Computer Support Forum

Need Help With Malware Removal!

Question: Need Help With Malware Removal!

Just recently, I've been having problems with a file called "geedb.dll" in my system32 folder! I am unable to delete the file, nor remove it with any other application. Any help would be great! Here is my HiJackThis Log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:06:19 PM, on 10/1/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\WINDOWS\ATKKBService.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Spyware Doctor\svcntaux.exeC:\Program Files\Spyware Doctor\swdsvc.exeC:\Program Files\Spyware Doctor\SDTrayApp.exeC:\WINDOWS\System32\alg.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\WINDOWS\CTHELPER.EXEC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\explorer.exeC:\Program Files\PokerStars\PokerStars.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\Program Files\WinRAR\WinRAR.exeC:\Documents and Settings\Thomas McBride\My Documents\My Programs\HijackThis.exeC:\WINDOWS\system32\wbem\wmiprvse.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {54AD8392-B018-4572-B4CB-3387D925A612} - C:\WINDOWS\system32\geedb.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXEO4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXEO4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exeO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {2CA2C9B8-E4F6-4BE9-8601-52ED0AFBA79D} (Pearson Accounting Player) - http://asp.mathxl.com/books/_Players/AccountingPlayer.cabO16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cabO16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cabO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exeO23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exeO23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXEO23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exeO23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exeO23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exeO23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeO23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe--End of file - 7003 bytesPlease get back to me soon! Thanks!

Relevance 100%
Preferred Solution: Need Help With Malware Removal!

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Need Help With Malware Removal!

Can anyone help me? It's really starting to get annoying and I have no clue how to remove it! So if you know how, please show me how to remove this trojan! Trojan-downloader.ConHook

4 more replies
Relevance 47.56%

Staff Advisory: This post needs to remain here until one of the malware team advise that it can be moved. This member cannot access our malware forums due to their infection. ~ Animal----------------------------------------------------------------------------------------------------------------------Hello, I got some help from some nice people in the live chat. I have made a log with your hijackprogram and am posting it at the bottom. It created two .txt files so there are two reports. I am unable to open ANY link that has the words anti-spyware anywhere on the page or in the address bar so unfortunately I cannot post this in the malware removal forum because the internet window closes every time. I am in dire need of some help! I have a subscription to spy sweeper and it is keeping things out but I was infected with Antivirus xp 2008 and possibly some viruses because the computer was un-protected for about a month while I was in the hospital..I run with Windows XP and a wireless connection. If someone could take the time to look at this for me I would be so incredibly thankful! I offer my services as a photographer/graphic artist/professional gift shopper/myspace designer/beginner web designer. You can see what I do at www.perfectionpictures.com and contact me if you need anything at all!Current Symptoms (in the order of appearance)Random Total system crash then restart then blue screen then back to windows. msvcp71.exe is missing so a program is being prevented ... Read more

Answer:Antivirus Xp 2008 Removal Help/am I Infected? Can't Open Malware Removal Forum

Hi & welcome,I would like to try a couple things before we go much further so I have a bit better picture of what is happening and can take the needed cautions.1.) click start> run> type msconfig and hit enter.click "boot.ini" tabCheckmark /bootlogClick "apply" and "close"Reboot when askedLocate and delete this file:C:\windows\ntbtlog.txt (in case your extensions don't show it looks like a notepad)RebootLocate & post:C:\windows\ntbtlog.txt2.) Click start> run> type: cmd.exe and hit enter.type the following commands exactly as you see em & hit enter after each one:cd c:\windows\system32dir userinit.exeNote the file size please & report that back to me. Leave cmd open a sec.Back at the cmd window...Type:cd dllcachedir userinit.exedir spoolsv.exeNote file sizes & report that back to me.Type exit in the CMD window & hit enter. (this closes it)3.) Can you see also if you can get this program installed please:http://download.bleepingcomputer.com/hijac.../HJTInstall.exeSave file> run it> follow prompts to install excepting defaults.Allow it to "launch" hijackthis.Click the "Do a System Scan and Save a Log File" optionSave the log file and then it should open with NotepadGo to Edit, Select All and then Edit, Paste to paste the contents of the log hereLet me know if you had any problems with the above please.I advise keeping the system offline as much as possib... Read more

3 more replies
Relevance 47.56%

Apologies, but i'm a bit of a novice. my computer did a scan when i started it and came up with some trojans. when i tried to delete them, a malware removal programme tried to install itself so i closed the download dialog box. unfortunately, i cannot remember the name of the software that was trying to install itself. please would you review my log below and help me clean my computer?

many thanks
---------------------------------------------------------------

DDS (Ver_09-12-01.01) - NTFSx86
Run by 0 at 19:57:35.67 on 02/01/2010
Internet Explorer: 7.0.6001.18000
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.44.1033.18.3000.1826 [GMT 0:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows&... Read more

Answer:attempted removal of trojans try to install "malware removal software

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 47.15%

Hi,I have tried many ways to get rid of some Malware that has only recently infected my PV. I hope someone can help me as this is my work PC and I need to plug back into my office network in a few days, but think this would be a bad idea at the moment.The problem first showed itself by insisting I had many viruses etc, and I should install Internet Security 2010. I have installed Malware Bytes removal tool, and installed as instructed. It found the above, said it was removed, but still it appears to exist, although the name of the infection has changed a few times, and is currently redirecting my brower to a similar page to the above malware. A popup now shows that I should install Cyber Security to remove the infections. This is obviously another malicious antivirus/malware program.I have McAfee Enterprise installed (which I can't seem to disable)I have also run SuperAntiSpywarePlus, which did the trick removing a similar problem about a year ago on a different PC. However, although this program also finds problems, and supposedly removes t5hem, the problem is still there.Please help. I have shown Hijackthis log below.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:58:42 PM, on 29/12/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16945)Boot mode: NormalRunning processes:C:\windows\system32\csrss.exeC:\windows\system32\winlogon.exeC:\windows\system32\services.exeC:\windows\... Read more

Answer:Cyber Security removal; Malware removal not working

Hi,I have tried everything I know of to remove this pesky piece of malware. It seems to keep changing names, starting out as Internet Security 2010, and redirecting me on a google search to a webpage trying to convince I was riddled with viruii and malware, and then trying to sell me thier software, which is really just a scam. I ended up here after a few days of tearing my hair out, almost beaten. I went through the tutorials, but unfortunately that was before I fired off a post in desperation. Please delete my previous post, as I have now followed the suggested path, and run the utilities to help diagnose my problems. The resulting files are attached.Please help. I hope the files uploaded can provide an insight into whats happening.Apologies for jumping right in and posting a Hijackthis log before I had read the tutorials.ntents belowDDS.txt contents pasted belowDDS (Ver_09-12-01.01) - NTFSx86 Run by Greg.Middleton at 15:30:23.26 on Tue 29/12/2009Internet Explorer: 7.0.5730.13Microsoft Windows XP Professional 5.1.2600.2.1252.61.1033.18.3063.2330 [GMT 9.5:30]AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}============== Running Processes ===============C:\windows\system32\svchost -k DcomLaunchC:\windows\system32\svchost -k rpcssC:\windows\Syst... Read more

3 more replies
Relevance 45.92%

I have run the malware removal intructions and when through each programs as they did remove some of the malware and virus. The issue that I am having is that when I open the computer under seperate user and try to run the malware removal programs via internet or through USB drive, I keep seeing a window which pops up asking me which program I want to use to open the program. I have run the computer under the adminstrator and do not seem to have problems running the

View attachment mbam-log-2011-03-28 (17-02-07).txt



View attachment combofix log.txt



View attachment SUPERAntiSpyware Scan Log - 03-28-2011 - 16-42-24.log



View attachment hijackthis.log

malware removal steps and have attached the reports from the intructions.

Even when I try to open add or remove programs under control panel- I get the following message: "C\windoesn\system32\rundll32.exe- application not found. I am thinking that It is something to do with AVG and have removed the program with the step.

Please help....

View attachment mbam-log-2011-03-28 (17-02-07).txt



View attachment combofix log.txt



View attachment SUPERAntiSpyware Scan Log - 03-28-2011 - 16-42-24.log
 

Answer:Help with malware removal- have run malware removal instructions

ssmehta007 said:



....try to run the malware removal programs via internet or through USB driveClick to expand...

Specific download and installation instructions are in our R&R ME FIRST guide :
ComboFix
Running from: l:\combifix\ComboFix.exe <--- belongs on your desktop

RootRepeal
Save it to your Desktop

SAS & MBAM
Installed to the Default Location - "C:/Program Files", as we suggest that you keep them after malware removal.

MGTools.zip
Download this file to the root folder of the drive where you have installed Windows (Typically this would be C:\ and thus you would have a C:\MGtools.exe file after downloading). ​
Please make those corrections and attach the missing RRlog.txt (from RootRepeal) and MGlogs.zip - normally it is C:\MGlogs.zip . Please tell me any problems you still have.
 

18 more replies
Relevance 45.92%

Hi,

I have a dell xps 8300. It started acting up about 1 week ago (freezing while working online, freezing while trying to boot). Today i got the Blue screen asking me to restart if this was the first time I had received a blue screen.
I restarted it was fine for 30 minutes and everything froze.
I restarted it and I received error beeps ( 4 beeps)
I looked that up on dell support and they said it was RAM problems.
I opened up the computer vacuumed a bit, took out ram cards and reinstalled them.
It had been working o.k.for about 1 hour and only froze once more.
I decided to try the malware removal guide and here are the logs
Malware bytes did not find anything
TDSSKiller did not find anything
MGtools ran but as soon as it was done the window closed. i don't know how to find the log
Your help will be greatly appreciated
 

Answer:malware removal - have followed malware removal guide

I still want to see the log from Malware Bytes please.





MGtools ran but as soon as it was done the window closed. i don't know how to find the logClick to expand...

Should be directly on C:\ if that's where you boot Windows from. If you really cannot find the log, you'll have to run MGTools.exe again in order to produce a MGlogs.zip. Thanks.
 

20 more replies
Relevance 45.92%

Since the ComboFix will not run on Vista or Windows 7 64-bit, I have to look for new malware/virus removal apps... It was good while it lasted. So what tools do people use for Vista these days when the computer says: "WARNING! YOURS COMPUTER IS AN INFECTED BY HARMFUL VIRUS!!!!"

Answer:64-Bit Virus Removal & Malware Removal Tools?

64-bit Anti-Virus:List of 64-bit Anti-Virus For VistaAnti-virus protection in 64-bit environmentsFree Anti-virus:avast! Free Antivirus Avira AntiVir Personal - Free AntivirusAVG Anti-Virus Free Edition 8.5Microsoft Security EssentialsPanda Cloud AntivirusKingsoft Free Antivirus (Cloud Scan)Paid for Anti-virus:NOD32 Anti-Virus PersonalMcAfee AntiVirus PlusTrend Micro AntiVirus plus AntiSpywareNorman Antivirus & AntispywareCA Anti-Virus Plus Anti-Spyware64-bit Anti-Malware tools:Malwarebytes Anti-MalwareSUPERAntiSpywareKaspersky Virus Removal Tool - How to install and use documentationSpyware TerminatorWindows Defender (64-bit)PrevxSpybot S&DAd-AwareNorman Malware CleanerSunbelt Counterspy (free Trial)Comodo BOClean Anti-MalwareSophos Anti-rootkitSanityCheck Advanced Rootkit and Malware DetectorESET Online Antiivirus ScannerESET SysInspectorAnVir Task Manager FreeWinPatrolStart with these:How to use Malwarebytes' Anti-Malware to scan and remove malware from your computerHow to use SUPERAntiSpyware to scan and remove malware from your computer

3 more replies
Relevance 45.92%

I read and followed precisely "Vista and Win 7 Malware Removal/Cleaning Procedure"

My issue: I was informed my my isp the following: "Mail Log Parsed from Feb 15, 2013 19:47:04 to Feb 16, 2013 19:47:04 User sent approximately 141,801 messages to 136,591 unique recipients. There were 2598 bounces received in this period, 1 percent of the emails sent. "

I have AVG, running constantly. ISP changed my password to stop the mail. I ran AVG in safe mode. Still not sure trojan erradicated. ISP referred me to your site.

I performed all steps. I have attached all logs except TDSSKiller. While it ran clean, no apparent log was generated. All except RogueKiller found no issues. RogueKiller found as reflected in log.

Please advise if you believe my system is clean, or what further I should do. Since I haven't seemed to find anything, it's hard for me to be comfortable that it's clean.

Thank you emmensely!!

Mike Sieber
 

Answer:Help with malware removal--have performed removal instructions

Welcome to Major Geeks!




mike sieber said:





I performed all steps. I have attached all logs except TDSSKiller. While it ran clean, no apparent log was generated. All except RogueKiller found no issues. RogueKiller found as reflected in log.Click to expand...

Not problems. It is just junk from AVG. All of your logs are clean. Many times when something like this happens, it is not an infection. It is due to a spammer/spammers getting your email login and password and they use it from other PCs to send out their spam. There are cases of infections that can cause spamming ( like some master boot record or partition infections ) but you show no signs of these.


If you are not having any other malware problems, it is time to do our final steps:
We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
Go back to step 4 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
Goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to ... Read more

3 more replies
Relevance 45.92%

Hello!
In reading more of these threads I can see Im not the only one with the iexplore issue.
Glad to know it can be corrected!!!!

I have multiple pop-ups and my computer is as slow as dirt.
When I get home at 3:30 Calif time I will do the HJTInstall.exe thing and post the results.
Would the results of one that was done two days ago help? Yes I was having the issue then and another company did one and told me to email it to someone, which I did but I havent heard anything back and my computer is close to useless at this point.
Can MFDnNC or anyone else help?
Thanks!!!!
Ginny
 

Answer:malware removal/popup/iexplore removal

16 more replies
Relevance 45.92%

I posted the software forum yesterday and was instructed to complete the malware removal steps and repost here. I have a new computer running Windows 8.1. When I say new, I mean I started having problems within a couple of hours after turning it on!

I have McAfee antivirus protection and downloaded and installed my MSOffice 2013 Home and Student. All seemed to be fine. The MSOffice was up and running and McAfee said I was protected. Suddenly and I don't remember what I was doing...it said Microsoft something (sounded like an antivirus or firewall something) had detected several problems and I needed to "clean my computer". Oh so ignorant of all that was going on with learning Windows 8.1 after using XP for years I told it to clean. Somewhere in there it suggested I do a system restore. All seemed OK until I realized MSOffice was no longer there. I tried to download it again and reload, but with no luck. It occurred to me it had something to do with the system restore so I tried to undo the restore. That of course didn't help. I'm also now getting messages from McAfee that I am covered and safe but that my firewall is turned off and needs to be turned on. However I can get McAfee to do nothing. I can open a screen, but nothing I do makes it do anything. I tried downloading their "Virtual Technician" before I started the process you recommended and it acted like it was downloading, but 20 minutes later it was still "spin... Read more

Answer:malware removal help - removal instructions attempted

Can you try running the tools that were not working before including Hitman, in safe mode please. Let me know how you get on.
 

16 more replies
Relevance 45.92%

Hi,

I am the IT manager in my company.

I have a co-worker, his computer has search redirect issue. That means most likely it has malware.
Then i installed some major malware removal: Spybot Search & Destroy, SUPERAntiSpyware, Malwarebytes

After i installed them, i cannot launch them(That definitely means it has some kind of malwares)
I needed to rename their .exe files, after i can run them and scan my computer.

SUPERAntiSpyware, Malwarebytes found something, but didn't solve the problem, search redirect and
blocking malware removal software are still there. Now i am running Spybot Search & Destroy will see what happened.

By the way, i run them in safe mode because when i logon window to normal mode, it is slow (like it takes a long time to explore hard drive, etc). I suspect the malware slow down my pc. hopefully not registry corrupted or something, but works smoothly in safe mode.

So you guys have any suggestions? or you need a log file from combofix?

Please advise,
Tommy

Answer:malware: google yahoo redirect and can't launch malware removal software

Try this:http://www.bleepingcomputer.com/virus-remo...sing-tdsskiller

5 more replies
Relevance 45.92%

I have scanned with AVG with the latest updates. On top of that insidious google redirect I get random pop ups even when I don't already have IE or Firefox running. Also getting sounds in the background like I'm clicking on a link, surfing the net when I'm not. And SYSTEM in task manager is hogging a ton of memory.Logfile of Trend Micro HijackThis v2.0.4Scan saved at 11:52:42 PM, on 8/7/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exeC:\... Read more

Answer:persistent malware undetected by virus scans and malware removal tools

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please download OT... Read more

2 more replies
Relevance 45.51%

I did a hijackthis scan and here's what I got:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:18:17 PM, on 4/20/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\WINDOWS\System32\DVDRAMSV.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exeC:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exeC:\WINDOWS\System32\00THotkey.exeC:\WINDOWS\system32\TFNF5.exeC:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exeC:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exeC:\WINDOWS\AGRSMMSG.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynT... Read more

Answer:Malware Blocking Acess to Spybot, Microsoft Malicious Removal Tool and other anti-malware programs

Hey guys I solved my own problem. I completely reinstalled windows. (It was about that time anyway)

2 more replies
Relevance 45.51%

I was surfing the web today and I believe I clicked on a pop up by mistake when I shouldn't have. Avira then blew up with Malware alerts and I knew I had a problem...

I did a virus scan and it removed the detections found but when I did a restart they were back again. Also, the virus seems to move itself around to other .exe files. I found it had infected moviemaker.exe so I manually deleted the file as I don't need it but as soon as I emptied my recycle bin the moviemaker.exe file returned back to its original folder.

I'm afraid something really nasty has infected me. Avira is detecting it as a W32/Infector.Gen2 and Maleware Bytes is detecting 2 Malware.Packer.Gen files.

I went through the Read Me First steps on this site and preformed everything it asked. However, I was unable to uninstall my previous JAVA (ver 19) and was not able to install the newest version of JAVA. Both gave me errors that the installation program wasn't working.

I'm attaching the logs here. Can anyone help me get rid of whatever is infecting my machine? I would really appreciate the help!
 

Answer:HELP-Requested Malware Removal (Infector.Gen2 / Malware Pacger Gen)

Here is the 5th log.
 

6 more replies
Relevance 45.51%

Please help me,
I cannot access any internet (wifi & ethernet) after malware removal using GridinSoft Anti Malware. I already updated network drivers, but it's still not working.
 

More replies
Relevance 45.51%

Hi, I'm suddenly having a lot of trouble with malware. My computer seemed to be running okay but I ran Malwarebytes as I occasionally do, and it picked up a fair amount of malware on my system. I deleted it and rebooted, but that's when my problems really began. Upon restarting, my internet connection has become almost unusable. It's extremely slow and generally I can't even open a page that I want after trying to refresh several times. Oddly though, google is working perfectly and a few other sites seem to work too, including this one. I've tried running MBAM again and again, each time it picks up more malware and I remove it, then reboot and the cycle renews. I can't seem to get rid of all of it, every time I scan my system there's just more of it. I've tried ComboFix but it doesn't seem to have done anything. One persistent thing seems to be photo_id.exe, I've got a few messages from MBAM saying it can't be removed and I need to reboot. Also, I've noticed that if I'm trying to reach a webpage, although it won't load there seems to be some redirecting, for example I just tried to reach a wikipedia page and it says &quot;The server at topsearchfeed.com is taking too long to respond&quot; For some reason I can't bloody format this properly no matter how hard I try, so here's an attached HJT log:
 

Answer:Malware removal attempt led to unusable internet, still can't remove all malware

problem has become more serious, now my mother has told me that the internet on her laptop is also extremely slow and essentially unusable, I'm worried that something from my computer has got on to hers via the wireless network we're both connected to. Somebody please help me
 

2 more replies
Relevance 45.51%

Gud day to everyone,

My computer having some malware activity, i have used adware 2008, spyware removal tool, norton anti-virus and other removal tool, but still those malware cannot be deleted.. My Computer icon could not display its properties, instead it appears like a file when you see its properties. It also disabled TCP/IP that why until now i cannot connect to the internet.. I don't have WindowsXP SP2 cd for repair..

Please help me as soon as possible, because it is a server..

Answer:Urgent! My XP SP2 have malware activity!.. cannot remove using malware removal tool

Hello frozenfire03, Welcome to TSF!

I recommend that you read this article… "Having problems with spyware and pop-ups? - First Steps"; follow the instructions very carefully; then, post all the requested logs and information; as instructed, in the HiJackThis Log Help Forum.
(Simply, click on the coloured links to be re-directed.)

Please ensure that you create a new thread in the HiJackThis Log Help Forum; not back here in this one.

When carrying out The 5 Steps, if you cannot complete any of them for whatever reason, just continue on with the next one until they are all completed.
However,it is extremely important to make mention of the fact that you could not complete any of the steps in your post to The HJT Help Forum; where an Analyst will assist you with other workarounds.

Once done, please be patient, as the Security Team Analysts are usually very busy; one of them will answer your request as soon as they can.

Good Luck with it.

Kind Regards,

7 more replies
Relevance 45.1%

Dell m1330 Vista home premium. I have malware isses, frequent memory dumps, google redirection and something is preventing me from running or installing anti-malware programs. I had to install malwarebytes using the rename method, but the program will not run in safe mode or normal. I had spybot previously installed but I was also prevented from opening, so I tried reinstalling, but before it can complete the installation I get the blue screen of death memory dump! Before reading the procedure I ran coolweb, kill2me, windows defender and windows malicious software tool. None of the programs found anything. I also perfomed a couple system restores, but both failed.

Should I continue with the cleaning procedure (combofix), or does anyone know how I can get malwarebytes and spybot to run?
 

Answer:Trying to follow malware removal procedure, but malware is preventing me?

Here's my MGtools log, it was the only program that worked.
 

4 more replies
Relevance 45.1%

Please find attached the logs from the scans in the Windows XP Cleaning Procedures. I followed the Cleaning Procedures but still have a problem. The problems can be pinpointed to yesterday when I surfed to a web site without having an up-to-date Anti-Virus definition files. Before I knew it, I had an infected machine.
There seems to be 2 problems.

(1) After restarting the computer, Windows File Protection gives following message.

Windows File Protection
Files that are required for Windows to run properly have been replaced by unrecognized versions. To maintain system stability, Windows must restore the original versions of these files. Insert your Windows XP Profession CD2 now.

I have Dell OEM Windows XP Media Center 2005 installed on my Dell Dimension 5150/E510. Problem is, Dell has a Windows XP re-installation CD but Dell states there is no 'CD2'.

(2) I keep getting pop ups every time Internet Explorer is open. The pop ups occur on their own.

Hopeful you can help me to fix the problem. :confused
Thanks,
Ankur

p.s. Please note, the AVG Anti-spyware log is not attached because it was not generated by the tool. I scanned my computer using Trend Micro (after updating virus definition files) and I can provide the logs if you need.
 

Answer:Malware problem not fixed with Malware Removal instructions

Welcome to Major Geeks!

Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Uninstall the below old versions of software:
Java 2 Runtime Environment, SE v1.4.2_03

Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

F3 - REG:win.ini: load=C:\WINDOWS\system32\mlljg.exe
O2 - BHO: (no name) - {3F7BDD0B-0462-4F19-8B87-54D83601B87C} - C:\WINDOWS\system32\mlljg.dll
O2 - BHO: (no name) - {B8AFD866-6B8B-490E-DA2E-39E671810F96} - C:\WINDOWS\system32\mknamps.dll (file missing)
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime

After clicking Fix, exit HJT.


Now download The Avenger by Swandog46, and save it to your Desktop.

Extract avenger.exe from the Zip file and save it to your desktop
Run avenger.exe by double-clicking on it.
Check the 'Input script manually' box.
Click on the magnifying glass icon.
Copy everything in the Quote box below, and paste it in the box that opens:




Files to delete:
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\mlljg.exe
C:\WINDOWS\system3... Read more

9 more replies
Relevance 45.1%

Hi, i got infected because i was triying to run malwarebytes and it skip the part of analising the files, it ended in arount 1 minute in a full scan, and i tried to download dr web cure it, and it dont allow me, the computer seems fine, but those things are very strange, and when i was running the scan i was in safe mode...
 
thanks for the help

Answer:Malware infected, malware removal tools useless

Greetings samidelcueva and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.If you would allow me to call you by your first name I would prefer to do that.===================================================Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter pro... Read more

0 more replies
Relevance 45.1%

Hi. I am trying to diagnose a problematic laptop for a friend. I don't know the details of what happened to cause the problems. The main problem I can detect is that the laptop is EXTREMELY slow. It seems like anything I try has a delayed response (even a simple mouse click). I followed the Malware Removal Guide, but was only able to run two of the five suggested tools as follows:

1) SUPERAntiSpyware - I ran this after manually updating the definition files on the version already installed and the scan found nothing.

2) Malwarebytes Anti-Malware - I was not able to update the definition files for the current version installed. After several attempts to uninstall this (via the Control Panel), I was able to do it via CCleaner. However, I was not able to re-install a more recent version due to problems with the Windows Installer service. After uninstalling an outdated version of Java (Update 14) via the Control Panel, I have not been able to install/uninstall any more programs.

2) combofix.exe - not compatible with 64-bit OS

3) RootRepeal - did not run on 64-bit OS

4) MGtools - did run; kept getting errors, but continued to completion

Attached are the SUPERAntiSpyware and MGTools logs:
 

Answer:Possible Malware preventing me from running malware removal tools

I am not seeing any malware in those logs. I do not know why MalwareBytes would not run, are you able to run it in safe mode? How does the PC behave when you use safe mode?

More than likely I think I will be sending you off to the software forum.

We can do this:

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:



O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - (no file)
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - (no file)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - (no file)
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - (no file)
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsM... Read more

5 more replies
Relevance 45.1%

Four steps that will keep your PC happy, healthy, and crap-free

Malware sucks. In the best-case scenario, it craps up your system with unwanted files and occasionally makes itself known in the form of a persistent pop-up window or annoying browser-based toolbar. In the worst-case scenario, malware completely takes over your desktop or laptop and ruins your life.

Your system slows to a crawl. You can’t even boot into Windows in the time it takes you to walk to the kitchen and back. Your data gets sent off to a faraway Internet land or, worse, your actual keystrokes are recorded for some unsavory individual to see. Malware locks down your browser, making you unable to actually do any browsing without being carted off to some bogus domain. You can barely run a program in Windows without getting bombarded by fake advertisements, programs, and dancing people on your desktop.

We can’t make this stuff up.

So what’s a computer enthusiast to do? Step zero: Read this guide, because we’re going to walk you through all the key details you need to know to both rid your computer of this junk and keep it free of downloaded nasties forevermore.



Read more at:
Maximum PC | Malware Removal Guide 2011: How to Get Rid of All The Latest Malware

Answer:Malware Removal Guide 2011: How to Get Rid of All The Latest Malware

Most excellent reading, thanks for posting for all to see, I , myself, use most all of these myself, the only paid program i have is malwarebytes, the rest are free add ons or are free programs . Thanks.

5 more replies
Relevance 45.1%

Had a machine in riddle with viruses which we duly cleaned up and removed without incident. Uninstalled the applications one at a time, restarting each time it was required and all was good.

After removing the last app (dont ask me which one it was I cant rememebr) the machine no longer starts.

It's boot cycling but once we disable automatic restart on system failure it brings up a STOP 24 error.

Have booted to puppy linux and examined the hard drive (which is SATA btw) and the data seems intact so we can assume, physically at least, that the drive is good.

Booting to an XP CD and attempting to access the recovery console to run chkdsk /r and it appears the drive is either not detected or is empty (the latter we know not to be the case)

Boot to an X CD to attempt a repair install and it tells me there is no hard drive present.

Check the BIOS and the drive is detected properly. swap the hard drive for a SATA CD and it detects the CD without issue which makes me thing the SATA controller must be functioning too.

Now it seems that the this single disk system has some kind of RAID configured on it according to the boot screens. My next step would be to remove the RAID but I'm concerned it might format the drive. Is this likely? It has an ASUS A8R-MX/S motherboard but the info I get from their site is a little vague.

Am I on the right track with the RAID thing or way off base, help me folks its driving me nuts.
 

More replies
Relevance 44.28%

HEY GEEKS NEED A LITTLE HELP. I HAVE A WINANTIVIRUS POP U THAT COMES UP EVERYTIME I AM ON THE NET, AFTER U X IT OUT 5 TO 6 OTHER POP-UP COME UP ABOUT A VIRUS. I AM RUNNING AVG EVERY MORNING, SYBOT SEARCH AND DESTROY, AD-WARE 6.0. HERE IS A HIJACK THIS LOG FILE TELL ME WHAT TO GET RID OF PLZ.

EDIT: Removed inline HJT log


THANKS

DOOKIE
 

Answer:winantivirus removal, malware removal

Hi and Welcome to Majorgeeks!

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.


Run this first

Virtumonde aka Trojan Vundo Removal - some people also refer to this as WinFixer

Then run the below and atach the requested logs for the malware experts to look over.


Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
Make sure you check version numbers and get all updates.
Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
Downloading, Installing, and Running HijackThis

Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.



When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:

[*]runkeys.txt - the log from GetRunKey.bat
[*]newfiles.txt - the log from ShowNew.bat
CounterSpy - ONLY IF you were not a... Read more

1 more replies
Relevance 44.28%

Hi. Thanks for this. I need to first tell you that I don't even know how to generate the logs everyone posts here for troubleshooting. I'm sorry. Maybe someone could tell me how, then I will.

Because my laptop wouldn't even boot to the O/S last week, DELL's tech support helped me move files, reformat and reinstall the OS. I reinstalled McAfee. A security tool warning popped up. I knew it was rogue; I came here and got rid of using mbam and process explorer - very easy. Or I thought I did. On my daughter's desktop this morning, there were 3 porn shortcut links ON HER DESKTOP!!!! There was also a link to "Active Security" - trying to figure out wtf this was it turns out it was another rogue. Awesome. It at least had an uninstall on Add/Remove programs... but obviously it is not gone, if that is even the cause of all this... Thinking MBAM would be a logical quick fix, I figured I would try that. My Mbam won't load - I have reinstalled and it - it reinstalls and then when I try to quicksccan it says I don't have permissions and then I can't even open it again. I can reinstall, then it is hijacked when I try to scan. My McAfee won't scan either so both are being hijacked and I also am having the same browser redirects as others when clicking on sites from search results. McAfee can't even fix itself. In safemode, McAfee tells me the truth at least that it is not working (in regular mode it poses like everything is... Read more

Answer:Ugh - Malware Removal Tools Disbled by Malware

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

1 more replies
Relevance 44.28%

Hiya

Im running XP, avg detected trojans, the first one it got rid of, the second one Generic13.ATHP it could only remove it partially, apparently located in in c:\windows\system32\svchost.exe

Started the Malware Removal Process as recommended, SuperAntiSpyware wouldnt install, so I changed the filename, and it has installed but when I attempt to run it I get an error message -

SUPERAntiSpyware Free Edition has encountered a problem and needs to close. We are sorry for the inconvenience

The same happens with any other malware/spyware removal program, Spybot S&D, Malwarebytes etc...

Is there anything I can do to fix this?

Thankyou!
 

Answer:malware halps/malware removal not running

Hi again,

also tried doing this (as seen in another thread)

Click Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices.

* Scroll down to ?Non-plug and Play Drivers? and click the plus icon to open those drivers.
* Then search for TDSSserv.sys
* Let me know if you find this or not.
* If you do find it, right click on it, and select Disable. Do not try to uninstall it.
* Also if this is found and you disable it, then reboot and see if you can run the cleaning procedure and attach the requested logs.


but the device mentioned is not present (although there are a few that have error "!" things next to them, but 30 or so others.

:confused have no idea if any of this will help you lovely helper person, but i guess im just trying...
 

2 more replies
Relevance 44.28%

Have got a strange one, where have attempted to remove XP antispyware 2009 using malware antimalwarebytes. Looks to have been partly successful - but have got something else interfering. Frequently have pages on IE as "not found".

Have posted HJThis log and Malware Antimalwarebytes log below. Thanks for any assistance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:01:58, on 08/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdjserv.exe
C:\WINDOWS\system32\lxdjcoms.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Technologi... Read more

Answer:Malware - blocking removal by malware antimalwarebytes

16 more replies
Relevance 44.28%

Hi all, 
 
Recently on Chrome browsing on a site a received a web site popup saying "Your browser contains MALWARE. You have to install Chrome Malware Removal Tool". Confirming with OK opens an extension page:
 
https://chrome.google.com/webstore/detail/chrome-malware-removal-to/mbdoonnjlifcmakklcaembokjhjikank
 
I have a strong suspect this is a malware!!!
 
What I'm trying to understand if what kind of malware infected the web site I visited. Some technical specs could be useful . The web site is of a my friend and I'd like to help them to identify the malware infected their web site...
 
 

More replies
Relevance 44.28%

About a week ago, I noticed that when running Internet Explorer www.google.com that clicking on a website would take me to an add instead of the website. If I clicked back and clicked on the website again, it would correctly go to the website.

A day or two before noticing this issue I had upgraded to AVG 8.0 Free and had installed the latest Firefox version.

I am running a Windows XP Professional SP2, Intel Pentium 2.8 GHz.

I ran the instructions at forums.majorgeeks.com/showthread.php?t=35407 and am still experiencing the same issue as described above.

Any help would be greatly appreciated! This is the first forum I've ever posted to so be patient!

Thanks,
Deb
 

Answer:Malware - Exists after running MalWare Removal

This is the last of the Malware log files.

Thanks again!
Deb
 

2 more replies
Relevance 42.64%

When I try to run a scan from usind AVG anti-virus, Avira, Windows Defender, or SuperAntiSpyware; when the scan gets to a certain point, Windows shuts computer down with a blue window. It says Kernel_Stack_ Inpage_ Error plus some standard verbage about if you recently installed sortware/hardware,see administrator, etc. At bottom it says: STOP: 0x00000077 (0x00000001, 0x00000000, 0x00000000, 0xF79B1D24). I could sometimes run AVG scan in "select drives/folders" mode but recently it quit allowing that after I upgrade to AVG 9 (free). I uninstalled AVG and went to Avira but with same results. Scanning with Windows defender did the same. I recently installed and ran SuperAntiSpyware and was able to pinpoint problem to " System Volume Information" directory. I am unable to open to see contents as Windows shows no files in it. When I ask Ariva to scan it, Ariva says no files also but if I use AntiSpyware to scan, it shows many files during it's scan but will get to a certain point and computer will shut down. I can almost see file that shuts it down but it happens too fast to catch it. I was able to run "RootRepeal" and log is below. I was not able to run "DDS.scr".

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/30 13:15
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: rootrepe... Read more

Answer:Unknown malware/virus won't let any anti-virus/windows defender/malware removal progran to complete scans

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

23 more replies
Relevance 41.82%

I have followed recommended protocols to suceessfully remove the "Trovi" malware from my computer.
But have one minor problem.
The virus removal programs successfully removed the malware programs, as the program no longer runs on my computer.
But the malware appears to have left code in the windows startup directing the computer to run files which are now no longer present on my computer.
Problem is that this causes the following Windows Popup box "Run DLL" to come up , before any other windows startup programs run.

The Pop up box contains the following wording"

" There was a problem starting
C:\Users\LESTER\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll
The specified module could not be found."

Does anyone have any suggestions on how to get rid of the code lines in start up that lead to the popup box, so that it will no longer occur at computer start up.

Thanks.
Lester
 

Answer:Trovi Malware - "Run DLL" pop up box remains on windows startup after malware removal

Follow this thread and attach requested reports

http://malwaretips.com/threads/malware-removal-assistance-how-to-get-help.20334/
 

1 more replies
Relevance 41.82%

My computer recently became infected. At first, my taskmanager and regedit were locked. Next, my desktop background was locked. I fixed these problems, but continue to be bombarded with malware in my running processes which regenerate upon rebooting. Eventually, I could not startup Windows. Once the Windows loading page was finished, my computer would restart. I upgraded to XP Pro, can now log on, but still have malware. Please help! Thanks for your time!
 

Answer:completed steps in "READ & RUN ME FIRST MALWARE REMOVAL GUIDE" and still have malware

Re: completed steps in "READ & RUN ME FIRST MALWARE REMOVAL GUIDE" and still have mal

Here is my MGTools.zip log. Thanks in advance for your help. Any addition info needed please let me know. Take care.
 

4 more replies
Relevance 41.41%

I ran the steps in the Malware removal guide, i haven't seen any new pop-ups, but i noticed that there were a few problems that bitdefender could not fix, and my laptop is still running slow.

I am running windows XP, and will attach all logs.

Thank you in advance for all you assistance.
 

Answer:ran all the steps in "Read & Run Me First malware removal guide," still have malware

Re: ran all the steps in "Read & Run Me First malware removal guide," still have malw

Here are the last three logs.
 

10 more replies
Relevance 41%

Hey,

So I got infected with this virus/malware MS Removal Tool. Things that I noticed: it created a file nvpcpl.dll, hid all my d drive files and removed 90% of the items from the Start > All Programs menu. I ran through all the scans but still cant seem to get the programs in the All Programs menu back. Attached are my clean scans in the order recommended. Just as an fyi, C: is my primary drive, D: stores all documents/pictures/music, F: is the external hard drive. Thanks for the help.
 

Answer:Malware removal help - MS Removal

Things that I noticed: it created a file nvpcpl.dllClick to expand...

See this link About nvpcpl.dll You do not have macafee installed and I am not seeing the file in your logs. Do you still see it? If so give me the full file path. But you also have NvCpl.dll running which relates to Nvidia which IS installed.

Download and run OTM.

Download OTM by Old Timer and save it to your Desktop.


Right-click OTM.exe And select " Run as administrator " to run it.
Paste the following code under the area. Do not include the word Code.

Code:


:reg
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}]

:files
C:\Documents and Settings\All Users\Application Data\oJh06504hBkGg06504

:Commands
[emptytemp]
[Reboot]

Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
Push the large button.
OTM may ask to reboot the machine. Please do so if asked.
Copy everything in the Results window (under the green bar), and paste it into notepad, save it as something appropriate and attach it into your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file prese... Read more

3 more replies
Relevance 40.18%
Question: Malware removal

My wife's computer seems completely f**ed. Started with endless pop-ups, redirects, dropping the internet. I've done the malware removal process. Couple of things. MBAB did not give me an option to save a log. It apparently DID quarantine a bunch of stuff. Second, MGTools seemed to be denied excess many times. I'm running Win8, should I have tried to disable UAC? Also the MGzip log is in the MGTools folder. I'm going to attach it with the other logs I WAS able to get. But later in the instructions you say not to attach that log but one out of the MG.exe. I'm confused. Can't find the TDS log.
 

Answer:Malware removal

also she's got a bunch of crazy sounding folders on her drive called: doeal4ReAll, easitOshoop, Flexible SHoppeir, PriceDownloader, SSAVEEnron, StickyNotes Just popped up, and Supplement Pro. WTF?
 

9 more replies
Relevance 40.18%

Not too savvy on all this computer stuff but I have run Hijack This and Malwarebytes in safe mode, as they wouldn't even install in normal mode. Malwarebytes found 14 infected files which I removed, but I still have the same reduced performance and pop-up's,

First pop-up has a picture of a lady - 'indonesian smile'

Second pop-up comes up in top left corner of screen and says something like C\recycler - something about the settings?

This ?virus, I think it is astry.exe, keeps causing my computer to freeze - everything appears to be running but I cannot affect anything - sometimes it will not even shut down!

A mate says to use combofix but I'm a bit wary due to my inexperience with these types of programs.

Please help!

Attached are the logfiles from Hijack This and Malwarebytes.

hijackthis1.txt

mbam-log-2010-09-13 (15-15-28).txt

Any help would be appreciated, thank you!

Maz

Answer:Malware removal - help please!

Hello and welcome to TSF.


Quote:




A mate says to use combofix but I'm a bit wary due to my inexperience with these types of programs.




Please never use combofix unsupervised. ComboFix is not a commercial malware removal tool.


Quote:




Why we don't ask you to run ComboFix from the onset

As stated by the author of ComboFix:

ComboFix is a very powerful tool which when improperly used may render your machine to a doorstop.

We first need to verify if there's any rootkits present and how they could affect our tools. DDS & GMER are preliminary scans. We use their logs to map our strategy for attack.

With these logs we can determine the infections present & decide whether to deploy ComboFix.




Although I can see some signs of infection in the HijackThis log, with today's malware it's less than adequate to assess the full picture(s). Hence, it's no longer the preferred initial analysis tool in this forum.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set o... Read more

1 more replies
Relevance 40.18%
Question: Malware Removal

Hey Guys,

Excellent info on Malware removal, really appreciate it.

A question though; is there any upside or downside if installed affected hdd on another PC and scanned for Malware?

Naturally I would follow your guidelines to the letter :cool

Thanks in Advance

Storm
 

Answer:Malware Removal

Welcome to Major Geeks!





Stormbringer999s said:





A question though; is there any upside or downside if installed affected hdd on another PC and scanned for Malware?Click to expand...

The procedure works properly when you boot from the drive having problems. Running the problem drive as a slave in another PC will result in the other PC being cleaned not the problem PC.

Running an antivirus scan or a scanner like Malwarebytes does give you options to scan other drives but the problem still remains that most of what is written in the cleaning process expects you to boot from the problem drive.
 

5 more replies
Relevance 40.18%
Question: Malware removal

It worked fine for a while then I did not use it for while. It is now acting funny again. One major issue is the Wifi will randomly turn off and it runs slow.

I have attached newly ran scan reports. thanks in advance.

ME
 

Answer:Malware removal

Your original thread was from over a year ago and you didn't follow up on it after given the first set of instructions.

I have moved your post to a new thread since you last thread was locked due to our new policy on locking old threads automatically once they are 6 months old.
 

8 more replies
Relevance 40.18%
Question: Malware Removal

This is my first time here,so please bear with me. My clock shows ?????? instead of am or pm. Here is the log from hijack this;Logfile of HijackThis v1.99.1Scan saved at 13:37:38 ??????, on 7/23/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\Program Files\ewido anti-spyware 4.0\guard.exeC:\WINDOWS\system32\wscntfy.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\Program Files\ewido anti-spyware 4.0\ewido.exeC:\Program Files\TrojanHunter 4.5\THGuard.exeC:\Program Files\Java\jre1.5.0_07\bin\jusched.exeC:\Program Files\Ad SmasheR\Smasher.exeC:\Program Files\Ad SmasheR\Smasher.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32... Read more

Answer:Malware Removal

Hello bdawg and welcome to the BC HijackThisforum. I see no signs of viruses or malware in the log. It is clean.It appears that the system time is set to 24-hour format (hence the 13:37:38). There will be no am/pm designation for this time format. To change the format see this MS article: http://support.microsoft.com/default.aspx?...938&sd=techCheers.OT

1 more replies
Relevance 40.18%
Question: Malware removal?

Hey everyone I would like to ask for help. Here is the dds:

DDS (Ver_09-12-01.01) - NTFSx86
Run by tiffany medina at 20:34:32.21 on Thu 01/21/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1351 [GMT -7:00]

AV: Norton 360 Premier Edition *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 Premier Edition *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Norton 360 Premier Edition\Engine\3.5.2.11\ccSvcHst.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Lau... Read more

Answer:Malware removal?

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

One or more of the identified infections is a backdoor trojan.

This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Please refer to Microsoft's Online Safety article for tips on creating a strong password.

Do not change passwords or do any transactions from the infected computer until it has been cleaned.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my ins... Read more

19 more replies
Relevance 40.18%

hi I did all the steps as stated in the read & run me first sticky and still have malware on my computer. I know for sure that virtumonde and smitfraud are still on my computer as they still keep coming up, and now i get a message at startup saying that my explorer.exe doesn't work. Attached are all the logs that I got from running the read and run me first antispyware programs. Thanks for any help.
 

Answer:Malware removal help

here are more of the logs..
 

13 more replies
Relevance 40.18%

Hello,In the past few few weeks Norton Internet Security 2010 has been reporting repeated attacks from remote IP addresses nearly every 10 seconds while my computer was connected to the internet. In the past couple of days my computer has slowed down enormously and norton no longer detects anything wrong with my computer during scans. CPU usage is between 90-100 at all times. Way too many svshst executables are running (between 5-10). When I try to end these processes a dialog box comes up and says acess is denied. Windows Unlocker can't do anything about it. Yesterday while trying to end the processes the famous dialog box with 60 seconds on the timer before the computer will be forced to shut down showed up, so I assume I have a rootkit. When I tried to attach my hijack this file i was unable to- the window refreshed and reported that the connection had been reset. This occurred 5 times in a row so I am assuming that is abnormal as well. I had to go to another computer to be able to attach the file. Thank you in advance for your help!!!!

Answer:malware removal/hjt log

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

3 more replies
Relevance 40.18%
Question: Removal Of Malware

Hello. Please help i'm new at this so please bare with me. My McAfee Virus scan keeps telling me that the following files cant be found nor can they be removedc:windows\temp\thi149d.tmp\wupdt.exec:windows\tem\DrTemp\wupdt.exehere is the hijack logthanks for any help you can give me.R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://top-find4u.com/sp.htmR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.htmlR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.htmlR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=msgrR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.comR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://top-find4u.com/sp.htmR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhostR3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLLO2 - BHO: MyWebSearch Search A... Read more

Answer:Removal Of Malware

Hi,

The forums are really busy, that explains why logs get behind. We start with the oldest logs first. If you still need some help, please start with posting a new hijackthislog in this thread. Don't start with a new thread.
Then I'll take a look.

Also please post your entire log with the running processes on top as well.

8 more replies
Relevance 40.18%
Question: Malware Removal

Hear are the files I attached. I finished everything. All scans and such. I will post a second one with the other two scan reports. Thanks!
 

Answer:Malware Removal

Malware Removal 2

Here is the second post with the other two reports. Thanks again!! I followed all steps.
 

5 more replies
Relevance 40.18%
Question: Malware Removal

Hello everyone...

I'm attempting to remove Malware with the info from MajorGeeks.com instructions.

Within the Windows XP Cleaning Procedure are the following instructions;
Downloading Tools - to include:
a) SUPER AntiSpyware,
SpyBot Search & Destroy,
c) Malwarebytes Anti-Malware,
d) Combofix.exe,
e) MGtools.exe.

Problem #1: When I download d), combofix.exe., I get the following warning from my AVG Anti Virus...
"Potentially harmful program".
From: "conbofix.exe - HIDEEXEC.EV".
Application: "SHDOCVW"
URL: "http://download.bleelpingcomputer.com/subs/combofix.exe."

AVG asks if I should ignore, delete, or...?

When I chose to delete, the file did not do a complete download.
When I chose to ignore, the download completed.

Has my system been compromised?

Problem #2: I cannot download MGtools. The site continues to ask for username and password. Although I have registered, the site does not acknowledge either. Is this available at another site?

Problem #3: Reading the notes for combo fix, page 2, it states..."You should now install the Windows Recovery Console. The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware. If you use WINDOWS XP and have the Windows CD, (which I have), then you can follow the instructions found in the tutorial listed below."

I do see the "If yo... Read more

Answer:Malware Removal

Hello, lets do things this way. When posting your problem, do not run and post a ComboFix logs. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system. This information is much more useful to our helpers than a ComboFix log.If you installed SpyBot and it's a great tool please disable Teatimer or say Yes to it each time during these scans.You have installed both Malwarebytes Anti-Malware and SUPERAntiSpyware. Please run both and post back the 2 scan logs.Run MBAM in Normal Mode a SAS from Safe mode.How to enter safe mode(XP)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode using the arrow keys. Then press enter on your keyboard to boot into Safe Mode.

1 more replies
Relevance 40.18%
Question: Malware Removal

Hi, I have read and completed the R&R Malware Removal guide and I have attached my logs. I was not able to run the RootRepeal (it is a .rar file and wanted me to select a program to run) or the MGTools.exe (the folder is located on my C drive but when I double-click on the icon and then run, nothing happens). Also, when I ran the combo fix it never disconnected me from the internet like it said would happen. I didn't have any programs running or open while combofix was running but after the fact i opened internet explorer (trying to run RootRepeal) and it crashed.

The Super AntiSpyware was the only program that found "potentially harmful" files but previous to finding your website I ran Spybot and it came across 70+ possibly harmful files.

Thanks for your help.
 

Answer:Malware Removal

Welcome to Major Geeks!

What malware problems brought you here to begin with.





Texaslg said:





or the MGTools.exe (the folder is located on my C drive but when I double-click on the icon and then run, nothing happens).Click to expand...

Let's try to debug this.

Please click Start, Run, and enter cmd and click OK. This will open a command prompt window. Enter the below commands at the command prompt each followed by the enter key. The bold black are commands. The purple is merely informational.

cd \MGtools <-- this changes to the MGtools folder and the prompt should change to C:\MGtools>
nwktst<-- this will try to run all one scan from MGtools. Tell me what error messages, if any, you see.
analyse <-- this will try to run TrendMicro Hijackthis. Click Twice on the Accept button to accept the license agreement if it shows. Then run a scan and save a log. Tell me what error messages, if any, you see.
GetRunKey <-- this will try to run all one scan from MGtools. Tell me what error messages, if any, you see.
ShowNew <-- this will try to run all another scan from MGtools. Tell me what error messages, if any, you see.
Now look for the C:\MGlogs.zip file and attach it no matter what happened while doing the above.
 

7 more replies
Relevance 40.18%

I've had some massive popup problems in the last few days. I've run AVG-Antivirus Spyware (in safe mode), then rebooted and run HJT. Thanks in advance for any help. Here's the log:

Logfile of HijackThis v1.99.1
Scan saved at 12:37:11 PM, on 11/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Novell\XTAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Command Software\Command AntiVirus\avinitnt.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Novell\ZENworks\nalntsrv.exe
C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
C:\Program Files\Command Software\Command AntiVirus\schscnt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Novell\ZENworks\wm.exe
C:\Program Files\Novell\ZENworks\WMRUNDLL.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\dpmw32.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\PROGRA~1\COMMAN~1\COMMAN~1\dvprpt.... Read more

Answer:malware removal help please

16 more replies
Relevance 40.18%

My browsers open slowly and multiple browser process start when I open just a single window. This happens with both Chrome and IE though I typically use Chrome. When I open a Single Chrome Browser I show 3-5 Chrome process start up. This all seemed to start around the time I was trying to find a download for UBCD. When I first noticed it I ran a MalwareBytes scan and it found the following infections.Trojan.FormatC - In a UBCD4Win folderPUP.Optional.SoftonicPUP.Optional.IBryte.A I've ran multiple Full Scans since then and Malwarebytes finds nothing. All Definitions are up to date. What I have done.Ran RKill(found nothing) > Malwarebytes Full Scan(found nothing)ComboFixAdwCleanerHiJackThis - Doesn't seem to be anything out of the ordinary. Though admittedly I'm not as familiar with it as I would like to be so I could be missing something. Host File only has one line in it:127.0.0.1       localhost I've attached the logs from ComboFix and HiJackThis. Any ideas on how to fix this?Edit: Moved topic from Windows 7 to the more appropriate forum. ~ Animal

Answer:Malware Removal Help

I've tried to run the DDs to attach and I got a blue screen when running it with the following code.
0x000000D1

10 more replies
Relevance 40.18%
Question: malware removal

Hi,
i have been given a machine to clean.
Ran all programs except mgtools. having a hard time downloading it.
other logs attached. tdskiller found no threats.

any help would be greatly appreciated

thanks
Andy
 

Answer:malware removal

Can you download MGTools.exe to another computer and transfer it via thumb drive?
 

7 more replies
Relevance 40.18%
Question: Malware Removal

My computer will not allow me to boot without the blue screen of death. I can only use Last known good configuration. My cd drives no longer work nor have a drive letter. I cannot restore computer back to a good restore point. I have scanned with the following: Getrunkey, Shownew, Spybot, Counter Spy, AVG, Ad-Aware, Bitdefender, HJT. Counter Spy and Bitdefender found nothing therefore I have no logs. I will post the others. Any help would be most appreciated.
 

Answer:Malware Removal

My computer will not allow me to boot without the blue screen of death. I can only use Last known good configuration. My cd drives no longer work nor have a drive letter. I cannot restore computer back to a good restore point. I have scanned with the following: Getrunkey, Shownew, Spybot, Counter Spy, AVG, Ad-Aware, Bitdefender, HJT. Counter Spy and Bitdefender found nothing therefore I have no logs. I will post the others. Any help would be most appreciated.

Here are the other logs.
 

6 more replies
Relevance 40.18%

here are my logs from the removal process

View attachment HitmanPro_20150116_1946.log



View attachment TDSSKiller.3.0.0.42_16.01.2015_18.16.25_log.txt



View attachment mblog.txt



View attachment RKReport.txt



View attachment history.txt
 

Answer:Help with malware removal

Still need the log from running MGTools.exe -> C:\MGLogs.zip.
 

14 more replies
Relevance 40.18%

Well, where to start. My computer has been getting progressively more problematic the last few months. I can't specifically remember where or how it started. The earliest symptoms I remember are applications taking anywhere from one to 4 minutes to open, or just timing out completely. I would have to create tabs in my browsers and never close them to avoid this. This went on for a while, and every now and then it would clear up and act fine. After that my computer, namely the internet, started to lag constantly. Just recently it began to lag so bad that I couldn't load any pages without waiting up to 5 minutes. So I began to run some cleaners, CCleaner and MBAM. This resulted in my computer getting worse. Firefox would no longer open, so I had to uninstall it. Explorer kept giving me multiple pop-ups, so I uninstalled it.. although unsuccessfully. Automatic updates are turned off, unable to turn them on. I attempted the windows XP cleaning procedure in the sticky. SAS wasn't able to run at first so I ran it last when it allowed me to. My registry at first wouldn't allow me to edit, for a while my computer had created a separate administrator account. Both of these are fixed for now. Firefox is still not opening, my automatic updates are still not allowing me to turn them on. Some things are still lagging. Thank you for taking the time to read this.
 

Answer:Please help with malware removal

Welcome to Major Geeks!





Axsca said:





Explorer kept giving me multiple pop-ups, so I uninstalled it.. although unsuccessfully. Automatic updates are turned off, unable to turn them on.Click to expand...

You should NEVER attempt to uninstall Internet Explore (which is not the same thing as Explorer). You need Internet Explorer or you will not be able to get all of your Windows Updates and will not be able to access many websites that require it. Attempting to uninstall could break your ability to get updates.

Uninstalling these programs would not help you anyway. The infections are the source of your problems and the infections need to be removed, not IE or FireFox. Your Windows Operating System files are infected and this can be problematic to remove. The first thing you should do is backup important personal data since the act of trying to fix these kinds of infections could cause your PC to become unbootable. Do not backup any executable type file since they may be infected.

We will have to perform your fixes in stages to avoid make your PC unbootbable. So the below is only the first step. It is not a complete fix. From now on do not run anything except what we ask you to run. Do not download or install anything but what we request. Once we finish your malware removal you will be free to do what you wish.

You are way out of date with your version of SUPERAntiSpyware.
Please uninstall your current version (this is neces... Read more

13 more replies
Relevance 40.18%

Not sure if I have any malware/viruses right now but it seems there are some issues with my computer where I get denied access to certain functions and popups showing errors stating "your browser doesn't have the correct flash player installed " , "your computer is running slow and needs to be tweaked for better performance" I have mcafee anti-virus and malwarebytes installed and operating . Running windows 7 Home , Office 2010. I attached the requested logs . Hope I got it right. Thanks , Pedro.

Answer:Removal of malware help

I have Secunia running at the moment and it advises that Shockwave needs to be updated. Secunia is updating shockwave and has been doing so for a few hours. Is it normal for it to update for such a long time?

1 more replies
Relevance 40.18%
Question: Malware removal

Hi,

Recently I downloaded many trojans etc picked up by my AVG software.
These could not be removed as they were 'not accessible'

Now everytime I turn on my computer I get this error message...
"There was a problem starting
C:\Windows\$NtUninstallMTF1011$\mmduch.dll

I fear that the virus' are going to keep coming and get worse overtime!

I have downloaded the malware removal software but do not wish to use it until I have spoken to a professional.
Can somebody help me please?

Adam

Answer:Malware removal

Hi Adam,Just follow the steps on http://www.bleepingcomputer.com/forums/topic34773.html (Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help)If you have done the last step, a professional expert will check your topic at that forum.Good luck.

1 more replies
Relevance 40.18%

Hello,
I have a one year old computer and in the last week noticed malware on my Internet Explorer page. I had let my antivirus lapse by two days and then downloaded Microsoft's free antivirus on the advice of someone at my workplace. In a scan it did not pick up any issues. A computer technician at my school sent me a message to use malware bytes which I did and then in a subsequent message said I should try combofix also. After using malware bytes my browser did not appear to have any malware for a few days then a few days ago when launching a news articles it reappeared. Unfortunately, I didn't read all the instructions on Combo fix first. I have run DDS . WHat are my next steps? Are you able to help me? I rely on my computer for school work daily? ALso, can you recommend what I can purchase/install to further protect my machine in the long run? Thank you for any support you can provide. Ari

Answer:Malware removal help please

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the Report button and the report will open in Notepad.IMPORTANTIf you click the Clean button all items listed in the report will be removed.If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Check off the element(s) you wish to keep.Click on the Clean button follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Sn].txt (n is a number). Please downloadJunkware Removal Tool to your Desktop.Please close your security software to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.The tool will open and start scanning your system.... Read more

4 more replies
Relevance 40.18%

I ran across something nasty today - wish I copied the name down when AVG alerted me - but can not get to the logs. I have tried to run the steps in the instructions but can't get by them. I was running AVG 2012 Free and Malwarebytes Pro. But after encountering whatever I have both become corrupt. mbam would run for 2 minutes and then vanish and attempting to run again would give me the error "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."
I would reinstall mbam and run again and after 2 mins it would vanish. Downloaded and installed SUPERAntiSpywarePro and the exact same thing happens. Tried a full computer scan with AVG and it to became corrupt. Did a full AVG removal and tried to reinstall and it fails.

Please advise. And thanks.
 

Answer:Need help w/ Malware removal

Welcome to Major Geeks!

Sounds similar to problems cause by ZeroAccess infections which is the current major cause of problems these days. One of the common signs of this infection is seeing a process running that is made up of two longs sets of numbers with a colon in between them. For example a process similar to below will be seen in Task Manager:

4187824115:216031750.exe


If you try to kill it, it will just restart in a few seconds. This is just one piece of the infection. Please see if you can do the below:

Goto the below link and follow the instructions for running TDSSKiller from Kaspersky
TDSSkiller - How to run

Be sure to attach your log from TDSSKiller
Now please also download MBRCheck to your desktop.


See the download links under this icon

Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
It will show a Black screen with some information that will contain either the below line if no problem is found:
Done! Press ENTER to exit...

Or you will see more information like below if a problem is found:
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.
MBRCheck will create a log named similar to MBRCheck_07.16.10_00.32.33.txt which is random based on date and time.
Attach this log to your next message. (See: HOW TO: Attach Items To You... Read more

3 more replies
Relevance 40.18%
Question: malware removal

i applied your steps for malware removal, my computer has been infected for a month. i ran the programs and it unhid my files. i am attaching the logs to see if anything further needs to be done.
 

Answer:malware removal

Welcome to MajorGeeks!

You need to attach (See: HOW TO: Attach Items To Your Post ) these other requested logs created while running the READ & RUN ME FIRST. Malware Removal Guide .
SASlog.txt log from SuperAntiSpyware.
Malwarebytes Anti-Malware log
ComboFix.txt (normally C:\ComboFix.txt)
C:\MGlogs.zip

Other Notes:
You should attach all of your logs to one message after you have completed all scans.
Be patient after posting your logs and wait for one of the helpers to get to you. It can take a while to read thru all of the logs and to create individual fixes for you.
Also DO NOT BUMP your thread to try and get a faster answer. This will actually significantly delay getting an answer. See this: Don't Bump! It Only Hurts You!!!

 

1 more replies
Relevance 40.18%
Question: Malware removal

i got this virus last night. i was browsing on chrome and my AVG anti-virus thing popped up and said it blocked my access to a malicious site, but since it was chrome and not firefox with noscript, i worried that the damage had already been done. i tried a sweep with MBAM and it gave me some problems. when i rebooted i could suddenly not use my browsers anymore so i followed the instructions in the read-me thread.

i had to grab the superantispyware portable version because the other wouldnt load. this means unfortunately i dont have a log for that scan. it did find a trojan, though i cant remember what exactly unfortunately.

after that scan finished and it rebooted my PC, i was getting a bunch of error messages on startup that the system couldnt identify .exe files. i had a fix for that and run it but now, even after going through the whole read me post, i get the same error messages and must run the fix every time i start my computer.

i did get a bunch of errors when combofix was trying to write logs. it said somethings in an HIV folder couldnt be accessed or something. and when i ran mgtools, the hijack part told me something about not being able to access the "hosts" thing and gave me some instructions on how to do it manually or something but i wasnt sure what to do about that since i didnt see it in the read me.

here are the logs. the only lingering problem i've noticed is the .exe thing every start up.

thanks in advance. never using chrom... Read more

Answer:Malware removal

Please go here and scroll down to the exe file fix:
http://www.dougknox.com/xp/file_assoc.htm

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:




O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKCU\..\Run: [F.lux] "C:\Documents and Settings\Owner\Local Settings\Apps\F.lux\flux.exe" /noshow
O4 - HKUS\S-1-5-21-3517542941-223606305-1753810289-1005\..\Run: [F.lux] "C:\Documents and Settings\Owner\Local Settings\Apps\F.lux\flux.exe" /noshow (User '?')
O23 - Service: QZQCTACVOHC - Unknown owner - C:\DOCUME~1\Owner\LOCALS~1\Temp\QZQCTACVOHC.exe (file missing)Click to expand...

After clicking Fix, exit HJT.

* Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
If it is not on your Desktop, the below will not work.
* Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
* If ComboFix tells you it needs to update to a ... Read more

8 more replies
Relevance 40.18%

Hi, I need help..!!

I seem to have some sort of malware / spyware / virus on my laptop which does not allow me to connect to internet in regular mode; but i am able to do so in safe mode.

I have scanned using HijackThis and report follows. I have tried various virus / spyware scans including SpySweeper, Spybot s&d; Xoftspy. But, I still cannot connect.

At times, a popup comes up stating that my comp is at risk; this links to "onlinesecurityworld.com" web. Also, I get 3 links on my desktop:
Error cleaner; Privacy protection; Spyware & malware protection;
all linking to "onlinesecurityworld.com".

Thanks in advance
 

Answer:Please Help.. with removal of Malware

Welcome to MajorGeeks.com, please follow our standard cleaning procedures:

Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support


Make sure you check version numbers and get all updates.
Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above and you still have a problem, make sure you have booted to normal mode and run the steps in the below thread to properly use HijackThis and attach the log:

Downloading, Installing, and Running HijackThis

Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around..
When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:
CounterSpy
AVG Antispyware log - ONLY IF NEEDED you were not able to run CounterSpy
Bitdefender - from step 6
Panda Scan - from step 6
runkeys.txt - the log from GetRunKey.bat
newfiles.txt - the log from ShowNew.bat
HijackThis
NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!
 

1 more replies
Relevance 40.18%
Question: malware removal

Computer is running really slow. Please find attached logs and advise on next steps. Appears that there are issues. Thanks, sm
 

Answer:malware removal

Welcome to Major Geeks!

There is a little bit of junkware to remove and we will do that below, but this is not liklely to help too much with your PCs performance. This is more likely due to PC specs which show the below
Code:
Processor x86 Family 15 Model 43 Stepping 1 AuthenticAMD ~2004 Mhz
Total Physical Memory 1,024.00 MB
Available Physical Memory 243.25 MB
This is a rather old and slow processor. And you have about 1/3 of the memory that I recommend now for more efficient running of Windows XP SP3.

Also problems can be do to items you are running at startup ( not really a malware forum topic ) and always allow to run even when not being used. The below items are what am referring too.



O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Amazon Cloud Player] C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Amazon Cloud Player\Amazon Music Helper.exe
O4 - HKUS\S-1-5-21-2056519892-781164044-2259076700-1010\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'MCX1')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.... Read more

14 more replies
Relevance 40.18%

Hi Geeks!

I have been trying to resolve several issues which began with slow downloading and Google redirect issues in Firefox; Office 10.(XP Pro) Excel which returns "Microsoft Visual C++ Runtime Library runtime Error" C:\Program Files\Microsoft Office\Office 10\Excel.exe Among others.

I followed your extensive pages on Malware running all on the "Read and Run" page and logging as directed. I did follow the pages on Google Redirection removal, and i surmise that has solved that problem.

I am not sure that I have removed all the malware, as in some places you recommend that I NOT clean the malware, just send the logs....but figure I cannot repair the Excel or other problems without first being sure that I have removed the threats.

Will you please review the log files and / or direct me to the next steps?

I have used the Belarc advisor should you need that detail too.

Kind Regards


XP Pro w/MS updates
 

Answer:Still not sure of Malware removal with XP Pro

Please rerun MBAM and have it fix what it found.

Then rerun Hitman and have it remove all the:
Potential Unwanted Programs

Finally, rerun RogueKiller and have it remove:

Code:
[RUN][SUSP PATH] HKLM\[...]\Run : shicoxp (C:\WINDOWS\shicoxp.exe [-]) -> FOUND
Reboot and rerun both RogueKiller and Hitman and attach both those logs.

Let me know how things are runnning.
 

11 more replies
Relevance 40.18%

Hello,

I suspect we have some sort of malware in a computer. The file explorer is not working like it should. Right now we can't access the root drive to get the tdsskiller log file. I'm lucky when we can access anything on the drives. Usually after opening file explorer we only can see the Desktop. If we can see the drives, when we open folders nothing shows up. I plugged in a usb drive and could not access the files on it. It's getting worse each day.

I hope you can help with the log files I have attached.

Thanks,
 

Answer:Need malware removal help

It does not look like you are having malware problems. Your logs are clean and the logs also show your files and folders just fine ( including the TDSSkiller log ). Try the below:


Download Windows Repair by Tweaking.com and unzip the contents into a newly created folder on your desktop.

Now run Repair_Windows.exe by double clicking on it ( if you are running Vista or Win 7, use right click and select Run As Administrator)
Now select the Start Repairs tab.
The click the Start button.
Create a System Restore point if prompted.
On the next screen, click the Unselect All button to first deselect all repairs.
Now select the following repair options:
Reset Registry Permissions
Reset File Permissions
Register System Files
Repair WMI
Remove Policies Set By Infections
Repair Winsock & DNS Cache
Repair Proxy Settings
Repair Windows Updates
Repair MSI (Windows Installer)

Now on the lower right side check the box to Restart/Shutdown System When Finished
Then make sure the Restart System radio button is enabled.
Shutdown any other programs that you are running now before continuing.
Now click the Start button.
Be patient while the tool repairs the selected items.
It should reboot automatically when finished. If it doesn't then reboot it yourself.

Any change! If not then you should post in the Software Forum.
 

3 more replies
Relevance 40.18%
Question: Malware Removal

You're the best !!. I know that I have a virus o malware.
C:\Users\Alex\appdata\local\temp\domain\wdacl.exe.
How can I clean it?

I suggested:

Go to C:\ Hard Drive, and find this file and I delete it. Then restart the laptop, and clean it from recycle bin.
:confused
 

Answer:Malware Removal

If you want us to check your system for malware, please do the following:

READ & RUN ME FIRST. Malware Removal Guide
 

1 more replies
Relevance 40.18%

I have had my computer for four years and never ever had problem - I perform regular maintenance and I am careful when surfing.

However, yesterday I was surfing several sites using tab browsing and I believe it was a guitar tab site that I clicked on by accident that downloaded a virus to my system before I could close it.

Suddenly some sort of rogue program popped up on my screen and began scanning all my files and my system went crazy so I shut it down manually. Next thing I knew I had the blue screen of death on restart.

I rebooted the computer in safe mode and looked around and found at least one system file called "ndisio.exe" that looked to be causing problems.

I performed the "Read & run Me First" malware removal guide and then proceeded to the Windows Cleaning for XP.

I had a few issues with my internet after running SUPERAntispyware but I reset winsock and repeated this after each program and it is fine.

My system seems to be running almost normal but I am concerned that I may have missed something since I am an complete amateur in this area

I am posting the logs from each of the four programs. I hope I did everything right.

Also, I could not locate my "folder Options" in my control settings to change my viewing of hidden files which is odd because I have changed them before. Not sure why this is.

I also ran Malwarebytes twice because the first time it said not all files could be removed and then the... Read more

Answer:Malware Removal - Help!

ncaione1 said:





I have had my computer for four years and never ever had problem - I perform regular maintenance and I am careful when surfing.

However, yesterday I was surfing several sites using tab browsing and I believe it was a guitar tab site that I clicked on by accident that downloaded a virus to my system before I could close it.

Suddenly some sort of rogue program popped up on my screen and began scanning all my files and my system went crazy so I shut it down manually. Next thing I knew I had the blue screen of death on restart.

I rebooted the computer in safe mode and looked around and found at least one system file called "ndisio.exe" that looked to be causing problems.

I performed the "Read & run Me First" malware removal guide and then proceeded to the Windows Cleaning for XP.

I had a few issues with my internet after running SUPERAntispyware but I reset winsock and repeated this after each program and it is fine.

My system seems to be running almost normal but I am concerned that I may have missed something since I am an complete amateur in this area

I am posting the logs from each of the four programs. I hope I did everything right.

Also, I could not locate my "folder Options" in my control settings to change my viewing of hidden files which is odd because I have changed them before. Not sure why this is.

I also ran Malwarebytes twice because the first time it sa... Read more

13 more replies
Relevance 40.18%

I have followed your Malware Removal Guide. Please take a look at my logs and let me know what I need to do to remove the problems.

I will attach other logs on another message.

Thanks.
 

Answer:Malware Removal Help THANKS

Here are the other logs
 

5 more replies
Relevance 40.18%

Hello,I am having problems with Google redirecting in Firefox only. It seems to be working fine in IE8 and Google Chrome Browsers. I have already tried the GooRedfix program, and it got rid of a few files, but the problem still persists. Running: Windows 7 Home Premium, AVG Free, Spybot S&DI have scanned with Spybot S&D, Ad-Aware, AVG, Hitman, and MAB to no avail...they all show the system as being clean.

Answer:Malware Removal Help

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

9 more replies
Relevance 40.18%

My friends computer won't connect to internet anymore. I ran Ewido and it found over 2500 infected files. It looked as if most were something called worm.vb.an I also ran adaware which found 88 more. I know bargain buddy was one of them. Here is a hijackthis log after the other scans. Thanks for your helpLogfile of HijackThis v1.99.1Scan saved at 9:33:58 PM, on 4/21/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\System32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\windows\system\hpsysdrv.exeC:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exeC:\HP\KBD\KBD.EXEC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Multimedia Card Reader\shwicon2k.exeC:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.... Read more

Answer:Malware Removal Help Please

Hello and welcome.. Lets get started.==Please print these instructions out, or write them down, as you can't read them during the fix.1. Through Control Panel -> Add/Remove programs and uninstall these entries (if any of them are present):PuritySCAN By OINOINOuterInfoIF there are no entries listed on Add/Remove programs, please download and run this uninstaller:OiUninstaller.exe==2. Please download the trial version of Ewido Anti-malware here:http://www.ewido.net/en/download/Please read Ewido Setup InstructionsInstall it, and update the definitions to the newest files. Do NOT run a scan yet.==3. Please download Brute Force Uninstaller to your desktop.Right-click the BFU folder on your desktop, and choose Extract AllClick "Next"In the box to choose where to extract the files to,Click "Browse"Click on the + sign next to "My Computer"Click on "Local Disk (C:) or whatever your primary drive is Click "Make New Folder"Type in BFUClick "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".4. RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover. Save it in the same folder you made earlier (c:\BFU).Do not do anything with these yet!==Next, please reboot your computer in Safe Mode by doing the following:1) Restart your computer2) After hearing your computer beep once during startup, but befor... Read more

4 more replies
Relevance 40.18%

I have read and followed all of the instructions on the malware removal guide. As of right now, I am no longer having pop ups, but my add or remove programs is not loading correctly, and the online scans still found malware on my computer. Here are my scans. I would greatly appreciate your help!

-Jenna
 

Answer:Malware Removal Help

The rest of the scans...
 

15 more replies
Relevance 40.18%

Hi everyone, I've started through the malware removal process but whatever is on my computer will not let me navigate to my harddrives through My Computer. Is it allright to create a folder in shared documents to put all this stuff in or is there a way to work around this problem. I know I had read it was best to put everything in root c:.
 

Answer:Malware Removal Help

I found the work around on that one and moved on to superantispyware and malwarebytes... neither of which will run. I was able to get them installed by changing their names but the programs themselves won't run in normal or safe mode. Superantispyware also won't run using the alternative startup. My question is should I go ahead and move on to the combofix and continue or do I need to find a way to run one of these.
 

7 more replies
Relevance 40.18%
Question: Malware removal

here are the logs after i completed the malware removal process. please look at this and get back to me. thanks

P.S: I did run Ccleaner, Spybot Search & Destroy in safe mode but couldn't run counterspy in safe mode. Instead i ran that in normal mode.
 

Answer:Malware removal

Welcome to Major Geeks!

You need to tell us what malware problems you are having!

Also you need to attach the other three requested logs from the READ ME:
CounterSpy - only for Windows XP, 2K, & NT users
Bitdefender - from step 6
Panda Scan - from step 6


Is your copy of Spyware Doctor a paid version or a free trial version?
 

13 more replies
Relevance 40.18%

Hello. I'm having trouble removing some malware from my computer. I have already completed steps 1-6 in the "READ & RUN ME FIRST. Malware Removal Guide" and the problem still exists. My antivirus program, ViRobot, shows three specific items: Trojan.Win32.Agent.122880.C, Trojan.Win32.VBStat.76412, and Trojan.Win32.Virtumod.124436. The program says it repaired it but it keeps on coming back up.

I will post all the necessary logs.

Thanks for your help.
 

Answer:Need help with removal of malware

The remaining logs.
 

7 more replies
Relevance 40.18%
Question: Malware removal

Hello!

I bumped on the "maware removal guide" and decided to check the computers at home. I have 4 computers, and i did it on the server. I wasn't very worried since they all have the avast and spybot, and we run them from time to time, but i was surprised by the stuff that all those programs kept finding (and couldnt clean it sometimes).
So, here is what i did: i uninstalled the avast but i left the spybot, since its part of the procedure. At step 5, the computer didnt let me run the counterspy in safe mode, but it accepted the avg fine. The rest of it went ok. So i am posting the reports so i am sure to have all malwares removed, to follow with step 8. Oh yes, I am doing the same thing on the other 3 client computers. Not today though, once per weekend. Should i post their reports too, or just to follow those steps should be enough? I dont want to bug u every week with those reports, unless i absolutely have to.
One last thing. I just want say thanks for the guide and the support with those reports. Its a great help, i feel lucky for having found it.
 

Answer:Malware removal

Here are the rest of the reports
 

2 more replies
Relevance 40.18%
Question: Malware Removal

I am using a Win 7 64bit laptop. My Norton 360 expired last month and only now I renewed it. Before I renewed it, my computer started showing malware activities. My AbBlock did not work, audio plays (either online or offline) did not give sounds after about a minute, downloaded unintentional programs etc. I ran a full scan from Norton 360 but still I those issues.
Thank you.
 

Answer:Malware Removal

Hello, YACwade

Please read ALL of this message including the notes before doing anything.

Please follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide

and then attach the requested logs to your next reply when you finish these instructions.

**** If something does not run, write down the info to explain to us later but keep on going. ****
Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.
After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:


If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes, you could use a flash drive too, but flash drives are writeable and infections can spread to them.
If you cannot seem to login to an infected user account, try using a diffe... Read more

14 more replies
Relevance 40.18%
Question: malware removal

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:42:43 PM, on 4/11/2009
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal


Edit by chaslang: Inline HJT log removed. READ & RUN ME FIRST. Malware Removal Guide sticky not followed.
 

Answer:malware removal

Welcome to Major Geeks!

Please follow the instructions in the READ & RUN ME FIRST link given futher down and attach the requested logs when you finish these instructions.

If you have problems where no tools seem to run, please try following the steps given in the below and then continue on no matter what you find. You only need to try the TDSSserv steps if having problems getting scans in the Read & Run Me First.
TDSSserv Non-Plug & Play Driver Disable

If something does not run, write down the info to explain to us later but keep on going.
Do not assume that because one step does not work that they all will not.
READ & RUN ME FIRST. Malware Removal Guide

After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:
If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware, Malwarebytes and Spybot ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. ... Read more

1 more replies
Relevance 40.18%
Question: Malware removal

Help
My PC is a mess. It keeps saying that it has viruses. Things are shutting down.
I'm running Win XP.
Here is my HJT log: Thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:59:14 AM, on 12/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
... Read more

More replies
Relevance 40.18%

this is the scan info from GMER which i was told to do in the thread "buying online safe?" And no i dont have a windows disc or boot cd. ive had a slow computer for almost a 6 mon. and couldnt buy anything online because of the risks. But now im following these steps to eliminate these problems once and for all



DDS (Ver_09-12-01.01) - NTFSx86
Run by Wilfredo Portales at 19:56:01.40 on Wed 12/02/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1270.452 [GMT -8:00]

AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: AVG Internet Security *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
svchost.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Progr... Read more

Answer:malware removal help

Hello -

Some of the slowness may stem from too many security products installed.


As stated in our pre-posting sticky topic...

http://www.techsupportforum.com/f50/...lp-305963.html


Quote:




If you have more than one antivirus software installed, leave only ONE and uninstall the others




While this may seem like greater protection, it can cause problems including slowdowns, system hangs or even crashes. This can happen if both AntiVirus applications attempt to access the same file at the same time. This may cause the applications to interfere with each other, or cause the system to lock up. It can also be a drain on system resources, making a machine run slower than it should.

I see you have more than one Anti-Virus program installed, Spyware Doctor with AntiVirus and AVG. Choose one to keep and uninstall the other.

Any antivirus program must be removed via add/remove program.
For any program that doesn't have an add/remove entry, you will have to do this:re-install the program -> reboot -> uninstallOf the two, I would uninstall Spyware Doctor with AntiVirus.

For now, also uninstall STOPZilla, as it can be a drain on resources.

-----------------------------------------------------------------------

As mentioned in our preposting topic:

http://www.techsupportforum.com/f50/...lp-305963.html


Quote:




3. Uninstall the following via Add or Remove Programs in Control Panel:

p2p ... Read more

19 more replies
Relevance 40.18%
Question: Malware removal

Hello,
I am wondering if anyone can help me with a problem. The problem is that when I use Ad-aware in full sweep mode it keeps getting stuck on a file named......InprocServer32. Does anyone know what this is? and how to remove it from my computer?
Thanks in advance,
didiohio

More replies
Relevance 40.18%

Before I lose my mind here are the log files that are from the instructions that were posted. Any help is greatly appreciated. I am in hte middle of finals and have a teenager who decided to gag up our computer! HELP!!! :cry
 

Answer:Malware removal (1/2)

Malware removal (2/2)

Ok this is the second part of what was found. I hope I am understanding ll this it is definately all greek to me. Am I missing anything?? Once again help is appreciated.
 

2 more replies
Relevance 40.18%
Question: Malware removal

I have run all 5 scans that your Malware removal page lists. I can't find the RKreport[1].txt file. You said to run each thing only once. How can I get the report to you for Rogue Killer?

I started having trouble 2 days ago when I received a notification to update myplayer. I guess I thought it was for my media player but that's when all this other stuff came with it & my computer is so slow along with pop ups & even whole page pop ups.

Hope this helps you help me. I'm lost!!!

Thank you
 

Answer:Malware removal

Welcome to MajorGeeks!

Run RogueKiller again - after clicking Scan and it has completed, click on Report for the RKreport_SCN_09132014_xxxxx.log to be opened. That is the log we want attached. (Copy & Paste it into Notepad > save to your Desktop to easily find it again)
 

9 more replies
Relevance 40.18%
Question: Malware removal

The computer's desktop background has been changed to a blue background with the text: "Warning: Spyware threat has been detected on your PC. Your computer has several fatal errors due to spyware activity. It is strongly recommend to install an antispyware software to close all security vulnerabilities. Antispyware software helps protect your PC against spyware and other security threats."
After research and finding your site, I began following directions on how to use ComboFix and got stuck when I couldn't drag the file from Microsoft Recovery Disk (downloaded as per your instructions since I don't have the recovery CD) on top off the ComboFix icon. In fact I couldn't drag and drop any of the icons on the desktop.

Answer:Malware removal

tombodailey,

As you're still here - I have instructed the mods to move you to another forum. Please don't run Combofix again until someone has taken up your problem on that forum.

m

2 more replies
Relevance 40.18%

attached are two of the logs and my next message will have runkey and newfiles txt..now what?:cry
 

Answer:malware removal done what next?

Welcome to Major Geeks!

Actually there are 4 other required logs that you need to attach.

SuperAntispyware - since you have Win ME and cannot run CounterSpy or AVG Antispyware
Bitdefender - from step 6
runkeys.txt - the log from GetRunKey.bat
newfiles.txt - the log from ShowNew.bat


And more importantly, you need to explain why you are posting here. You did not mention what problems you are having.
 

4 more replies
Relevance 40.18%
Question: Malware Removal

Hi there. I've been following your directions to remove some malware from my computer and I got as far as trying it to run your Farbar Recovery Scan Tool from the flash drive to the infected computer. I'm unable to run the program as it says that "cannot be run in DOS mode". Any thoughts on how I could get pass that and unlock my screen?
Thank you!

Answer:Malware Removal

Which operating system is installed? Also tell me, if it is 32- or 64bit.

17 more replies
Relevance 40.18%

Attached are the files from your detailed instructions and I hope I've followed everything correctly. Please, my son has downloaded so much I can't keep the Family PC clean anymore. I can't get to any major website without being hijacked. What can I do?
 

Answer:Malware removal - please HELP!

Post the logs from GetRunKeys and ShowNew.
 

3 more replies
Relevance 40.18%
Question: Malware Removal

Hi all! Its unbelivable the things that are out on the internet that can be annoying to say the least. The only thing that worked for me was to just do a system restore. Take your computer back in time a few days before the spyware imbedded itself into your registry. It works, believe me.
 

Answer:Malware Removal

Jag5050 said:



Hi all! Its unbelivable the things that are out on the internet that can be annoying to say the least. The only thing that worked for me was to just do a system restore. Take your computer back in time a few days before the spyware imbedded itself into your registry. It works, believe me.Click to expand...

This doesn't work in every case because sometimes your restore points holds the infection. The best way to remove it is to never get it. The best way to never get it is to surf safely, keep windows up-to-date, have an updated antivirus and firewall installed.

How to Protect yourself from malware!
 

1 more replies
Relevance 40.18%

So it would appear that I am infected with WinantivirusPro 2006, I get the pop ups constantly but I have not installed the program. I also get blank windows popping up to a certain ip address that contains information on what I was currently doing. Such as this "http://85.12.25.85/trafc-2/rfe.php?cmp=vm_mg_ff_nonusa_fail&nid=ec&uid=AB11DEAC21A011DB973F00167647FA98&guid=e0f30edd+1D10514769CC421B8E80F83036AF28EA&lid=forums%3E&url=http%3A%2F%2Fforums.majorgeeks.com%2Fshowthread.php%3Ft%3D38752&affid=862"

So I went through the steps you guys have posted and I have lots of logs for you read, I really need your help and I hope that I can make it as painless as possible. I already ran VundoFix as well and it deleted a lot of .dll files that I noticed were spyware.

Oh and for future notice, I am unable to load safe mode. My computer simply loads it and I cannot do anything but move my mouse. I do not know if this is related to spyware or not.

Attached are the various logs that were requested in the steps.

Thanks in advance,
Ryan
 

Answer:Various Malware, need help in removal Please

Here are some additional files that were requested.
 

8 more replies
Relevance 40.18%
Question: Malware Removal

I have had a few different malware on my computer that i can not removeHere are my logsLogfile of Trend Micro HijackThis v2.0.2Scan saved at 14:10:48, on 24/09/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:I:\WINDOWS\System32\smss.exeI:\WINDOWS\system32\winlogon.exeI:\WINDOWS\system32\services.exeI:\WINDOWS\system32\lsass.exeI:\WINDOWS\system32\svchost.exeI:\WINDOWS\System32\svchost.exeP:\Ad-Aware 2007\aawservice.exep:\Alwil Software\Avast4\aswUpdSv.exep:\Alwil Software\Avast4\ashServ.exeI:\WINDOWS\Explorer.EXEI:\WINDOWS\system32\spoolsv.exeP:\AVG Anti-Spyware 7.5\guard.exep:\Grisoft\AVG7\avgamsvr.exep:\Grisoft\AVG7\avgupsvc.exep:\Comodo\CBOClean\BOCORE.exeP:\Comodo\Firewall\cmdagent.exeI:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeI:\Program Files\Mil Incorporated\Mil Shield\ShieldService.exeI:\WINDOWS\system32\wwSecure.exep:\Alwil Software\Avast4\ashMaiSv.exep:\Alwil Software\Avast4\ashWebSv.exeP:\Microsoft Office\Office12\GrooveMonitor.exeI:\WINDOWS\SOUNDMAN.EXEP:\Grisoft\AVG7\avgcc.exeI:\Program Files\Adobe... Read more

Answer:Malware Removal

Welcome to the BleepingComputer HijackThis Logs and Analysis forum shamonemofo My name is Richie and i'll be helping you to fix your problems.You have Avast4 and AVG7 Antivirus installed.Its definitely not a good idea to have more than one antivirus program installed on your computer. Each program may interpret the actions of the other as viral, therefore giving you false virus warnings about virus-related activities.It could also lead to system slowdowns and other problems within the operating system,due to the two conflicting with each other.You should uninstall one of them now,then restart your pc.Copy and paste ALL the following text in the Quote box below into Notepad.Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.File::I:\WINDOWS\system32\syvadiep.dllI:\WINDOWS\system32\ututv.bak2I:\WINDOWS\system32\ututv.bak1I:\WINDOWS\system32\ututv.ini2I:\WINDOWS\system32\cfhkj.bak2I:\WINDOWS\system32\sptll.dllI:\WINDOWS\system32\cfhkj.bak1Registry::[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{39796DAA-7966-41C9-994F-0E12621CB841}][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxvwvs][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkhfc]Now drag then d... Read more

9 more replies
Relevance 40.18%
Question: Malware removal

I keep getting a window when I attempt to exit the pc.. .Net-Broadcast
EventWindow.1.0.5000 will not shut down. Went to google and it says no way to remove.... can someone help?? Have run the serch for it and nothing shows...
 

More replies
Relevance 40.18%
Question: malware removal

I need help deciding what to remove I ran a security analyzer and I have a log I just wanted to make sure I could post it here and get help with deciding what to fix..... the program I used to get the log was Iobit.Thanks Frank

Answer:malware removal

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you let... Read more

2 more replies
Relevance 40.18%

Alright so I was browsing some websites and then got several alerts with NOD32. I was using outdated java, outdated firefox, and outdated adobe reader (which I have now updated) which may or may not have contributed to this issue.

However regardless, I followed the removal guide and used MBAM and SAS yesterday to remove malware. MBAM found some things and I removed them (log provided), SAS found nothing - forgot to save the log (will re scan and post). Then today NOD32 popped up again and said these files were suspicious (which were the same files/similar as what popped up yesterday). Regardless I will let the logs speak for themselves as you all know more than I do:

RR log and MgTools will be otw
 

Answer:Malware Removal (need help!!!)

Welcome to Major Geeks!

You need to attach the logs from RootRepeal and MGtools before we can continue.
 

5 more replies
Relevance 40.18%

Hey guys,

I seem to only have one problem: When using Internet Explorer it randomly, but often redirects me to random spam sites (sometimes even just Yellowbook.com) when I click a link.
This seems to be happening more often when I just click a link from a google search. It also occurs when I try to use Chrome.

I am pretty confident it started yesterday, when I was in a hurry to watch a soccer game and installed Sopcast AND forgot to uncheck the 'Install Ask toolbar' thing. I have now uninstalled the toolbar and sopcast itself, but to no avail. I also have run the tests you wanted me to, except for RootRepeal (I have a 64 bit system) and MgTools doesn't work, when starting it on the desktop it gives me: C:/ is inaccessible.

Thank you guys!
 

Answer:Help with Malware Removal

Welcome to Major Geeks!





Xyllus said:





and MgTools doesn't work, when starting it on the desktop it gives me: C:/ is inaccessible.Click to expand...

But you attached the log from MGtools??? Did you mean ComboFix did not run since you did not attach that log?



Download TDSSKiller from Kaspersky to your directly onto your Desktop

Now double click the TDSSkiller.exe file to run it ( if using Vista or Windows 7 do not double click on it but rather, right click and select Run As Administrartor. )
If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123tdk.com).
If you do not see the file extension, please refer to: How to view hidden, system files & folders!

Allow the application to run if prompted by Windows or any security programs you have installed
It will start the scan and run rather quickly and will notify you of whether anything is found or not.
Follow the instructions to delete/quarantine if asks you what to do when if finds something.
Whether an infection is found or not, a log file should be created on your C: drive ( or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run. Please attach this log to your next reply. (See: HOW TO: Attach Items To Your Post )

 

28 more replies
Relevance 40.18%

Hi there,

I have read and run your "read me and run me first" page and now I'm asking for support.

I have run all the programs you suggested and will attach the log files.

I can't seem to get rid of Trojan.Downloader.Swizzor. The programs say it's been deleted, quarantined and disinfected, but it keeps popping up.

I'm also having some trouble with having my browser time out. I happens constantly and I have to reboot to get it to behave. Everything esle is also super super slow.

I really appreciate any and all help that you can provide.

Thanks so much.

It looks like I'll have to post the log files in stages.
 

Answer:Help with Malware Removal

Log files part 2.
 

8 more replies