofile%\desktop\combofix.exe" /killallPress Enter and Combofix will begin to run. When finished, it will produce a log file located at C:\ComboFix.txt Post the contents of that log in your next reply.Note: Do not mouseclick combofix's window while it is running. That may cause your system to stall.Combofix should not take more than 20 minutes to run. ----------Add the combofix log in the next reply.

8 more replies
Relevance 52.48%

Ok this is weird. I run Ntl netguard, and Spyware Doctor. A few days ago, SpyDoc refused to auto update. Nothing strange thought I, site must be down.

Well its been four days now. Then I noticed I couldn't connect to Microsoft to do updates either. On further investigation, I found I can't connect to ANY legit malware sites. I have run Spybot, Ntl netguard, Malware Byte's anti malware, and Norton AV, none found anything wrong.

However, I tried setting up a proxy within Firefox, and CAN connect to the sites I couldn't otherwise. (albeit incredibly slowly).

As things stand, I can't update any malware software, and assume my poor PC must have caught something new and nasty.

Please help

Hi jack this follows:-

Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:10:08, on 19/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ntl\ntl Netguard\fws.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterSer... Read more

Answer:Help Pls! Can't update Malware Protect or Visit Any Malware Sites

sorry, bump
 

2 more replies
Relevance 52.07%

I have always had a problem with malware, as I am always on the Internet. I am wondering, what antivirus software should I use and how many? The one thing I know nothing about in computers is malware, so my defense is probably lacking.
 

Answer:What is the best antivirus(es) to protect my pc?

Not best, but better is AVG or Avast.
Add more scanner for on-demand scanner. Zemana AntiMalware, Hitman Pro and Malwarebytes antimalware.

Hitman pro is free for scan system but you need to buy the product if you try to remove viruses too.
Zemana AntiMalware and Malwarebytes antimalware is free for scanning system and remove malwares.

Try CCleaner for Privacy and Optimisation.

thats it from me.. and welcome to MalwareTips
Enjoy
 

6 more replies
Relevance 52.07%

Hi. I am really frustrated because I keep getting pop ups for Win AntiVirus Pro and Sys Protect. I have uninstalled both of the programs, and have doubled my internet security options, and I run an Ad-aware scan almost everyday.

What can I do to stop these from popping up and automatically downloading?

Thanks!
 

Answer:Win Antivirus Pro and Sys Protect

15 more replies
Relevance 51.66%

Most AV products have the ability to password protect the settings but does it add any security?  I'm not worried about another person physically accessing my computer so is it really worth my time?

Answer:Should I password protect my antivirus?

Well since some viruses completely disable AV programs from running, I doubt a password would help unless it has to go though the password first and then hit the AV product. But overall, it's really your call. Your computer, your choices.

3 more replies
Relevance 51.66%

hi i have been deleting this a lot and it comes back in a few minutes after deleting

Deckard's System Scanner v20071014.68
Run by troy on 2007-10-28 08:41:22
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
12: 2007-10-27 19:41:34 UTC - RP332 - Deckard's System Scanner Restore Point
11: 2007-10-27 03:53:41 UTC - RP331 - Restore Operation
10: 2007-10-26 23:23:49 UTC - RP330 - Installed MacroMachine
9: 2007-10-26 04:33:17 UTC - RP329 - Installed Eudemons Online
8: 2007-10-26 04:33:06 UTC - RP328 - Installed Eudemons Online


-- First Restore Point --
1: 2007-10-13 01:18:19 UTC - RP321 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-10-28 08:45:11
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TGTSoft\StyleX... Read more

More replies
Relevance 51.66%

Bitdefender is one of the worldwide leaders in computer security. With an advanced protection, fast performance and easy management, it is one of the top security programs in the anti-malware industry.Bitdefender provides
different protection levels, from Antivirus to Total Protection and mobile devices.

Bitdefender Antivirus Plus is the entry level protection program and formerly named product of the year. It provides the fastest speed and high protection with a single click.
Bitdefender Internet Security is a powerful and complete security program that protects from all kind of threats. It is good for you and your family with the integrated parental control and the two-way firewall.
Bitdefender Total Security is the ultimate protection suite that provides the maximum protection and system optimization as well as device anti-theft and file encryption features.

Answer:Antivirus Protect Your PC & Privacy

SPAM. FE informed

1 more replies
Relevance 51.25%

Hello,
Is there a way ( config or app ) to protect a PC from infection via a thumb/flash drive insertion?
This would be for a XP SP3 and a WIN7 machine.
Thanks in advance for your time
 

Answer:How To Protect PC From Infection via USB Port

9 more replies
Relevance 51.25%

Unable to boot machine, just loads black screen with a cursor after login.

Ran DDS in safemode.
GMER was unable to run.

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 10.0.9200.17054
Run by Jodey at 20:54:37 on 2014-09-06
Microsoft Windows 8 6.2.9200.0.1252.2.1033.18.7894.6623 [GMT -7:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\dwm.exe
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Windows Defender\MsMpEng.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\Explorer.EXE
C:\windows\system32\ctfmon.exe
C:\windows\servicing\TrustedInstaller.exe
C:\windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\TiWorker.exe
C:\Users\Jodey\Desktop\SFCFix.exe
C:\windows\system32\dism.exe
C:\Users\Jodey\AppData\Local\Temp\0ECADDAF-DBDF-462C-8FF5-AA4931CBF97D\dismhost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\Sy... Read more

Answer:Search Protect Infection

Problem resolved, please delete/close thread

2 more replies
Relevance 51.25%

Have the elements of Flash all listed in the Whitelisted processes in NVT 3.1.0.0. This is because I chose to allow it during installation along with Windows processes. Once the installation was complete, I unchecked "Allow Windows system protected processes" in settings and "Allow all software from the Programs Files folder". I've been over the list of allowed that were allowed during the installation, and I am fairly confident the setup is malware free.

I would rather not block Flash player, as I have Firefox set up to show a pop up for me, so that I can choose to run the player on demand. That mentioned, is there anything that I need to do with NVT to protect against possible Flash drive by attacks? I also have all the elements of Flash being monitored in EMET.

One last question. What should I be wary of when looking at NVT pop ups for a Flash type of attack, should the attack get by EMET? Would it typically be a temp folder thing or more likely something from Windows in the form of a command line? Never seen the details of one of these types of attacks before. NVT is great, but the pop ups can begin to look amazingly alike, so I am trying to understand as much as I can about what to look for from malware attacks.
 

More replies
Relevance 51.25%

Hi, I'm a newbie on here, and not really v.technical. So apologies before I start! A spyware programme called WinSpyware Protect took over my computer yesterday, it tries to get u to buy a bogus anti-spyware product. AVG did not pick it up, and we tried to do a system restore and it would only allow us to take it back to an hour before! Pretty much everything has been taken off the Startup menu... All Programs button has been removed, Control panel, even the Run button. Set Programs Access and defaults, the Spyware and access to AOL were the only things left. I downloaded another recommended Anti-Spyware programme and did a quick scan with it. It picked up 767 potential threats 728 of those being adware cookies, i tried to remove and quarantine everything, the programme said that it needed to reboot to finish the removal. However, when it tried to reboot it came up with a black screen saying there was a problem accessing Windows XP and so i told it to go back to the last date. Windows desktop then came back on with message saying something about error with Windows/System32/???/DLL, the fake icons had disappeared from the desktop however, on the toolbar in the bottom right hand corner of the screen it now says VIRUS ALERT! and the microsoft automatic updates have been switched off and it will not allow you to turn them back on. Everything is still missing from the Startup menu and now I cannot even access AOL, it says the connection device is missing! Task... Read more

Answer:Winspyware Protect Infection!

I downloaded another recommended Anti-Spyware programmeplease name it; also all your other protection programs HI ;IF the computer will stay for long enoughcan you empty your temp internet files folder? then can you please try these two scans?malawarebytesyou need to be ON line to start this process and please run the scan in computer?s NORMAL mode http://www.besttechie.net/tools/mbam-setup.exealternate download link 1 http://malwarebytes.gt500.org/mbam-setup.exealternate download link 2 http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.htmlsuggest; download the exe to your downloads folder so you know where to find it; create from that folder a shortcut to your desktop .Double-click on the to install the application.The installation is relatively straight forward; just follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.The Program will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, you may manually download them from herehttp://www.malwarebytes.org/mbam/database/mbam-rules.exeOn the main interface you will see different tabs at the top of the program?Select ... Read more

2 more replies
Relevance 51.25%

hi i have 3 users in this pc and one of my kids dosn't like my antivirus because it slow the pc that what he says and thats when he goes to not safe sites he gets a lot of trojans he use the pc as administrator is there is a way where he can not be able to uninstall the antivirus thank you very much

Answer:how to password protect my antivirus program

Don't let him login as an administrator. Some security software have a password protection feature with them you can check and see if yours does. What AV are you using anyways?

2 more replies
Relevance 51.25%

Hi Folks, seem to be having a few problems with my computer again, with Norton antivirus all of a sudden the auto protect has stopped working, I go to options and find the box is unticked, I tick the box and press the OK button, if I go back into it again the box is unticked again, I've tried the default button which automatically ticks the auto protect box, then again Ok and when I boot up again the same happens no tick in the autoprotect box? puzzled, I dont know if this is the same problem I am having with the google toolbar, I keep down loading it but its no where to be seen, I'm running windows XP Pro, any help would be appreciated.
 

Answer:Re: Auto protect on Norton antivirus

I had the same problem, and it is very disconcerting. I spent a lot of time trying to fix it to no avail. Finally resorted to uninstalling and reinstalling Norton. I had made a backup disk when I first downloaded Norton a year ago (which they suggested) so I started with that, then had to go to the site to get all the updates. Took a while, but solved the problem. I have tons of security on my system, but I still think somehow my system was compromised.

A side note: while trying to figure out what was wrong, I clicked everything I saw at Norton's site that might offer some help, and at one point it scanned my computer and came back with "You do not have the latest version of Live Update." Needless to say, by then I was gnashing my teeth and spewing odd-sounding words. I keep Live Update scheduled to run automatically...which it does...so why didn't it "update" to the latest version? gurrrrrr.

Anyway, I wish you luck, and hope this helps in some way.
 

10 more replies
Relevance 51.25%

My NAV expired and I recently removed it in favor of SAV 9.0 Corporate Edition from the University. I d/led the *exe file and installed as per instructions. However, when I try to run the program, I get the following message,

"Symantec Antivirus Auto-Protect failed to load"

When I view the configuration, I see that the Auto-Protect feature is 'disabled' and whne I try to enable it, I get that message above again.

I have tried about everything to get this thing to work for me to no avail. I hae scanned the computer with Ad-Aware, Spybot, SAV9.0, TrendMicro, Panda and removed everything suspicious.

Any suggestions/help.

One other thing. Spybot signals me that it has blocked 174 processes. How can I view these processes to see if one might have been SAV?

Thanks.

george

Answer:Symantec Antivirus Auto-Protect

Has this been resolved as per your previous post?

3 more replies
Relevance 51.25%
Relevance 51.25%

Hi,

I just heard about Immunet Protect, seems pretty recent, it's another cloud antivirus.

Immunet - FREE AntiVirus

Head to Head: Immunet Protect vs. Panda Cloud | OnSoftware

seems interesting, I will test it and post feedback here.

Answer:Immunet Protect - cloud antivirus

oops, this doesn't even support x64 systems, I'll have to install that on another computer

on the brighter side, panda cloud team are working hard to make x64 systems users happy: http://www.wilderssecurity.com/showthread.php?t=250952

1 more replies
Relevance 50.84%

Can not access the internet; everything I type in gets rediredted to hxxp://os-guard2010.microsoft.com/block.php?r=59.6]http://os-guard2010.microsoft.com/block.php?r=59.6[/url]. The unwanted antirus program (Antivirus-Live) runs a scan and tries to get me to buy it. Fake windows program pop-up messages tell me I am infected with this or that virus and ask do I want to purchase. So far, all the fixes I have seen rely on my being able to download something from the internet, which I cannot do because the http address is redirected as described in first sentence above. I also can not install my newly purchased Kaspersky antirus CD because virus has deactivated anything I try to run,giving message that it is infected. But here is what I did try: I installed the current version of Kaspersky on another PC, then took out my infected hard drive and put it in a powered IDE enclosure and scanned it using Kaslersky via USB using the uninfected PC contained fresh version of Kaspersky. It found and deleted several trojans and other viruses. But when I put the drive back in my PV and boot up, I still have that darn antivirus-live problem, and still have no control of internet address and can't load or start programs. That thing must be well hidden from kaspersky I guess. Help! I spent $130 on the Kaspersky & the IDE enclosure and 6 hours of time & have nothing to show for it. Thank you.

Answer:Antivirus-Live infection, has disabled my real antivirus, and most functions, and redirects internet address

Hello donwa,I am Syler and I will be helping you with your problems.Please download GMER from one of the following locations, and save it to your desktop:Main Mirror
This version will download a randomly named file (Recommended)Zip Mirror
This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs, as this process may crash your computer.Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.Double click on Gmer to run it.Allow the gmer.sys driver to load if asked.You may see a rootkit warning window, If you do, click No.Untick the following boxes on the right side of the Gmer screen.
Sections
IAT/EAT
Show AllClick on and wait for the scan to finish.If you see a rootkit warning window, click OK.Push and save the logfile to your desktop.Copy and Paste the contents of that file in your next post.

6 more replies
Relevance 50.84%

So here's my problem. While using the internet the Spyware Protect 2009 scanner popped up on my screen. I didn't realize that it was a fake scanner so I let it scan. So now my computer got installed with and infected by Spyware Protect 2009, and it won't go away. It continuously gives me pop ups saying that there are infections on my computer. I scanned it with the most recent version of MBAM a few times, and it removed the infection, but it keeps coming back. Please help.

Answer:Spyware Protect 2009 infection

Hi there! to Bleeping Computer.Please update MBAM, do a full scan, then please post the log in to your next reply!(Note to advisors: User may have to go to HijackThis according to BC Removal Tutorial)

6 more replies
Relevance 50.84%

A few days ago, my computer starting displaying alerts to buy SpywareProtect 2009. I did not purchase it and after reading on a different site some advice about getting rid of it, I ended the process from the taskbar and deleted one of it's executable files. That eliminated the pop ups but problems persisted. I attempted to run Malwarebytes but the system wouldn't let me do it. I read on the forums here about renaming mbam.exe to mbam.com and after doing so, it ran. Unfortunately I still have erratic computer behavior. I can't go to certain sites unless I type in the address in my browser and I still can't run mbam without renaming it. Also when visiting certain sites my Firefox browser just closes down by itself.

I just ran my Norton Antivirus and it can't find anything. Every time I now run Malwarebytes it finds something, I delete them, restart the computer and they come back. I believe I am using the latest version of Malwarebytes (version 1.34 from Feb 21).Here is the latest output from Malwarebytes. Please help.

Malwarebytes' Anti-Malware 1.34
Database version: 1793
Windows 5.1.2600 Service Pack 2

3/4/2009 6:27:45 PM
mbam-log-2009-03-04 (18-27-45).txt

Scan type: Full Scan (C:\|)
Objects scanned: 201160
Time elapsed: 1 hour(s), 29 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 1

Memor... Read more

Answer:Spyware Protect 2009 infection

Update MBAM to the newest definitions, use the update tab in the program window, run another quick scan but run ATFCleaner firstPlease download ATF Cleaner by Atribune & save it to your desktop.Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox browser click Firefox at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser click Opera at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".After a reboot if required to remove files, please run Smitfraudfix as a scanPlease download SmitfraudFixDouble-click SmitfraudFix.exeSelect option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious"... Read more

10 more replies
Relevance 50.43%

Norton Auto Protect AntiVirus was working fine until I downloaded a patch called Windows Shutdown for Windows 98se which is what I use. Any ideas on how to enable Norton APA again. It shows up at startup with Dos window reading that Norton AVa can't be loaded?
thanks much.....
 

Answer:Can't enable Norton Auto Protect AntiVirus

If you can't restore your system to a date before you downloaded the patch you may have to delete Norton and then use the Norton disk to reenter it to your system.
 

1 more replies
Relevance 50.43%

Hello,

I had Winspyware Protect on my computer a few months ago and I'd like to thank this forum for it's help. You can find the thread under the title Winspyware Protect under my user ID. Well...now a friend has it: I recgonize the pop-up windows. And she has what looks like Antivirus 2008 and/or Antivirus XP 2008 too!!! SHE SAYS her and friend were looking around on the net for the benefits of wheat germ or bean curd...lol...or something.

Anyway, she had Antivirus 2007 (the virus) some months ago, and I removed it with Malwarebytes Anti-Malware tool. So if you happen to see that file in the scan reports, that's why. She said this or these viruses took over the computer in a matter of seconds. I'm walking her through this, so here we are.

The system restore points are gone. The desktop icons and start menu bar appear and disappear every few seconds (very frusterating). And if I hadn't have disabled the antivirus program (Avast) it would be popping up every second or so with a new ALERT. So I'm running without an antivirus program simply so I can get something done on the computer.

*** Please let me know at what steps I should disconnect from the internet. I have a second system (not currently hooked up to the LAN for obvious reasons) with which I can communicate with while this computer's isolated from the LAN ***

I've managed to run Panda Activescan after some difficulty. This computer has all the critical updates from Microsoft Update. I've down... Read more

Answer:Antivirus (XP) 2008 and Winspyware Protect - Yippie!!

Hi there,

* Click here to download HJTsetup.exeSave HJTsetup.exe to your desktop.
Doubleclick on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

Then,

Please go here to install the recovery console and for a guide on using combofix.
Please note: Installing the Recovery Console plays a vital part in making this process of cleaning your computer safe, don't overlook this!

Now please download combofix from here or here. It is important that you save this file to your desktop.

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a Hijack This log in your next reply.

A quick heads up, if you click on combofix's window when it's runnin... Read more

17 more replies
Relevance 50.43%

I need to clarify a doubt on security. I am using Windows 8 Pro and the antivirus software Kaspersky. My Firewall protection is 100 percent. I don't take any chances. I research online a lot, so want to be safe from all malware and virus. Recently, I came across this article on various IT threats. Biggest Threats To IT Security | NCI . It's a brief article about different kinds of viruses. I am familiar with worm and Trojan. One unfamiliar name is logic bombs. I am confused it with Trojans. How does it work?
Does win 8 Firewall along with the antivirus software prevent attacks of the malicious softwares? Is the system really safe if the Firewalls are on?
I am hearing more and more news about online threats, that I am beginning to feel that most antivirus protections are just vacuum.

More replies
Relevance 50.43%

My symantec Antivirus keeps disabling autoprotect. I try to enable it, but it will just disable itself after like 1 second. My program version is 10.2.0276 and scan engine is 81.2.0.25. I also tried to system restore back 4 days but the problem is still there. Here is my hijack this log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:21:03 PM, on 10/24/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SharpSoft\Vista Battery Saver\VistaBatterySaver.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:... Read more

Answer:Symantec AntiVirus keeps Disabling Auto Protect

Bump please, need help
 

3 more replies
Relevance 50.43%

Does anyone know which of the antiviruses mostly used that do not detect against potentially unwanted programs?
 
I know for sure Norton does not protect against Pups   . I am thinking of switching from my Norton antivirus for this reason.
 
Thank You.
-Dave

Answer:Antivirus programs that do not detect or protect against PUPs

Hi Dave -
PUPs are generally detected by Antimalware programs (like Malwarebytes and a few others) rather than your Antivirus.
Since both types of programs operate in their own way, both are required on your computer.
Read Supplementing your Anti-Virus Program with Anti-Malware Tools, and the reasons for it.
EDIT - We often use ESET Online scanner, since this is one Antivirus scanner that detects PUPs.

4 more replies
Relevance 50.43%

I get a popup on taskbar after several minutes of windows startup. However, sav looks enabled. Why is that happening? Program version is 10.1.6.6010

Answer:Symantec Antivirus Auto-Protect is Disabled

Can you provide more details: what OS? Is it completely patched?
List all security software? Name and version?
When this "Antivirus Auto-Protect is Disabled" started happening what else occurred around that time? Malware? install new software? hard crash? system restore?
Have you recently made any other changes?

3 more replies
Relevance 50.43%

http://linux.softpedia.com/blog/ant...-to-protect-your-pc-from-viruses-508627.shtml

Today, September 25, 2016, 4MLinux developer Zbigniew Konojacki informs Softpedia about the immediate availability for download of a new, updated version of his popular, independent, free, and open source Antivirus Live CD.

Based on the Beta version of the upcoming 4MLinux 20.0 operating system, today's Antivirus Live CD 20.0-0.99.2 release brings many updated components, as well as the latest virus signatures from the ClamAV (Clam AntiVirus) project. Version 0.99.2 of ClamAV is used in this updated version of Antivirus Live CD.

"Antivirus Live CD is an official 4MLinux fork including the ClamAV scanner. It's designed for users who need a lightweight live CD, which will help them to protect their computers against viruses," says Zbigniew Konojacki in today's announcement. "The latest version 20.0-0.99.2 is based on 4MLinux 20.0 and ClamAV 0.99.2."

That's right, you can use Antivirus Live CD to protect your PC from viruses, if they are recognized by the ClamAV virus scanner, of course. Best of all, Antivirus Live CD works independently of the computer operating system you have installed right now, GNU/Linux or Microsoft Windows.

The new version, Antivirus Live CD 20.0-0.99.2, can be downloaded right now via our website, where you'll find two ISO images. The smallest one contains no virus signatures, and it should be fetched by those who can'... Read more

Answer:Antivirus Live CD 20.0-0.99.2 Uses ClamAV 0.99.2 to Protect Your PC from Viruses

If it is not Ubuntu based should be fine.
 

1 more replies
Relevance 50.43%

Hello all,

First, Thanks in advance for the assistance.

I'm working on an IBM Thinkpad R40 that I had loaned out to a friend of mine for a few months. He didn't have a computer at the time, so I loaned him an extra laptop I had. When he returned it to me, it had some very aggressive internet explorer pop-ups hitting every few seconds and the Symantec Anti-Virus that I had installed previously had the auto-protect disabled. I downloaded Spybot, ran multiple scans, and managed to eliminate many of the threats. I downloaded Ad-Aware, and did several scans and also managed to find a few more. I updated my Symantec Antivirus definition files, and ran a full scan and found multiple threats, most of which were easily quarentined. I went into Safe-Mode and deleted a couple of files that had already been in memory. There were 2 files identified by Symantec as infected that I could not get to delete, even in safe mode. Those were:

WLCtrl32.dll: located in C:\Windows\system32\; flagged as Trojan Horse
WinCtrl32.dll: located in C:\Windows\system32\; flagged as Trojan.Pandex

I attempted to uninstall Symantec Antivirus to install a different version and I am get a failure everytime I go to uninstall it. I feel strongly that there is some form of Malware/Virus that is preventing me from repairing Symantec or uninstalling it to install a newer version. I downloaded Hijack This and ran it to see what it might show as being present. Most of the files seem normal, however there a... Read more

Answer:Symantec Antivirus Auto Protect Disabled

11 more replies
Relevance 50.02%

My computer is infected with the "Security Protection designed to protect" malware described at the bleepingcomputer web page, http://www.bleepingcomputer.com/virus-removal/remove-security-protection

However, I was not able to remove it using the instructions from the web page.

The first thing I tried was starting up the computer in Safe Mode and using System Restore to go back 2 days in time. That didn't fix it. Then I found the bleepingcomputer web page, which exactly described the symptoms: fake scan window, can't run programs, and web pages redirected to strange ad web sites.

I tried running TDSSKiller, but it will only scan for a few seconds, and then it suddenly stops running and disappears.

When I try to run Malwarebyes, the same thing happens. It scans for awhile, maybe 20 seconds, then dies and disappears.

When I try running rkill, I get a popup that says Installation Failed, but it still seems to run. Then all the desktop icons disappear, and I get the "Windows is running in safe mode" window, like Safe Mode is restarting from the beginning. I click Yes to start Safe Mode, and I'm back to where I started.

I attempted to do the steps in the bleepingcomputer "Preparation Guide for Use Before Using Malware Removal Tools and Requesting Help". I enabled the Windows firewall (it was already enabled), ran DeFogger (it didn't find anything to disable), and ran DDS successfully, which created the log files DDS.txt and... Read more

Answer:"Security Protection designed to protect" infection

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/414933 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

16 more replies
Relevance 50.02%

Hi all,

First, thank you for taking a look at my post.
I am cleaning a computer remotely for someone and have ran into a problem of not being able to remove a couple of files and registry entries.
The problem started with screen prompts of Spyware Protect 2009 fake spyware alerts.
McAfee is installed as their antivirus program.
I've cleaned most of the malware using SuperAntiSpyware and MalwareBytes. MalwareBytes detects the remaining files, but is unable to remove them even after reboot. I'm unable to delete, rename, or move a file that I see (dbcyxgy.dll) in the System32 folder.
I've also ran VundoFix and ComboFix.
The computer is running without popups or other blatant behavior at this point, however, it begins to slow after use.
Thank you again for looking at my post.
DDS (Ver_09-03-16.01) - NTFSx86
Run by ROBERT at 16:11:29.14 on Tue 05/05/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.383.151 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\... Read more

Answer:Spware Protect 2009 Infection/Vundo

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

2 more replies
Relevance 50.02%

Hi All,

Yes, I am a newbie... I ended up finding this site from doing a search on a yellow pop-up message that I seem to receive upon start-up of the PC. It appears on the bottom right (just above the taskbar). It states "Symantec AntiVirus Auto-Protect is Disabled" with a red circle and cross through it to the left side of the text.

Now... there are a few quirky things that go on after the PC boots, until this pop-up appears. I can access the internet, but.... I cannot do the following:
1. Right click my computer, properties. The hour glass appears and nothing occurs.
2. Start -> control panel -> network connections. Hangs.

Then after 5-10mins the pop-up appears and then.... all of a sudden items 1 and 2 appear.

I'm running XP Professional, Service Pack 2. The symantec version I am using is 10.1.5.5000.

This is rather fustrating and I have searched google, and altavista.

If someone can advise how to insert a picture of the message I will.

Thanks in advance for anyone's support or ideas,
Matt

Answer:Symantec AntiVirus Auto-Protect is Disabled Yellow Pop-up

Hello and welcome,hopefully we can do something.Inserting An Image Within A Post Can we get an MBam log?Now run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress... Read more

1 more replies
Relevance 50.02%

The first thing people do after installing an operating system is to install an antivirus software. With an antivirus installed, they think that their computer is safe now. But how effective are these antivirus? New malware is written every day while old ones are enhanced to bypass both signature and behavior based antimalware. Under current circumstances, it is safe to say that antivirus software itself can be exploited by the cybercriminals to compromise your computer. Do antivirus really work? Is an Antivirus good enough to protect you from modern online threats? Is it still necessary & relevant? Do you even need one? We?ll talk about that in this post.

Is an Antivirus still good enough to protect you?
Antivirus software is either offered as free basic version or a paid pro version with some additional features. The same holds true for Internet Security Suites too.

Out of these two, the paid one?s typically are bulkier, occupy more space, take up RAM and use more CPU, etc., while at the same time offering you integrated protection.

The problem starts at the point where the advanced anti-malware start interfering with your operating system and browsers. These security software reach out to the OS kernel and tweak it for continuous monitoring. They also bypass the built in features of browsers that detect dangerous web pages. That means installing such a security software can expose you more to the dangers lurking out there on the Internet.

Do Antivirus really wo... Read more

Answer:Is your Antivirus still good enough to protect you from modern online threats?

Can't say about my antivirus but if a member follow some basic method while surfing the internet and using computer you can surely can stay safe and an antivirus is surely gonna help you out, but if someone specifically is having a motive of hacking into your computer than i would say none this might work.
 

7 more replies
Relevance 50.02%

Recently, I restored my computer from a backup and re-downloaded my essential programs. Then, the next day I looked at my scan from symantec endpoint protection and it found Spyware Protect 2009 in my computer, quarantining it. So, I went to MBAM and ran a full scan, resulting in no malicious things detected. And now, It won't connect to any antivirus websites, such as mcafee, symantec, and Malwarebytes, but any other website works. I tried running RootRepeal, but each time I tried it it would crash when it reached C:/Windows/winsxs/Manifests. BTW, thank you ahead of time for anybody who helps me.Here are the logs:DDS (Ver_09-12-01.01) - NTFSx86 Run by Dima at 16:45:48.87 on Mon 02/01/2010Internet Explorer: 8.0.6001.18882Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3061.1383 [GMT -6:00]SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\SLsvc.exeC:\Windows\sy... Read more

Answer:Spyware Protect 2009 and can't connect to antivirus sites

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

3 more replies
Relevance 50.02%

Hi,

can anyone here tell me from his experiences what is the best Anti Virus software to protect a Windows 2003 Server? The server doesn't run an Microsoft Exchange Server.....this Server runs only a Microsoft SQL 2005 Server.

Regards,

Wojtek
 

More replies
Relevance 50.02%

I'm running a Dell PC with XP, and I just downloaded Norton AntiVirus from my university. Everything works except AutoProtect won't stay enabled. In the menu the check box for that option says "Enable Auto-Protect (Disabled)", regardless of whether or not I check the box, "(Disabled)" remains. When I try to enable AutoProtect from the AntiVirus program running in the taskbar, it enables for a second and then disables itself. I suspect malware. Any ideas? Below is my HJT log:
Logfile of HijackThis v1.97.7
Scan saved at 1:07:06 AM, on 1/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\sv... Read more

Answer:Solved: Norton AntiVirus Auto-Protect keeps disabling!

16 more replies
Relevance 50.02%

I have Symantec Antivirus that I got from a university. Everytime I try to enable it, it disables again like 2 seconds after or doesn't enable at all. The program version is 10.2.0.276 and scan engine is 81.2.0.25. I did a scan and found nothing. Here is the log file from Hijack this.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:49:44 PM, on 10/18/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\SharpSoft\Vista Battery Saver\VistaBatterySaver.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Sideba... Read more

Answer:Solved: Symantec AntiVirus keeps Disabling Auto Protect

nvm, fixed it by system restore back a day.
 

1 more replies
Relevance 50.02%

Hi,

I'm running Symantec AntiVirus 10.2.0.276 on my computer, but after a recent windows update, the system boots with a red line through the SAV taskbar icon.
Whenever I try to enable Auto-Protect, the red line will disappear but reappear in a couple seconds. When I open the program there's a checkmark next to the "Enable Auto-Protect" option, but the taskbar icon says otherwise.
My operating system is Windows Vista Home Basic.

Here's a HijackThis log:
Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:42:39 PM, on 7/11/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 -... Read more

More replies
Relevance 50.02%

Good Morning!

I restarted my computer yesterday and noticed my autoprotect icon has the circle slash (like the ghostbusters' symbol) around it. When I went into the settings for auto protect, next to the check box to enable the program it said "enable auto protect (disabled)". It just won't enable! I performed a full scan last night with the antivirus program and nothing turned up. So then I did the HijackThis scan.

If someone could help me in fixing my antivirus issue, I'd appreciate it. My computer is hooked up to the internet almost 24 hours a day!

Here's my scan results:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:35:54 PM, on 2/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PRISMSVC.EXE
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec An... Read more

More replies
Relevance 49.61%

Couldn't seem to find a solution for this... After it started, windows live messenger crashes after logon.
Attached is the screen of the antivirus and here is the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:34:33 AM, on 6/4/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\PROGRA~1\GbPlugin\GbpSv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Rockwell Software\FactoryTalk Activation\lmgrd.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Rockw... Read more

Answer:Sysmantec AntiVirus Auto-Protect goes Crazy about this Trojan.Adclicker

*shameless bump*
 

1 more replies
Relevance 49.2%

A few days ago, my computer starting displaying alerts to buy SpywareProtect 2009. I did not purchase it and after reading on a different site some advice about getting rid of it, I ended the process from the taskbar and deleted one of it's executable files. That eliminated the pop ups but problems persisted. I attempted to run Malwarebytes but the system wouldn't let me do it. I read on the forums here about renaming mbam.exe to mbam.com and after doing so, it ran. Unfortunately I still have erratic computer behavior. I can't go to certain sites unless I type in the address in my browser and I still can't run mbam without renaming it. Also when visiting certain sites my Firefox browser just closes down by itself.

I just ran my Norton Antivirus and it can't find anything. Every time I now run Malwarebytes it finds something, I delete them, restart the computer and they come back. I believe I am using the latest version of Malwarebytes (version 1.34 from Feb 21).Here is the latest output from Malwarebytes.
After I posted this in the "Am I infected" forum, I was instructed to run ATF Cleaner, which I was able to do successfully. I was then instructed to run Smitfraudfix. I was able to download it but it wouldn't run. The moderator at that point, due to the uacinit.dll file suggested I come over to this forum.

Here is my DDS.txt file and Anti-Malware file:
DDS (Ver_09-02-01.01) - NTFSx86
Run by family at 21:42:09.07 on Wed 03/04/2009
Internet Explorer: 7.0.573... Read more

Answer:Spyware Protect 2009 infection leaving file uacinit.dll

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. Please download Trend Micro - HijackThis. Do a new scan with Trend Micro - HijackThis and post it in your next reply.] Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instructed to do so! Let me know if any of the links do not work or if any of the tools do not work. Tell me about problems or symptoms that occur during the fix. Do not run any other programs or open any other windows while doing a fix. Ask any questions that yo... Read more

23 more replies
Relevance 48.79%

I don't know what the problem is, but my Norton AntiVirus auto-protect driver could not be loaded on startup. Besides, I can't access MSN, Gmail and some other sites such as Microsoft Update site. My ICQ would shut itself down for no reason as well. It gets pretty slow every now and then, too. Please please help me out here~ here's my HijackThis log:Logfile of HijackThis v1.99.1Scan saved at 下午 11:27:54, on 2005/11/24Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\WINDOWS\System32\DRIVERS\CDANTSRV.EXEC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exeC:\WINDOWS\Explorer.EXEC:... Read more

Answer:Norton Antivirus Auto-protect Driver Disabled? - Jvm0.14 Cishlh.exe

Hi,

The forums are really busy, that explains why logs get behind. We start with the oldest logs first. If you still need some help, please start with posting a new hijackthislog in this thread. Don't start with a new thread.
Then I'll take a look.

2 more replies
Relevance 48.79%

How would you protect yourself from a fud?
 

Answer:How to protect yourself from a FUD malware?

LukeNukesEm said:





How would you protect yourself from a fud?Click to expand...

Supplement your security with something besides signatures.
 

34 more replies
Relevance 48.79%

Something (Malware ? ?) locked up my PC (Windows XP). I got a pop up message that my PC was infected and click "yes" to buy an AV program. I did not click "Yes", but every program I tried to run came up with the same message. I took it where I bought it and they fixed it by cleaning my hard drive and re-loading my OS. Fortunately, I had BU'd my personal files. They called the problem an "intercept". Norton AV did not catch it. They also loaded "Malwarebytes" for me.

What is the best way to protect for this kind of problem ?
 

Answer:How to protect against Malware ?

Welcome to Major Geeks!

Please read ALL of this message including the notes before doing anything.

Pleases follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide


and attach the requested logs when you finish these instructions.

**** If something does not run, write down the info to explain to us later but keep on going. ****
Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.


After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:


If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
If you cannot seem to login to an infected user account, try using... Read more

1 more replies
Relevance 48.79%

Make sure you get your system protected from ocurrences of malware problems. Below are some simple steps you can take to reduce the chance of infection in the future. I strongly encourage you to do them all. There is no perfect solution for totally preventing malware from getting on your PC, however, these steps will help.

Please do not make the false assumption that this thread is old or out of date based on the date the thread was started ( 10-10-04 21:52 ). Look at the Last Edited date at the bottom of this message as this procedures does evolve with time.

IMPORTANT NOTE: It is getting more and more difficult to find real true freeware these days that does not include bundleware, toolbars...etc and junk you just don't want. Make sure you pay attention during installation of anything you download and read license agreements. Be sure to uncheck check boxes for the bundleware and toolbars where you can so that you opt out because the defaults are always to opt in.


1. Visit Windows Update: Make sure that you have all the Critical Updates recommended for your operating system and IE. The first defense against infection is a properly patched OS. For anyone who is not yet running at least Windows 7 (which you really should be running at a minimum if your PC supports it) see the below link before updating. Note: Windows XP is not longer supported by Microsoft and is hence a security risk.

Windows 7 Upgrade Advisor
You should check for Windows Updates at least once a ... Read more

More replies
Relevance 48.79%

i Just bought a new PC. i have a couple questions from the 'How to protect yourself from malware' thread.

My Pc is running windows 7.

In the Firewall section it doesnt say if the windows 7 firewall is sufficent? If it isnt i will download and outpost firewall and disable the windows one.

In the Antispware tools i downloaded Micrsoft security essentials for Winbdows 7. Since i also downloaded Avast as my anti Virus is it ok to run both these?

In the disable the autoruns feature there is no update for windows 7?
 

Answer:How to protect yourself from Malware

avilo4u said:





In the Firewall section it doesnt say if the windows 7 firewall is sufficent? If it isnt i will download and outpost firewall and disable the windows one.Click to expand...

While the Windows 7 firewall is better than what was in previous versions of Windows, it is still very inadequate.





avilo4u said:





In the Antispware tools i downloaded Micrsoft security essentials for Winbdows 7. Since i also downloaded Avast as my anti Virus is it ok to run both these?Click to expand...

No! MSE is and antivirus and antispyware. So is Avast. You can only have one of them installed.





avilo4u said:





In the disable the autoruns feature there is no update for windows 7?Click to expand...

Microsoft has never updated their info ( from here http://support.microsoft.com/kb/967715 ) for Windows 7 so I'm not sure if everything that is used for Vista would apply.

You can just run this >> Autorun Eater
 

6 more replies
Relevance 48.38%

First off I suddenly got the Antivirus Pro. Went to your forums and tried the removal guide, went to taskbar and tried to end process on antiviruspro.exe and svchast.exe. Then I downloaded Malwarebytes and tried to scan, about 10 seconds into the scan the program shutdown. I also tried to run SDfix and as soon as it started scanning it shut down. I rebooted and started in safe mode with networking, when I did this Windows Antivirus 2010 also appeared on my desktop along with antivirus pro. Next I downloaded the trial of avast and did the scan on startup since I couldn't get any programs to run. During the scan it said it deleted Antispyware 2010 along with about 5 other trojans that I forget what they are and failed to write down. After the scan I rebooted in safemode with networking once again and now my desktop will not load. The only way I can try to open a program is through the taskbar using ctrl alt del. Tried running explorer.exe, tried Old Timer program, tried fix.reg w/notepad and still nothing happens. I don't know what else to try to get my desktop back. Im not even sure if I got rid of either of the viruses, they don't show up in processes in the taskbar but I cant get anything to work. Every program except internet explorer shuts down or wont open altogether. I hope I have explained all of this well enough. Any help would be greatly appreciated.
Thanks

Answer:Desktop wont load, had Antivirus Pro and Antispyware 2010, No Malware or Antivirus programs will run

Please read the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". If you cannot complete a step, then skip it and continue with the next. In Step 6 there are instructions for downloading and running DDS which will create a Pseudo HJT Report as part of its log.When you have done that, post your log in the HijackThis Logs and Malware Removal forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.The HJT team is very busy and it will take awhile to get to your postPlease be patient and good luck

8 more replies
Relevance 48.38%

We maintain several PCs from a library, a research lab for students in a university. Just recently bunch of malwares swarm inside the lab and nearly affected all the machines. Most of these malwares are being imported from student's flash drives in which they're freely allowed to plug on the PC's. So cleaning the infections was really tedious. We cloned the drives and some were fixed using anti-malware softwares. 
 
Each computer is running a Microsoft Security Essentials for virus protection, and that's it.

Our main problem is, how should we setup each PCs so that we can prevent those viruses from porting inside the system? Is there any particular software or windows configurations that can offer such functionality? MSE merely detects all these viruses and most of it already infiltrated the system and removing each as I said is very tedious and time consuming.
Maybe you guys got some efficient workarounds with this type of predicament.NOTE:
All PCs have the same hardware and uses Windows 7 32bit.
 

Answer:How to protect PCs from USB-malware carriers?

Simple, look at:
 
http://www.bleepingcomputer.com/forums/t/541639/security-suggestions-post-3-of-7/
 
Have a great day!

 

11 more replies
Relevance 48.38%

Hi. I am rather a person with basic knowledge about computers so don?t be surprised if my question will sound stupid to you.
I have a Windows PC and I often use my thumb drive to print some documents in my university. I?m afraid that it will become infected someday so I thought it would be a good idea to use it only with Puppy Linux when I'm at home. This is why I made my thumb drive a bootable one with Puppy on board. What I want to do is to boot to Puppy, copy the files I need to print or use at the university to the USB drive, then close the system and disconnect the USB drive. To be clear, only one USB stick is involved in this process (Puppy and data are on the same USB stick). Would that prevent infecting my Windows PC? If not then how can I avoid viruses spreading through USB? Can malware do any harm to Windows OS when Puppy is booting?
 

Answer:Can puppy protect me from malware?

Good idea if I understood correctly
 

7 more replies
Relevance 48.38%

I continue to get the "SysProtect" download window on both I.E. and Mozilla. Followed your steps listed to clean my system, but same "Virtumonde" files appear each time I run Ad-Aware. Here is the Hi-Jack this log (after running Ad-Aware, see end of log for HijackThis log generated after restarting computer w/o running Ad-Aware):Logfile of HijackThis v1.99.1Scan saved at 9:48:28 PM, on 5/18/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeC:\WINDOWS\System3... Read more

Answer:Malware - Virtumonde & Sys Protect?

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.Step #1Scan again with HijackThis and check the following items:R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.comR3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)O2 - BHO: WTLHelper Object - {6D33B121-5C4C-4450-9D1F-7B67085CC199} - C:\WINDOWS\system32\jkhhe.dllO20 - Winlogon Notify: jkhhe - C:\WINDOWS\system32\jkhhe.dllAfter checking these items, close all browser windows except HijackThis and click "Fix checked".Step #2Please download VundoFix.exe to your desktop.Double-click VundoFix.exe to run it.Put a check next to Run VundoFix as a task.You will receive a message saying vundofix will close and re-open in a minute or less. Click OKWhen VundoFix re-opens, click the Scan for Vundo button.Once it's done scanning, click the Remove Vundo button.You will receive a prompt asking if you want to remove the files, click YESOnce you click yes, your desktop will go blank as it starts removing Vundo.When completed, it will prompt that it will shutdown your computer, click OK.Turn your computer back on.Please go HERE to run Panda's ActiveScanOnce you are on the Panda site click the ... Read more

7 more replies
Relevance 48.38%

I have read this threadhttp://forums.majorgeeks.com/showthread.php?t=44525 and i am paying particular attention to #5 AntiSpyWare Tools, and it states ONLY USE 1 REALTIME BLOCKER So my question is, i use ESET'S nod32 Antivirus to protect my machine, but it has antispyware protection included. I also have Malwarebytes Pro providing real time blocking, so am i in effect useing more then 1 realtime blocker? If so what do i do about that? I paid for Malwarebytes Pro, not using it will defeat it's purpose and be considered a waste of money!
 

Answer:How to Protect yourself from malware Thread

You;re fine. One AV only, but you can have more than one AS (Anti-spyware ).
 

3 more replies
Relevance 48.38%

Hello - First, let me say thank you for helping me rectify a really poor choicesof opening software I wasn't 100% certain was verifiable. As a result I have the Virust Protect Pro problem (at a miniumum) which seems to tie up my machine a lot and causes problems with my wireless network adapter. I have used Spybot and Adware to no avail. I've copied and pasted the Hijack This log below and won't make any changes until I hear from you.
With great thanks for your help!
K

Logfile of HijackThis v1.99.1
Scan saved at 3:52:29 PM, on 8/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program F... Read more

More replies
Relevance 48.38%

Hello,

Is there any thread for "How to protect yourself from malware (for vista)" as the one written by chaslang for windows xp.

Another question plz. Is there any site to give ranking for antivirus softwares like matousec for pro-active internet security softwares.

Also kindly tell me plz that avast antivirus is better or comodo internet security with antivirus is better.

Thanks.
 

Answer:How to protect yourself from malware (for Vista)

ablaze said:





Is there any thread for "How to protect yourself from malware (for vista)" as the one written by chaslang for windows xp.Click to expand...

It was not written for Win XP. It is for all versions of Windows althoough obviously there is more in there that relates to WinXP and older since they have been around longer.





ablaze said:





Another question plz. Is there any site to give ranking for antivirus softwares like matousec for pro-active internet security softwares.Click to expand...

You should ask in the Software Forum. But reviews of AVs are typically out of date by the time they are published. This happens because many programs update 3 to 5 times per day and even just one update can drastically improve or reduce an AVs test score.





ablaze said:





Also kindly tell me plz that avast antivirus is better or comodo internet security with antivirus is better.Click to expand...

You are not comparing apples to apples. Avast is just an antivirus. Comodo Internet Security includes all of the below:

firewall
antivirus
Host Intrusion Protection System (HIPS)
BOClean Anti-Malware is not being included in CIS

 

3 more replies
Relevance 47.97%

Over the course of the past several months I have been facing one thing or another, defender.exe and many variations which lock out detection and removal software, reg cleaners, etc. The latest has been trojan.tracur which was detected by ESET on-line scanner and removed last evening.

Lately, I have found myself deep in the depths of safe mode with networking fighting these things off much more frequently than ever before. There I un-install then re-install and update anti-malware software, browser hijack software, and several apparently good registry cleaners which fix errors, although they don't seem to remove registry bloat.

After some considerable time in safe mode I have been able to return to normal operation, yet it's almost seems as if these things are spawning from something central on my PC. They keep returning.

As mention before, tracur trojan was not being detected until I ran ESET, still after ESET detected and removed tracur - right after re-boot - I found myself unable to use google due a browser re-direct problem.

I have gleaned information here in the past. However, this seems more novel than prior experience.

Here is the DDS file. (Please note: I noticed several linkers and changed them to read [removed by user] )

Please also, find attached to this message attached.zip and ark.txt

Thanks so much!
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_13
Run by [removed by user] at 15:51:53 on 201... Read more

Answer:Non-Specific, Repetitive Malware Infection, Browser Re-directs, Residual Infection?, and Derivatives

Memo:

Ran ESET a third time Monday 22nd and nothing came up. Took a look at firewall and found applications gone wild (TNTC).

Deleted dozens of items, including defender.exe and several of the numerical varients. The rest of the open ends are now prompt.

3 more replies
Relevance 47.56%

QUESTION _Sticky:" How to Protect yourself from malware! "

In the below instructions, Is it necessary if I *NEVER* use IE, only Firefox?

Thanks!


"6) Adjust Active X security settings

* In Internet Explorer, click Tools, Internet Options, Security. Click on the Internet globe. Then select Default Level, then click OK. Now select Custom Level and scroll down to the ActiveX controls and plug-ins section (some may already be set correctly):
o Set Download signed Active X controls to Prompt
o Set Download unsigned Active X controls to Disable
o Set Initialize and Script ActiveX controls not marked as safe to Disable
o Set Installation of desktop items to Prompt
o Set Launching programs and files in an IFRAME to Prompt
o Set Navigate sub-frames across different domains to Prompt
o Set Allow paste operations via script to Disable (see: http://support.microsoft.com/kb/224993 )
o Click OK and OK again. "
 

Answer:QUESTION _Sticky: How to Protect yourself from malware!

Re: QUESTION _Sticky:" How to Protect yourself from malware! "



jilter said:





In the below instructions, Is it necessary if I *NEVER* use IE, only Firefox?Click to expand...

Yes! Some applications will automatically launch IE sessions since that may be all the can use. Also you need to use IE to be able to get all of your Windows Updates. And some websites (just like some applications) do require IE.
 

1 more replies
Relevance 47.56%

Will Ad-Aware only detect the malware in its definitions during a scan, or does it also prevent it from being installed on your computer in the first place? What about A2? Many thanks. - Tye

Answer:Does Ad-Aware protect your computer from malware?

No on both counts. Try Spywareblaster click here

3 more replies
Relevance 47.56%

Topic title pretty much says it all. How can i prevent hijacking of my browser or even worse my entire computer? Last night i made a stupid move and attempted to download something off Pirate Bay, i read the comments and it looked legit. Since i didn't have a software that downloads the torrent i clicked on whichever one Pirate Bay offered me. The software was successfully installed and was downloading the program but it froze the halfway and my google chrome completely stopped working, Later on i found out that Conduit is a malware that sometimes installs itself without the user's permission and takes over the browser. Now i'm paranoid about downloading anything. By the way i have a supposedly good anti-virus : Bitdefender for which i paid good money! Very disappointed that it pretty much welcomed the bad malware with open hands and allowed it install itself. 

Answer:How to protect your computer from malware like CONDUIT??

attempted to download something off Pirate Bay : < Anything off these Torrents sites is 50 to 90% infected and not usually legalWinPatrol Free is one of the better programs to warn you if there is going to be an attempt to change your Home Page. This may help after you do a full scan with your Antivirus -Please download AdwCleaner by Xplode onto your desktop.*Close all open programs and internet browsers.*Double click on adwcleaner.exe to run the tool.*Click on Delete.*Confirm each time with Ok.*Your computer will be rebooted automatically. A text file will open after the restart.*Please post the contents of that logfile with your next reply.*You can find the logfile at C:\AdwCleaner[S1].txt as well.  Thank You -  

1 more replies
Relevance 47.56%

If you know about security in website and computer then tell me how to secure Website from Malware Attack. And what is the role of Google Webmaster in security purpose?
 

More replies
Relevance 47.56%

Malware Protection is a rogue anti-virus application that runs a fake system scan and then concludes that your computer has a malware infection or serious security/privacy issues. To fix the malware infection you must pay a fee, about $50. The rogue program copies user interface elements from real programs and it looks like a legitimate application. Plenty of people shell out $50 to register this fraud and that's a big problem because if you're transacting with these guys online you're offering them your credit card details. Cyber criminals can later user that information to their benefit. You should protect yourself with common sense and legitimate anti-virus software because such fake anti-virus applications as Malware Protection now represent about 20% of all malware in circulation. If you made a mistake and purchased it, please contact your credit card company and dispute the charges. And if you still have this fake AV on your computer, please follow the removal instructions below to remove Malware Protection and related malware for free.

Manual Malware Protection removal instructions:

1. Right click on the "Malware Protection" icon, click Properties in the drop-down menu, then click the Shortcut tab.

The location of the malware is in the Target box.

NOTE: by default, Application Data folder is hidden. Malware files are hidden as well. To see hidden files and folders, please read Show Hidden Files and Folders in Windows.

Under the Hidden f... Read more

Answer:How to protect and clean your computer from malware

Is this a removal guide for this rogue or ?

 

1 more replies
Relevance 47.56%

I have somehow acquired some malware titled system tool protect your pc. It comes up randomly, asks if I want to scan, says I have over 800 Infections, and constantly prompts me to sign up for it to erase my viruses. I know this is malware, and I aquired it after my Norton expired. How can I remove it? Thank you!

I am using a Hp Pavilion Vista.
 

Answer:System Tool Protect your pc (malware)

Welcome to Major Geeks!

Please read ALL of this message including the notes before doing anything.

Pleases follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide


and attach the requested logs when you finish these instructions.

**** If something does not run, write down the info to explain to us later but keep on going. ****
Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.


After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:


If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
If you cannot seem to login to an infected user account, try using... Read more

1 more replies
Relevance 47.56%

hello friends-i hope my title makes some sense. i wanted it to convey what i was asking about so people browsing could tell. cuz i couldn't find a question like mine.

i have a new hd completely installed and setup. my old hard drive is now the secondary master and although i still have the OS and programs installed, i never use it. lately i have been actively file-sharing via lime wire. i am behind a zone alarm firewall and running spyware blaster and AVG free. i also regularly scan with spybot S&D. i also scan each file with AVG b4 opening (thanks to majorgeeks for advising me on security)
however, i've been warned the limewire is notoriously risky as far as spyware etc. so my question is:

If i choose to open my secondary OS at start up, and browse and download these risky files to my secondary HD. will that protect my primary HD from infection?

if not, any other advice u have regarding the risks of file sharing are appreciated.

one thing i look out for is files that are too small to contain what they say they do. for example 100kb song files. i just dont download these.
 

Answer:2nd HD for dwnlds/protect primary from malware?

IMHO, I keep an operating system and a backup drive, without an operating system. Just put it on the same cable as primary slave. Frankly, if you are not dual booting 2 operating systems, theres no need to keep them both installed. That said, no any files on a second drive can, and probably will, affect the main drive, in your case, probably infect both drives. A drive formatted without an operating system for backup should be safe from virus and spyware infections, but can affect the other drive, in other words. Having that second drive is great for backups of important data in case of a need to format. I love having my spare drive. Your also correct about Limewire, but it is not specific to Limewire. Any file sharing application is a risk.

Did I answer what you needed?
 

2 more replies
Relevance 47.56%

I am getting three screens that come up when ever I try to do work on any program. (1) Windows Security alert (2) Spyware Protect 2009 alert (3) Spyware Alert

DDS (Ver_09-02-01.01) - NTFSx86
Run by Kim at 10:54:20.07 on Thu 02/19/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2430.1853 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)

============== Running Processes ===============

J:\WINDOWS\system32\Ati2evxx.exe
J:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
J:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
J:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
J:\WINDOWS\system32\Ati2evxx.exe
J:\WINDOWS\Explorer.EXE
J:\WINDOWS\system32\spoolsv.exe
J:\Program Files\McAfee.com\Agent\mcagent.exe
J:\WINDOWS\svcho.exe
J:\Program Files\AIM6\aim6.exe
J:\Program Files\Windows Live\Messenger\msnmsgr.exe
J:\Program Files\Messenger\msmsgs.exe
J:\WINDOWS\sysguard.exe
J:\Program Files\AIM6\aolsoftware.exe
J:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
j:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
j:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
J:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
J:\Program Files&... Read more

Answer:Spyware Protect 2009 malware

Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this post a fresh dds log, please.

2 more replies
Relevance 47.56%

Hey!
I am a web designer and I just got permission to work from home for the next week. I am allowed to take my work laptop home for it. I would like some advice regarding the security concerns before I start the work.
I have heard about spyware and malware attacks that can cause severe loss of data. I don't want such things happening to me in my work system. As of now it's clean and no malicious files are present in the system. It's installed with Kaspersky Internet Security and ExpressVPN when connecting to the Internet. Will it help in protection from spyware and malware? I have seen articles mentioning not clicking on emails and installing antivirus softwares will help, but still I have heard a lot about such attacks. What else can I do to ensure nothing harmful will happen?
 

Answer:Will Kaspersky and VPN protect from malware attacks?

It being a work laptop, you shouldn't replace any of the pre-installed software, correct?
 

3 more replies
Relevance 47.56%

If I visit a malware site with latest version of Firefox with the NoScript extension without allowing any scripts, whats the chance of me getting infected if I don't download anything?
 
Also, I hope this is the right place to post this.

Answer:Will using NoScript protect you from a malware site if..?

COPIED FROM NoScript:
The NoScript Firefox extension provides extra protection for Firefox, Seamonkey and other mozilla-based browsers: this free, open source add-on allows JavaScript, Java, Flash and other plugins to be executed only by trusted web sites of your choice (e.g. your online bank).
NoScript also provides the most powerful anti-XSS and anti-Clickjacking protection ever available in a browser.
NoScript's unique whitelist based pre-emptive script blocking approach prevents exploitation of security vulnerabilities (known and even not known yet!) with no loss of functionality...
You can enable JavaScript, Java and plugin execution for sites you trust with a simple left-click on the NoScript status bar icon (look at the picture), or using the contextual menu, for easier operation in popup statusbar-less windows.Watch the "Block scripts in Firefox" video by cnet.
 
If I were using Windows and could only have one security program/ add-on....it would be NoScript. I use it in Ubuntu, too.
There is a learning curve. It is not just install and forget. Install it and go to a popular site and then view all the scripts you never knew
were active on that site and are now blocked from running. You can click to allow just the site's scripting and still block all the others.
The ones that you want to play videos on will be one that you will spend the most time learning which script to allow only the videos to play.

11 more replies