Computer Support Forum

Spy/adware keeps coming back.

Question: Spy/adware keeps coming back.

I've been getting nonstop ads/pop-ups for almost a month now, I ran spybot and it picked up things like Advertising.com Avenue A, Inc. and some others, It fixed the problem temporarily but everytime I start my computer and run spybot the problems come right back up again.Here's my HJT log:Logfile of HijackThis v1.99.1Scan saved at 2:56:02 PM, on 6/3/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Norton Internet Security\ISSVC.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Java\j2re1.4.2_03\bin\jusched.exeC:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exeC:\Program Files\CyberLink\PowerDVD\DVDLauncher.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Dell Support\DSAgnt.exeC:\Program Files\MSN Messenger\msnmsgr.exeC:\Program Files\AIM\aim.exeC:\Documents and Settings\HUMAN CRACK\My Documents\FreeRAM XP Pro 1.40.exeC:\Program Files\LimeWire\LimeWire.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\Program Files\ewido\security suite\ewidoctrl.exeC:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\system32\wdfmgr.exeC:\Program Files\Yahoo!\Messenger\ymsgr_tray.exeC:\WINDOWS\System32\alg.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Spybot - Search & Destroy\SpybotSD.exeC:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exeC:\Program Files\Messenger\msmsgs.exeC:\HJT\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywayR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywayR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywayR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.htmlR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywayR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimtoday.com/search/aimtoolbar.jspR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://loginnet.passport.com/ppsecure/md5auth.srf?lc=1033R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dllO2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dllO3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dllO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dllO3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dllO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exeO4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUPO4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startupO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /backgroundO4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odlO4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quietO4 - HKCU\..\Run: [FreeRAM XP] "C:\Documents and Settings\HUMAN CRACK\My Documents\FreeRAM XP Pro 1.40.exe" -winO4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exeO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dllO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exeO9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exeO9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cabO16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cabO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dllO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exeO23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exeO23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exeO23 - Service: Intel NCS NetService (NetSvc) - Intel? Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exeO23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exeO23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Relevance 100%
Preferred Solution: Spy/adware keeps coming back.

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Spy/adware keeps coming back.

Hello Travis_C and welcome to the BC forums. After reviewing your log I see no signs of viruses or malware at this time. The log is clean.

I do see that you have Limewire installed. This applicaiton is known to have malicious programs included in its installation. I would recommend removing the program and deleting the folder. That should take care of any trojan issues you are having.

Cheers.

OT

3 more replies
Relevance 73.8%

I can't seem to get this adware to go away! Can you help?

Logfile of HijackThis v1.97.7
Scan saved at 3:22:23 PM, on 6/24/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
C:\Program Files\Panasonic\Panasonic-DMS\MFP Utilities\MfpDtMng.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\msdtc.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Netropa\OSD.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\NORTON~1\NORTON~3\QDCSFS.EXE
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Microsoft Office\Office\EXCEL.EXE
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://allaboutsea... Read more

More replies
Relevance 73.8%

I have tried spybot, Ad-aware, even the purchased version of pest patrol corporate edition. This computer of one of my employees at work continues to have some spyware on it I simply cannot remove
11 Each program finds things, but I keep getting zestysearch, and popups. I tried doing them in safe mode with Sys res off. I manually deleted a directory called 64 32 Joy, after I killed a process that had something like love dumb..... now It says there are 2 dlls I need to remove, but I can't delete them. Here is a Hijack this log. Thanks to anyone that can help!!

Logfile of HijackThis v1.97.7
Scan saved at 7:10:48 PM, on 6/23/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\nancy.CCRS.000\Local Settings\Temp\Temporary Directory 2 for... Read more

Answer:Adware keeps coming back!

13 more replies
Relevance 73.8%

Hi...
 
Hope someone can help.  I have a Inspirion 910 mini that is super slow loading web pages in all browsers.  I usually use chrome and have seen things that it is waiting for on the lower left corner.  I googled some of them and found out they are adware tracking cookies.  One common one that shows up is g.doubleclick.net.
 
I ran several removers "super antimalware" "malwarebytes" ect. and they find them and remove them.  When I rescan after booting they are still gone.  However...as soon as I open a browser and start surfing they come back.  I can then rescan and find 30 to 115 at one point.
 
How do I get these to go away for good? 
 
Thanks..
 
Hartwa

Answer:Adware Keeps Coming Back

Hello hartwa

In Chrome check for and disable or remove any unwanted add-ons.
How to Disable Extensions in Google Chrome - How to Uninstall Extensions in Google Chrome

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
[list]Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
.
ADW Cleaner

Please download AdwCleaner by Xplode and save to your Desktop.Double-click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator.Click on the Scan button.AdwCleaner will begin...be patient as the scan may take some time to complete.After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.After reviewing the log, click on the Clean button.Press OK when asked to close all programs and follow the onscreen prompts.Press OK again to allow AdwCleaner to restart the computer and complete the removal process.After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.Copy and paste the contents of that logfile in your next r... Read more

8 more replies
Relevance 73.8%

So I've been having this Adware for 2 weeks or so. I used every kind of program people recommended and yet it still comes back after a time. Creating shortcuts of Google Chrome and Mozilla Firefox on my computer. When I scanned with malwarebytes last night (And it was a whole pc scan even searched for rootkits took 2 hours to finish.) It showed 0 threats but when I woke up today there were 162 threats detected by Malware Bytes. I don't know I'm so frustrated about this but I don't want to reset my computer and lose all of my files and downloadings (since in my country I have a limited amount of data I can download and it would take me months to download them back.)
 

More replies
Relevance 73.8%

It's not just Browsers now, Steam as well, it shows up the adware and every time i click something i opens a new tab with more adware.
 

More replies
Relevance 72.98%

Dear forum,
 
I don't know how this started, but I've tried so many things to just get rid of these adware showing up in these scans but they just keep coming back. They all appear to be SQLITE. I have no idea what SQLITE is and a lot of the times web searches say these are harmless. I could just switch off the computer cleaning off 64 of them on one day, and switch them off and have 100 in a scan on another day.
 
What started it? I think it was that last time I was trying to stream a movie and clicked on some faux link instead. I think that's what started it. I think.
 
I tried blocking it on Blocksite, and AdBlock. So far AdBlock detects these better, and I've actually been looking at the scan logs and finding the website names in the Adblock "Open blockable items" feature and blocking them. But I only frequent some sites, and I can't find them other SQLITEs anywhere. So far I only have histats.com blocked on Adblock. ||s4.histats.com/stats/* <--- They kinda look like this in the Custom Filter tab.
 
So far, I noticed that it opens "disappearing pop-ups" where you just click on something or just somewhere on a browser page and a pop-up seems to come up for 0.5 seconds and disappear into the moonlight, but I know that was a pop-up and disappearing pop-ups are a thing.
 
I've attached FRST, Addition, and the SuperAntiSpyware logs here so you can see what's going on.
 
If you can help me in a way that in the future I can also help myself if si... Read more

Answer:Many adware (SQLITE) keeps coming back

The adwares keep increasing with every scan. Should I be worried or delete them first?

11 more replies
Relevance 72.98%

I run Spysweeper at least 2-3 times per day. Right after running it, my computer does seem to get a little faster but within no time at all - it is back to being slow. Spysweeper continually finds things such as WebRebates, TwainTech, Winad, Vesbiz Downloader, BargainBuddy, etc., but most often it comes back showing WildMedia. Below is a copy of my hijack this log. Any help you could give me would be greatly appreciated.
Kelly
Logfile of HijackThis v1.98.2
Scan saved at 8:24:50 AM, on 10/7/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\lxamsp32.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\documents and settings\owner\local settings\temp\n1tKgyikn.exe
C:\WINDOWS\System32\uydtpjx.exe
C:\documents and settings\owner\local settings\temp\mS.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton AntiVirus\navapsvc.e... Read more

Answer:adware keeps coming back - log attached

Download and save these freeware/donationware programs to a permanent folder. Remember to check for updates and run them weekly.
***NOTE***A new version of Ad-aware has been released.
***ALSO***A new version of SpyBot's been released (v1.3...it's no longer in beta). If you have been using 1.2 you can install right over it. If you downloaded and used 1.3 beta it is suggested you remove it and reboot prior to installing.
Ad-aware SE download

Configure Ad-aware
First in the main window look in the bottom right corner and click on "Check for updates now." then click Connect and download the latest reference files.

From the main window, click Start then under "Select a scan Mode " select "Perform full system scan.

Next deselect "Search for negligible risk entries.

Click the "Next" button.

When the scan is finished mark everything for removal and get delete the selections. (Right-click within the window and choose "Select All" from the drop down menu and click Next)

Restart your computer.
SpyBot Search and Destroy download

Open SpyBot.

Click the button to "Search for Updates" Download and install the Updates.

Next click "Check for Problems".

Put a check mark beside the red entries.

Choose "Fix Selected Problems" and allow Spybot to fix the red entries.

I also highly recommend you install and update SpywareBlaster Click the link below, in my signature, to read a tu... Read more

1 more replies
Relevance 72.98%

Trojan.winfixer AND adware.vundo keeps coming back on my computer. I've deleted so many files its not even funny. I ran safe mode, put all hidden folders to "unhidden" and ran SUPERAntiSpyware Professional, I deleted the vundo files and restarted my computer normally. BUT...SUPERAntiSpyware detected it AGAIN for some reason. I've also tried VundoFix, Symantec FixVundo, Ad-Aware 2007, The new Spybot Search and Destroy...
Everything is up-to-date...
I've been up since 4 am trying to fix this problem and I am really frustrated. Please Help!!!
I posted my HiJackThis Log below

Logfile of HijackThis v1.99.1
Scan saved at 5:35:27 PM, on 3/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\lxcycoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.e... Read more

More replies
Relevance 72.98%

The adware wants to redirect to ourluckysites.com. It keeps creating files in windows 86 folder. Something to do with snarer.dll or kitty, whatever it is.
 

More replies
Relevance 72.98%

EDIT again: Added superantispyware log. EDIT: Added two of the malwarebyte logs. One being the orginal scan with a bunch of crap and the other being the most recent having only 2 items infected.I keep getting rid of it with Malwarebyte and Super Anti Spyware but it almost immediately comes back every time. Here's a hijackthis log. Also, most of the ads want me to download some sort of BS antivirus and stuff like that. edit: BTW I use windows XP service pack 2 and I use IE and FF interchangeably, and I seem to be getting more of the popups with IE.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:20:36 PM, on 12/22/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.17184)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Intel\Modem Event Monitor\IntelMEM.exeC:\Program Files\Dell\Media Experience\PCMService.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\Program Files\Common Files\Sonic\Update Manager\sgtray.exeC:\PROGRA~1\mcafee.com\agent\mcagent.exeC:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exeC:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exeC:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exeC:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exec:\progra~1\mcafee.com\vso\mcvsescn.exeC:\WINDOWS\system32... Read more

Answer:adware/trojans. Keeps coming back.

Sorry for the long wait.  We are VERY backed-up right now!  If you still require assistance, please post new logs and we'll see what we can do.

7 more replies
Relevance 72.98%

Hi,
Recently I've found this virus Purityscan popping up ads through IE. Symantec has detected and fixed it, but after a reboot, the virus just comes back and gets detected again. Also, the process msdtc.exe keeps taking 90%+ of CPU; I'm wondering if this process has anything to do with the Purityscan or not and how to fix this. Please help, Thanks in advance.
Following is my HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:35:44 PM, on 6/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\COMMON~1\TSKS~1\regedit.exe
C:\Program Files... Read more

Answer:Adware.Purityscan keeps coming back

Hi and welcome to TSF.

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

We'll begin with ComboFix. Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/comb...o-use-combofix

**Note: It is important that ComboFix is saved directly to your desktop**

Please ensure you read this guide carefully and install the Recovery Console. This will help us restore your system in the event of a serious crash. It's very simple to complete and will only take a few moments. A quick guide is detailed below.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
See here for a guide to... Read more

6 more replies
Relevance 72.98%

A friend of mine who I THOUGHT knew about Adware and Spyware sent me a link. I clicked it, and now I'm infected (I have a link in my AIM profile, that's how I know I'm infected).

Here's where it get's to be a pain in the ***. I use Webroots Spysweeper (Adaware will NOT run on my computer for some stupid reason. I've installed and reinstalled it about half a dozen times, and it just will NOT run). When I run spyweeper, it takes care of everything, but when I restart my computer the f'ing link comes back to my AIM profile. Is there ANYTHING that I can do besides formatting? I just got everything on my computer patched and updated from a recent format, and I don't want to format it again. Please help!!

Answer:SpyWare/Adware Keeps coming back!

Have you tried uninstalling AIM (removing all AIM registry settings and AIM folders), getting rid of the worm with spyweeper and then rebooting? After you reboot, run it again and see if it's back. If not, re-install AIM and you should be good to go.

-Mike

9 more replies
Relevance 72.98%

I am having a major issue here. For some odd reason, I keep getting back the Trojans, Hijackers, and other Malware/Adware.

My computer's speed has been some what affected, especially internet browsing. Which reminds me, my browser redirects me to some random site.

I've tried running so many things, MBAM, SUPERAntiSpyware, but somehow, the things keep coming back after being removed - I even tried doing the removal processes both one after another and simultaneously, as well as with my internet cable unplugged.

Any suggestions?

Here's another thing I found off, thought I'd share it...

These are from my "temp" folder....

-130 (TMP File) - Unknown file type icon
-hxgmeu - Unknown file type icon
-jar_cache8144

None of these files were there before, they just got thrown in there... And ever since the infection, my task manager and "temp" folder both show files with names such as:

-asam.exe
-daltvqntssd.exe

and other randomly generated names such as hxgjjkl92m11.exe or ht9llnm32yckm.exe. the number of characters is always changing - and they keep coming back after every virus scan.

Thanks guys.

More replies
Relevance 72.98%

# AdwCleaner v6.046 - Logfile created 03/05/2017 at 21:16:07
# Updated on 24/04/2017 by Malwarebytes
# Database : 2017-05-03.1 [Local]
# Operating System : Windows 10 Home (X64)
# Username : Vartotojas - ASUS
# Running from : C:\Users\Vartotojas\Downloads\adwcleaner_6.046.exe
# Mode: Scan
# Support : Customer Support & Help Center

***** [ Services ] *****

No malicious services found.
***** [ Folders ] *****

No malicious folders found.
***** [ Files ] *****

No malicious files found.
***** [ DLL ] *****

No malicious DLLs found.
***** [ WMI ] *****

No malicious keys found.
***** [ Shortcuts ] *****

No infected shortcut found.
***** [ Scheduled Tasks ] *****

No malicious task found.
***** [ Registry ] *****

Key Found: HKLM\SOFTWARE\ScreenShot
Key Found: [x64] HKLM\SOFTWARE\InterSect Alliance
Value Found: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc]
***** [ Web browsers ] *****

No malicious Firefox based browser items found.
Chrome pref Found: [C:\Users\Vartotojas\AppData\Local\Google\Chrome\User Data\Default\Web data] - 9initialpage123
Chrome pref Found: [C:\Users\Vartotojas\AppData\Local\Google\Chrome\User Data\Default\Web data] - 36initialpage123
Chrome pref Found: [C:\Users\Vartotojas\AppData\Local\Google\Chrome\User Data\Default\Web data] - 23initialpage123
Chrome pref Found: [C:\Users\Vartotojas\AppData\Local\Google\Chrome\User Data\Default\Web data] - 91initialpage123
Chrome pref Found: [C:\Users\Vartotojas\AppData\Lo... Read more

Answer:I can't delete Adware, it keeps coming back!

Edit: I added FRST and Addition files
 

1 more replies
Relevance 72.98%

hi, i'm new as i'm sure is obvious. i'm using spyware doctor from the google pack and it detects a high risk infection called Agent.Adware.Bn. I'll delete it but then it will come back after a few days. I am completely new to registry editing so here is the hijackthis scan. If there is anything I need to change please reply. Thanks in advance.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:34:54 PM, on 14/10/2007Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16546)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Windows\RtHDVCpl.exeC:\Windows\vVX6000.exeC:\Program Files\Microsoft IntelliType Pro\itype.exeC:\Program Files\Microsoft IntelliPoint\ipoint.exeC:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exeC:\Program Files\Java\jre1.6.0_02\bin\jusched.exeC:\Program Files\Alwil Software\Avast4\ashDisp.exeC:\Program Files\Spyware Doctor\SDTrayApp.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXEC:\Program Files\Windows Sidebar\sidebar.exeC:\Windows\ehome\ehtray.exeC:\Program Files&... Read more

Answer:Agent.adware.bn, Keeps Coming Back Help!

dude empireNot much showing up in your logRun an online virus scan called Kaspersky from HERE.1. Click on "Kaspersky Online Scanner"2. A new smaller window will pop up. Press on "Accept". After reading the contents.3. Now Kaspersky will update the anti-virus database. Let it run.4. Click on "Next"->>"Scan Settings", and make sure the database is set to "extended". And check both the scan options. Then click OK.5. Then click on "My Computer". And the scan will start.6. Once finished, Select Save error report as Then in the file name just type in kasperskyUnder save as type Select text .txt Save it to your DesktopOpen the Kaspersky.txt file Copy and post the results of the Kaspersky Online scan==========Note: The Kaspersky online scanner is not yet fully compatible with IE7. You may get returned to a window without the Accept/Decline buttons after allowing the ActiveX control. The buttons are there - you just can't see them! Click on the zoom button (bottom, right of the window) and change it from 100% to 75%. You should now see the buttons. Reset to 100% once the license has been accepted.

1 more replies
Relevance 72.98%

The adware wants to redirect to ourluckysites.com. After a bunch of effort to purge it, it no longer seems to do changes to my browser, but it still install itself to my laptop everytime i try to remove it. The interval between the adware reinstalling itself seemed random. I usually use roguekiller to remove the adware everytime it comes back. It usually install files named ckafege_ and MIO to program files(x86) and an application named kitty though i'm not sure where it's located. It also used to say something like "snarer.dll cannot be found everytime" it crashes google chrome, though it no longer did that and i don't know why it doesn't show that anymore. Please bare with me here as i'm not an expert on computer and i'm new in this forum. thanks for your help.
 

More replies
Relevance 72.16%

A week or so ago, I got a Chrome Adware extension. This seems to have come from some torrent which my dad accidentally clicked (I am not totally sure). The only signs of the infection is that a Chrome Adware extension keeps coming back and it populates ads over every website I visit.

Currently, if I remove the extension, the ads are temporarily gone. However, if I restart the PC and open up Chrome again, the extension comes back. The extension keeps appearing under different names including "PoriceMenus", "TheAdblock" and "Block the Ads". Here is a screenshot of the extension: http://i.imgur.com/ZbaT4wj.png

Tried scanning with Malwarebytes and Kaspersky. Kaspersky found some adware and removed it. Malwarebytes seemed to find a whole lot of stuff (30 or so threats) and remove it all, but the problem still keeps coming back.

Please help! I was planning to do a whole reinstall of the OS before I found this forum.
 

Answer:Chrome Adware Extension Keeps Coming Back

Helllo,

My name is Argus and and I will be helping you with your computer problems.

Before we begin, please note the following:

I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not be able to help you if you do not follow my instructions.


Rules and policies

We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled befor... Read more

1 more replies
Relevance 72.16%

My Google Chrome has an adware extension that keeps repopulating everytime I close out and open it back up. The extension (called "BeistSaveForYou) makes an ad window pop up everytime i click something on my browser window. Im having to go to my Extensions in google Chrome and "remove" it everytime i open my browser before i do anything else in order to be able to use my browser without ad windows popping up. The extension repopulates everytime i open the Google Chrome browser.
 

Answer:GOOGLE CHROME ADWARE KEEPS COMING BACK

Hello, missing Additional.txt report.
 

8 more replies
Relevance 72.16%

A few days ago, I have opened up my browser and entered a site, clicked randomly on the page, it redirects me to some adds, "register to some game online", "you are a winner of 1 milion$", stuff like that. I tried removing with a bunch of antimalware software and it keeps coming up, I've run ADW Cleaner and it finds "HKCU/Software/Conduit" as a tracing key, I've deleted it, rescan the system after restart, it says it's not there anymore but after I enter on a random site it appears again.
Please help.
 
Here's the Farbar Recovery Scan Tool logs:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-12-2015
Ran by Sergiu (administrator) on SERGIU-PC (28-12-2015 13:10:25)
Running from C:\Users\Sergiu\Desktop
Loaded Profiles: Sergiu (Available Profiles: Sergiu)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidMonitorSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(ESET) C:\Program Files... Read more

Answer:Infected with adware, tracing key keeps coming back

Can't anyone help? Maybe point me in the right direction. I've runned Hitman Pro and it founded this:
HitmanPro 3.7.12.253
www.hitmanpro.com
 
   Computer name . . . . : SERGIU-PC
   Windows . . . . . . . : 10.0.0.10586.X64/2
   User name . . . . . . : SERGIU-PC\Sergiu
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (26 days left)
 
   Scan date . . . . . . : 2015-12-29 14:12:17
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 12m 32s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
 
   Threats . . . . . . . : 0
   Traces  . . . . . . . : 82
 
   Objects scanned . . . : 2.782.958
   Files scanned . . . . : 185.558
   Remnants scanned  . . : 1.037.389 files / 1.560.011 keys
 
Suspicious files ____________________________________________________________
 
   C:\Users\Sergiu\Desktop\FRST64.exe
      Size . . . . . . . : 2.370.560 bytes
      Age  . . . . . . . : 1.0 days (2015-12-28 13:09:47)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 302FE238A077E891B39A3DA34C25E74AA2716B5272CDA2955386041D0A540132
      N... Read more

8 more replies
Relevance 72.16%

Hello,

First my superaitispyware found this (please see the following):
Generated 07/15/2009 at 10:09 PM
Adware.MyWay
HKU\S-1-5-21-2104054462-3242262833-941974269-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC}
HKU\S-1-5-21-2104054462-3242262833-941974269-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}
Then superantispyware found all these one after another, I kept on doing scan and delete, and they just kept on coming back (please see below):
Generated 07/17/2009 at 00:21 AM
Adware.Tracking Cookie
C:\Documents and Settings\Others\Cookies\[email protected][1].txt
Generated 07/18/2009 at 10:09 PM
Adware.Tracking Cookie
C:\Documents and Settings\Others\Cookies\[email protected][2].txt
C:\Documents and Settings\Others\Cookies\[email protected][2].txt
Generated 07/19/2009 at 12:09 PM
Adware.Tracking Cookie
C:\Documents and Settings\Others\Cookies\[email protected][2].txt
C:\Documents and Settings\Others\Cookies\[email protected][2].txt

Please help,
Thanks,
Tom

Answer:Adware.Tracking Cookie, keep on coming back, please help

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:37:26 PM, on 7/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\IcbcDaemon.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\reliz\akeys.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pr... Read more

2 more replies
Relevance 72.16%

Please help!!! I'm at a loss to keep vicious stuff off my computer after deleting it. Norton found W32.allim after my daughter clicked on Hey check this out! in AOL AIM. I think I got if off the computer because Norton doesn't find it anymore. However, I'm getting a dozen other things that I get off only to come back after restart such as Esyndicate, Aproposmedia, the stupid Hunt Bar constantly comes back, and upon restart, I get the message that C:/windows/system332/gmi4i9ir.exe is causing Runtime to terminate in an unusual way. I've run Microsoft Antispyware, Adaware, Xoftspy, Spybot Search & Destroy. It seems to be affecting my web browser--changing the URL home page and pop-ups are occurring. The following is my Hijackthis log file.

Logfile of HijackThis v1.99.1
Scan saved at 2:44:41 AM, on 5/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Network ICE\BlackICE\blackd.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\msaccrt.exe
C:\WINDOWS\Sy... Read more

Answer:HELP!! virus/malware/adware keeps coming back!!

16 more replies
Relevance 72.16%

Hi,
I had my laptop tested by Bleeping Computer a few weeks ago. No threats were found at that time. The laptop still becomes very slow with time. I keep cleaning it using SUPERAntiSpyware every few days and I see a number of adware. After these are removed, the laptop is faster again. I think some hidden adware roots are still in the laptop. I wish you could help me one more time.

Below is the latest scan result:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/26/2012 at 11:49 AM

Application Version : 5.5.1012

Core Rules Database Version : 8912
Trace Rules Database Version: 6724

Scan type : Complete Scan
Total Scan Time : 00:21:44

Operating System Information
Windows 7 Professional 32-bit (Build 6.01.7600)
UAC On - Limited User

Memory items scanned : 785
Memory threats detected : 0
Registry items scanned : 35769
Registry threats detected : 0
File items scanned : 8408
File threats detected : 17

Adware.Tracking Cookie
C:\USERS\MKAKBAR\AppData\Roaming\Microsoft\Windows\Cookies\Low\5ZLHUIPX.txt [ Cookie:[email protected]/ ]
C:\USERS\MKAKBAR\AppData\Roaming\Microsoft\Windows\Cookies\Low\0IUOMUXD.txt [ Cookie:[email protected]/ ]
C:\USERS\MKAKBAR\AppData\Roaming\Microsoft\Windows\Cookies\Low\IOBJ2KD7.txt [ Cookie:[email protected]/ ]
C:\USERS\MKAKBAR\AppData\... Read more

Answer:Adware keeps coming back in laptop despite cleaning

Hello makbarThese are CookiesHere part of our quitman7's post on this.See the rest at post 5 here [email protected]@KCookies are text string messages given to a Web browser by a Web server. Whenever you visit a web page or navigate different pages with your browser, the web site generates a unique ID number which your browser stores in a text (cookie) file that is sent back to the server each time the browser requests a page from that server. Cookies allow third-party providers such as ad serving networks, spyware or adware providers to track personal information. The main purpose of cookies is to identify users and prepare customized Web pages for them.

6 more replies
Relevance 72.16%

Hi, so here is my problem: This virus (I guess its adware? not completely sure) keeps coming back. It hijacks my proxy settings and when I browse the web ads popup in different browsers.
 
I have looked up countless forum posts on here, have followed other directions (run adwcleaner, junkware removal, minitoolbox, malwarebytes, etc, etc).
I run them, they get rid of the virus, and everything goes smoothly from there on out. Heres the thing: 2-5 days later, it comes back out of nowhere! (and its the same virus)
 
From my observations the obvious virus/adware that keeps coming back is:
"Jelbruss secure web"
and "PrivoxyService"
 
I delete them with the antivirus' listed above, and then re-scan and they say everything is great. Then, like I said before, 2-5 days later they come back.
 
Any help would be appreciated, thank you 

Answer:Adware keeps coming back even after complete removal

Hello twiggle and Welcome to the BleepingComputer.
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.
Before we move on, please read the following points carefully.
Please complete all steps in the specified order.
Even if tools don't find malware, I want you to post the logfiles anyway.
Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
Don't install or uninstall software during the cleanup unless you are told to do so.
If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
Please reply to this thread. Do not start a new topic
As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
Please open as administrator  the computer. How is open as administrator  the computer?
Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do ... Read more

5 more replies
Relevance 72.16%

Win 7 Home 64bit
WD primary drive C: D: E: F:
Maxtor second drive G:
WD10EZEX new drive installed, but not formatted, and no drive letter
 
I am installing a new larger hard drive in my desktop to be my primary drive. In order to clone the drive I started to download the free Macrium Reflect, but didn't like all the stuff it wanted to add, and the things it wanted me to agree to, so I did not continue with the process. But, there is a Macrium folder on my C: drive.
 
Next, already having EaseUS on my machine, I decided to download the newer free version of Partition Master and Todo Backup. This I did.
 
Now I have Wander Burst adware on my computer and can't get rid of it. Adwcleaner will find it, and I tell it to delete it, but it comes back when I restart my computer. I disable it in FireFox Extensions, but it is enabled again upon restart. Adwcleaner doesn't find much, but I don't let it delete everything it finds because I'm not sure what some of it is.
 
I've also run Microsoft Malicious Software Tool and scaned with Bitdeferder. Bitdefender has twice found and quarantined Gen:Variant.Adware.Graftor.205480 in what must be a hidden folder ProgramData.
 
I may now have other junk on my computer. I'm not sure.
 
Often, but not every time, when I restart the computer, Bitdefernder says it is disinfecting.
 
Thanks,
Harry
 

 Addition.txt   44.88KB
  6 downloads

 FRST.txt   260.01KB
  6... Read more

Answer:Have Wander Burst adware and it keeps coming back.

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

() C:\Program Files (x86)\Common Files\fccb0821-00ee-466c-acb5-2a5cec258511\updater.exe
() C:\ProgramData\fccb0821-00ee-466c-acb5-2a5cec258511\PluginContainer.exe
URLSearchHook: HKU\S-1-5-21-4197695769-2084072578-523761739-1001 - (No Name) - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - No File
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2013-08-02] (Coupons, Inc.)
FF Extension: Block site - C:\Users\Harry\AppData\Roaming\Mozilla\Firefox\Profiles\2y67u4nl.default\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2015-05-30]
FF Extension: Wander Burst - C:\Users\Harry\AppData\Roaming\Mozilla\Firefox\Profiles\2y67u4nl.default\Extensions\{5eeca95e-41fc-41a2-83b1-b1156bc20be4}.xpi [2015-07-31]
CHR HKLM-x32\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - https://clients2.google.com/service/update2/crx
R2 Service Mgr Wa... Read more

5 more replies
Relevance 71.34%

hey their, im posting from my friends computer, as the log will be of his computer. Adaware always finds problems, so he deletes them, but they keep coming back. could you guys analyse this log? :)

Logfile of HijackThis v1.99.1
Scan saved at 7:50:55 PM, on 8/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Apache Group\Apache\Apache.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Apache Group\Apache\Apache.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\AlienAutopsy\TEKS_Service.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\... Read more

Answer:hijackthis log, adware always finds problems, but they keep coming back

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted.

Before begining the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.
* * * * * *
Then download & Install - http://downloads.subratam.org/Fixwareout.exe

When you reach the final page of the installation process, make sure "Run fixit" is checked.
Follow the on-screen prompts & reboot your computer when instructed to do so.

**Do not be alarmed if your computer takes longer than usual to load.

FixWareOut will produce a logfile, report.txt located within the C:\fixwareout folder
* * * * * *
After running FixwareOut & rebooting ...

Download & install CleanUp.exe (not recommended for WinXP64) http://www.greyknight17.com/spy/CleanUp4.0.exe

Download Ewido Anti-Malware - http://www.ewido.net/en/download/Install Ewido Anti-Malware
Double-click the icon on Desktop to launch Ewido
You will need to update Ewido to the latest definition files.On the top of the main screen click Shield
Click the word active to change it to inactive
On the top of the m... Read more

3 more replies
Relevance 71.34%

For a couple of months now, every time I run Panda Security Scan, I get a message about an infected file in my C: drive (C:/Documents and Settings/USER/Local Settings/temp/blank.gif). I delete it, clear my Recycle Bin, turn off system restore, then turn it back on, but the file keeps on coming back - sometimes within a few minutes, sometimes after a few hours!!!! Malwarebytes doesn't ever detect anything. TrendMicro doesn't either.

Also, when I run the free Panda Security Active Scan 2.0 online, it tells me that the infected file is known as adware/exact.searchbar, so the program then disinfects it. But that keeps on coming back too! I can't find any folder with that name in my hard drive or in the Add/Remove Programs list in my Control Panel. I don't get redirected to different websites because of this malware...although occasionally I experience a slow Internet connection with both IE and Firefox...

I just want to get rid of this thing once and for all! Thank you to whomever can fix this!!!!!!!!!!!!!!

I have Windows XP. Here's my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:58:52 PM, on 3/16/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program File... Read more

More replies
Relevance 71.34%

Hi,

My friend has this computer which was clearly infected with viruses and I know a little about security so I started cleaning it.
Very soon I realized I can't this alone so I asked an IT guy for help. He suggested I run ComboFix which I did.
It cleaned up some things but not everything.
I have tried other tools and it seems like each tools is discovering new things but the root cause still remains. The trojans keep coming

At this point, the machine works fine if it is not connected to internet but starts downloading stuff as soon as I connect it

Also, the following have been run already
ComboFix
MBAM
Microsoft Security Essentials
Norton Scan
Norton Power Eraser
Spybot Search and Destroy

And I am attaching the HiJackThis Log. Any help would be greatly appreciated.
The machine is in a state of Blue Screen right after I did a restart after installing HiJackThis.
And it is not performing a System Restore (which I know will remove the HiJackThis install) but not sure what else will happen.

Answer:Tons of Trojans, Adware, cleaned but keeps coming back

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/459143 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

44 more replies
Relevance 71.34%

Hi there, I have had a problem with my internet connection for as long as i can remember. Basically, whilst using the internet for games and browsing, the little Monitor (bottom right) goes black and the connection is lost or refreshes. The connection takes about 30 seconds to return back to normal. This seems to happen regularly at times and not at all at other times (no loss of connection). it seems to possible happen when more that 2 computers are using the internet and or running azeurus.The adware problem only started recently, i run adaware se and spybot which removes it but it bery quickly comes back. Basically when i click on a link it takes about 7 seconds and gets re-routed to a crappy site, changes every time.I hope that someone can help me out.I have a Bullfrog AirStation WYR-G54 router and virgin media broadband.Many Thanks CorpusluteumLogfile of HijackThis v1.99.1Scan saved at 21:49:40, on 30/08/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16512)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\Program Files\Nero\Nero 7\InCD\InCDsrv.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32�... Read more

Answer:Keep Losing My Internet Connection + Adware Keeps Coming Back

Hello,You're dealing with several different types of malware, so perform next steps in the right order...* Please download FixwareOut from the following site:http://download.bleepingcomputer.com/lonny/Fixwareout.exeSave it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.The fix will begin; follow the prompts. If your firewall gives an alert, (because this tool will download an additional file from the internet), please don't let your firewall block it, but allow it instead.Then you will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.Once the desktop loads please post the text that will open (report.txt) and a new Hijackthis log.Then we'll do the rest...

8 more replies
Relevance 71.34%

adware.vundo keeps coming back + windows keep shuting down
not a clue can someone help please i think removed adware.vundo
but still windows keep shuting down

here is my hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:20:16, on 07/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\X3watch\x3watch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\alg.exe
C:\W... Read more

Answer:adware.vundo keeps coming back + windows keep shuting down

Hi Welcome to TSG!!
Please visit this webpage for instructions for downloading and running ComboFix.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
 

1 more replies
Relevance 70.52%

I accidentally posted this in "am I infected, what do I do".. but am new to this.. so I posted this one here.last night I encountered some popup problems, (I use firefox now) on my xp computer..so I ran both mbam and suprerantispyware.. both coming up with vundo files, and trojans, after deleting and rebooting twice, it seemed like everything was alright. until I opend up the computer this morning... and I did a rescan of everything and it seems like it keeps coming back and returning upon restart.although there are no more popus like their were last night.any help?! please! I hear vundo is hard to delete. I'd appreciate any quick responses on how to remove completely.thanks!!!here is the last mbam full scan from last night:Malwarebytes' Anti-Malware 1.31Database version: 1607Windows 5.1.2600 Service Pack 21/4/2009 1:15:34 AMmbam-log-2009-01-04 (01-15-34).txtScan type: Full Scan (C:\|D:\|)Objects scanned: 196740Time elapsed: 1 hour(s), 0 minute(s), 12 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 3Registry Values Infected: 1Registry Data Items Infected: 0Folders Infected: 0Files Infected: 5Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b4ea9b44-78f3-4bcf-b55d-51cdfc05fed7} (Trojan.Vundo.... Read more

Answer:vundo, trojans, adware, rogue installers. keeps coming back.. please help!

Hello.I have replied to your topic in the Am I Infected Forum here. Please continue the discussions in the topic above. If we are unable to resolve your problem there, you will be asked to post in this forum.This topic is now closed.With Regards,The Panda

1 more replies
Relevance 70.52%

Hi, Iam having lots of trouble. Something is constantly adding BHOs, I disable them with BHODemon but more appear. I was having windows opening trying to get me to download winantivurus pro but this seems to have stopped for the time being. Adaware crashes so does spy sweeper. When I run spy sweeper in safe mode it finds virtumonde, I remove it but it comes back by the next scan.

I've run vundofix, this may have helped but my pc is still slow and AVG still keeps displaying that it is finding trojans such as Downloader.Generic4ZQI.

Panda activescan also found trojan Trj/Downloader.OZB.

Iam having trouble getting dss to work cos my cpu keeps going up to 100% usage and stalling for ages.

Here is my log not sure if I'll be able to get the extra bit from dss. Thanks for help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:16:26, on 05/10/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\MICROS~3\MSSQL\binn\sqlservr.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Webroot\Spy Sweeper\Sp... Read more

Answer:PC slow, BHOs added, trojans and adware keeps coming back

Please disable BHODemon before proceeding with this next step.

Then, download ComboFix
Save it to the Desktop

Double-click combofix.exe to run the program
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to stall.)

When finished, a log, ComboFix.txt, is produced.

~~~~
Run HijackThis once again to obtain a new log.

~~~~
Please post the ComboFix.txt, and a new HijackThis log in your reply.

6 more replies
Relevance 70.52%

last night I encountered some popup problems, (I use firefox now) on my xp computer..so I ran both mbam and suprerantispyware.. both coming up with vundo files, and trojans, after deleting and rebooting twice, it seemed like everything was alright. until I opend up the computer this morning... and I did a rescan of everything and it seems like it keeps coming back and returning upon restart. although there are no more popus like their were last night. any help?! please! I hear vundo is hard to delete. I'd appreciate any quick responses on how to remove completely.thanks!!! here is the last mbam full scan from last night:Malwarebytes' Anti-Malware 1.31Database version: 1607Windows 5.1.2600 Service Pack 21/4/2009 1:15:34 AMmbam-log-2009-01-04 (01-15-34).txtScan type: Full Scan (C:\|D:\|)Objects scanned: 196740Time elapsed: 1 hour(s), 0 minute(s), 12 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 3Registry Values Infected: 1Registry Data Items Infected: 0Folders Infected: 0Files Infected: 5Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b4ea9b44-78f3-4bcf-b55d-51cdfc05fed7} (Trojan.Vundo.H) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{b4ea9b44-78f3-4bcf-b55d-51c... Read more

Answer:vundo, trojans, adware, rogue installers. keeps coming back.. please help!

Hello belezaj16.What antimalware programs are installed on this computer, please? Do you have an antivirus, or other program that provides realtime protection?I suspect you are being reinfected because you lack these.With Regards,The Panda

22 more replies
Relevance 55.35%

I've been having a a problem with the back left corner hinge since October of last year I poisted to another board about this problem hving been told that this issue would be passed onto support in my region. I'm currious as to weather I'll hear from these people in this lifetime or the next. I enjoy my Laptop and would like to continue using it but as time goes on it keeps seperating more and more and I have to snap it back into place to keep in together. I'm hoping to actually hear back from someone this time that will be able to help me in fixing this issue.

Answer:Back Corner coming from the back left side by the hinge

@jmb1313

 

I have brought your issue to the attention of an appropriate team within HP. They will likely request information from you in order to look up your case details or product serial number. Please look for a private message from an identified HP contact. Additionally, keep in mind not to publicly post personal information (serial numbers and case details).

If you are unfamiliar with how the Forum's private message capability works, you can learn about that here.

Thank you for visiting the HP Support Forum.

1 more replies
Relevance 53.71%

I already posted in How to remove Windows 10 upgrade updates in Windows 7 and 8
In this thread after the starting post from Tookeri other updates that had to be deleted were mentioned. I made a list in post 841
I did not have all these updates on the pc but those that were on it I hid.
Some of them came back and I hid them again.
Now today they are back - with some that I had not seen before.

I made an attachment that shows them and also shows that I hid them again

Will I have to check Windows Update for the rest of my live?????

More replies
Relevance 52.89%

Hello,
I have a problem ,which ive tried to fix serveral times but it keeps coming back.
This virus is located in Systems 32 folder, Pc Cilling 2005 identified it as TROJ_ROOTKIN.N . Ive gone
to safe mode, deleted it, returned to windows and the virus reapeared, wats more it clogs up Pc Cillin, so now under quarantine i have 100+ instances of this virus, and its increasing.
The virus is labelled hpr34k8

Im sure my Hijack Log is fairly clean... -------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 5:27:53 PM, on 14/08/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\Telstra\Cable Login\bpcable.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Telstra\Toolbar\bpumTray.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin... Read more

Answer:Virus that keeps coming back and back and back, so on

bump, hopefully someone takes notice

19 more replies
Relevance 51.66%

can someone read my hijack this log file and help if they can? my eamil is [email protected] and my name is angela

Logfile of HijackThis v1.99.1
Scan saved at 11:56:13 PM, on 10/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:... Read more

More replies
Relevance 51.66%

Whenever I turn my computer on I get a Norton Spyware warning that Adware Adroar is present but doesn't let me get rid of it. When I run a virus scan, it shows my computer is clean. Whe I run other spyware programs there are no threats present. How do I get rid of this treat that Norton says is serious?

Answer:Adware Adroar warning keeps coming up

Hello and welcome to TSF.

Apologies for the long delay in response. If you still require assistance, please provide us with the required set of logs in a new topic as this one shall be closed.

New Instructions - Read This Before Posting for Malware Removal Help

1 more replies
Relevance 51.66%

I've managed to get rid of a lot of trojans and viruses during the post two days but there is only one thing left. I have no clue how to get rid of it at all and it just seems to be adware but it gets blocked each time by Malwarebytes. I really need help now as its starting to get really annoying and I feel unsafe actually using my computer because of it.
http://imgur.com/mvs8uKV Link to what it looks like.
 
Anyway my FRST notes.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-12-2015
Ran by Jake (administrator) on JAKE-PC (31-12-2015 00:21:05)
Running from C:\Users\Jake\Downloads
Loaded Profiles: Jake & DefaultAppPool (Available Profiles: Jake & DefaultAppPool)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(... Read more

Answer:Strange adware coming from regsvr32.exe

bump

11 more replies
Relevance 50.84%

I hope I am following instructions as you have posted. I have been trying to fix the virus on my pc for a month with no luck. The virus is definitely in my windows explorer. When I shut it off I am able to navigate around internet but very very slow. Also I have no access to my skype since it happened. I have backed up everything I want to my external.
thanks Technos, Cant wait to hear from you
Bec1256

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:10:33 PM, on 10/10/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\PixArt\PAC207\Monitor.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\real\... Read more

Answer:audio adware coming from my windows explorer

14 more replies
Relevance 50.84%

My computer has a bunch of popups that eventually freeze the computer. I tried running Spybot but they came up the next time I rebooted. Here is the HJT log. I noticed a bunch of things in there that I probably aren't supposed to be there, but figured I wouldn't do anything until you tell me to. Thanks in advance for the help.

Logfile of HijackThis v1.99.1
Scan saved at 5:46:27 PM, on 5/27/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\wnsinttr.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\wanmpsvc.exe
C:\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://nkvd.us (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://nkvd.us (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://nkvd.us (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://neword.com?s
R1 - HKCU\Software\Microsoft\In... Read more

Answer:Popups and Spybot is coming up with a bunch of adware

Hi Eclipse2003 and Welcome to TSF!

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst. I will be back with a fix for your problem as soon as possible.

Please be patient with me during this time.

We recommend that you subscribe to this thread so you'll be notified as soon as we post your fix. To do this, please scroll up to the 1st post of this thread. Click Thread Tools and then Subscribe to this thread; on the next page, make sure "Instant notification by email" is selected, then click Add subscription.

Thanks.

5 more replies
Relevance 49.2%

bad windows media player link caused ads to keep appearing after each reboot. I used ad aware and spybot but yet after each reboot something triggers them all over again.

please help

thank you.

Answer:looots of adware/spyware keep coming all due to a bad windows media player link

If you have a fast internet connection (broadband), run an online virus scan at TrendMicro http://uk.trendmicro-europe.com/ente...all_launch.php. Just follow the instructions on the site to run the online scan. If any viruses/trojans are detected, try to delete or clean them in that site. You may use Panda ActiveScan also at http://www.pandasoftware.com/products/activescan. Otherwise, make sure your antivirus program has the latest definitions and run a full system scan.

Please download HijackThis http://www.greyknight17.com/spy/HijackThis.exe - this program will help us determine if there are any spyware/malware on your computer. Create a folder at C:\HJT and move HijackThis.exe there. Double click on the program to run it.

1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'.
2. If you don't get the intro screen, just hit Scan and then click on Save log.
3. Post the hijackthis.log file here. Do not fix anything in HijackThis since they may be harmless.

10 more replies
Relevance 49.2%

okay, so yesterday i cleaned my pc with "malwarebytes anti-malware and there were like 11 viruses. then i scanned after t, none, so i get up this morning and scan my pc because everything is going SO SLOW! and now i got 10 viruses. can anyone please help? yesterday i had like 2 injections, 2 clickers, 2 malware.packs, and like 6 agents.
heres my log for yesterday: http://pastebin.com/panEZfVS
and heres todays: http://rhymingcolors.pastebin.com/G7gJ51nr
please help. 5 of those kinds ive never seen before :/ please comment below
 

Answer:they keep coming back >:(

8 more replies
Relevance 49.2%

Greetings everyone I need some help.

First off... I have followed all the proceedures listed on the READ ME thread that is asked and I STILL AM HAVING ISSUES.

I have Ad-Aware SE and with the VX add.

I have HiJackThis v1.99 and have followed the steps on that thread as well.

Here is the problem:

I run Ad-Aware everytime I log on, and even in safe mode. It finds beween 8 and 60 items. Mostly Malware and DataMiners. Then once I fix those I rescan and it comes up clean. However, I am still getting pop-ups, I have EnhanceMySearch, and when I log off and log back in... and re-run Ad-Aware I still have 8-60 items that show up and the same problem persists.

Can anyone help and point me in the right direction? It is a major annoyance. THANKS TO EVERYONE IN ADVANCE!!
 

Answer:It all just keeps coming back

Make sure you have HijackThis 1.99 and follow the guidelines on where to install it and how to post a log as an attachment. This is all covered in the sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

Now post a HijackThis log as an attachment to your message (Do not post the log inline). All running programs should be closed, including your web browser, e-mail. Close before running Hijack This!

To repeat: Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT
 

11 more replies
Relevance 49.2%

I think I may have finally scrubbed enough to keep the dll (IeBHOs.dll) from re-appearing, but the E2G folder keeps recreating itself. Any suggestions?

It's a friends system and had Norton on it. I installed NOD32 and PC Tools Spyware Doctor. Then read a few threads and ran HJT a few times and made some deletions that "may" have helped. I know that I managed to get rid of the TrojanDownLoader-AC2 but this E2G is stubborn.

Also ran SpySweeper many times in safe mode and in non-safe mode. Disabled Spyware Doctor from auto load with windows as it seemed to be interefering with the Spy Sweeper scan.

Here's the latest HJT log:

Thanks in advance for any suggestions!

Charlie

Logfile of HijackThis v1.99.1
Scan saved at 6:51:15 PM, on 4/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EX... Read more

Answer:E2G keeps coming back

Thread closed, please do not post duplicates!
Continue here: http://forums.techguy.org/security/460316-e2g-keeps-coming-back.html
 

1 more replies
Relevance 49.2%

Here is my dilemna:

I've run Kazaabegone, CWShredder, Spybot and Adware with new updates and reboots in between. I've run Hijack This and removed what I knew to be suspicious files in safe mode. But one:

O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net

keeps reappearing on the HJT log after rebooting. I know I'm missing something; just don't know what.

Here is the entire log:

Logfile of HijackThis v1.97.7
Scan saved at 8:04:28 PM, on 2/1/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\EarthLink 5.0\Con... Read more

Answer:New.net keeps coming back

6 more replies
Relevance 49.2%

I think I may have finally scrubbed enough to keep the dll (IeBHOs.dll) from re-appearing, but the E2G folder keeps recreating itself. Any suggestions?

It's a friends system and had Norton on it. I installed NOD32 and PC Tools Spyware Doctor. Then read a few threads and ran HJT a few times and made some deletions that "may" have helped. I know that I managed to get rid of the TrojanDownLoader-AC2 but this E2G is stubborn.

Also ran SpySweeper many times in safe mode and in non-safe mode. Disables Spyware Doctor from auto load with windows as it seemed to be interefering with the Spy Sweeper scan.

Here's the latest HJT log:

Thanks in advance for any suggestions!

Charlie

Logfile of HijackThis v1.99.1
Scan saved at 6:51:15 PM, on 4/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EX... Read more

Answer:E2G keeps coming back

Three threads are not needed for the same problem.
 

2 more replies
Relevance 49.2%
Question: keeps coming back

I keep running scans and it cleans the computer sometimes. I will encounter xp antispyware 2009 and 2008 telling me that my computer is infected. It posts a permanent box on my desktop saying infected and keeps popping up at bottom right by time clock saying infected. I will run anti malwarebytes and it will clean it only if i do quick scan. But then i will run full scan and it freezes so i know it is still infected. And sure enough a few days later it is all back. Please help. I also run cc cleaner and norton but norton freezes too. I have also tried in safemode but still freezes. Thanks Any and all help is greatly appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:56:21 PM, on 10/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Inte... Read more

Answer:keeps coming back

bump
 

2 more replies
Relevance 49.2%

Hey everyone this is the first time I have posted anything but i am having some serious problems. I let my brother borrow my laptop and when i got it back it was infected bad.
I have pc-cillin, Malwarebytes, and SuperAnti-Spyware.
SuperAnti-Spyware seems to clean everything after i scan and reboot but there are two things that keep coming back on the next re-boot.
1. Pc-cillin keeps giving me a waring telling me to close the browser when its not open with the web address of 110/rjsa/select.php?a=6707a0a cd82d9318fa98c6ee396eed8e61fcf4200553e0c95d8b1d81bbda3c1b&b=1001&c=1
2. There is a sys32 file that gets deleted and always comes back on reboot its MoIXWA40.dll
Pc-Cillin tells me this is a trojan.bho and says its will delete on reboot.
please help me this is so frustrating it slows everything down sooo slow.
 

Answer:Pop-Ups keep coming back

Hi, Welcome to TSG!!
Click here to download HJTInstall.exe

Save HJTInstall.exe to your desktop.
Doubleclick on the HJTInstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

 

1 more replies
Relevance 49.2%

I have a PC i believe is infected.
i have run Combofix, it appears to find something and reboot but i am unable to tell by the log what it found.
i think it is still infected because if i run CF again, it says it needs to reboot to continue.
 ComboFix.txt   29.88KB
  5 downloads
 ComboFix2.txt   30.15KB
  3 downloads
 ComboFix3.txt   26.11KB
  2 downloads
 ComboFix4.txt   29.75KB
  3 downloads

Answer:it keeps coming back

Hello cgtrott, I will be handling your log to help you get cleaned up. I apologize for the delay but the forum is very busy and as you can see the logs we ask for are very extensive and take a lot of time to investigate. Please subscribe to this topic. Click on the Watch Topic button, select Immediate Notification and click on proceed.Make sure Word Wrap in notepad is turned off. When copying and pasting logs paste them directly in the reply box only attach logs if asked to. Do not wrap logs in codebox or code tags. It makes it very difficult to read and analyze them. Please paste them directly into the reply box. Do not make any changes to your system until we are through. Fixes are based upon information that is current from your system so any changes can affect our strategy. Please refrain from running any tools we may use without specific instructions.If your operating system is Windows Vista or Windows 7 it may be necessary to right click then choose Run as Administrator any programs we use.Before we begin please check and follow the instructions on How to Show Hidden Files and Folders in Windows Vista and Windows XP and How to show hidden files in Windows 7Because the e-mail notification system is not completely reliable, please check your topic once a day for responses.Please read carefully all directions and instructions. If you are instructed to save a tool to the desktop please save it to the desktop. If you have since resolved the original problem you were ha... Read more

2 more replies
Relevance 49.2%

I have a problem with pop-up ads that keep on appearing randomly on my computer. I tried using adaware which picked up a lot of them, but they keep coming back later.

Hijack this log (Created with Hijack-this Analyzer)

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 4/1/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Fil... Read more

Answer:Pop-Ups that keep coming back

Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem a.s.a.p

Please be patient with me during this time.

4 more replies
Relevance 49.2%
Question: Keeps coming back

Ok guys not sure what I keep missing but the 020 line keeps coming back and changing it name.

I have ran CWS, ewido, Killbox ( and delete after reboot) VirtumundoBegone
Logfile of HijackThis v1.99.1
Scan saved at 11:25:30 AM, on 1/22/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hijack This\TrojanHunter 4.2\THGuard.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDae... Read more

Answer:Keeps coming back

10 more replies
Relevance 49.2%

I think I may have finally scrubbed enough to keep the dll (IeBHOs.dll) from re-appearing, but the E2G folder keeps recreating itself. Any suggestions?

It's a friends system and had Norton on it. I installed NOD32 and PC Tools Spyware Doctor. Then read a few threads and ran HJT a few times and made some deletions that "may" have helped. I know that I managed to get rid of the TrojanDownLoader-AC2 but this E2G is stubborn.

Also ran SpySweeper many times in safe mode and in non-safe mode. Disables Spyware Doctor from auto load with windows as it seemed to be interefering with the Spy Sweeper scan.

Here's the latest HJT log:

Thanks in advance for any suggestions!

Charlie

Logfile of HijackThis v1.99.1
Scan saved at 6:51:15 PM, on 4/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EX... Read more

Answer:E2G keeps coming back

16 more replies
Relevance 49.2%

I've run Ad-awareSE, Trend Micro's housecall, and McAfee. I've also run Ad-aware while in safemode yet I still keep getting these popups and McAfee keeps telling me that " The file C:\\WINDOWS\system32\winupdt.exe was infected by the Downloader-LG trojan and has been deleted to complete the cleaning process. Its' says it repeatedly then stops then a few hours later it'll come back. Here is my Hijack This log:
Logfile of HijackThis v1.99.1
Scan saved at 6:07:30 PM, on 3/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wkogyo.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:... Read more

Answer:They just keep coming back...

16 more replies
Relevance 49.2%

This is my second attempt at help. I failed my first time and after reading the preparation guide here I am. I tried fixing it myself and loading MBAM and it says I have an infected regestry value, (Trojan.Agent) When I run the MBAM it says my computer must reboot to fix. It does, but then I have the same infection. I am confused, frustrated, and not really sure now what I am doing. Thankfully there are those here that can help...I am humbled.

Here is my DDS.txt
DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 16:10:46.34 on Tue 03/31/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.186 [GMT -4:00]

AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINNT\system32\svchost -k DcomLaunch
svchost.exe
C:\WINNT\System32\svchost.exe -k netsvcs
C:\WINNT\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINNT\system32\ezSP_Px.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINNT ... Read more

Answer:Not sure what I have...but it keeps coming back

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until ... Read more

2 more replies
Relevance 49.2%

Hello, after removing numerous malwares, str.sys keep coming back even though i removed it several times.Here's the log, thanks for your help.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:22:19 PM, on 7/16/2009Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Toshiba\Utilities\KeNotify.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Symantec AntiVirus\VPTray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\QuickTime\QTTask.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Synaptics\SynTP\SynToshiba.exeC:\Windows\system32\igfxsrvc.exeC:\Windows\ehome\ehtray.exeC:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exeC:\Windows\ehome\ehmsas.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exeC:\Program Files\Symantec AntiVirus\DoScan.exeC:\Program Files\Synaptics\SynTP\SynTPHelper.exeC:\Program... Read more

Answer:Str.sys keep coming back, help!

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 49.2%

I uses Vundofix, ad-aware, spybot, xoft, avg, House call, Microtrend, Don't know what to do next? here is my infoLogfile of HijackThis v1.99.1Scan saved at 1:48:37 PM, on 3/22/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\NavNT\defwatch.exeC:\Program Files\NavNT\rtvscan.exeC:\Program Files\Norton Utilities\NPROTECT.EXEC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\svchost.exeC:\Program Files\NavNT\vptray.exeC:\Program Files\BearShare\BearShare.exeC:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exeC:\Program Files\Yahoo!\Messenger\ymsgr_tray.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.Begin2Search.com/search.htmlO4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\... Read more

Answer:Pop Up's Keep Coming Back

Hello Mhenry, Welcome to BleepingComputer!My name is Nick and I will be checking over your log.Let's get started.You will want to print or save these instructions.Please download Look2Me-Destroyer.exe to your desktop.Close all windows before continuing.Double-click Look2Me-Destroyer.exe to run it.Put a check next to Run this program as a task.You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 1 minute. Click OKWhen Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.Once it's done scanning, click the Remove L2M button.You will receive a Done Scanning message, click OK.When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.Your computer will then shutdown.Turn your computer back on.Please post the contents of Look2Me-Destroyer.txt (it can be found wherever you saved Look2Me-Destroyer.exe) and a new HiJackThis log.If Look2Me-Destroyer does not reopen automatically, reboot and try again.I highly suggest you get rid of BearShare. It is a P2P program which is usually the cause for malware.Read here for more information on clean and infected File Sharing Programs.Click Start> Control Panel > Add/Remove Programs and remove:BearSharePlease note any other programs that you dont recognize in that list in your next responseReboot your computer once more.Please go HERE to run Panda's ActiveScanOn... Read more

1 more replies
Relevance 49.2%

windows securty 7 keeps coming bak after doing all the steps
 

Answer:it keeps coming back

Please attach the logs from both SUPERantispyware and MalwareBytes. Also run the below and attach the log.

I want you to run TDSSKiller so refer to the below for how to do so.

TDSSkiller - How to run
 

11 more replies
Relevance 49.2%

Hi everyone,

i had this fake FBI Virus on a laptop couple days ago, it would not let the windows to boot, not even in safe mode. i got it to clean with kaspersky boot disc, and also scanned it with avg, malwarebytes, avast. send it back to customer, same night he called me saying avast kept picking up something but was not able to remove it! so i picked it up again the next day, scanned with avg & malwarebytes seemed to be cleaned up again, nothing was picking up any viruses. but guess what? this morning i have a text from a custoemr, saying he was locked up out of screen and he was able to get into it, but now avg is picking up something again!!! i asked him if he uses usb drive or external or anything but he said he did not use any of those! PLEASE HELP WITH REMOVAL OF THIS!!!!

Answer:It keeps coming back!!!!

Hello sapikest,
my name is Marius and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.
First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

Before we start, please note:

Please be advised that this free service is typically for home users. We'll help you out this time, but in the future if you are unable to clean a machine via standard methods, then either backup the client's data and rein... Read more

2 more replies
Relevance 49.2%

Oh God help me... these anti-spyware pop ups keeps popping up and i always run a check on ad-aware 6 and Spybot once i see it. But once i connect to the net and open a site, it all comes back again n i haf to scan it all over again.... help please this is real miserable...

Thank you.

Answer:It just keeps coming back...

try manually removing, on www.doxdesk.com there are listings for spyware/parasites.

you could also go to run > msconfig and deselect any programs starting up that you dont recoginse.

also try going to http://www.symantec.com/homecomputing/
at the bottom is a link to a free online virus check, you may have one that persistantly downloads spyware.

and finally ensure you have a firewall and if you have one make sure its up to date. www.download.com has a free copy of zonealarm, thats a good one

6 more replies
Relevance 49.2%

Can't seem to get rid of the trusted zones, option is disabled in internet tools. I've run spybot, adware and avast but they still show.

Logfile of HijackThis v1.99.0
Scan saved at 10:18:03 AM, on 2/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.... Read more

Answer:they keep coming back!

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that Display the contents of System Folders' is checked. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Restart your computer. After we are finished with your log file and verified that it's clean, you may turn it back on and create a new restore point.

Right click on this link http://www.greyknight17.com/spy/De... Read more

3 more replies
Relevance 49.2%

I have done everything to get rid of my recent popups including runings spybot, adaware, microsoft Antispyware, Norton and Pandascan both in regular mode and safe mode. THey keep on finding stuff, but after restarting, they still come back. I have also empties the TEMP folder and cookies and temporary Internet files. I have included a HIJACK this log, hopefully someone can help. thanks.

Logfile of HijackThis v1.99.1
Scan saved at 6:34:55 PM, on 6/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\PROGRA~1\NORTON~1\NORTON~3\GHOSTS~2.EXE
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\GWHotKey.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe... Read more

Answer:HJT Log because they keep coming back

16 more replies
Relevance 49.2%

I am trying to clean out a co-worker's computer. I have restored to over a month ago and continue to find malware during scans. Any help appreciaded. Have not yet restarted to fully remove. Do I need to kill some files will killbox prior to the restart? Thanks, Jeff

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3930

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

3/31/2010 2:19:22 PM
mbam-log-2010-03-31 (14-19-22).txt

Scan type: Full scan (C:\|)
Objects scanned: 231065
Time elapsed: 1 hour(s), 11 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Windows\System32\config\systemprofile\AppData\Roaming\AntiVirus Plus (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.

Files Infected:
C:\$Recycle.Bin\S-1-5-21-2658977195-169558386-357108580-1000\$RR7NTAN.tmp (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\avp.ico (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
C:\Wi... Read more

Answer:ave.exe keeps coming back

Windows restarted for updates while sleeping last night. Running malwarebytes again. Final rid of Hijackthis entries
O20 - AppInit_DLLs: C:\ProgramData\nuvanifi\nuvanifi.dll
2658977195-169558386-357108580-1000

Malwarebytes came out clean as well as a full McAfee virus scan. Hijackthis log appears clean too. With persistance I think I have this cleaned finally. I have both a dds scan and gmer report but don't really know what to look for. I can post these if someone has time to review them. I ran both prior to the windows update restart. Also updated and ran spywareblaster. Pop ups and redirects are gone too.

Partial log of items cleaned.
3/31/2010 2:19:22 PM
mbam-log-2010-03-31 (14-19-22).txt

Folders Infected:
C:\Windows\System32\config\systemprofile\AppData\Roaming\AntiVirus Plus (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.

Files Infected:
C:\$Recycle.Bin\S-1-5-21-2658977195-169558386-357108580-1000\$RR7NTAN.tmp (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\avp.ico (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\AntiVirus Plus.lnk (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\Local Settings\Application Data\ave.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
C:\Windows\System32\co... Read more

1 more replies
Relevance 49.2%
Question: Back coming off?

My Lumia 640 is quite new and the back plastic panel writing logo is coming off the Microsoft logo has come off and some letters are coming away?
Is this normal?

More replies
Relevance 49.2%

I'm the kind of person who just needs to turn UAC off.  It's a great idea for the vast majority of regular users, though, so I'm not canning it, just asking some questions on how to actually turn it off so that it stays off.I'm using Windows 7 x64 on a laptop that's just on its own, no domain, no group policy etc.Anyway, I've got my UAC slider all the way down the bottom (and have rebooted), yet I still need to explicitly right-click and choose "Run as Administrator" if I need to run something as an administrator.  (for example the command prompt, if I want to run "chkdsk c: /f" or "pskill explorer.exe" or use ProcessExplorer and look at the threads in system processes or whatever.)  The thing is I want to run most of my stuff as administrator without the need to right-click each time.  Just take a look at some of the crazy problems I see and need to work with: http://users.on.net/~MRIS/Problem_20090207_0701.mhtI know that I can tick "run as administrator" in the advanced tab for the shortcut that launches these as a work-around but I want it for all my sysinternals utilities, and there's lots of them.  I'm also sick of clicking "show for all users" in things like task manager when I launch it via CTRL-SHIFT-ESC. There's a Group Policy setting in the registry named:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUAThat I think is responsible.However it always comes back and gets set... Read more

Answer:UAC keeps coming back on all by itself.

 
MRIS said:
How do I track how this is getting there?It turns out a file named "registry.pol" in this folder:C:\Windows\System32\GroupPolicy\Machine\was doing it.

15 more replies
Relevance 49.2%

I am having trouble getting rid of this BHO object.Everytime I manage to remove the dll and the BHO registry entry it comes back under a different name.I have run Spybot, AdAware and Trend Micro AV.Any help would be appreciated.Logfile of HijackThis v1.99.1Scan saved at 3:17:14 PM, on 04/16/07Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exeC:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exeC:\WINDOWS\system32\fxssvc.exeC:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exeC:\WINDOWS\TEMP\EWE594.EXEC:\WINDOWS\Explorer.EXEC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exeC:\Program Files\Messenger\msmsgs.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files ... Read more

Answer:Bho Keeps Coming Back

Hello EBurritt, I am SifuMike and I will be helping you. Disable your antivirus program and go here http://www.bitdefender.com/scan8/ie.html and run an online scan with BitDefender (you will need to use Internet Explorer for this scan). When the ActiveX Control has loaded, click on "Click here to scan". Please be patient, as this scan may take a few hours. It all depends on the number of files on your computer. When BitDefender completes the scan, select the "Detected Problems" tab. Click on "Click here to export scan". Save the file as an HTML to your Desktop. Then click on the saved file and allow it to open with your browser. Go to Edit - Select All then copy/paste that log back here. Post the BitDefender log.******************Download ATF (Atribune Temp File) Cleaner? by Atribune DO NOT run it yet. Download and install AVG Anti-Spyware 7.5 (formerly Ewido) This is a 30 day trial of the programAVG Anti-Spyware is designed to be used to both scan for and remove malicious files and also to run in real-time alongside, but not replace, your existing anti-virus program to give an added layer of protection.Both the Resident Shield and Automatic Updates will only be available for the thirty day trial period, after that AVG Anti-Spyware will revert to a stand-alone scanner which you can keep and manually update for free and use in a similar way to Ad-Aware SE Personal, Spybot S&D etc.1. After download, double click on the file to launch the... Read more

11 more replies
Relevance 49.2%

Everytime I run webroots spysweeper It finds a cws threat. I don't understand why it keeps popping up, even after I tell spysweeper to remove it. Someone want to help me....

Logfile of HijackThis v1.99.1
Scan saved at 7:44:30 PM, on 10/25/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
D:\programfiles\Spy Sweeper\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Eset\nod32kui.exe
D:\programfiles\Spy Sweeper\Spy Sweeper\SpySweeper.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
D:\programfiles\MicrosoftAntivirus\gcasServ.exe
C:\Program Files\QuickTime\qttask.exe
D:\programfiles\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
D:\programfiles\MicrosoftAntivirus\gcasDtServ.exe
C:\Program Files\LIUtilities\WinTasks\wintasks.exe
D:\programfiles\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.... Read more

Answer:CWS keeps coming back

8 more replies
Relevance 49.2%
Question: Keeps Coming Back

Can someone please help me with this problem? All my AV programs detect a virus running in my system, but whenver I have it removed, it keeps coming back How can I stop this???


HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:22:13 AM, on 8/25/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\csrcs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.... Read more

Answer:Keeps Coming Back

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

---------------------------------------------------------------------------------------------

If you still require assistance with this issue, please do this:
Download RSIT by random/random and save it to your desktop.
Double click RSIT.exe to start the tool and click Continue at the disclaimer.
When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized.
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of log.txt here.
Please attach info.txt to your post.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:C:\rsit\info.txt

Click Upload.

---------------------------------------------------------------------------------------------

2 more replies
Relevance 49.2%
Question: Keeps coming back!

I thought I wiped it off already but it's back AGAIN! And my SpyBot S&D is missing all sorts of components so it's not working right and it's the only one that has found any. The Microsoft one found one and deleted it but SpyBot found 16 but only deleted 2 before running into problems. EliteBar is back also. Help again!
 

Answer:Keeps coming back!

- Run ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus RemovalMake sure you check version numbers and get all updates.

- Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.
After doing ALL of the above you still have a problem:

- Download HijackThis 1.99.1

- Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

- Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

- Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

- Run HijackThis and save your log file.

- Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).
 

3 more replies
Relevance 49.2%

hi, i hope somebody can help me. I'm running windows 95 b with internet explorer 5.5 and I keep getting "Error loading C:\WINDOWS\TEMP\se.dll". when I run IE, avg detects trojan horse startpage 16.bd and my start page is now advertising called "about: blank" I've deleted se.dll but it just keeps coming back. I'd appreciate any suggestions. thanx!
 

Answer:se.dll keeps coming back!

it sounds like you got hijacked. this should have been posted on the spyware specific board. follow the instructions on this link below.

http://forums.majorgeeks.com/showthread.php?t=35407 <--
Sticky: READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

g/l - sos
 

1 more replies
Relevance 49.2%

2 nights ago i was surfing the next and i starting getting reports such as :

Windows has detected spyware infection!
It is recomended to use special antispyware tools to prevent data loss. Windows will now download and install the most up-to-date antispyware for you
Click here to protect your computer from spyware!

and

Warning! Potential Spyware Operation!
Your computer is making unauthorized copies of your system and
Internet files. Run full scan now to pervent any unathorised access
to your files! Click here to download spyware remover ...

i started getting a lot of popups trying to send me to a site calling cookingluck (f3.cookingluck.com, f5.cookingluck.com, f7.cookingluck.com,
f9.cookingluck.com) i close them before they can finish loading.

Now i didnt do the smartest thing and i downloaded one of the "anti-spyware" things they told me too. "system-defender". well thats about when everything went from bad to worse, shell.dll was giving me hell, wowfax.dll was messing up. The control panel icon also disapeared and anything i tried to do with the system it wouldnt let me..pretty much telling me i didnt have administrative privliges.

So i came on this site and saw the self help page and was looking it over and saw the the "SmitFraud and It's Variants Removal Instructions" section fit my problem to a T, so i followed the steps exactly as they are written. I also got rid of the system defender. When i rebooted into norma... Read more

Answer:It just keeps coming back.....

Hi and welcome to TSF.

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.
We'll begin with ComboFix. Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/comb...o-use-combofix
When the tool is finished, it will produce a report for you.
Please post C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.

NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.

12 more replies
Relevance 49.2%

Hot bar I am told is a parasite.That is its a freeby thats seems frindly but in reality is sucking all your secrets.So last night I deleted all trace of it from the system by norton and by Regedit.Tonight it back......What sort of mallet this this need ?

Answer:hot bar keeps a coming back

Please post a HJT log click hereYou may need to post in in two halves because of the 800 word limit.Please double space it by adding a blank line after each line so that it is legible with the site's formatting.

4 more replies
Relevance 49.2%

I can't get rid of this crap - I've ran everything on here that people say. I have SAV installed and up to date, I have SpywareGuard installed, I have ran HJT, I've ran Ewido software, nothing can get rid of this - Everytime I clean everything while in Safe mode and reboot, Spywareguard immediately starts popups saying a BHO has been added (suchs as C:\WINDOWS\system32\wvuvspq.dll) - I click remove BHO, and it comes back over and over...

Someone please help - this has totally destroyed my computer...
 

Answer:Someone please help - These BHO's keep coming back!!

Closing duplicate thread. Please continue to reply here: http://forums.techguy.org/malware-removal-hijackthis-logs/648572-please-help-my-hijackthis-log.html
 

1 more replies
Relevance 49.2%

Hello
For many years a succeeded in keeping my computers safe - then, not even a month ago, something surfaced. A Virut thing after I visited an insecure site.
If this can help, a few days before I had for the first time in my pc life installed a downloader program called Flashget-
Well I tried at first to clean up with Spybot and Spyware Doctor (who had not by the way intercepted the hostile item). But the machine had still a strange behaviour so I downloaded some Linux based Rescue CD .iso files (Kaspersky, BitDefender, WebDoctor), burned the CDs and went on scanning without Windows. Those found a wealth of infections by Trojans as well as by the Virut thing, so I kept cleaning and cleaning (desinfecting and/or deleting that is) until nothing more was found.
I then restarted Windows, uninstalled Flashget and installed Avast antivirus. Unfortunately when using my browser I started to get redirected to a "stolnik.net" whatever search I did. Plus Avast began to show infections spreading in the system by a "W32.Vitro" virus. So I tried again with the rescue CDs - Kaspersky found a couple issues but nothing else - and Avast still claiming I have the W32.Vitro everywhere.
At this point I used the VirutCF removal tool by Norton, but to no avail - there is no Virut infection in the machine.
I was beginning to get nervous so I downloaded the Combofix tool, disabled all and every anti-virus and -spyware - as requested - and tried to start Combofix: nothing happens... Read more

Answer:They keep coming back

If you truley have Virut the only real alternative is to do a complete wipe and reinstall. See boopme's post here:http://www.bleepingcomputer.com/forums/ind...t&p=1260380That will help you determine if you have virut, and if you do, what you need to do.

13 more replies
Relevance 48.79%

I've had problems with the MediaPipe/Plus pop up coming back after removing it for a few weeks now. It started out as a file that was downloaded in the background while on some web site. Since then I've used add/remove programs, add/remove and removed it on startup on regsupremepro, ewido, ccleaner, blbeta to see if it showed up any hidden files, and spybot search & destroy. Now I keep getting a pop up that is telling me my 3 day trial is up and wants me to pay and I seen the files on the computer again. I haven't tried the aproposfix, kill bot, or clean up yet. Here is my HJT log.

Logfile of HijackThis v1.99.1
Scan saved at 8:09:08 PM, on 12/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\taskswitch.exe
C:\WINDOWS\System32\atievxx.exe
C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\Pro... Read more

Answer:MediaPipe pop up keeps coming back.

Then why are you posting this log? Your wasteing our time here...as you have started 3 threads and have yet to completed one of them. Please follow the advice given to you in that thread and post your next logs in that same thread.

1 more replies
Relevance 48.79%

Everytime I reboot my computer, Downloader keeps coming back.

http://www.symantec.com/security_res...101518-4323-99

I have followed the removal instructions here, and no virus scan is detecting any infected files in safe mode. System restore is disabled until I figure this thing out.

When I check my logs in Norton Antivirus it says one file was automatically deleted, and one file was repaired.

This is the text for the repaired file:

Source: Manual Scanner
Risk category: Virus
Click for more information about this risk : Downloader
Action taken: Repaired
Description: Affected areas:
1 Additional areas:
Unknown - Deleted

It bothers me because I dont know what it is repairing, and I would like to delete that file as well.

All virus scans, spyware scans, everything comes back clean. Then I reboot, open a browser and wham, the file is detected and deleted again.

Here is my HijackThis file.


Logfile of HijackThis v1.99.1
Scan saved at 4:57:34 AM, on 8/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EX... Read more

Answer:Downloader keeps coming back

So, Norton's not telling you exactly what it's repairing, or where whatever it's repairing is located?

Is Norton subscription up to date?

Let's run this small tool and see what we can see.....
Download combofix from one of these locations:http://www.techsupportforum.com/sectools/combofix.exe
http://download.bleepingcomputer.com/sUBs/combofix.exe

Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

---------------------------------------------------------------------------------------------

1 more replies
Relevance 48.79%

I have a spyware problem that I can't fix. Usually, if Spybot S&D doesn't find it, I have been able to track it down in the windows or system folder and delete it in DOS, but I'm stuck this time.

It all started when the IST bar helped itself to my computer along with Gator, Xupiter and some other crap. Spybot S&D did not get rid of the IST bar, but I found the istsrv.dll file and deleted some keys in the registry to lose sight of any IST stuff.

The problem now is, every time I go to a page that has pop-ups, such as Sunspot News and even my own webpage, something is causing the original ads to be replaced with tracking cookies from DoubleClick, MediaPlex, and Avenue A.

AdAware found and deleted 37 different files and reg keys, but the problem still remains. The virus scan came up empty. I don't know if it is a javascript thing or a .dll file or what.

I downloaded Pop Up Killer and it stopped some of the action, but the cookies are still getting through.

Does anyone know what files or registry key might be causing this. I'm running 98SE and IE 5.5. I feel like I'm ready to do an fdisk right now.
 

Answer:Spyware that keeps coming back

12 more replies
Relevance 48.79%

Hello. I first found Vundo on Saturday, April 11. I left my email client (Thunderbird) open for a few hours and came back to loads of popups. I tried calling Microsoft, and they assisted me with removal - or so I thought. Afterwards, I installed every Windows update, bought and installed Trend Micro's Internet Security Pro, and started scanning with Malwarebyte's Anti-Malware twice a day, at least. Every day since then I have found instances of Vundo (depending on which I use first, my Antivirus or MBAM). Each day it has a different name, too. It started out with Vundo.H, then Vundo.HGO, and today, I have Vundo.V. Finally, last night I ran a Kaspersky scan, and it found two files that I had never seen mentioned before - a trojan-downloader.Win32.fraudload.edj and packed.win32.Mondera.c. I can't locate these files, and neither can any of the other programs. Here are the requested files: DDS.txt and my Kaspersky log (041609KOS.txt), and the Attach.txt file. Thank you so much for your help.DDS (Ver_09-03-16.01) - NTFSx86 Run by Jen at 12:33:38.40 on Thu 04/16/2009Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.443 [GMT -4:00]AV: Trend Micro Internet Security Pro *On-access scanning enabled* (Updated)FW: Trend Micro Personal Firewall *enabled*============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC... Read more

Answer:Vundo Keeps Coming Back

Please download The Comedian.exe to your desktopDouble click the program to run it. It will only take around several minutes to run.It will do a series of tasks and tell you when each one is finished.You will be prompted to press any key after each stepWhen it is done it will close and exit itself automatically.You can delete The_Comedian.exe once it is finishedNEXTPlease download Malwarebytes' Anti-Malware from HERE or HERENote: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfec... Read more

21 more replies
Relevance 48.79%

Hello,
Yesterday my computer started acting up. It said that the Windows firewall was turned off (even though I didn't turn it off) and now it's saying automatic updates has been turned off (even though it's turned on). I've scanned the computer with ad-aware, AVG and my Norton antivirus. I've removed trojans at least three times. However, random IE windows keep popping up with fake antivirus dialog boxes. I'm not sure what else to do. Below is the HJT log. Thank in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:57:05 AM, on 12/28/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost... Read more

More replies
Relevance 48.79%

Hello, I need help removing these annoying malwares. Using Malwarebyte, after multiple scanning, it keep coming back. Below is my hijack log, thanks so much.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:02:36 AM, on 1/14/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\PROGRA~1\SYMANT~1\VPTray.exeC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\WINDOWS\System32\nvsvc32.exeC:\Program Files\CyberPower PowerPanel Persoa... Read more

Answer:Malwares Keep Coming Back

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed. Use the 'Add Reply' and add the new log to this thread. Also please explain your problem as fully as possible. Each little detail will help in getting your system cleaned up and functional again.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan: * Download DDS by sUBs from one of the following links. Save it to your desktop. DDS.com DDS.scr DDS.pif * Double click on the DDS icon, allow it t... Read more

9 more replies
Relevance 48.79%

Hope someone can help. I've tried getting rid of CWS by using Ad-Aware Pro, Spybot, GIANT Antispyware, CWShredder, and HijackThis. I've searched the registry, emptied temp folders, reset web settings. It seems to go away, but as soon as I connect to the web, it comes back again. Below is my latest HijackThis log. Any help is greatly appreciated!! Logfile of HijackThis v1.97.7Scan saved at 11:05:35 AM, on 12/2/2004Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\CFusionMX\runtime\bin\jrunsvc.exeC:\CFusionMX\db\slserver52\bin\swagent.exeC:\CFusionMX\db\slserver52\bin\swstrtr.exeC:\CFusionMX\runtime\bin\jrun.exeC:\CFusionMX\db\slserver52\bin\swsoc.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\PROGRA~1\Iomega\System32\AppServices.exeC:\P... Read more

Answer:CWS and IGetNet keep coming back!

Your log looks clean. Please reboot your computer and post a new log.

2 more replies
Relevance 48.79%

A couple of weeks ago when I started my computer (Windows XP Pro) a popup appeared, without me going on the internet. In the title bar it said http:// morze . cafreedom . com, and the popup was saying I might have spyware and to click a link to begin scanning - as if I'd click it!Anyway I ran Ad-Aware and it found a few items, but the one that stood out was VX2 and was categorised as MalWare. It couldn't delete the file vgz.dll, so I had to delete it via the command prompt. Doing this closed all Explorer and Internet Explorer windows, which presumably is because it was running/using Explorer. It actually restarted explorer completely, so everything disappeared for a moment.Having got rid of it, I had no problems... until the next time. It keeps coming back, sometimes when I'm logged on, other times when I've restarted... I can't see when it's coming back - just seems random.I haven't been on any dodgy sites, so I can only assume that there's another file other than vgz.dll still on my hard disk somewhere that Ad-Aware, Spybot and AVG won't detect.Any ideas?Thanks in advance,Gary

Answer:VX2 MalWare Keeps Coming Back!!!

You can try this add-on from ad-awareclick here

10 more replies
Relevance 48.79%

Hey guys,I run adaware and spybot search and destroy, it cleans some stuff off but the spyware keeps comeing back. I got hit with this yesterday afternoon. I do believe it was a font site called font mania I was looking at where I got it.Here is my hijack this log---------------------------------------------------------------------------------------Logfile of HijackThis v1.98.2Scan saved at 9:02:53 AM, on 2/17/2005Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exeC:\WINDOWS\System32\inetsrv\inetinfo.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\tcpsvcs.exeC:\WINDOWS\System32\snmp.exeC:\Program Files\Pwrchute\ups.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\dla\tfswctrl.exeC:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exeC:\Program Files\QuickTime\qttask... Read more

Answer:Spyware keeps coming back.

You are using an outdated version of hijackthis. Please download the newer version.Download HijackThis from:HijackThis Download SiteThen post a new log

7 more replies
Relevance 48.79%

As the title says, whenever i start my PC, the language bar (rightclick on the taskbar->toolbars->languagebar) comes back. I can make it go away, but i have to do that everytime i start my PC...

any ideas?
 

Answer:Language bar keeps coming back- Xp Pro x64

control panel > regional & language options > languages tab > text services and input > details > pref > language bar > deselect the "show the language bar"

iirc, been a while sorry
 

2 more replies
Relevance 48.79%

Logfile of HijackThis v1.99.1Scan saved at 9:56:14 PM, on 3/4/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton AntiVirus\SAVScan.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exeC:\WINDOWS\System32\wsys.exeC:\WINDOWS\System32\hkcmd.exeC:\Program Files\Java\j2re1.4.2_06\bin\jusched.exeC:\Program Files\ScanSoft\PaperPort\pptd40nt.exeC:\WINDOWS\system32\wsxsvc\wsxsvc.exeC:\WINDOWS\system32\vmss\vmss.exeC:\WINDOWS\system32\ykyogu.exeC:\WINDOWS\system32\lodbksuj.exeC:\WINDOWS\system32\xmsiaybg.exeC:\WINDOWS\system32&#... Read more

Answer:How do I get rid of my virus, cause it keeps coming back....

Now please Download LSPFix from:LSP-FixDisconnect from the Internet and close all Internet Explorer Windows. Run the program and check the "I know what I'm doing" Button and place all listings of c:\windows\system32\aklsp.dll and c:\windows\system32\dolsp.dll into the remove section by clicking on the button that points to the right. When all instances of this dll are in the Remove section. Press the finish button.Then Reboot.To see a tutorial on how to use this program click the link below:Using LSP-Fix to remove LSP Spyware & HijackersPrint out these instructions and then close all windows including Internet Explorer.Then I want you to fix some of those entries. Please do the following:Please make sure that you can view all hidden files. Instructions on how to do this can be found here:How to see hidden files in WindowsRun Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button:R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blankR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tagteamgirls.comR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blankR0 - HKCU\Software\Microsoft\Internet Explo... Read more

1 more replies
Relevance 48.79%

I have gone through all the sticky threads. Done the removal process for SmitFraud and Virtumondo. Virtumundo seems to keep returning to infest this machine. I reran all the scanners and got new logs after cleaning everything that they found.

I have attached the new 3 logs that the Windows XP sticky thread requires.

I have no idea how this machine has gotten infected. The user claims that it is from an email that he got.
 

Answer:Virtumondo keeps coming back

This malware seems to have hit a few users all on the 24th of this month...so I am not sure where it is coming from...lets do this:

What is this:
C:\Documents and Settings\All Users\Application Data\mrajehen

Please install:
Java Runtime 6

Please disable all anti-virus and anti-spyware programs while we do the following:

Run thisDisable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Now download The Avenger by Swandog469, and save it to your Desktop.
* Extract avenger.exe from the Zip file and save it to your desktop
* Run avenger.exe by double-clicking on it.
* Do not change any check box options!!
* Copy everything in the Quote box below, and paste it into the Input script here: part of the window:



Files to delete:
C:\WINDOWS\a.bat
C:\WINDOWS\base64.tmp
C:\WINDOWS\bdn.com
C:\WINDOWS\mssecu.exe
C:\WINDOWS\FVProtect.exe
C:\WINDOWS\system32emesx.dll
C:\WINDOWS\sy1259~1.exe
C:\WINDOWS\sy1297~1.exe
C:\WINDOWS\sy16af~1.exe
C:\WINDOWS\sy2295~1.exe
C:\WINDOWS\sy2e78~1.exe
C:\WINDOWS\sy2f76~1.exe
C:\WINDOWS\sy38d3~1.exe
C:\WINDOWS\sy536a~1.exe
C:\WINDOWS\sy580b~1.exe
C:\WINDOWS\sy5e80~1.exe
C:\WINDOWS\sy6e96~1.dll
C:\WINDOWS\sy7636~1.dll
C:\WINDOWS\sy7a3e~1.dll
C:\WINDOWS\sy7cb6~1.exe
C:\WINDOWS\sy7ccd~1.dll
C:\WINDOWS\sy8105~1.exe
C:\WINDOWS\sy8405~1.exe
C:\WINDOWS\sy8a3a~... Read more

9 more replies
Relevance 48.79%

Hello--I keep running my Spyware Doctor, and every day I get a warning that I have tdlcmd.dll in my Windows/system32 file, and every day I delete it, and then the next day it's back. There's obviously something else going on here that I'm missing. Thanks very much for any help you can give me!!

Here's my Hijack This:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:41:10 PM, on 12/30/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program F... Read more

More replies
Relevance 48.79%

Need help removing this process... and yes, I know the dif between it and the legit svchost

Within Task Manager, a svchost.exe process keeps generating with a description of 'winrscmde' instead of Host Process For Windows Services. It was sucking up 600k of my RAM and my internet speed went to pot. My BullGuard firewall log shows that process is sending massive traffic out to misc sites. I've blocked it via the firewall and have tried at least a dozen times to remove it via Malwarebytes (it finds it, IDs it as a Trojan) but it comes back every time I tell it to delete it (and after the subsequent restart). I've even tried it in Safe Mode with the same results. My BullGuard AV portion doesn't even find it.

I've tried to System Restore to a prior point, but it's still there. I've also tried to physically delete the file it specifies in c:\windows. No joy - it returns after reboot.

Here is the log that a Malwarebytes quick scan produces after I tell it to remove the Trojan.
______________________________________________________________________________________________
______________________________________________________________________________________________

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7961

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

10/16/2011 3:50:35 PM
mbam-log-2011-10-16 (15-50-35).txt

Scan type: Quick scan
Objects scanned: 195494
Time elapsed: 5 minute(s), 30 ... Read more

Answer:winrscmde Keeps Coming Back

With the information you have provided I believe you will need help from the malware removal team. Please make sure that you read the information about getting started first.Then start a new thread HERE and include or required logs.Including a link to this thread will be helpful. Good luck and be patient. Help is on the way!

6 more replies
Relevance 48.79%

Hi I'm using Win XP and everytime I use Ad-aware to check the system my Antivirus program PC-cillin 2002 detects it and quarantines it and I choose to delete it.
But then after doing some regular surfing and email business and I do the same security procedure as mentioned above it finds Troj_haktek once again.

At first I thought it was because I visited some porno forums, but after some weeks doing just regular emailing and visiting my usual non sexy forums the PC-cillin finds Troj_haktek once again.
I've done a complete HD scan several times before after deleting the virus and PC-cillin says I'm OK. So I'm guessing the origin isn't from my computer, so it must be from visiting some website or forum. Is this a correct guess??

How can I determine what source it is that makes Troj_haktek come back even after I have deleted it with PC-cillin 2002?
And I've gone into the registry to find the haktek folder in current_user/software or something similar to that but can't find any such folder...
 

Answer:Troj_haktek keeps coming back!

16 more replies
Relevance 48.79%

i scanned my flash drive with Avast antivirus and it detected a virus "antisys.exe". i had it removed but after using the disk and running a scan again, its back. I don't see the file on the drive but Avast kept telling me it is infected with the "antisys.exe" virus. and after deleting the file using avast and running a scan again, it's still there. Is it really a virus? how do i remove it without losing all the data in my flash drive. Any help is greatly appreciated. Thanks in advance.
 

More replies
Relevance 48.79%

I have scoured though numerous posts about the winwea32.dll and removal of this virus, but even after removing it using hijackthis it keeps coming back. Is there another virus out there that installs this thing that I am not catching? I am also seeing reocurance of bgates[1].exe and srvkit[1].exe, xxtxxxw.dll, srvxxx[1].exe, winxxx.tmp, etc in Norton.

Here is my hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 4:15:17 AM, on 8/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debu... Read more

Answer:winwea32.dll keeps coming back

Hi, Welcome to TSG!!

Click Here and download Killbox and save it to your desktop.
Double-click on Killbox.exe to run it.
Put a tick by Delete on Reboot.
In the "Full Path of File to Delete" box, copy and paste the following:

C:\WINDOWS\SYSTEM32\winwea32.dll

Click on the button that has the red circle with the X in the middle after you enter the file name.
It will ask for confimation to delete the file.
Click Yes.
It will ask if you want to reboot now,
Click Yes.

Note: It is possible that Killbox will tell you that the file does not exist.

If your computer does not restart automatically then please restart it manually.
If you get an error message "PendingFileRenameOperations Registry Data has been Removed by External Process!" message then just restart manually.
 

1 more replies