Computer Support Forum

Infected With Virus/spyware - Keeps Coming Back

Question: Infected With Virus/spyware - Keeps Coming Back

I ended up with some spyware and virus of some sort and got this SafetyBar program and a few others. I've managed to clean up that aspect of it but i get pop-up ads and spyware and viruses continue to show up when i do scans from time to time. Also when I use my IE7 now, if i open up a new tab, it closes itself.PS:I had the virusbusters thing (I believe that is what it was called). I followed the tutorial and still have leftovers.Logfile of HijackThis v1.99.1Scan saved at 11:10:50 AM, on 12/2/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0011)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exeC:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYSC:\WINDOWS\system32\svchost.exeC:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exeC:\WINDOWS\system32\LVCOMSX.EXEC:\Program Files\Logitech\Video\LogiTray.exeC:\Program Files\Java\jre1.5.0_08\bin\jusched.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\ATI Multimedia\main\ATIDtct.EXEC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\MSN Messenger\MsnMsgr.ExeC:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exeC:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\BigFix\BigFix.exeC:\Program Files\Logitech\Video\FxSvr2.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeF:\Program Files\BitComet\BitComet.exeC:\Program Files\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ig?hl=enO4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXEO4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exeO4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXEO4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exeO4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeO4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXEO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUPO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startupO4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hideO4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exeO4 - HKCU\..\Run: [1&1 EasyLogin] "C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe" HIDEO4 - HKCU\..\Run: [C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe] "1&1 EasyLogin" HIDEO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXEO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dllO9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO11 - Options group: [INTERNATIONAL] International*O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cabO16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by111fd.bay111.hotmail.msn.com/resources/MsnPUpld.cabO16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cabO16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/chnz/default/mjolauncher.cabO16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab50727.cabO16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (ZPA_HRTZ Object) - http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab40641.cabO16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cabO16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cabO16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cabO18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dllO23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exeO23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYSO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

Relevance 100%
Preferred Solution: Infected With Virus/spyware - Keeps Coming Back

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Infected With Virus/spyware - Keeps Coming Back

Hello there and welcome to Bleeping Computer's security forum.My name is David, I will be helping you with your log today.It is a good idea to print off these instructions:This will be useful as there is a possibility some of the instructions will need to be carried out where internet access is not available. You may also like to save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above. A print out of the instructions would be a good reference to make sure you don't yet lost.Also, it is important that you complete the instructions in the right order, and also that you don't miss any steps out!If you have any queries about the process or just general questions, just ask.Step #1I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to create "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause false alarms - When the anti virus software tells you that your PC has a virus when it actually doesn't. Also it can cause system performance problems; your system may lock up due to both software products attempting to access the same file at the same time.Therefore please go to add/remove in the control panel and remove either Symantec or AVG7.Step #2I have noticed from your log that you have various online poker programs installed on your computer. I understand that you may use these games on a regular basis but I think it's important to note that often these kind of programs are installed with other unwanted software, namely spyware or adware. If you did not install these programs yourself, or you do not use them any more, I would definitely recommend that you uninstall them from your computer, even if it is simply a precautionary measure. The amount of different poker software which arises on the internet means it is impossible to keep track of which ones are infected and which ones are not. If you do use the software, and wish to continue doing so, please ignore this. If you do decide to go ahead and remove the poker software, you should be able uninstall them via add/remove which can be found in the control panel.Let me know if you have any problems whilst doing so.Step #3You are using the BitComet p2p file sharing program.This is not technically malware by itself, but it installs malware in order to run properly.It also opens the door for every other nasty program you can think of. I strongly recommend that you remove it from your computer.Read this article for alternatives that will provide some of the same function without the garbage: http://www.spywareinfo.com/articles/p2p/I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present:BitCometThis is another article you can read:http://www.cexx.org/adware.htmThe choice to remove it is entirely up to you, but I would strongly recommend that you get rid of it. If you do not want to, please at least refrain from using any peer-to-peer programs for the remainder of my fix.Step #4Go to the folder where Hijackthis is kept and rename the hijackthis application to "showme".This can be done by right clicking on the program and clicking "rename". Press enter, then open "showme.exe" by double clicking.Post a new Hijackthis log from the newly named application.David

9 more replies
Relevance 81.59%

Somebody please help! I've tried everything I know of...
The other day while my little sister was researching something for a project on our home computer, she clicked on a link and a window popped up saying, "Congratualtions.! Your our winner for today blah blah blah". =( When I saw it, I knew it was a virus attempt because I came across this once before when my brother was caught looking at porn smh
Anyways, I ran three different Virus Scanners, Mcafee, Threatfire and AVG, and all three said there was no infected file on my computer. Yet, every twenty (20) minutes, Threatfire virus alert would pop up with the location and name of the infected file. Each time, I selected 'Kill and Quarentine', and each time, the application disappears only to reappear later in the next twenty (20) minute time frame. Oh, and whenever anyone tries to use a search engine, youtube or any website where you have to enter data into a search field, a separate window pops up like ex: randomtext.jempca.randomtext. And it always redirects to some kind of online 'shop', 'search engine' or another 'Congralations.!' message pops up.
I went online to research what I could about manually removing a virus using the computers CMD. I tried it a few times to get rid of the folder the viruses would constantly pop up in, but the virus would still pop up. The location is always C:/Windows/Temp/ which I found wierd because I thought most viruses would pop up... Read more

Answer:Infected? Virus keeps coming back.!

This time when it Threatfire alerted me, i located the Temp folder and there was five (5) different hki****.exe files!

8 more replies
Relevance 81.59%

Since July 5th, I have been receiving alerts from AVG saying that the Spyware.Passwords.XGen virus has infected my computer. It keeps setting up its files in the C:\Documents and Settings\Owner\Local Settings\Temp folder with a file name of 0.(various assortment of numbers) i.e. "0.2022596356067.exe" as well as the C:\Documents and Settings\Owner\Application Data\Microsoft under the name "conhost.exe". I have removed this virus at least 5 times using AVG to quarantine/delete the files and Hitman Pro to remove the proxy server it installs as 127.0.0.1:56364. I run scans immediately after removal and nothing appears. My computer appears to be clean as a whistle. Yet the virus keeps reappearing when I visit certain sites (i.e. hotnewhiphop.com,gotta have my music!) and when it does reappear, I notice the Java icon appears on my taskbar and a process such as "0.55373964797.exe" will run on my computer. Has the virus exploited my Java somehow? Please help!Attached are screenshots of my AVG Virus Vault and Hitman Pro scan to better illustrate the problems I am having: Hitman Pro scan 7/5/11 (the first time I deleted this virus)and my AVG Virus Vault that shows all the quarantined .exe files from this virus

Answer:Spyware.Passwords.Xgen virus keeps coming back

Hello, and to the Malware Removal forum! My online alias is Blade Zephon, or Blade for short, and I will be assisting you with your malware issues!If you have since resolved the original problem you were having, we would appreciate you letting us know.In the upper right hand corner of the topic you will see a button called Watch Topic. By clicking this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.Before we begin cleaning your machine, I'd like to lay out some guidelines for us to follow while we are working together.I will be assisting you with your malware issues. This may or may not resolve other problems you are having with your computer. If you are still having problems after your machine has been determined clean, I will be glad to direct you to the proper forum for assistance.Even if things appear better, that does not mean we are finished. Please continue to follow my instructions until I give you the all clean. Absence of symptoms does not mean that all the malware has been removed. If a piece of the infection is left, it can regenerate and reinfect your machine. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.I ask that you please refrain fro... Read more

2 more replies
Relevance 81.59%

I read several of the threads concerning re-occuring virus/spyware/worm/malware issues. I downloaded ewido and hijackthis and ran them and the system seemed good until I logged onto the internet. Then it comes back. I am running Windows XP home edition and internet explorer. Here is the hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 9:42:39 PM, on 12/5/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
C:\PROGRA~1\NORTON~1\WinFax\WFXSWTCH.exe
C:\WINDOWS\System32\wfxsnt40.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\abelhadigital.com\HostsMan\hm.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\OPC Foundation\OPCENUM.EXE
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\PROGRA~1\NORTON~1\SPE... Read more

Answer:Solved: Spyware, virus keep coming back - ran hijackthis

14 more replies
Relevance 69.29%

I've had some issues with this computer, ran Malwarebytes and seemed to be ok. Now, every time I run Malwarebytes, it finds multiple trojans and such.
see log:

alwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.13.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Dave :: DAVEANDBETS [administrator]

1/13/2012 9:35:40 AM
mbam-log-2012-01-13 (09-35-40).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 231858
Time elapsed: 24 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 18
C:\WINDOWS\Temp\tue0.025611008347881437.exe (Rogue.Chameleon2012) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tue0.04322310983097066.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tue0.11414868056561533.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tue0.4467379515295722.exe (Trojan.Downloader.CBCGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tue0.45533083493499504.exe (Rogue... Read more

Answer:Spyware keeps coming back

16 more replies
Relevance 69.29%

One of the computers in the school library at work was full of spyware. I was able to remove most of it using Spybot and Adaware but it just keeps coming back. I downloaded HijackThis and removed a number of items but I don't dare remove any more. I'm posting the HijackThis log. There is an R1 item that I keep removing but it keeps returning. After a while some of the other items that I have previously removed come back too.
There is a whole list of junk in Favourites that don't show in Order Favourites and don't respond to right-clicking. I find the whole thing very frustrating and thought I'd turn the problem over to the experts at Tech Support Guy .

Logfile of HijackThis v1.99.1
Scan saved at 13:06:32, on 2005-10-17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Network Associates\Common Framework\FrameworkService.exe
C:\Program\Network Associates\VirusScan\Mcshield.exe
C:\Program\Network Associates\VirusScan\VsTskMgr.exe
C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\Program\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\program\intern~1\iexplore.exe
C:\P... Read more

Answer:Spyware keeps coming back

16 more replies
Relevance 69.29%

I was attacked by spyware a month or so ago, I was able to remove most of it on my own using AVG anti-spyware, killbox, hijack this, and some registry fixes. I am currently using AVG to guard my system, but some of the problems keep coming back again and again. Namely, tiny.id (xoasonqc.exe in the system32 folder) and trojan.agent.aoy (tnypwspg.exe) also, hjy.dll and gebyawv.dll which is particularly irritating, as AVG pops up that it finds it at least twice every boot up. Right now, I have been quarantee-ing the files as it seems when I set to "permanently remove" they came back quicker. In the infections log of AVG, gebyawv is listed at least twenty times. Since the attack I have noticed other quirks such as pages not loading correctly in Netscape 9, seemingly slower operation when launching programs (some perhaps due to system resources taken up by AVG and A squared which now run in background). Please let me know if I can completely elimate this problems and restore my system to it's former operating conditions.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:49:19 PM, on 12/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer... Read more

Answer:Spyware keeps coming back

14 more replies
Relevance 69.29%

Hi, I have (thanks to this forum) downloaded spybot and run a check, which removed unwanted files. however, after visiting the internet I thought I would check again and the following file appears every time I even start up IE. 'DSO Exploit'DSO Exploit: Data source object exploit (Registry change, nothing done) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3DSO Exploit: Data source object exploit (Registry change, nothing done) HKEY_USERS\S-1-5-21-807862539-876780862-1957817608-1012\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3DSO Exploit: Data source object exploit (Registry change, nothing done) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3DSO Exploit: Data source object exploit (Registry change, nothing done) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3DSO Exploit: Data source object exploit (Registry change, nothing done) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3--- Spybot - Search && Destroy version: 1.3 ---2004-07-09 Includes\Cookies.sbi2004-07-28 Includes\Dialer.sbi2004-07-27 Includes\Hijackers.sbi2004-07-27 Includes\Keyloggers.sbi2004-05-12 Includes\LSP.sbi2004-07-27 Includes\Malware.sbi2004-07-09 Includes\Revision.sbi2004-07-02 Includes\Security.sbi2004-07-27 Includes\Spybots.sbi2004-07-28 Includes\Tracks.uti2004-07-27 Includes\... Read more

Answer:spyware keeps coming back

dso exploit is nothing to worry about.Run a check with this click here

10 more replies
Relevance 69.29%

Ok I have ran both Ad-Aware and Spybot on a cutsomer's PC. I got everything off, or so it looked like. I reboot and there is about 40 instances of adware/spyware that come right back. Mostly seems to be CoolWWWsearch. It repopulates the "hosts" file also. Then I rebooted and ran both Ad-Aware and Spybot again in safe mode. Ran CWShredder, Cleaned the "hosts" file, and cleaned out all the TEMP directories. Everything checks out in safe mode but when I boot into regualr mode, open IE, and run the spyware removal tools it is right back. Also the "hosts" file keeps getting junked up with bad addresses. I clear them out, save the file, reopen it and they are right back! Here is my HijackThis log and also the "hosts" file showing what keeps repopulating it. Thanks...

Logfile of HijackThis v1.98.2
Scan saved at 6:13:01 PM, on 12/3/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\... Read more

Answer:Spyware keeps coming back...

16 more replies
Relevance 69.29%

hi, I have win 2000. I have spyware that keeps coming back after booting. It's called IGetNet. Spybot and BPS spyware find it, but after I reboot, it's there again. I've looked in add remove and startup manager, but nothing there. Thankyou for any help you can give me.
 

Answer:spyware keeps coming back

14 more replies
Relevance 69.29%

I always have new spyware everytime I do an adware search through my files.
Anyone know how I can get rid of them for good?
 

Answer:Spyware that keeps coming back..

7 more replies
Relevance 69.29%

Woke up 2 days ago and my comp was infested. Spywares, adwares, trojans, etc. Spent the last 2 days trying to clean it myself so here I am now pleading for help.

So far i've used the online scanners(probably 2-3 of them), lavasoft's adaware, spybot search and destroy, super anti spyware, repeat and rinse.

Its not as bad now. Im still getting pop ups etc. Used SpyHunter to scan and heres whats left supposably...
IE Defender
SmitFraud
Starware
WinActive
SearchExplorerBar
Activity Monitor

Heres my HJT Log. Hopefully this can help those who can help me.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:35:52 AM, on 12/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\McAfee.co... Read more

Answer:Help Please! Spyware etc keeps coming back!

Spent the last 3 days cleaning, scanning and cleaning my comp again. Spywares, Adwares, Malwares, Trojans and even Viruses keeps coming back.

Some of them seems to just come back... I've removed(hopefully) vundo, js/psyne(spellcheck?), random trojans, hacking tools etc.

Right now AdAware is seeing Win32.Spyware.Acoona and Bargain Buddy. I could of swore I've removed everything when I used SD Fix.
-------------------
Heres my HJT Log....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:23:44 PM, on 12/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Creative\... Read more

2 more replies
Relevance 69.29%

Hi there,

Below the line is a log file from "Hijackthis" showing my system processes. I have a spyware problem. I run spyware doctor, and many other spyware programs to help get rid of the spyware. But everytime I do a spyware scan, the spyware shows up on the next scan. I have tried running the scan in safe mode, but no difference. Cheers in advance.

-------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 10:44:41 AM, on 9/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\PRINTV~1\pvmodule.exe
C:\Applications\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Common Files\{1421B616-0BB7-1033-0624-050419050001}\Update.exe
C:\Applications\FreeRAM XP Pro 1.51\FreeRAM XP Pro.exe
C:\Applications\Roboform\RoboTaskBarIcon.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\WINDOWS\syst... Read more

Answer:Spyware keeps coming back!!!

Please rename Hijackthis.exe

It's currently located at C:\Applications\Hijack This\HijackThis.exe

Rename it from Hijackthis.exe to HJT.exe

Then post a fresh Hijackthis log & tell me what type of antivirus program you have installed

19 more replies
Relevance 69.29%

AVG always finds like 200 infected objects and i cant get rid of them, here is my HijackThis Log>Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:11:16 PM, on 10/01/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.20583)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Java\jre1.6.0\bin\jusched.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Windows Media Player\WMPNSCFG.exeC:... Read more

Answer:Spyware Keeps Coming Back

Hello stewy.23,

Welcome to Bleeping Computer

Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea

2 more replies
Relevance 69.29%

I have a spyware problem that I can't fix. Usually, if Spybot S&D doesn't find it, I have been able to track it down in the windows or system folder and delete it in DOS, but I'm stuck this time.

It all started when the IST bar helped itself to my computer along with Gator, Xupiter and some other crap. Spybot S&D did not get rid of the IST bar, but I found the istsrv.dll file and deleted some keys in the registry to lose sight of any IST stuff.

The problem now is, every time I go to a page that has pop-ups, such as Sunspot News and even my own webpage, something is causing the original ads to be replaced with tracking cookies from DoubleClick, MediaPlex, and Avenue A.

AdAware found and deleted 37 different files and reg keys, but the problem still remains. The virus scan came up empty. I don't know if it is a javascript thing or a .dll file or what.

I downloaded Pop Up Killer and it stopped some of the action, but the cookies are still getting through.

Does anyone know what files or registry key might be causing this. I'm running 98SE and IE 5.5. I feel like I'm ready to do an fdisk right now.
 

Answer:Spyware that keeps coming back

12 more replies
Relevance 69.29%

I have deleted about 15 items dozens of times using spybot and adaware but they keep coming back. I dont even mind most of them. However fastclick.net and doubleclick.net are driving me crazy. Can i sue these companies somehow for loading these on my PC?

here is my hijack this and thanks for any help:

Logfile of HijackThis v1.99.1
Scan saved at 9:03:09 PM, on 10/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\IC\Card Reader Driver v1.9e\Disk_Monitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\... Read more

Answer:Please help!!! spyware keeps coming back.

Are you talking about cookies?
 

3 more replies
Relevance 69.29%

I've tried every spyware program already....

Every time I restart my computer, the programs Cashback, Navisearch, and Webupdate come back. How can I trace the file that reinstalls these programs?

TIA for any help
 

Answer:Spyware keeps coming back....

Can you post a hijackthis log?
 

11 more replies
Relevance 69.29%

I'm having a problem with spyware (I think!) on a new laptop. I have several spyware removers such as Spybot Search & Destroy, Spyware Blaster, Spyware Terminator among others. They seem to detect spyware mainly in the system32 folder, namely vtutu.dll and various other .dll files. I think they are attached to explorer.exe and firefox. I find it hard to delete these files as they are running constantly on processes such as explorer.exe and hence windows cannot delete them. I have managed to delete them a few times but they keep reappearing! I am at the end of my tether and cannot figure this one out so any help will be greatly appreciated. this is my hijack this log as of 15/11/07Logfile of Trend Micro HijackThis v2.0.2Scan saved at 21:25:27, on 15/11/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\W... Read more

Answer:Spyware Keeps Coming Back!

Welcome to the BleepingComputer HijackThis Logs and Analysis forum sumblokecalledpuffy My name is Richie and i'll be helping you to fix your problems.Please disable Spybot S&D?s protection,or it will interfere.You can enable it later once you're system is clean.Open Spybot and click on 'Mode' and check 'Advanced Mode'.Click on 'Tools' in bottom left hand corner.Click on the 'System Startup' icon.Uncheck 'Teatimer' box and/or uncheck 'Resident'.Click the 'Allow Change' box.Then, check next to the computer clock to see if the icon for Spybot is still there.If it is, right click it and choose 'exit Spybot-S&D Resident'.Restart the computer.If you find you're experiencing problems disabling Spybot's Tea-Timer,follow the info in the link below:http://www.russelltexas.com/malware/teatimer.htmDownload ResetTeaTimer.bat to your desktop:http://downloads.subratam.org/ResetTeaTimer.batNow run ResetTeaTimer.bat by double clicking on its icon on your desktopYou'll see a black window flash,thats normal.Since it will not be needed again,now delete ResetTeaTimer.bat.Your version of Sun Java is out of date.Older versions have vulnerabilities that malware can use to infect your system.Please follow these steps to remove older versions of Sun Java,and then update.1. Download the latest version of Java Runtime Environment (JRE)2. Scroll down to where it says 'Java Runtime Environment (JRE) 6 update 3'.3. Click the "Download" button to the right.4. Check the box that says: &quo... Read more

11 more replies
Relevance 69.29%

I've already gotten rid of a lot of the spy ware already, but no matter what I do it comes back. I've run Ad-adware SE, removed everything that the program found and rebooted. Next I run Spy-bot S&D remove what it finds and reboot. Finally I run HJT and input the log on the HJT analyze website and removed anything marked "Nasty". I did this process about 5 times now and the pop-ups are still coming back. Below is my latest HJT log after running the 2 programs aforementioned. I know that the BHO file needs to be removed but that is the one that returns every time!! How do I permanently fix this? Please help!

Logfile of HijackThis v1.98.2
Scan saved at 9:54:02 AM, on 9/2/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\WINNT\System32\wuauclt.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\WINNT\System32\otjfkg.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINNT\System32\ctfmon.exe
C:\PROGRA~1\PANICW~1... Read more

Answer:Please Help - Spyware keeps coming back!!!!!

You've got TROJ_AGENT.AE. Go to http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_AGENT.AE for info and the means to get rid of it.
 

2 more replies
Relevance 69.29%

i recently have been getting more popups, and they have been saying "brought to you by 180 search assistant" i have ran numerous different types of spyware scan and they have deleted spyware but it keeps coming back. Also i have been getting trojan horses that keep coming back also.
im on xp home edition
thanx
 

Answer:spyware keeps coming back!! :(

8 more replies
Relevance 69.29%

hi, I have spyware files that come back every time I boot. The name is: IGetNet. Spybot and BPS get rid of them, but after I boot up again, they come back. Is there any other way I can delete them permantly? Thank you for any help.
 

Answer:spyware keeps coming back

look for any thing in your add/remove that says IGN and uninstall it.
 

6 more replies
Relevance 69.29%

Hey guys,I run adaware and spybot search and destroy, it cleans some stuff off but the spyware keeps comeing back. I got hit with this yesterday afternoon. I do believe it was a font site called font mania I was looking at where I got it.Here is my hijack this log---------------------------------------------------------------------------------------Logfile of HijackThis v1.98.2Scan saved at 9:02:53 AM, on 2/17/2005Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exeC:\WINDOWS\System32\inetsrv\inetinfo.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\tcpsvcs.exeC:\WINDOWS\System32\snmp.exeC:\Program Files\Pwrchute\ups.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\dla\tfswctrl.exeC:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exeC:\Program Files\QuickTime\qttask... Read more

Answer:Spyware keeps coming back.

You are using an outdated version of hijackthis. Please download the newer version.Download HijackThis from:HijackThis Download SiteThen post a new log

7 more replies
Relevance 69.29%

I have these same bugs everytime i run spybot, how do i permanently eliminate them, and what is a good firefox extension for cookie control.
 

Answer:Same spyware coming back

 

3 more replies
Relevance 69.29%

Ive always liked cleaning my computer with programs and have never gotten problems removing spyware because I search at google, search at forums and have also have the programs Ewido, SpywareGaurd, CounterSpy, Ad-Aware, SpyBot SD and Spyware Blaster but I dont know why some spyware keep coming back called Trojan.Pakes, Downloader.Small, and a file that adds a BHO called vtsqo.dll which is at the system32 folder. I use Windows XP which is up-to-date and have all my programs updated and I scan at Safe Mode but after a while a popup comes up from Ewido saying im infected with Trojan.Pakes/Downloader.Small and/or Spyware Gaurd comes up saying vtsqo.dll is trying to add a BHO and when I click "Remove the BHO" it just keeps coming back to the same window again so I cant take it off. I even went to Safe Mode, scanned with Ewido and then used a program to remove all my temp files but it keeps coming back. Please Help, I will do anything to take those things off. Here is my HiJackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 10:59:21 AM, on 28/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreat... Read more

More replies
Relevance 68.47%

I have SUPERAntiSpyware and I run full scans; it deletes all my problems.. but then 2 days later everything is back. I get annoying pop-ups even though my blocker is on.. and sometimes explorer will randomly shut down. Then today I went to click on my documents folder and it randomly closes after 3 seconds of being up. help please!

hijackthis log :

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs... Read more

Answer:Spyware keeps coming back? [Log inside]

Hi, Kristine__

Welcome.

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so t... Read more

1 more replies
Relevance 68.47%

i have several spyware trojans and viruses that keep coming back after being removed. one is adware.maxsearch, another is one the causes winantivirus 2006 to pop up in my browser. another is one that is in my registry under hkey_local_machine/software/microsoft/mssmgr i'm sure there are more. if anyone can help me get rid of the spyware and trojans thanks

Answer:Spyware and trojans that keep coming back

i've also used several anti spyware and antivirus to attempt to remove these, i've used ewido, symantec, noadware, and xoftspy.

also, when i start windows in safe mode, explorer.exe doesn't start up and isn't listed under processes in the task manager, even after i start explorer.exe the desktop will appear for a short time then go away.

here is the hijack this log

Logfile of HijackThis v1.99.1
Scan saved at 11:13:38 PM, on 9/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\re... Read more

1 more replies
Relevance 68.47%

Spyware Guard 2008 will not completely go away on my PC. Spybot, Malwarebytes and Lavasoft will not completely delete it as it keeps coming back. Any assistance would be very much appreciated.Here is my HiJack LogLogfile of Trend Micro HijackThis v2.0.2Scan saved at 14:35:04, on 12/9/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exeC:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exeC:\WINDOWS\system32\oodag.exeC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exeC:\WINDOWS&... Read more

Answer:Spyware Guard 98 keeps coming back

It seems that I solved this with a combination of stopping processes, running malwarebytes and running nod32 in safe mode.

Thanks for looking though

2 more replies
Relevance 68.47%

Ive always liked cleaning my computer with programs and have never gotten problems removing spyware because I search at google, search at forums and have also have the programs Ewido, SpywareGaurd, CounterSpy, Ad-Aware, SpyBot SD and Spyware Blaster but I dont know why some spyware keep coming back called Trojan.Pakes, Downloader.Small, and a file that adds a BHO called vtsqo.dll which is at the system32 folder. I use Windows XP which is up-to-date and have all my programs updated and I scan at Safe Mode but after a while a popup comes up from Ewido saying im infected with Trojan.Pakes/Downloader.Small and/or Spyware Gaurd comes up saying vtsqo.dll is trying to add a BHO and when I click "Remove the BHO" it just keeps coming back to the same window again so I cant take it off. I even went to Safe Mode, scanned with Ewido and then used a program to remove all my temp files but it keeps coming back. Please Help, I will do anything to take those things off. Here is my HiJackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 10:59:21 AM, on 28/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreat... Read more

Answer:Annoying Spyware That Keeps Coming Back

12 more replies
Relevance 68.47%

Although the zlob downloader spyware is permanently gone, there's some other spyware that's still lingering in my PC. I did several scans with spybot and avg programs, but the spyware that triggers an IE window (such as "Error Detected", or windows that give me that sequence of relentless popups when I close them) keeps appearing. They either appear without warning, or trigger upon double-clicking something ("Program Files", the temp IE folder in Local Settings, etc.). Sometimes it would occur when double-clicking a folder that hasn't been opened after the spyware came in. Here's the log

Logfile of HijackThis v1.99.1
Scan saved at 6:01:54 PM, on 7/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\syst... Read more

Answer:the remaining spyware keeps coming back

14 more replies
Relevance 68.47%

Ive always liked cleaning my computer with programs and have never gotten problems removing spyware because I search at google, search at forums and have also have the programs Ewido, SpywareGaurd, CounterSpy, Ad-Aware, SpyBot SD and Spyware Blaster but I dont know why some spyware keep coming back called Trojan.Pakes, Downloader.Small, and a file that adds a BHO called vtsqo.dll which is at the system32 folder. I use Windows XP which is up-to-date and have all my programs updated and I scan at Safe Mode but after a while a popup comes up from Ewido saying im infected with Trojan.Pakes/Downloader.Small and/or Spyware Gaurd comes up saying vtsqo.dll is trying to add a BHO and when I click "Remove the BHO" it just keeps coming back to the same window again so I cant take it off. I even went to Safe Mode, scanned with Ewido and then used a program to remove all my temp files but it keeps coming back. Please Help, I will do anything to take those things off. Here is my HiJackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 10:59:21 AM, on 28/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sunbelt Software\CounterSpy\Co... Read more

Answer:Annoying Spyware Keeps Coming Back

Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to Subscribe to this thread (Thread Tools) so that you are notified when you receive a reply.

Please be patient with me during this time.

2 more replies
Relevance 68.47%

Well, when it happens, this Blue Wallpaper like this comes up and it won't let me change it

http://i10.photobucket.com/albums/a1...puterVirus.bmp

I use Spyware Remover, and when it's done, I can change the wallpaper, but it just comes back later and I have to remove it again

And everytime it happens, this SpySheriff get's installed and I uninstall it but ti comes back with the Spyware

Answer:Spyware problem, keeps coming back

Hi Project, I've got 4 things for you to do.
Scan your pc with 2 of these free online scanners:
Panda ActiveScan
RAV AntiVirus
Housecall. Be sure to put a check the box beside AutoClean.

--------------------------------------------------------------------------------
Download / Install / Update / and Run:
Adaware SE check for any updates before running it.
Get the plug-in for fixing VX2 variants. You can download it at this SITE
To run this tool, install to the hard drive, then open Ad-aware->Add-ons and select VX2 Cleaner. Then click Run Tool and OK to start it. If it's clean, it will say Status System Clean. Otherwise, you will have to click on the Clean button to remove the VX2 infection.

--------------------------------------------------------------------------------
Download and install Spybot S&D . Run Spybot and click on the 'Search for Updates' button. Install any updates that are available. Next click on the 'Check for Problems' button. Let it run the scan. If it finds something, check all those in RED and hit the Fix Selected Problems button. Exit Spybot. If you keep getting the DSO Exploit entries, even after you updated Windows and fixed them, then download the Spybot DSO Exploit Fix and install it over the current Spybot installation.

--------------------------------------------------------------------------------
Download and install: HiJackThis.

(Always create a Folder for HiJa... Read more

19 more replies
Relevance 68.47%

I am not getting rid of spyware. I scanned in safe mode with adware, spybor and spyware doctor and mcaffee and they deleted the spyware, but after say 30 mins browsing the spyware comes back.. I am not able to locate any trojans yet..

This is my hijackthis log file.. Can someone explaine to me what is happening??
Thanks in advance
Vince
Malta

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:08:36 PM, on 8/16/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\VDOTool\TBPanel.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\TVR\RecSche.exe
C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\DAEMON Tools Lite\... Read more

More replies
Relevance 68.47%

A friend of mine who I THOUGHT knew about Adware and Spyware sent me a link. I clicked it, and now I'm infected (I have a link in my AIM profile, that's how I know I'm infected).

Here's where it get's to be a pain in the ***. I use Webroots Spysweeper (Adaware will NOT run on my computer for some stupid reason. I've installed and reinstalled it about half a dozen times, and it just will NOT run). When I run spyweeper, it takes care of everything, but when I restart my computer the f'ing link comes back to my AIM profile. Is there ANYTHING that I can do besides formatting? I just got everything on my computer patched and updated from a recent format, and I don't want to format it again. Please help!!

Answer:SpyWare/Adware Keeps coming back!

Have you tried uninstalling AIM (removing all AIM registry settings and AIM folders), getting rid of the worm with spyweeper and then rebooting? After you reboot, run it again and see if it's back. If not, re-install AIM and you should be good to go.

-Mike

9 more replies
Relevance 68.47%

Is it possible to prevent spyware and malware from getting into your computer? It seems that it is always the same stuff that I regularly remove with SpyBot, AdAware, A-squared etc...I use Spywareguard and Spywareblaster and still these nasties appear! Am I going to have do this as long as I use the internet? Thanks.
 

Answer:Spyware and malware keeps coming back...

http://www.mvps.org/winhelp2002/hosts.htm

What kind of things are you finding in Spybot and AdAware? If they're just "Tracking cookies", don't worry about it.
 

3 more replies
Relevance 68.47%

A bit less than a week ago some spyware was detected on my laptop (I think it was called Spyware Protect 2009) which essentially wouldn't let me open anything and kept telling me I had a worm. I managed to get rid of it, but ever since then I've had a number of different things come through. What happens is a box will pop up saying that a program called "update.exe" needs permission to continue, and it messes up the computer no matter what you click. AVG says it catches them and removes them, but they still cause problems for my computer - I can only run programs as an administrator, and if I click on the file without specifying to run as administrator, it asks me what program I want to use to open it, and ultimately won't work. Running a scan with Malwarebytes will detect the problems, but they keep coming back, at least once a day.

Some of the ones that Malwarebytes keeps finding are Broken.OpenCommand, Hijack.ExeFile, Trojan.Dropper and Spyware.Agent, but there are also others.
Thank you so much for taking the time to look at this for me!
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Jill at 0:57:30.16 on Mon 04/25/2011
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_23
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3573.1553 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-9... Read more

Answer:The same trojans/spyware keep coming back

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Please take note:If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available.If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply'... Read more

3 more replies
Relevance 68.47%

Over the past several months when I would run Ad-Aware and ewido every week or every other week I would notice the same results everytime and in ewido they were usually recognised as "Downloaders" with the same kind of .exe names which were usually just random streams of numbers and letters. Every now and then I would have a terrible attack of spyware where, when I would click on certain google links, I would get a page that has nothing at all with what the link address was, just a site full of ads and links with similar keywords to what I was searching for. Now it has happened again, except this time various programs don't work and sites take longer to load. I can't start up AIM, when Ad-Aware, ewido, and the online scanning sites that are on the Before You Post Your HijackThis Log post get 2/4 to 3/4 of the way through they freeze up, as does Disc Cleaner when I right-click on C:\



Logfile of HijackThis v1.99.1
Scan saved at 2:59:30 PM, on 10/24/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System... Read more

Answer:Spyware keeps coming back, getting worse

Hello Vinnie, and welcome to TSF.


I am currently reviewing your log. Please note that this is under the supervision of an expert analyst,
and I will be back with a fix for your problem as soon as possible.

You may wish to Subscribe to this thread (Thread Tools) so that you are notified when you receive a reply.

Please be patient with me during this time.

4 more replies
Relevance 68.47%

Hello,
Thank you in advance for your help. My computer seems to be very sluggish and spyware/malware/adware seems to keep coming back. Have win98 system with Mcafee firewall & aol's spyware protection. Also downloaded adaware se & ran it, but alot of the stuff keeps coming back. Here it goes my HJT Log :
Logfile of HijackThis v1.98.2
Scan saved at 5:01:14 PM, on 12/12/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\SA3DSRV.EXE
C:\WINDOWS\SYSTEM\WINMODEM.101\wmexe.exe
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVSYNMGR.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSSTAT.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSHWIN32.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVCONSOL.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEAUI.EXE
C:\COMPAQ\INTERNET\WATCHDOG.EXE
C:\WINDOWS\STUTFIX.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\ALOGSERV.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EX... Read more

Answer:HJT help please....overloaded with spyware that keeps coming back!

Hi and Welcome to TSF

Before attacking an adware/spyware problem with hijackthis make sure you have already run ad-aware SE with VX2 add-on cleaner, Spybot Search & Destroy (with updated database) and CWShredder as these programs will clean a lot of the crap out first. All links to programs are in my signature. Ok..on to the log?..


Go to My Computer->Tools->Folder Options->View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing/visible also. Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore.

Reboot into Safe Mode (hit F8 key until menu shows up). Make sure to close any open browsers. Open add/remove programs and remove the following if listed.

INCREDAFIND
Viewpoint
SearchUpgrader

Go into HijackThis->Config->Misc. Tools->Open process manager. Select the following and click Kill process for each one if they are still listed (they shouldn't be but make sure)

C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MANAGER\VIEWMGR.EXE

Check and fix the following in HijackThis if they still exist (make sure you do not miss an entry)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/...&s=search&i=enu
R1 - HKLM\... Read more

6 more replies
Relevance 68.47%

Please help I've tried everything to get rid of the spyware....

Logfile of HijackThis v1.99.1
Scan saved at 4:57:14 PM, on 03/13/2005
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\ptsnoop.exe
C:\WINDOWS\SYSTEM\WSXSVC\WSXSVC.EXE
C:\WINDOWS\SYSTEM\VMSS\VMSS.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\HIJACK\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lookfor.cc?pin=10001
R1 - HKLM\Sof... Read more

Answer:spyware keeps coming back, se.dll, aboutblank and others

iam not a pro but i don't see ad aware and spybot listed. you should install, update and run both.

http://www.download.com/Ad-Aware-SE-Personal-Edition/3000-8022_4-10319876.html?tag=pop
http://www.download.com/Spybot-Search-Destroy/3000-8022_4-10289035.html?tag=pop
 

2 more replies
Relevance 67.65%

Hi.
I have read and done the suggestions in the Readme sticky, and while it removes the Spyware, each time I restart my pc and connect to the internet it reappears again.

Ad-aware detects two types. 'DyFuCA' and 'istbar'

When it removes them a message saying
'CrogramFiles\istsvc\istsvc.exe is in use and cannot be removed' and to run ad-aware on start up to remove it.

Microsoft AntiSpyware detects two types called 'IST.ISTbar (browserModifier),
and 'Trojan.Downloader.TargetSavers'

Can someone please help!
 

Answer:Malware/Spyware keep coming back after restart.

If you are using an OS that has System Restore then turn it off > reboot > then follow removal instructions.

If after reboot you are clear of any spyware then turn back on System Restore.
 

13 more replies
Relevance 67.65%

Since July 5th, I have been receiving alerts from AVG saying that the Spyware.Passwords.XGen virus has infected my computer. It keeps setting up its files in the C:\Documents and Settings\Owner\Local Settings\Temp folder with a file name of 0.(various assortment of numbers) i.e. "0.2022596356067.exe" as well as the C:\Documents and Settings\Owner\Application Data\Microsoft under the name "conhost.exe". I have removed this virus at least 5 times using AVG to quarantine/delete the files and Hitman Pro to remove the proxy server it installs as 127.0.0.1:56364. I run scans immediately after removal and nothing appears. My computer appears to be clean as a whistle. Yet the virus keeps reappearing when I visit certain sites (i.e. hotnewhiphop.com,gotta have my music!) and when it does reappear, I notice the Java icon appears on my taskbar and a process such as "0.55373964797.exe" will run on my computer. Has the virus exploited my Java somehow? Please help!Attached are screenshots of my AVG Virus Vault and Hitman Pro scan to better illustrate the problems I am having: Hitman Pro scan 7/5/11 (the first time I deleted this virus)and my AVG Virus Vault that shows all the quarantined .exe files from this virus

Answer:Spyware.Passwords.XGen keeps coming back

Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsList content of HostsList IP configurationList last 10 Event Viewer logList Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform quick scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here.Be sure to restart the computer.The log can also be found here:C:\Documents and Settings\User... Read more

7 more replies
Relevance 67.65%

So i get this virus that throws a bunch of pop ups ads for anti spyware software in my face and makes me unable to open task manager, after running program i found online to fix this and running avg anti spyware i still getting those pop up here and there, though i'm now able to use task manager.
anyway heres the log

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 3:56:17 PM, on 4/6/2008
Platform: Windows Vista (WinNT 6.00.1904)
Boot mode: Safe mode

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\cr\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO:... Read more

Answer:at my wits end, though i removed spyware keeps coming back.

the program i used to regain control of my taskbar was SmitfraudFix.exe

2 more replies
Relevance 67.65%

I have the little shield emblem in the toolbar that tries to direct me to pcspyremover.com

Ad-Aware SE finds lots of nasties that keep coming back...

CWShredder diesn't find anything

CCleaner removes Uninstall keys (HSA, SE, SW)

Spybot S&D finds stuff like Hotsearchbar, CoolWWWSearch.aff.Winshow, Startpage-EH, and URLSearchHook.Altpz...

Norton Antivirus doesn't find anything...

BHODemon 2.0 is running...

AboutBuster removed several things but they keep coming back...

Here's a HijackThis log from this morning"

Logfile of HijackThis v1.99.1
Scan saved at 10:07:11 AM, on 5/20/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\Ati2evxx.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\d3lu.exe
C:\WINNT\system32\pctspk.exe
C:\WINNT\system32\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\WINNT\system32\PRPCUI.exe
C:\WINNT\system32\netfq32.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Progr... Read more

Answer:Solved: Spyware, etc. keeps coming back... rogue dll?

8 more replies
Relevance 67.65%

Hi - my daughter handed over her 'blue-screen-of-death' computer to me and I got it back to the present state. She has some spyware/malware that keeps re-appearing after I run McAfee virus scans and Adaware. Can you help?

Tks a bunch!

Here's my HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:03:06 PM, on 8/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\bdaecsc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\QuickTime\qttask.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\explore.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctf... Read more

Answer:Solved: Spyware, Malware keeps coming back

16 more replies
Relevance 67.65%

I had this fake Antivirus Scan telling me that my computer was full of virus's. I ran Avast Antivirus and got rid of some stuff and ran Malwarebytes and got rid of alot more.

Problem came back within a few days. Did the same thing this week and the computer seems to be running ok for awhile and then more attacks.

Now I am even getting a "Generic Host Process for Win32 Services has encountered a problem error" every time I start up the computer and the error pops up throughout the session.

Below are the log files that were requested. I had to do the log programs in Safe Mode as the computer is much more stable in Safe Mode and my Firewall will not turn on in regular mode.

DDS (Ver_10-12-12.02) - NTFSx86 NETWORK
Run by Administrator at 14:57:31.00 on Sun 01/30/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.478.84 [GMT -6:00]

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: McAfee VirusScan *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *Disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.ex... Read more

Answer:Seem to be infected with something that keeps coming back

Hello jeffw11, Welcome to Bleeping Computer.
My name is fireman4it and I will be helping you with your Malware problem.

Please take note of some guidelines for this fix:
Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
Finally, please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.1.Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the... Read more

12 more replies
Relevance 66.83%

I keep running adware and spyware doctor over and over, each time removing infections with the infections coming back even after removal.......also my zone alarm is alerting me to intrusion attempts over and over (i have had zone alarm installed for about 3 months and this is the first time this has begun to happen). I just need someone to look over my hijack this log and see if something is amiss (because it sure does feel like it). Any help would be greatly appreciated.....

Logfile of HijackThis v1.99.1
Scan saved at 10:12:44 AM, on 8/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program File... Read more

Answer:spyware coming back after deletion and intrusions detected by ZA

8 more replies
Relevance 66.83%

Hi,

My laptop is attacked with Spyware Guard 2008.
I tried the following in Windows safe mode.

1. Full scan and cleaned with Windows malicious software removal tool.
2. Full scan and cleaned with McAffe
3. Cleaned the registry with EUsing free registry cleaner.

But, it keeps coming back. Please help me.

Thanks in advance,
jvin
 

More replies
Relevance 66.83%

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 23:00:24, on 21/09/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exeC:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exeC:\PROGRA~1\YAHOO!\browser\ybrwicon.exeC:\Program Files\Windows Defender\MSASCui.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Analog Devices\Core\sma... Read more

Answer:Infected With Virtumonde Which Keeps Coming Back

Welcome to the BleepingComputer HijackThis Logs and Analysis forum maxinekent My name is Richie and i'll be helping you to fix your problems.*NOTE*If you have previously downloaded ComboFix,please delete that version and download it again from below. Download Combofix and save to your desktop:Note: It is important that it is saved directly to your desktop Close any open browsers. Double click on Combofix.exe and follow the prompts. When it's finished it will produce a log. Post the entire contents of C:\ComboFix.txt into your next reply. Note: Do not mouseclick combofix's window while it's running. That may cause the program to freeze/hang. Do NOT post the ComboFix-quarantined-files.txt unless I ask.Also post a new Hijackthis log please.

7 more replies
Relevance 66.83%

HiHere's my HiJackThis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:01:14 PM, on 11/16/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\ProcessGuard\dcsuserprot.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Symantec AntiVirus\Rtvscan.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\igfxtray.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\ProcessGuard\pgaccount.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\ProcessGuard\procguard.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC... Read more

Answer:Infected with KoolyNoody: It keeps coming back

Hello and welcome to BC

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.

If you are still having a problem, and want us to analyze your information, please reply to this topic stating that you still need help and I will work with you on resolving your computer problems. If your problem has been resolved, please post a reply letting us know so we can close your topic.

Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, feel free to create a new one.

Once again, I apologize for the delay in responding to this topic.

Regards

2 more replies
Relevance 66.83%

Hi,

I followed the instructions on bleeping computer, used rkill scanned with Malwarebytes and it looked like everything was OK.
The computer was slow and I scanned again and it found viruses again about a week later.
I have scanned with Malwarebytes, Superspyware, and spyware terminator, I can't seem to get whatever it is off.
I followed the instructions on "Preparation guide for use before Using malware removal tools and requesting help"
The wallpaper changed by themselves and icons have white boxes around them.
I have attached the information that the guide requested.
Any help will be greatly appreciated.

Answer:Infected with Scareware that keeps coming back

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

8 more replies
Relevance 66.83%

I have tried everything including Spyware doctor, mwam, spybot, sas ...

But there are 4 entries in mwam keep coming back
3 of Trojan.Vundo.H
1 of Disabled.securityCenter

Really appreciate your help... ...

DDS (Ver_09-03-16.01) - NTFSx86
Run by projectx at 15:03:44.95 on Wed 04/01/2009
Internet Explorer: 8.0.6001.18372 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3070.2470 [GMT -4:00]
============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\Cobian Backup 7\cbs.exe
C:\Program Files\Cisco systems\VPN Client\cvpnd.exe
C:\Java\jre1.6.0_11\bin\jqs.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\OpenSSH\bin\cygrunsrv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\OpenSSH\usr\sbin\sshd.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Visu... Read more

Answer:Infected with Vundo, tried everything, kept coming back

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructio... Read more

3 more replies
Relevance 66.42%

I keep running adware and spyware doctor over and over, each time removing infections with the infections coming back even after removal.......also my zone alarm is alerting me to intrusion attempts over and over (i have had zone alarm installed for about 3 months and this is the first time this has begun to happen). I just need someone to look over my hijack this log and see if something is amiss (because it sure does feel like it). Any help would be greatly appreciated.....

Logfile of HijackThis v1.99.1
Scan saved at 10:12:44 AM, on 8/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program File... Read more

Answer:Computer sluggish and repeated spyware removal coming back

im an idiot....sorry for posting in wrong forum......will repost...
 

2 more replies
Relevance 66.42%

There is this spyware named ISPY that keeps on coming back I used Spyware terminator but it deletes it but when I reboot it comes back Omg I hate it. Also my Shutdown/restart and run doesn't display on my Startmenu because of the viruses/spyware. Man everything was working fine till these viruses/spyware came nooooo!!!!! Dang and also my task manager doesn't work it says, "Task Manager has been disabled by the adminstrator." *** Well if you can help me Thank you Also My programs that I'm using are spyware terminator, AVG antivirus free, and spywareblaster. Well I followed the 5 steps stickies and it says to post some stuff here. Well here it is

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 5:08:32 PM, on 12/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\Progra... Read more

Answer:Spyware keeps on coming back also can't shutdown from the start menu it's not showing

Hi -

If you followed the 5 steps completely, you'd have seen we want a set of logs from Deckard's System Scanner.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

I need more information before continuing, please.

For now, I'd like a more comprehensive set of logs from Deckard's System Scanner.

---------------------------------------------------------------------------------------------

You are using an outdated version of HijackThis. Please uninstall from Add/Remove programs, and delete your current version.

Next, download HijackThis to your desktop

Alternate link

Double-click on the file you just downloaded.
Click on the "Unzip" button to install. It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis

Upon install, HijackThis should open for you.

When it does, ju... Read more

16 more replies
Relevance 66.42%

Hello All

I have really tried to find an answer looking at others posts but it seems like each persons problem is unique to their computer.

I never had any spyware problems before so I'm unfamiliar with a lot of programs. I have installed, adaware, spybot, avg antispyware, cleanup, win patrol, AntiVir Guard, and windows defender all because I have read other peoples posts. I know I probably don't need all of this but I didn't know what else to do. Also I am not too familiar with registry edits so I know I need to be careful if I have to change anything.

These are my computer's symptoms:

AntiVirGuard pops up 3 to 13 times saying trojan horses are detected what do I want to do? I usually select delete or block.

Then everything is usually ok until I get on the internet after which my computer redirects the sites I type in to a site called Jack9.com this happens every few minutes. Sometimes I get a bunch of popups in rapid succession and it freezes my computer. I have to restart windows explorer or restart the computer when this happens.

I have run every single previously mentioned program several times during startup and safe mode if possible and while they find things....they must be missing something because the problems continue.

I came across HiJack this and I have the log from the program. I am not completely sure what to do with it or if it can help but any assistance anyone can offer would be greatly appriciated. The log is below:
Logfile of ... Read more

Answer:Solved: Spyware, popups and keeps coming back HiJack this log included Please help

16 more replies
Relevance 66.42%

Hi, everytime I start my computer I have to constantly run Ad-aware to get rid of stuff that somehow keeps reinstalling itself. Can someone please help me. Here's the Hijack this log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:09:20 PM, on 10/15/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\E_S00RP1.EXEC:\Program Files\iPod Access for Windows\iPAHelper.exeC:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\WINDOWS\system32\s... Read more

Answer:Spyware/malware Keeps Coming Back Everytime I Reconnect To The Internet

What keeps coming back? I do not see anything wrong here.

3 more replies
Relevance 66.01%

A few days ago, I have opened up my browser and entered a site, clicked randomly on the page, it redirects me to some adds, "register to some game online", "you are a winner of 1 milion$", stuff like that. I tried removing with a bunch of antimalware software and it keeps coming up, I've run ADW Cleaner and it finds "HKCU/Software/Conduit" as a tracing key, I've deleted it, rescan the system after restart, it says it's not there anymore but after I enter on a random site it appears again.
Please help.
 
Here's the Farbar Recovery Scan Tool logs:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-12-2015
Ran by Sergiu (administrator) on SERGIU-PC (28-12-2015 13:10:25)
Running from C:\Users\Sergiu\Desktop
Loaded Profiles: Sergiu (Available Profiles: Sergiu)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidMonitorSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(ESET) C:\Program Files... Read more

Answer:Infected with adware, tracing key keeps coming back

Can't anyone help? Maybe point me in the right direction. I've runned Hitman Pro and it founded this:
HitmanPro 3.7.12.253
www.hitmanpro.com
 
   Computer name . . . . : SERGIU-PC
   Windows . . . . . . . : 10.0.0.10586.X64/2
   User name . . . . . . : SERGIU-PC\Sergiu
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (26 days left)
 
   Scan date . . . . . . : 2015-12-29 14:12:17
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 12m 32s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
 
   Threats . . . . . . . : 0
   Traces  . . . . . . . : 82
 
   Objects scanned . . . : 2.782.958
   Files scanned . . . . : 185.558
   Remnants scanned  . . : 1.037.389 files / 1.560.011 keys
 
Suspicious files ____________________________________________________________
 
   C:\Users\Sergiu\Desktop\FRST64.exe
      Size . . . . . . . : 2.370.560 bytes
      Age  . . . . . . . : 1.0 days (2015-12-28 13:09:47)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 302FE238A077E891B39A3DA34C25E74AA2716B5272CDA2955386041D0A540132
      N... Read more

8 more replies
Relevance 66.01%

Hey

I have been infected with something, these are the files in task manager that i have narrowed it down to-

_ex-08.exe
42423015.exe (security tool)
restorer64_a.exe
wpv331255703227.exe

I have used process explorer and malwarebytes, they find everything but after restart everything comes back, i just have a black screen and i have to start explorer.exe manually just to get the desktop working.

I also tried superantispyware - same thing, finds everything but on restart comes back.

What else can i try?

thanks for any help

More replies
Relevance 66.01%

I am running Windows XP SP2, AMD Dual Core 4200+, 2g RAM

I had various malware/spyware supposedly removed by support techs from our ISP who offers desktop support, but it is obvious they didn't remove everything and don't know how to do so.
I ran MS Security Essentials last night (which I'm required to scan with regularly because I telecommute).
It found Win 32/Alureon.H. It says that is "disinfected" the virus, but doesn't tell me what that means. BUT it also says it found that same virus on 06/26/10 and disinfected it then, so I'm wondering if this is a recurring problem.
MS also found other viruses. If you want me to list them I will.
I would like to know what viruses and spyware are still on my system (if any) and how to remove them.

Thank you very much in advance for your help.

More replies
Relevance 66.01%

I've been getting IE popups (i don't even use IE) for some fake security software, taskbar popups. The popups open www.livesecuritycenter.com which advertises SpyMaxx. I can't access the task manager at all (by control+shift+escape, control+alt+delete or right clicking on the taskbar. It also seems to be stopping Ad-Aware from updating but im not sure.

It keeps trying to change these 2 registry entries:

Some more pics:

Fake anti-virus notice
Taskbar popup
I have scanned using Spybot S&D, Ad-Aware, Avast, and i also did a boot-time scan with Avast. But when i reboot everything goes back.
Any help would be appreciated.

HijackThis log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 9:29:00 PM, on 3/28/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
Boot mode: Normal

Running processes:
C:\Windows\system32\sbwltbxa.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Notebook Hardware Control\nhc.exe
C:\Program Files\Zone Labs\ZoneAla... Read more

More replies
Relevance 66.01%

Hello, im having a problem removing BitMiner. kwrd.dll keeps reappearing in MBAM over and over in c:\windows\assembly\temp, and I cant even find the file there. I am using Windows 7 64-bit. Here is my DDS log, as well as the attach.txt file (attached, of course) (EDIT: I know the directions say not to post a ComboFix log unless requested to do so, but I've looked at other threads with the same issue and they were told to run it, so I attached the ComboFix log file as well, hoping it will make the process quicker...sorry if you would have preferred me not to do so. Also, ComboFix insisted that Ad-Aware Ad Watch was active, but I assure you it was not...I even completely uninstalled Ad-Aware to make sure...):

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 MINIMAL
Internet Explorer: 9.0.8112.16421
Run by SarahJames at 21:06:46 on 2011-12-17
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4093.2460 [GMT -5:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32&... Read more

Answer:Infected with BitMiner - kwrd.dll keeps coming back

Hello and Welcome to the forums!My name is Gringo and I'll be glad to help you with your computer problems.Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 31. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the runn... Read more

16 more replies
Relevance 66.01%

Hi,

Sorry to post again, but this time with my scan results. I also posted here a month ago, but had to be closed due to pirated software. I've deleted them all since (I hope, at least all that I know of.)

Right now "Ads Alert" seems to be affecting my computer and I can't seem to get rid of it.

My scan results are as attached.
 

More replies
Relevance 65.19%

I posted on another section of this forum of the problem I am having but I have more details now so I'd like to post my logs.Basically I got the Trojan.Agirvab.B also known as Trojan.Bankpatch.E (edited to change the name, I thought it was Trojan.Bankpatch.D but it wasn't) on my system. I followed the directions to remove it from Symantec with the exception of reloading XP files because I didn't know what files to upload. Since then my computer has been infected with Trojan.Dropper, Worm.KoobFace and Stolen.Data among other things. I posted some of the scan results in the thread I listed above.Today I noticed that I am still having problems with hte Trojan because it keeps putting things in my registry. I delete them and restart but they keep coming back. I have system restore turned off so I don't know where it is storing it.The entries in Internet Settingsnet REG_SZ fbjination.comprd REG_SZ fbjination.comw8 REG_SZ (then it's a long string of numbers and letters starting with USA_)prh REG_SZ fbjination.comtst REG_SZ fbjination.comI delete these entries but they keep coming back. Additionally I have something that keeps putting Firefox to go through a proxy server. I deleted those registry entries as well. HKLM/Software/Microsoft/Windows/Current Version/Run/sysldtray infected with ld08.exe keeps giving me problems as well. It is in C:/Windows/ld08.exeIt's just a mess. I have Malwarebytes, Trojan Remover, SuperAntiSpyware, Spybot Search and Destroy, CC Cleaner, Advanced Window... Read more

Answer:Trojan.Bankpatch.D Infected System Keeps Coming Back

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_Sca... Read more

31 more replies
Relevance 65.19%

To whom It May Concern:

Just have this extension gosave that keeps coming back and it just makes chrome annoying.

Appreciate any help I can get.

Thanks!
 

Answer:gosave extension keeps coming back. computer is infected

Chrome installation is altered by malware. Reinstall is needed.
Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable. ​Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
Right-click on icon and select Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.
 

5 more replies
Relevance 65.19%

i got a new pc with windows 7 , after i restore most of my apps/files , i downloaded malwarebyte . and it detected few items , but they keep on cominging back .
i tried to turn windows firewall on ,, but for some reason it wont let me open that option .(nothing happen when you click at "windows firewall"
thank you for trying to help
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385
Run by petro at 20:18:43 on 2011-09-09
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3313.2135 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1... Read more

Answer:infected ,malware bite cant stop it from coming back

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

20 more replies
Relevance 65.19%

I have followed many steps on other peoples post, and searching the internet. I have removed a TON of unwanted crap from my pc, but it just seems to keep coming. I no longeer have it connected to the internet, and am using a different pc right next to it. this is my current High Jack This report. The programs that have been removed are, SurfSideKick 3, Qoologic, and several other less well known, much easier to remove malware. I use eWido, spybot, adaware, stinger, ccleaner. Now they are coming up clean or with "PurityScan.downloader."

Symptons:
Cannot activate firewall: "due to an unknown error"
DLL missing errors at startup (2)
GCK25 error

Please help! I don't want to wipe after hours of hard work.


Edit by chaslang: Inline HJT log removed. READ & RUN ME sticky not followed.
 

Answer:Infected for weeks, removed alot, but just keeps coming back.

Welcome to Majorgeeks!

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.
Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
Make sure you check version numbers and get all updates.
Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
Downloading, Installing, and Running HijackThis

Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.

When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:
CounterSpy - ONLY IF you were not able to run Windows Defender
Bitdefender - from step 6
Panda Scan - from step 6
runkeys.txt - the log from GetRunKey.bat
newfiles.txt - the log from ShowNew.bat
HijackThis

NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!
... Read more

1 more replies
Relevance 64.78%

I hope that this is in the right section but I am having a problem with my computer. I can constantly hear programs running in the background. I currently have two anti spyware/malware installed on my computer. One is SpyHunter and the other is CyberDefender. They both are picking up on some virus called Vundo and everytime I delete it, it just comes right back. It is so frustrating surfing the internet because it freezes or moves extra slowly. Figured I'd ask you guys before I take a hammer to it lol.

Thanks

Answer:Windows XP SP2 running slow, virus protection catches it but the virus keeps coming back

Hello,i am moving yjis to the Am I Infected forum from XP.Please disable those apps while we do this.Next run MBAM (MalwareBytes):NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the St... Read more

9 more replies
Relevance 64.78%

Hi!
So, last Friday my OfficeScan software found a couple infected files that it couldn't clean off. So I ran Ad-Aware and Spy-Bot and RegistryCC and cleaned things up as best I could. But the pop-ups didn't stop. In fact it got worse. I turned the TeaTimer off on Spybot because it kept popping up telling me about registry changes and the virus started looping and creating new files when I denied the changes.

I've been reading replies to other people's messages that have similiar problems and tried to do what I could. I updated all my anti-virus software, I updated my Java (which was probably the weakness that let it in in the first place). I've been running Malwarebytes frequently. Sometimes it finds something, sometimes it doesn't. I've run VundoFix and it cleared a couple files off too. One I wrote down because it took a couple tries to get rid of : system32/uljeuf.dll Malware identified a few files as TrojanVundo.

It keeps coming back and I'm not sure what to do next. I used the add/remove to get rid of IE because I never use it anyway and I naively thought that might stop the pop-ups. But now they just come in streams of empty IE pages and system errors that say "An attempt was made to reference a token that does not exist."

Also there's a program in my add/remove called Mirar. I googled it and it doesn't sound good. I can't get that off either.

I don't have the knowledge to go deeper into my sys... Read more

More replies
Relevance 64.78%

Hi,

I?m going to have to give fair bit of info so that you can get as clearer picture as possible, so please bear with me.

I?ve got Windows XP with Kaspersky Internet Security Suite 2010.

I was on a couple of Football streaming sites yesterday and soon after my PC and Kaspersky was all over the place.

I get a couple of Kaspersky Alarm messages that say:

1)

Object:
C:\WINDOWS\system32\msbyylfy.dll

Trojan program:

Trojan-GameThief.Win32.OnLineGames.wjk

& 2)

Object:
C:Windows\system\User.dll

Trojan Program:

Trojan.Win32.patched.gq

I keep on getting prompts from Kaspersky about Trojans in the system, the PC has really slowed down, Internet browsing (which may not be recommended) is very slow, programs like Microsoft Word freeze.

Kaspersky isn?t scanning properly either, when I try to it just stops. Its automatic Threat Detection feauture that
is suppose to Delete & Disinfect Viruses and Threats isn't working, and whatever it does do,
the Trojans keep on coming back even though Kaspersky says that after Restarting PC Threats
will be Removed!

Here is Kaspersky's Threat Detection Log:


Status: Detected (events: 1)
31/03/2010 01:15:59 Detected Trojan program Trojan-Downloader.Win32.Delf.zyx http://download.xwche.com/setup.exe?t=0.470785//2//ASPack
Status: Detected (events: 2)
31/03/2010 00:15:02 Detected malicious URL http://... Read more

Answer:PC Infected Full of TROJANS......Can’t Delete & Keep Coming Back!!

you need to go ...

http://www.bleepingcomputer.com/



 

3 more replies
Relevance 64.78%

Hello I've been battling with this fake AV for a while now and I just discovered that Windows Firewall is putting out this error code when I try to restore it, 0x80070424. I am using AVG 2012 as a anti-virus program and running Windows 7 Home Premium SP1 64-bit. If anyone can help me with this I would be forever grateful.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Cole at 12:53:54 on 2011-12-26
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6062.2980 [GMT -5:00]
.
AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k Loc... Read more

Answer:Windows Firewall fails to start and this fake anti-virus virus keeps coming back!

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/434544 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

9 more replies
Relevance 63.96%

Hello,
I have a problem ,which ive tried to fix serveral times but it keeps coming back.
This virus is located in Systems 32 folder, Pc Cilling 2005 identified it as TROJ_ROOTKIN.N . Ive gone
to safe mode, deleted it, returned to windows and the virus reapeared, wats more it clogs up Pc Cillin, so now under quarantine i have 100+ instances of this virus, and its increasing.
The virus is labelled hpr34k8

Im sure my Hijack Log is fairly clean... -------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 5:27:53 PM, on 14/08/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\Telstra\Cable Login\bpcable.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Telstra\Toolbar\bpumTray.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin... Read more

Answer:Virus that keeps coming back and back and back, so on

bump, hopefully someone takes notice

19 more replies
Relevance 63.96%

Hi,
I have some kind of infection on my computer. I have a windows XP home edition. and I only use firefox. i have a wireless connection and two other laptops in my computer that i constantly use (all windows XP also).
The signs that I see of it are:
1- many times when I click on links the website tries redirecting to somewhere else. firefox however stops it from doing that (i get a little toolbar on the top that says website tried to redirect, and it asks me if i want to redirect it)
2- i have a little magnifying glass that shows up in the lower right hand tool bar- date/time area. when i left click on it it and a box shows up. the title is 'search settings' and then it says 'prevent unknown programs from changing your default search settings without your knowledge' and then it has possibilites for IE and Firefox, with two options. the first option 'notify me first before allowing changes to my settings' and the second option is 'allow programs to change my settings'. the second option is the one that is checked off, and the settings cant be changed at all, i can only see it but i cant change it. sometimes one anti virus or another will be able to remove this magnifying glass (which i pretty much use as an indicator if my pc is clean or not) but the next time i restart my computer it will be back.

what have i done:
1- i used to run lavasoft adaware, symantecs and avast. they would be able to remove the 'magnifying glass', and each... Read more

Answer:infected i think with some kind of worm, keeps coming back, antiviruses cant detect it anymore

Hello. How many active antirus programs are running? Now let's see what we can find. Please for this scan disable all AV's after download,Next run MBAM:Please download Malwarebytes Anti-Malware (v1.32) and save it to your desktop.alternate download link 1alternate download link 2If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from
here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer,
copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD
and then copy it to the infected machine.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button... Read more

13 more replies
Relevance 63.96%

Hiwould like some help please, avg removes virus, but next day it is backRegardsDerekLogfile of Trend Micro HijackThis v2.0.2Scan saved at 18:24:19, on 02/11/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\sttray.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Canon\MyPrinter\BJMyPrt.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\Program Files\Microsoft IntelliPoint\ipoint.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\Program Files\iTunes\iTunesHelper.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files&#... Read more

Answer:virus keeps on coming back

Hello ziggyzig Welcome to the BC HijackThis Log and Analysis forum. I apologize for the delay however we are all volunteers and it gets very busy around here. I will be assisting you from here on out.I ask that you refrain from running tools other than those we suggest to you while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond the your topic and facilitate the cleaning of your machine.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.Please perform the following:Please do an online scan with Kaspersky WebScannerClick on Kaspersky Online ScannerYou will be prompted to install an ActiveX component from Kaspersky, Click Yes.The program will launch and then begin downloading the latest definition files:Once the files have been downloaded click on NEXT
Now click on Scan SettingsIn the scan settings make that the following are selected:Scan using the following Anti-Virus database:Extended (if available otherwise Standard)
Scan Options:Scan Archives
Scan Mail BasesClick OKNow under select a target to scan:Select My Com... Read more

9 more replies
Relevance 63.96%

I really need help. Whenever I scan with avast, it tells me there's a virus. I can't delete because it's being used by another program. So I got into safe mode and try to remove it. A while later after I deleted it and back into Windows, I scan again and it's back. It's always in the same place too:

C:\.....\Temporary Internet Files\Content.IE5\ZTNTM02A\movie[1]
HijackThis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:50:08 PM, on 10/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Internet ... Read more

Answer:Virus keeps coming back

Anyone?
 

1 more replies
Relevance 63.96%

My computer has been acting up and now a virus keeps appearing even though my virus scan deletes it when it appears. Now my desktop icons are changing and folders are missing. Please help. Thanks in advance to all who reply! Logfile of HijackThis v1.99.1Scan saved at 4:39:20 AM, on 8/31/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exeC:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exeC:\Program Files\QuickTime\qttask.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Messenger\msmsgs.exeC:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetMsg.exeC: ... Read more

Answer:Virus keeps coming back

Hi noobie_comp_geek,

Sorry for keeping you waiting.

If you still need help, please answer these questions:

- What's the name of the virus?
- Where (in wich file and/or folder) is the virus found?
Jan

1 more replies
Relevance 63.96%

i just wanted to noe if i was clean or not..
 

Answer:virus kept coming back

No you are not clean yet. I need the C:\MGLogs.zip --> from running the C:\MGTools.exe.
 

11 more replies
Relevance 63.96%

There's a virus named wlzxha.exe in C:\WINDOWS\system32\ that keeps coming back after I delete it. The virus is "Downloader" according to Norton. It deletes fine (I've done it in safe mode) but it seems to come back after each restart.

I have already run a virus scan and spyware scan multiple times.
 

Answer:Virus keeps coming back

13 more replies
Relevance 63.96%

It all started last week when my computer contracted Trojan.Nebuler. My copy of Norton could'nt get rid of it so I downloaded various so called fixes. In the end I had to manually delete the trojan following the instructions on symantics web site - but that was when the fun really began. All sorts of pop up software has been appearing e.g. SysProtect, Drivecleaner and adult sites. Plus the computer has slowed down to a crawl. I have scanned my machine using Norton and AVG and Trend Housecall. And although they find new viruses, and remove them, they keep on coming back. I also downloaded and installed a Registry cleaner - to see if this would speed the thing up a bit, hope i havent deleted anything important (although it says I can recover the lines I have deleted). Can anyone help - here is the hjt log.


Logfile of HijackThis v1.99.1
Scan saved at 10:05:18, on 19/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program F... Read more

Answer:Virus keeps coming back!

16 more replies
Relevance 63.96%

Hello,

I have been using Kaspersky and it has been finding this. Even after deleting it, it still seems to come back. Below are pictures which may help.






I didn't download AVG since I had those pics posted above. Hopefully this is okay. I appreciate very much in advance any help that may be given.

I am interested in knowing what in the world this thing is!

-MDB
 

Answer:Possible virus...keeps coming back!

Welcome to MG's!

Something didn't go right, let's run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this.

Before running the above, you MUST shut down ALL antivirus and antispy programs you have running.
 

1 more replies
Relevance 63.96%

Hello, ago 2-3 weeks I got some viruses, i tried to delete them but they come back everytime..
The viruses are in 3 drivers (D,E,C) and also i got another virus named Backdoor.Agent
By the way I use Windows XP
Can somebody help me?

Answer:ms-dos virus keeps coming back

Hey?

7 more replies
Relevance 63.96%

Hi - I recently got infected with a virus that added options to my toolbar (Fresh Search) which I managed to fix thanks to the help I saw posted here, but I still keep getting pop-ups and infections - SearchToolbar, Spyware.Msnagent and DownLoader.Trojan being the most recent. None of the anti-spyware, pop-up blockers or anti virus programs I have can stop the reinfections.

I have gone into safe made, used CWShredder, CClean, Kill2Me, HSRemove and Stinger. Also RAVAntivirus online scan, Bitdefender online scan, AdAware SEplus and Norton Antivrus. I used Silent Runners and found some suspect entries, which I edited out of the registry using Registrar Lite, and I used Hijack This to find and fix some other suspicious entries.

But they all keep coming back, in one form or another. Not crippling like before, but really annoying!

Below is a recent Silent Runners report, followed by a HiJack This report:


"Silent Runners.vbs", revision 40.1, http://www.silentrunners.org/
Operating System: Windows 2000
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"internat.exe" = "internat.exe" [MS]
"NvMediaCenter" = "RUNDLL32.EXE D:\WINNT\System32\NVMCTRAY.DLL,NvTaskbarInit" [MS]
"NBJ" = ""D:\Program Files\Ahead\Nero BackItUp\NBJ.exe"" ["Ahead So... Read more

Answer:Virus Keeps Coming Back

16 more replies
Relevance 63.96%

Running Malwarebyte's Anti-Malware and i get the same results everyday. I also get redirected when using google. My Malwarebytes results are:

Malwarebytes' Anti-Malware 1.36
Database version: 2060
Windows 5.1.2600 Service Pack 3

5/11/2009 6:25:05 PM
mbam-log-2009-05-11 (18-25-05).txt

Scan type: Quick Scan
Objects scanned: 134478
Time elapsed: 4 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\autochk.dll (Worm.Autorun) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Worm.Autorun) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Worm.Autorun) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Worm.Autorun) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\autochk.dll (Worm.Autorun) -> Delete on reboot.
C:\Documents and Settings\roger.spiller\protect.dll (Worm.Autorun) ->... Read more

Answer:Virus Keeps coming back

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

1 more replies
Relevance 63.96%

So my computer got a virus from a game that I tried downloading. Avast! did a boot scan and got rid of it, but a day or two later, I got messages from Chrome that said I had a virus again, but of course those are usually scams. I did another scan, just to be safe, and Avast! found two items, got rid of them, and ran another boot scan, just to be safe.

Next day, I figured it had to be from Chrome because of the fact that I attempted to download the game from Chrome and was getting odd popups and such but IE wasn't doing that. So I deleted it. My friend suggested downloading Malwarebytes so I did that as well. It found two more Trojans and so did Avast! after a full system scan. Got rid of those as well and found they were gone afterwards.

I can't tell if my computer is infected again but earlier Malwarebytes apparently blocked a couple malicious websites, and since Avast! usually did that when the virus would come back, I ran another scan and found one thing, a YouTubeAdBlocker, I don't know if I wanted to get rid of that because an AdBlocker sounds like something I would want to keep and I heard that sometimes, Malwarebytes finds things that aren't really dangerous, but idk I am not an expert. I tried not to worry about it after that but I just want to be safe.

I am running two full system scans as we speak with Malwarebytes and Avast! to see if they will find anything that way since quick scans didn't find anything (except the AdBlocker again) and... Read more

Answer:Virus that keeps coming back?

Hi,
In order to help you, we need reports generated on your system. Please follow this topic and attach requested reports: http://malwaretips.com/threads/malware-removal-assistance-how-to-get-help.20334/
 

1 more replies
Relevance 63.96%

Combofix just restarts my computer and won't run and nothing can find the virus but it's there. It started as a fake antivirus, then when I deleted it it created win 7 antivirus 2011. I think I got rid of that one too, but now everytime I click any link it takes me to some random add page instead. I've already did a system restore from days ago and even that didn't work, but it stopped my problem with running .exe's from the win antivirus.

Answer:Virus just keeps coming back!

Hello having run ComboFix we need to see that and a DDS log.As you now see Combofix is not to be run like a commmon tool. It's why we post this above the malware forums.ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Please go here....Preparation Guide ,do steps 6 - 9.Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.Skip the GMER step and instead post the ComboFix log you posted earlier.Let me know if that went well.

3 more replies
Relevance 63.96%

Hi all,

Looking for a little help here. I have removed a virus now with ESET and malwarebytes and it keeps coming back. See the log below.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Carrie Ann at 19:38:56 on 2012-04-03
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3963.1965 [GMT -4:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
SP: AVG Anti-Virus Free *Enabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\agr64svc.exe ... Read more

Answer:Virus Keeps coming Back

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please download aswMBR.exe to your desktop. Double-click aswMBR.exe to run it.
Click the Scan button to start scan.
Wait until it says, 'Scan finished successfully'. ( Note - do not select any Fix at this time)
Click Save log, and save it to your desktop.
Click Exit.
Please post the contents of that log, aswMBR.txt, in your next reply.
There shall also be a file on your desktop named MBR.dat. Right-click that file and select Send To > Compressed (zipped) folder. Please attach that zipped file in your next reply.

------------------------------------------------------

When you run this tool, remember to choose 'Skip' not 'Cure' if it finds something. We just want a scan, not a fix.

Download tdsskiller.exe and Save it to your Desktop.

Double-click tdsskiller.exe and click 'Run'

Click 'Change parameters' then under 'Additional options' tick both boxes > OK.

Click 'Start scan'.

If no infection is found, click 'Close' and let me know.

If an infection is found, select 'Skip' from the dropdown menu under 'Cure' then ... Read more

10 more replies
Relevance 63.96%

hello

I have a virus Worm_RBOT.BCQ found on file C:\windows\system32\micront.exe

I have followed to the letter the removal instruction by Trend

I have deleted the file, deleted all Registry reference to this file, deleted all temp files and Bin , all in safe mode..

The virus seems to have been deleted. but when I connect to the net, after a while , virus is detected and all is back to square one..

Please Help!! how can I get rid of this Virus forever....

Thanx
Jadan
 

Answer:virus keeps coming back

10 more replies
Relevance 63.96%

For the fourth time in the past few months, I have been experiencing strange pop-ups blocking my use of various programs. Twice, my IT dept. attempted removal of the virus, which looks like a virus warning from McAfee but will not allow removal or the use of the programs it is blocking. This time around it was blocking my use of Internet Explorer and Outlook.

A screen popped up and each time I tried to open the programs it would log a warning in the screen. The screen showed options for removing the items logged, however it would not respond to clicking any of the options and would only go away if I closed it out completely. If I did close it, as soon as I attempted to open those programs again, the warning would reappear. This is nearly identical to the last two or three times I have experienced this, with a couple weeks in between occurences.

I rebooted several times and recieved a pop-up message from Windows saying "Windows has recovered from a serious error." The third time I rebooted, it actually allowed me to open these programs without the warning. The first two times it would not go away. This has happened a couple of times prior, where that message seemed to temporarily fix my issue.

Is this a real virus that is hidden in my computer? What can I do to remove it completely?

Answer:Virus that keeps coming back

Hello can you run an MBAm scan and post a log back .. Let's see what it may show.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top... Read more

7 more replies
Relevance 63.96%

Hello,

I am using a 64 bit version of windows vista. I have a virus on my computer that keeps coming back. Usually I am able to remove viruses on my computer using a combination or rkill, malwarebytes, and super anti spyware, but this specific virus keeps coming back, even after I clear it with malwarebytes. Also the virus wont let me update my malwarebytes software. I have tried to do a sytem restore, but everytime I click on the icon, i am asked to select a program to open system restore with, and I am not sure which program to pick. On my desktop there is a suspicious icon named system restore. Any help would be greatly appreciated.
Thanks

Answer:Virus keeps coming back

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

1 more replies
Relevance 63.96%

Logfile of HijackThis v1.99.1Scan saved at 9:56:14 PM, on 3/4/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton AntiVirus\SAVScan.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exeC:\WINDOWS\System32\wsys.exeC:\WINDOWS\System32\hkcmd.exeC:\Program Files\Java\j2re1.4.2_06\bin\jusched.exeC:\Program Files\ScanSoft\PaperPort\pptd40nt.exeC:\WINDOWS\system32\wsxsvc\wsxsvc.exeC:\WINDOWS\system32\vmss\vmss.exeC:\WINDOWS\system32\ykyogu.exeC:\WINDOWS\system32\lodbksuj.exeC:\WINDOWS\system32\xmsiaybg.exeC:\WINDOWS\system32&#... Read more

Answer:How do I get rid of my virus, cause it keeps coming back....

Now please Download LSPFix from:LSP-FixDisconnect from the Internet and close all Internet Explorer Windows. Run the program and check the "I know what I'm doing" Button and place all listings of c:\windows\system32\aklsp.dll and c:\windows\system32\dolsp.dll into the remove section by clicking on the button that points to the right. When all instances of this dll are in the Remove section. Press the finish button.Then Reboot.To see a tutorial on how to use this program click the link below:Using LSP-Fix to remove LSP Spyware & HijackersPrint out these instructions and then close all windows including Internet Explorer.Then I want you to fix some of those entries. Please do the following:Please make sure that you can view all hidden files. Instructions on how to do this can be found here:How to see hidden files in WindowsRun Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button:R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blankR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tagteamgirls.comR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blankR0 - HKCU\Software\Microsoft\Internet Explo... Read more

1 more replies
Relevance 63.96%

DDS (Ver_09-07-30.01) - NTFSx86 NETWORK
Run by Michael at 19:00:59.98 on Sun 09/06/2009
Internet Explorer: 8.0.6001.18813
Microsoft? Windows Vista? Home Basic 6.0.6002.2.1252.1.1033.18.765.240 [GMT -7:00]

AV: Protection System *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\System32\vds.exe
C:\Windows\Explorer.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\mcafee.com\ag... Read more

Answer:virus keeps coming back help!

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 63.96%

http://www.bleepingcomputer.com/forums/topic433509.html/page__p__2516707__fromsearch__1#entry2516707

Answer:Virus keeps coming back

Please follow the guidance in post number 2 in that topic.

1 more replies
Relevance 63.96%

I have a Toshiba laptop that back in March I had a virus and went to to a local PC store and had the virus removed.  A few months later the virus came back and I had a friend remove that virus and all was well for about a week when the virus came back once again and was removed and seems to be removed right now.  I am afraid this is going to happen again and want to know if you can check the HiJack This log here to tell me if there is something seen that I am not able to identify as a virus.  I did use the self help scan tool but I dont really know what I am looking at.  The scan is here http://www.computerhope.com/cgi-bin/process.pl?o=20192628.I run McAffee AV on this laptop along with MalWareBytes and MS Windows Defender.  I did updates and scans to each one of them 2 nights ago both in normal mode and in safe mode and none of them are returning any bad files, however, I am reluctant as this has happened three times now.  I am wondering if there is a hidden rootkit file that the softwares are not picking.I run the following system:OS Name   Microsoft? Windows Vista? Home PremiumVersion   6.0.6002 Service Pack 2 Build 6002Other OS Description    Not AvailableOS Manufacturer   Microsoft CorporationSystem Name   CHARLENE-PCSystem Manufacturer   TOSHIBASystem Model   Satellite A305System Type   X86-based PCProcessor  &nb... Read more

Answer:Virus Keeps Coming Back

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. 1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.2. The fixes are specific to your problem and should only be used for this issue on this machine.3. If you don't know or understand something, please don't hesitate to ask.4. Please DO NOT run any other tools or scans while I am helping you.5. It is important that you reply to this thread. Do not start a new topic.6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.7. Absence of symptoms does not mean that everything is clear.If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line. *************************************************************************SUPERAntiSpywareIf you already have SUPERAntiSpyware be sure to check for updates before scanning!Download SuperAntispywa... Read more

12 more replies
Relevance 63.96%

Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WinFast\W\WFTVFM\WFWIZ.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program File... Read more

Answer:Virus keeps on coming back

Anyone?

4 more replies