Computer Support Forum

Cleaning up and removing malware from an old laptop for the first time

Question: Cleaning up and removing malware from an old laptop for the first time

My friend has a laptop that he has had for about 5 years now. He has stopped using it because it is slow and often freezing. It is running windoes 7 i think. I said I would take it and try to sort it out for him as I know you guys would be able to help me. I don't think he ever did malware/virus scans. Probably everything that would need doing is going to have to be done. He has probably never done any updates to anything. I don't really know where to start so was hoping someone could talk me through it.

Relevance 100%
Preferred Solution: Cleaning up and removing malware from an old laptop for the first time

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Cleaning up and removing malware from an old laptop for the first time

1/ Is there any Data that requires to be backed up first - That he needs ?.....DO THAT FIRST !
    If not - i would restore it to the day he got / if it has a Factory Restore Partition.
 
2/ If you choose the Factory Restore option , goto the Manufactures site of the Laptop / enter the Model etc / follow the Instructions to Restore.
 
    After that is done / you then need to do all Windows Updates / Antivirus / and Install your Programs.
 
3/ If you need to just clean it up / or the restore partition is not available , and just remove any Malware / Viruses etc....
 
    Then you will need to post the Make / Model and wait for assistance in the removal of such and post various Logs as instructed.

2 more replies
Relevance 68.06%

I read the read and run me first malware removal guide. I downloaded and ran the following: Hitman Pro, Malwarebytes Anti Malware; RogueKiller; Defrogger.exe; MG tools

I do not have any Disk Emulation software. I ran CCleaner. Attached are the logs. Please let me know if I have any problems or malware.

I have a regrun lot in .txt form, but the file size is too large. How do I attach to a post?
 

Answer:cleaning windows xp 32 bit system and removing malware

Attached are the MGlogs
 

4 more replies
Relevance 63.55%

Hey everyone!

A friend of mine gave me an HP Pavilion dv1411se notebook and I would like to give the fan and heatsink a thorough cleaning, although I'm pretty positive the fan doesn't work at all. However, I've seen pictures online of how much dust can build up on the heatsink and I'd like to get that taken care of. Ultimately, I would like to replace the fan and possibly the heatsink altogether, but for now, giving both a proper cleaning will give me peace of mind. My objective is to pull the thing apart in order so do so.

This will be my first time doing anything like this and my reason for wanting to is the fact that computer repair shops are just too damn expensive for my budget, plus I'd really just like to know how.

Does anyone have any good words of advice before I tear into my laptop? I've read somewhere that static electricity can "fry the system." Is this true? I'm planning on getting rid of the dust from the heatsink with a vacuum, but I've also read that this isn't always a safe practice either.

I'm gonna use the HP Maintenance and Service guide to assist me:

http://h10032.www1.hp.com/ctg/Manual/c00636251.pdf

If anyone else has any other tips or suggestions, I'd appreciate it.
 

Answer:First Time Cleaning Laptop

13 more replies
Relevance 63.14%

I've been having trouble with overheating so after searching for advice on the forums I decided to blow out the dust and clean the fan/heatsink area myself. The big problem is, I can't get the screws out! There are two screws on the back of the Y410 laptop fastening the CPU fan area. One of them is on the surface, the other is at the bottom of a hole. The problem with these screws is that they dont just come out, they have to be helped. i had to pull the first screw with my fingers while i turned it, for it to come out, otherwise it would just keep turning and clicking. The problem with the sunken screw which is labed "B" is that i cant lift it because there is no room. So it just turns and clicks and I can't get into my laptop!! Anyone have any advice???

Answer:Y410: Cleaning Fan, Trouble removing screws on back of laptop!! Please Help..

Sounds like they are "captive" screws, they are not meant to come out.When they click, just pry the cover up, there should be a notch for that.

1 more replies
Relevance 63.14%

Hello, I'm sitting here with my Sony Vaio model PCG-61112L juuuust about cracked open and waiting to be cleaned. I've noticed lately that fps during games has been dipping, and i'll get gpu driver errors whe browsing the web, causing my display to refresh (always recovers). This is why i am cleaning it out now.

I've got my RAM chips, battery, and what i think is the hard drive removed, and all screws out. When i tried opening the bottom case, i then noticed that there is a small black cable attached to the case. I have no idea what this is, but it is attached to a ribbon thing next to where the RAM chips were labelled as "To MB." Sounds like it has something to do with the motherboard, but all i want to do is disconnect it or something so i can get the bottom casing off so i can clean this thing. Any help on this would be fantastic.
 

Answer:Cleaning inside of laptop for first time

"and what i think is the hard drive removed" & "I have no idea what this is" Click to expand...

Do you have a service manual for this laptop? My advice, since you don't sound very knowledgeable or experienced, is to stop what you're doing. Your problems about FPS & GPU driver errors are most likely due to other issues than the computer needing cleaning.
 

3 more replies
Relevance 61.5%

Howdy, recently my system is being bogged down, including issues where my cpu usage shoots to 100% and locks the entire system up and normal games I have on the pc that are online will just not connect to the internet anymore. So I'd appreciate any help I could get with this, I've ran spybot search and destroy and multiple antivirus software and nothing seems to help with the situation so here is my hijack this log, i hope you folks can give it a better shot than me.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:48:40 AM, on 4/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MSN Messen... Read more

More replies
Relevance 61.09%

I'm trying to help a friend who keeps getting various popups on their laptop, which I have whilst trying to get it sorted out.
I have attached screenshots as below.

One for a security warning regarding Worm.Win32.NetSky, one that looks like the microsoft update settings screen, but is for phishing, and ones to do with computer being attacked.

I also have 3 icons on the desktop for Privacy Protector, Error Cleaner& Spyware&Malware Protection.

I've followed the 5 steps before posting and have inserted/attached files as instructed.

Any help would be greatly appreciated.


Panda log:


Incident Status Location

Adware:Adware/Matcash Not disinfected C:\Program Files\Dot1XCfg\Dot1XCfg.exe
Adware:adware/commad Not disinfected Windows Registry ... Read more

Answer:Need help cleaning laptop with malware

Hi smaccabe,

Please subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Add Subscription.

--------------------------------------------------------------

Before beginning the proposed fix, read this post completely. Any questions should be kindly asked before proceeding. Ensure that there are no open browsers when carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

--------------------------------------------------------------

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://download.bleepingcomputer.com...Fixwareout.exeSave it to your desktop and run it.
Click "Next", then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin: Please follow the prompts.
You will be asked to reboot your computer: Please do so.
Your system may take longer than usual to load and this is normal.
Once the desktop loads post the text that will open (report.txt)

--------------------------------------------------------------

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcompute... Read more

9 more replies
Relevance 60.68%

Hello Everyone,

I'm pretty new to the forums and want to say thank you in advance. First off, I have caught up on some reading and have printed out the neccessary read this first files and steps to clean and remove malware, but before I began and start posting logs I have a question or two which I think needs to be addressed before I receive help.

First off, I was going off of advice from another forum and lets just say they were wrong and now I'm where I need to be. First mistake by me was I was using Msconfig to keep some things from loading. I have read the recommended reading here and have since switched to normal start up now. Still I believe a few malware or virus files may have been messed with when I ran scans and etc with msconfig holding some of the files back.

The second mistake and to be honest I'm not clear with is the system restore. Upon advice from my friend I turned off system restore as he said it could be bad to have it on while cleaning. I have since read the material here and still an a little unclear. Should it be turned off as you are working to clean the computer or on while working to clean the computer? I read the forum where it talks about the toggle, but it wasn't clear to me if it should be or off while running all my scans and cleaning. Now here is the problem. I can no longer find system restore in my systems properties area to turn it back on. The tab for system restore has vanished. So don't know how to tur... Read more

Answer:Need Help Cleaning My Laptop of Malware and possible viruses

First mistake by me was I was using Msconfig to keep some things from loading.Click to expand...

Yes---it is not wise to use MSCONFIG or Ccleaner to control start-ups, you would be better advised to use software such as Start-up CPL which is available for download here at Majorgeeks. If you're interested in using this then I will link you a little later on.




The second mistake and to be honest I'm not clear with is the system restore. Upon advice from my friend I turned off system restore as he said it could be bad to have it on while cleaning.Click to expand...

You should not toggle system restore until we have finished the clean up process. A "dirty" restore point is better than having none at all






..Now here is the problem. I can no longer find system restore in my systems properties area to turn it back on. The tab for system restore has vanished. So don't know how to turn it back on.Click to expand...

We can see what happens after we have cleaned your machine (which we cannot do until you attach the requested logs) or you can have a look at this link here and see if it helps you.

Troubleshooting steps for issues when you try to use the System Restore tool in Windows XP





The other issue I am cofused upon is do i run all the scans in safe mode or normal mode. as far as the neccessary downloads for cleaning or do I just run the stuff in normal mode and only run something in safe mode if the instr... Read more

3 more replies
Relevance 59.45%

Hi,
I'm a new user and I'm not really a "professional" in computer stuff etc. I had the "salus" malware and it  was making my browser and my windows system both running really slow. I came on this group and read a lot about how to get rid of this virus so i've download AdwCleaner, and run it, it cleaned my computer but still my windows system and browsers are still running slow :/ I don't know what to do,please help me because there's a lot of very important art works on my computer and i can't loose them :/ Thank you in advance <3

Answer:Slow laptop after cleaning the Salus malware with Adwcleaner.

Hi lnkeeson and
 
Please download RKill by Grinler HERE and save it to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
    Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
    A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
    If nothing happens or if the tool does not run, please let me know in your next reply.
    A log pops up at the end of the run. This log file is located at C:\rkill.log.
    Please post the log in your next reply.
 
 
Download Screen317 Security Check HERE and save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Please post the contents of that document.
Note:: If any security program requests permission t... Read more

45 more replies
Relevance 57.4%

After a routine Trend Micro Internet Security scan it discovered I had Trojans lodged in Restore File of axillary drive (not C:\). So I made visible 'Show Hidden Files and Folders' in order to delete those files. But when I clicked on the System Restore directory on the affected drive I got an Access Denied warning. Even after making the drive readable I got the same warning and cannot open the directory to delete the bad files. So I did a System Restore flush then rebooted to Safe Mode to proceed with the "Malware Cleaning Guide" cleaning. The first scan with Malwarebytes' Anti-Malware showed no vulnerabilities. Then the online scan from Panda showed the same Trojans lodged in Restore File of axillary drive. But then the log file from the Panda scan would not save to my computer. Am currently running the online Kapersky scan and online Trend Micro Housecall then will continue with rest of "Malware Cleaning Guide". But wanted to give this early heads-up.
 

Answer:In the middle of Malware Cleaning Guide cleaning = a few things have popped up.

Welcome to Major Geeks!





teelions said:





But when I clicked on the System Restore directory on the affected drive I got an Access Denied warning. Even after making the drive readable I got the same warning and cannot open the directory to delete the bad files.Click to expand...

Normal behavior.





teelions said:





So I did a System Restore flush then rebooted to Safe Mode to proceed with the "Malware Cleaning Guide" cleaning. The first scan with Malwarebytes' Anti-Malware showed no vulnerabilities. Then the online scan from Panda showed the same Trojans lodged in Restore File of axillary drive.Click to expand...

System Restore has the ability to be turn off for separate drives or all drives. What did you use? Also the auxiliary drive (if removable) needs to be plugged in while you do this.
 

1 more replies
Relevance 56.58%

Source
I totally agree with the below text in bold...




The more effective solution: clean, backup and then ?nuke and pave?

Lego patching up a brick wall (image: pixabay.com)To make this very clear, as there are still loads of misconceptions about it all over the internet:

A once-infected computer can?t be trusted anymore.

Afer cleaning and making backups of your data, you always have to wipe and reload your entire operating system from scratch. We fully understand that many IT people will moan about that idea and argue, ?but it takes sooo long to do that, and who?s going to pay for it?? or maybe, ?there is necessary old software on that PC that can?t be found/installed anymore?. But honestly, if you really want to clean a system well, it always takes a long time. Furthermore, if the software is truly so old that you can?t find it anymore, isn?t it probably time to replace it with something more modern anyway?Click to expand...


----------------------------------------------------------------------------------------------------------------




Another strange pop-up or unexpected crash, and it?s time to take your computer back to the shop, right?

But what if you could avoid losing precious data and time spent with your computer? What if this whole cleaning step could be eliminated entirely?

This is why protection is a pivotal topic in the antivirus industry. Cleaning and protecting seem like two methods that aim for the ... Read more

Answer:Cleaning vs. Protection – Why you shouldn’t rely on malware cleaning

As with most things in life prevention is better than the cure.
 

32 more replies
Relevance 56.17%

My girlfriends laptop has 10 malware/trojan files and I don't know what to do about removing them. I detected them by running windowsecurity.com/trojanscan but I don't know where to go from there. I ran HijackThis v1.99.1 but I couldn't find the directories that the trojanscan listed. What do I need to do?

Here is her HijackThis report in case anyone can tell me what I can safely remove:
Logfile of HijackThis v1.99.1
Scan saved at 1:48:47 AM, on 2/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=searchfavweb&c=1c02&lc=0409
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://store.presario.net/scripts/r... Read more

Answer:Removing malware from laptop??

Have a read thru this while people wake up and get their morning coffees.
http://hardforum.com/showthread.php?t=766094

Once you have read the above




O4 - HKLM\..\Run: [{00-00-0A-A4-ZN}] c:\windows\system32\dwdsregt.exe FI002
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c10.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cabClick to expand...

Those need to be deleted (odds are you'll have to do it in safemode)
 

15 more replies
Relevance 55.76%

I am trying to remove Security Suite, a malware that got on my computer. I have followed the instructions in this guide I found. I downloaded malwarebytes and was performing the scan when my computer randomly shut down. There's no problem with the power on my laptop, as it was charging. Now if I try and run Iexplore, half the time my computer will shut down, and if I can get to malwarebytes and perform a scan, it will shut down. Help?

Answer:Laptop shutting down while removing malware

You are using Safe mode with Networking, ar'nt you?

4 more replies
Relevance 55.76%

How's it going MajorGeeks forum,

I recently posted in the Malware section since I was infected with the Adware.Vundo.MsJuan thing. I did the requested steps, attached logs and removed what I was told to remove. Now the spyware searchers come up with nothing every time i run them. However, my computer is still slow, I still have random pop ups, and sometimes the page I'm viewing gets redirected to another. I was told to redirect my posts in this section. Whoever replies first please tell me what other information you need to make this easier for you. Thanks! I really appreciate all the help that yall give.

Derek
 

Answer:Slow Laptop After Removing Malware

Hmm, when you say, "I still have random pop ups, and sometimes the page I'm viewing gets redirected to another", that leaves some doubt that your system is completely malware free.

You might go ahead and get CCleaner. See http://forums.majorgeeks.com/showthread.php?t=106650 for more detail. Let us know how it goes.

By the way, do you have all your important files backed up on some type of external media?

Second edit: I really don't spend much time in the Malware section. So, perhaps you've already been advised to use CCleaner.
 

1 more replies
Relevance 54.94%

Please help me remove whatever my laptop has, I already tried download many tools to remove them....still no luck, I have pop up ads every link I click on. Ads on every window and computer running really slow...
 
here is my DSS Log, thanks
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16533  BrowserJavaVersion: 10.25.2
Run by Owner at 0:24:28 on 2014-02-24
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.4062.1937 [GMT -8:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svch... Read more

Answer:Help removing virus, malware, or any spyware on my laptop

Hi there, please run a FRST scan:Please download Farbar Recovery Scan Tool and save it to your Desktop.(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)Start FRST with administator privileges.Make sure the option Addition.txt is checked and press the Scan button.When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.Please copy and paste these logs in your next reply.

13 more replies
Relevance 54.94%

Hi,
My laptop has become quite slow since past few days and get annoying IE Pop-up windows recently. Even my Symantec Antivirus Protecion has got disabled.


Please let me know what logs I need to provide to resolve these issues.

Thanks,
 

Answer:Need Help removing Virus, Spyware and Malware from my laptop

Welcome to Major Geeks!

Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

READ & RUN ME FIRST. Malware Removal Guide
 

25 more replies
Relevance 54.94%

Hello all. I'm working on my wifes ASUS laptop for 2 days. Windows 7. She complained about slow speeds. I removed something a year or so ago(rkill/MB), so I decided to dig in. I'm familiar with hardware(wrenching), but not so good with the software side. 
 
I started by removing unwanted /needed programs via add/remove. I had installed MSE and Malewarebytes the prior time removing virus. As I launched MB it prompted me to start the trial again, fine and dandy. It removed 830ish PUP's etc. I thought all was well. As I was aiming for search conduit, I reset her internet explorer settings.
 
Big mistake for me. Her company uses IE7 for there programs. Someone in the company got her to IE7 from the original IE8 on the comp. The programs are now supposed to run up to IE10 now, but she could not quote anything outta IE8( I had her try the F12 to IE7....no go).
 
SO... she tried to download something???? She said IE7, but I was not there. The computer was fine(she said still slow) after I worked on it. NOT so after the downloads. Obviously alot packaged with the download. Not removable is PC optimzer pro V3.2 and something else I'll have to get the name later.
 
Today comp is waaaay slow, wont run MSE or MB, crashed a few times. Boot to safe mode, both MSE and MB gets stuck. Put Rkill on usb and run. Says good to go. MB stopped both times at the same file(stuck 15 mins on same file), I ran Rkill before both attempts. I'm currently trying to run MSE after a 3... Read more

Answer:Laptop with trouble removing virus/malware

 IE7 on Windows 7 is a very non-standard way of doing things since Windows 7 started out with Windows 8 from the get-go in 2009.  It sounds like things on that laptop have gotten pretty badly corrupted, so I'd make sure I had whatever it takes to restore that system to factory settings if it should come to that.  I'd also be sure to keep current backups for any data you don't want to lose.  Could she use Chrome and or Firefox browsers instead of IE?  IE has been buggy for years so I avoid it for all but Windows Update.  
 
You could try running SFC to check for corrupt system files and attempt to repair them.  To do that click Start and type CMD in the search box, right-click CMD.EXE, and click Run as administrator.  Then from the command prompt type sfc /scannow.  
 
 Another thing you could try would be to boot from a reapir or Windows 7 install disc and do a repair operation.  If you don't have either, you can make a repair disc by clicking Start -> Control Panel -> Backup and Restore -> Create system repair disc.  Insert a blank CD-R and it'll make it in about 4 minutes.  Then boot from that disc and do the repair.
 
  When you've gotten that system back like you want it, I urge you to get yourself an external hard drive and a good 3rd party backup program. You can set it up to do everything automagically at the time and frequency of your choice. 1 TB external hard driv... Read more

5 more replies
Relevance 54.53%

Hi,

My laptop is running very slow and I need help with removing malware/virus. I've read the post about what needs to be included in the first post. Here are the results:

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i3 CPU U 330 @ 1.20GHz, Intel64 Family 6 Model 37 Stepping 5
Processor Count: 4
RAM: 1909 Mb
Graphics Card: Intel(R) HD Graphics, 730 Mb
Hard Drives: C: Total - 225691 MB, Free - 80960 MB;
Motherboard: Dell Inc., 0K039P
Antivirus: Microsoft Security Essentials, Disabled

please help with this virus/malware removal to help my computer run good.

thanks.
 

Answer:Laptop is running REALLY SLOW....need help removing virus/malware.

13 more replies
Relevance 53.3%

Hello. I am trying to fix a friend's laptop computer that has Windows 7 installed.

When he gave it to me it was infected with some assorted malware(trojans, etc.). At first, I could not open any applications whatsoever. Every time I would try it would ask me if I wanted to use internet explorer to open it.

I created a few rescue CD's(dr web, avira, avg, etc) and ran those. They cleaned up most of the problems.

Also, I installed AVG free edition and malware bytes. I ran both of those. That removed several more pieces of malware.

At that point, things were mostly good. But I noticed that almost all of the files on the computer had been marked as hidden(the desktop images were all faint, etc). So I went through and manually removed the "hidden" setting from all the PC files.

It seems like I am 99% good. However, when I open firefox browser and enter a google search, and click on a link in the search results, it sometimes redirects me to some other unwanted site. So I guess that there is still some malware lingering in the background that could not be found by AVG and malware bytes.

Any recommendations to fix this?

Thanks!

TC

Answer:Help needed removing malware from a laptop with Windows 7(browser related problem)

superantispyware followed by a xoftspyscan finished with a winaso registry clean..

do disk cleanup first and delete all temp files to speed up scan times- a trick most ppl overlook. Also don't hesitate to scan in safe mode if virus/malware is persistant.

5 more replies
Relevance 51.25%

Whenever I have a PC problem such as running slow or suspected viruses I normally take it to my local PC shop and they sort it out.What I would like to know is it possible for me to do it for myself if so how do I do it.I always run a scan on both Bullguard and malwarebytes but they have never shown any problems.Ialso run cc cleaner very regular.How do I go about removing viruses and gnerally cleaning up the PC myself or is it too difficult.I run on Windows 7

Answer:Removing viruses and cleaning up PC

If no problems are showing what makes you think that you need to.

10 more replies
Relevance 50.02%

In an earlier thread about Disabling Windows Updates,
pwillener posted:




pwillener said:





Most of the disk space occupied by Microsoft Update are the uninstallers in the %WINDIR% folder.
If you do not plan to uninstall them (after updates have proven stable),
you can have them deleted using CCleaner.
(Don't delete them manually;
CCleaner knows what folders must remain there in order for Microsoft Update to function correctly.)Click to expand...





mjnc said:





That's a great tip.

That is listed under the Advanced heading as Hotfix Uninstallers

I just ticked that and ran the Analyze scan to see how much space would be cleared.
It IS significant at 542MB but you have no control over which uninstallers will be removed.Click to expand...

I found there is a way to Examine and Control which Uninstallers will be removed
by first getting a Detailed List of what will be removed and Saving that list to a Text file.

Before the first scan:

Select Options in the left panel
Select Advanced
Tick 'Show initial results in detailed view'
Go to Cleaner in the left panel and select Hotfix Uninstallers
select Analyze
Right click an item in the resulting list and select Save to text file...

Then you can Review the list of Uninstallers that would be removed.

If there are any that you Do Not want to be removed, you can run the scan again
and in the displayed list, Right cli... Read more

Answer:Removing / Cleaning Windows Hotfix Uninstallers

I routinely delete or allow CCleaner to delete them, have done for years.
 

1 more replies
Relevance 49.61%

Hello,
 
I'm new to the Forum and came across BC when looking for a solution to a malware alert I received a few days ago that I've not been able to remove. Hopefully I've posted in the correct area.
 
One of them is:
PWS:Win32/Zbot
 
 
The following error occurred: Error code 0x80508023. The program could not find the malware and other potentially unwanted software on this computer.
 
 
The other is:
 
PWS:Win32/Zbot.gen!AP
 
 
Items:
 
process:pid: 1504, 460 and 7148
 
This is the post that lead me to BC and I've followed the instructions provided in the link below hoping it would work for my similar issues and have the logs but it's not fully resolved the issues:
 
http://www.bleepingcomputer.com/forums/t/515309/mse-says-it-removed-win64rovnixgena-but/
 
 
I thought I had it done an hour ago only to see it again after running TDSSKILLER and rebooting. MSE keeps finding the items upon reboot cleaning them and requesting a restart so the cycle has continued and I'm not sure what to do after several attempts.
 
I'm running MSE automatically each day and when I ran MS Safety Scanner this is the log I received:
PWS:Win32/Zbot – partially removed, manual steps required
PWS:Win32/Zbot.gen!AP – Detected, not removed
 
 
Any assistance that you can offer would be appreciated.
 
Thanks in advance!

Answer:Help cleaning removing PWS:Win32/Zbot.gen!AP repeated occurances

Can you post the TDSS Killer logs?

6 more replies
Relevance 49.61%

I tried almost everything I could in my knowledge to clean the malware extensions from chrome and fire fox but nothing worked..I landed here after seeing people getting their malware problems solved by experts..I will follow instructions to the T without exceptions..

Thanks in advance.

regards

nabchak
 

Answer:Repeated cleaning not removing NeextCoup, Saveemaass and PariceCaHoup

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable. ​
Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
Right-click on icon and select Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.


Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your desktop.
Right-click on icon and select Run as Administrator to start the tool.
Follow the prompts and click Scan.
When finished, please click Clean.
Upon completion, click Report. A log (AdwCleaner[S*].txt) will open.

Please include the contents of that file in your reply.
 

15 more replies
Relevance 49.61%
Question: Its cleaning time.

hello, i need to clean my computer.

i need to see if i have anything wrong in the system.

heres a hijack log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:27:58 PM, on 6/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files... Read more

More replies
Relevance 49.61%

So Ive noticed my internet has been slow and doing some weird things lately, so I figure its time to get it cleaned up again. Here is my hijackthis log....Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:41:57 PM, on 10/29/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:E:\WINDOWS\System32\smss.exeE:\WINDOWS\system32\winlogon.exeE:\WINDOWS\system32\services.exeE:\WINDOWS\system32\lsass.exeE:\WINDOWS\system32\Ati2evxx.exeE:\WINDOWS\system32\svchost.exeE:\WINDOWS\System32\svchost.exeE:\WINDOWS\system32\svchost.exeE:\WINDOWS\system32\ZoneLabs\vsmon.exeE:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeE:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeE:\WINDOWS\system32\spoolsv.exeE:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeE:\WINDOWS\system32\CTsvcCDA.exeE:\Program Files\Symantec AntiVirus\DefWatch.exeE:\WINDOWS\system32\PnkBstrA.exeE:\WINDOWS\system32\PnkBstrB.exeE:\Program Files\SanDisk\Sansa Updater\SansaSvr.exeE:\WINDOWS\System32\svchost.exeE:\Program Files\Symantec AntiVirus\Rtvscan.exeE:\WI... Read more

Answer:Time For Another Cleaning

Hello fritzle,Welcome back to Bleeping Computer Sorry about the delay. I don't see anything malicious in your log, so have a look here : http://users.telenet.be/bluepatchy/miekiem...owcomputer.htmlRegards,tea

27 more replies
Relevance 48.79%

I'm not sure what's what and who is friend or foe....I have a lot of trouble with "hanging". Can someone help me?? and please be a little explicit with your directions on what to do......much thanx

Logfile of HijackThis v1.97.7
Scan saved at 11:45:00 AM, on 11/30/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Sy... Read more

Answer:Cleaning out the drive for the first time

Go into Control Panel, Add/Remove programs and remove new.net

Then

Run HJT again and check all of these that remain.
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\bi.dll
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - (no file)
O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet5_48.dll
R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net

Close all browser windows prior to clicking fix checked.

Reboot and post back to let us know how things are going.
 

1 more replies
Relevance 48.79%

Hi...I'm getting some annoying pop ups again. I would really appreciate it if someone could go through my HJT log and offer some suggestions. Thanks in advance!

Logfile of HijackThis v1.99.1
Scan saved at 4:35:06 PM, on 12/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpomau08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Linksys\Wireless-B PCI Adapter\OdHost.exe... Read more

Answer:Solved: Help with Pop Ups....time for a cleaning??

8 more replies
Relevance 48.38%

I have completed the Major attitude removal guide. I have attached the 2 reports for someone to provide feedback on what is wrong with my desktop PC. My infection occurred when I upgraded from the internet security suite Kaspersky 6 to version 7 which is still active now. Please can a qualified person interprete the reports that I have attached?


Cheers!
 

Answer:Cleaning an infected Time PC desktop

Attached is another log file that was too big to attach in my original post.

The desktop PC still appears to be infected because the machine still operates slowly and prompts PID error messages from Kaspersky 7. Any help I can get is appreciated!
 

11 more replies
Relevance 47.15%

Fan IssueI've cleaned my laptop sometime this month after about two years of use. Popped it open, blew everything, popped it back. I saw a post before posting this about removing the battery before cleaning so i'm considering going back and doing that. I usually keep it running in high performance because I use it for gaming. Core/CPU usage is almost never above 10%, currently sitting at 2%-4%. Memory is usually high because I only have a 500GB SSD, currently at 58%. The other stats (disk, network, and GPU), sit at 0 (although GPU will boost to about 60% when gaming). Currently, I have it in balanced mode and set the maximum core usage to 40% and it's still going strong. Any suggestions?  Gaming IssueAlso on a side note, if anyone can assist me with a gaming issue I'm having. My computer has a 960 GTX, i74720GQ @ 2.6GHz, and 500 GB SSD (samsung evo--upgraded from 1TB HD) and I'm having issues with my FPS in-game. It locks at 30 or FPS across all games. I do have two GPU's (integrated and 960 GTX) and have always used the GTX as the primary source, uncapped in-game graphics, limited background interference (services, programs, etc.) and possibly other things I can't think of but cannot release the in-game FPS cap. Even when settings are at the lowest settings. In previous times, if I were to uncap, it'd reach above 60 easily consistently but now when it's uncapped, it never goes above 60. One might ask what changed? After upgrading from HDD to SSD, I had to reset my ... Read more

More replies
Relevance 47.15%

Ok i had troubles with my pc for a while and i ran all sort of malware cleaning programs and now on fresh installed windows this is malware i cannot clean it has some backdoor or something therefore i got no idea what to do. Take a look at rogue killer log¤¤¤ Registry Entries : 10 ¤¤¤[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 89.216.1.40 89.216.1.50  -> FOUND[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 89.216.1.40 89.216.1.50  -> FOUND[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 89.216.1.40 89.216.1.50  -> FOUND[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2E7E09AA-E449-48EA-83FA-609352114E0B} | DhcpNameServer : 89.216.1.40 89.216.1.50  -> FOUND[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2E7E09AA-E449-48EA-83FA-609352114E0B} | DhcpNameServer : 89.216.1.40 89.216.1.50  -> FOUND[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{2E7E09AA-E449-48EA-83FA-609352114E0B} | DhcpNameServer : 89.216.1.40 89.216.1.50  -> FOUND[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 ... Read more

Answer:I need help with some malware cleaning

Is this the same computer as this one http://www.bleepingcomputer.com/forums/t/548391/my-pc-is-too-slow-i-need-help/ in Am I Infected?

5 more replies
Relevance 47.15%

I ran through the self help FAQ and the logs are below. I did have to run it twice b/c some things didn't seem to work correctly. When scanning, I still seem to pick up some hits for spyware so wanted someone to check and see what I need to do to get this computer cleaned properly.
This all started when I went to a web site to read an email some one sent me. Yeah, I know I am stupid.
I had some pop ups and some other things going on like an browser window would open up to a Au3bot or something like that. Seems like it is cleaned now but I still get hits on malware when scanning.
 

Answer:Help in cleaning Malware

Here is the log for MGTools
 

9 more replies
Relevance 47.15%
Question: Cleaning Malware

I have two pc (very different) I have neglected them in the past. I started the cleaning process using this website. You guys are fantastic. Now I need to make a decision on maintenance; I have EZClean,CCleaning, and Eusing Free register cleaner. They seem to work well. Are there any freeware more thourough than any of these. I have purchased Max RegisterCleaner for my second computer. I noticed that different programs bombard spyware and register cleaners from different directions.
Do you concur on any of these programs or do you have more advanced cleaners. I would prefer "Freeware" but purchasing is NOT out of the question
Thanks,
 

Answer:Cleaning Malware

You should see this article on How to Protect yourself from malware!
 

1 more replies
Relevance 47.15%

Hello, again!

So, I've run all of the READ ME FIRST steps and wanted to see if there is still any malware hiding in this computer...
Can you please take a peek at my logs for me???

Thanks a million!

-Stacey
 

Answer:Cleaning up malware...

and here's the last one...
 

4 more replies
Relevance 47.15%

I have reason to believe that I have a virus (probably a rootkit). Additionally, I can not go to windows update, but can browse the rest of the web.Thanks for any help.Here is my DDS:DDS (Ver_10-03-17.01) - NTFSx86 Run by Carolyn at 19:37:13.42 on Tue 09/28/2010Internet Explorer: 8.0.6001.18702============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exec:\Program Files\Microsoft Security Essentials\MsMpEng.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\RTHDCPL.EXEC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Microsoft Security Essentials\msseces.exeC:\Program Files\EarthLink TotalAccess\TaskPanl.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Yahoo!\Messenger\ymsgr_tray.exeC:\Documents and Settings\Carolyn\Local Settings\Application Data\CrossLoop\CrossLoopService.exeC:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exeC:\Program Files\Java\jre... Read more

Answer:need help cleaning up malware

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

2 more replies
Relevance 47.15%

When I was cleaning my friends PC of malware I found over 2400 items in superantispyware, over 500 in Malwarebytes and some viruses using Trend Micro. I was nervous about thinking it was clean and was going to submit a hijackthis log but found out there were other things that needed to be done instead. Attached are the ark.txt and the 2 DDS.txt files. Any help on this would be great. Thanks
DDS (Ver_10-12-12.02) - NTFSx86
Run by Rose at 11:38:33.62 on Sat 02/26/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.515 [GMT -6:00]

AV: Titanium *Enabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
svchost.exe
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Program Files\Trend Micro\UniClient&... Read more

Answer:Cleaning up PC of Malware etc

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

3 more replies
Relevance 47.15%
Question: Cleaning Malware

I recently got a nice little malware called Coupon Companion from CNet and used your handy little guide to download software, scan, and remove it... at least I think it I did.

So far, it appears to be gone, but want to purge the rest of my system anyway. The scanners came back with many few suspicious results, and I'm attaching the logs to figure out if I can fix/remove them.

Thanks for all help in advance.
 

Answer:Cleaning Malware

Welcome to MajorGeeks!

I'm looking over your logs and will reply with a fix.
dr.m
 

11 more replies
Relevance 47.15%

Where and how do I post, to receive help with cleaning my system.

I have completed the "Windows XP Cleaning Procedure".
 

Answer:Where to ask for help with cleaning malware

If you have followed the Read and Run First instructions, you need to attach the following logs:
SAS
MBAM
RootRepeal
ComboFix
C:\MGLogs.zip
 

16 more replies
Relevance 46.74%

On their site it is written that only one on-demand scan will be performed.Does that mean if I run the online scanner on my pc for once and clean detected items,I will not be able to use it in future?There is also a 30day unlimited trial offer is given.Not sure if this is about their private wifi or online scanner.Seeking some advice and feeling terrified.

Answer:ESET online scanner provides only one time free detection and cleaning?

What web page did you see that information?The main scanner page and FAQs do not say it can only be used one time.http://www.eset.com/int/home/products/online-scanner/http://www.eset.com/int/home/products/online-scanner/faq/After every scan, you have the option to uninstall the ESET Online Scanner with all its components or leave them for future scanning.

8 more replies
Relevance 46.74%

Had a machine in riddle with viruses which we duly cleaned up and removed without incident. Uninstalled the applications one at a time, restarting each time it was required and all was good.

After removing the last app (dont ask me which one it was I cant rememebr) the machine no longer starts.

It's boot cycling but once we disable automatic restart on system failure it brings up a STOP 24 error.

Have booted to puppy linux and examined the hard drive (which is SATA btw) and the data seems intact so we can assume, physically at least, that the drive is good.

Booting to an XP CD and attempting to access the recovery console to run chkdsk /r and it appears the drive is either not detected or is empty (the latter we know not to be the case)

Boot to an X CD to attempt a repair install and it tells me there is no hard drive present.

Check the BIOS and the drive is detected properly. swap the hard drive for a SATA CD and it detects the CD without issue which makes me thing the SATA controller must be functioning too.

Now it seems that the this single disk system has some kind of RAID configured on it according to the boot screens. My next step would be to remove the RAID but I'm concerned it might format the drive. Is this likely? It has an ASUS A8R-MX/S motherboard but the info I get from their site is a little vague.

Am I on the right track with the RAID thing or way off base, help me folks its driving me nuts.
 

More replies
Relevance 46.33%

My computer has been running VERY slow lately and I suspect malware. I have an older Dell P4 running at 1.7 MHz with 1 GB ram. I instlled XP Pro over Win2000.

I am using CounterSpy and SpySweeper, AdAware and Search&Destroy along with CA Antivirus and ZoneAlarm Pro.

I ran GetRunKey and Shownew, then I downloaded and ran MS Defender and Malicious Software Removal Tool (Safe Mode) as directed in "READ & RUN ME FIRST Before Asking for Support". I also ran AdAware and S&D, CCleaner, and then disabled system restore. I scanned with Bitdefender and then Panda Active Scan. Finally, I ran Hijack this. System still seems slow.

I have attached the Hijack this, Bitdefender and Panda files.

I would appreciate any suggestions on how to proceed.

Thanks in advance!
 

Answer:Malware cleaning help needed

Hi and Welcome to Majorgeeks

Please run the guide as laid out as your Hijackthis log is not installed and run from the location we request, with the rename of Hijackthis to Analyze.exe
G:\Downloads\SpyBot software\Hijack this\HijackThis.exe you have no signs of having run Windows Defender in your HJT log as you have the old and outdated Microsoft Antispyware installed.

Please re-run the guide in order specified as skipping steps are only prelonging you being infected with malware, our malware experts have a great record of being able to remove malware from a PC if the initial steps are followed.


Hi and Welcome to Majorgeeks!

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
Make sure you check version numbers and get all updates.
Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
Downloading, Installing, and Running HijackThis

Make sure you also rename Hijac... Read more

5 more replies
Relevance 46.33%

Hi - I'm posting this to continue the post that I started in the other forum. Summary:I'm working on a friend's computer running Windows XP Professional, SP3.I first ran Malawarebytes Anti-Malware, Super Anti-Spyware, Spybot Search and Destroy, all in safe mode and got rid of mostly everything. Subsequent scans report that there are no more problems. After that I ran AVG Virus scan and there were no viruses. Per request, I posted the MBAM and SUPERAntiSpyware logs in the previous post.I then ran a DrWeb CureIt scan and posted that log to the prior post.Currently I'm having some trouble getting rid of "PC Confidential". I looked under the add-ons for IE8 and saw a 2 instances of PC Confidental, and 1 instance of PCCBHO.dll. I deleted the registry key associated with all of those entries, and deleted the entire folder (program files/winferno/pc confidental) containing the PCCBHO.dll file. PC Confidential still appears under the "Tools" menu in IE8, and also appears in the context-menu when I right-click on a file.I was instructed to post here. For some reason I can't run the DDS Tool. Therefore, I installed HijackThis and ran a system scan. Here's the log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:15:16 PM, on 7/27/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WI... Read more

Answer:Cleaning Up After Malware Removal

Hello and welcome to Bleeping Computer.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I wouldbe grateful if you would note the following: Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
Copy and paste all logs requested in you reply, Do not attach them unless asked too.
If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
If I do not hear back from you within 5 days of my last post, then this topic will be closed.Please download Malwarebytes' Anti-Malware from HereNote: If you already have Malwarebytes' Anti-Malware, just update then run it.Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest ve... Read more

2 more replies
Relevance 46.33%

Recently found a nasty series of infections popping up. Had an IT friend recommend some freeware programs to help.

1. AVG (already installed) - found Vundo trojan and Cipher virus
2. Super-Antispyware (already installed) - found Trojan-Unclassified (MSXML71) and Rootkit.Cloaked/Service-Gen
3. Ad-Aware (already installed - nothing found other than tracking cookies)
4. Windows Firewall (functioning)

I installed and ran the following programs:
1. Malwarebytes Antimalware (found several viruses including Conficker, trojans, etc. - no log saved)
2. Panda Rootkit (nothing found)
3. F-Secure Backlight (nothing found)
4. Avira Antivir (found TR/Crypt.ZPACK.Gen)
5. Dr Web Cureit (nothing found)
6. Autoruns by Sysinternals (b.exe found running (no iTunes installed, process killed, registry value removed and file deleted)

I'll patiently listen to admonishments about keeping detailed logs, I know it makes your side of things harder.

Update: I did find reference to Conficker infection in the MBAM log by scouring through the deleted files on my C: drive. Unfortunately, I couldn't recover most of the file so I'm not sure whatelse was in that log.

I need to know if I'm clean yet.

I do have a brand new HD in the shrink wrap sitting on my desk incase I need to reinstall the whole stinking Windows, though I'd like to avoid that if possible.

I have ran Comedian and DDS.scr.

ASUS P4P800 Deluxe Mobo, P4 2.8 Gig processor
Windows XP Pro, SP3
IE version 8 (highest security setting on all t... Read more

Answer:Post-Malware Cleaning

Sorry to reply to my own message, but I needed to post an update. Took the time to research a little and removed the last of the suspicious files that I can find.

Below is the text of most recent DDS run (post Comedian)

-----

DDS (Ver_09-06-26.01) - NTFSx86
Run by Wookie at 21:05:45.68 on Fri 07/17/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1568 [GMT -4:00]

AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Windows Defender\MsMpEng.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\Micros... Read more

3 more replies
Relevance 46.33%

Hello all,

I'm working on my friend's PC and figured I would do some possible malware scanning and removal. I've followed the instructions in the "READ and RUN me" thread. Unfortunately I did run into a snag with the Hitman Pro program.

I followed all instructions with it and the program did find about 450 issues and I promptly ignored all as was instructed. Unfortunately whenever I clicked on the "Save log" link, nothing. I could click on that sucker 10 times over and nothing. I ran the scan about 2 more times following the instructions and same result, couldn't save log. I rebooted thinking that might be it, but it ended with the same result of the "Save log" link doing nothing when clicked.

Other than that issue I was able to run all other programs and logs without issue. I've attached the logs below. Looking forward to working with you as you've always been a great help in the past.

Ian
 

Answer:Malware Cleaning And Maintenance.

With Hitman Pro, and what it is finding.... does it all look like junk to you? Are there any valid programs in what it's finding? Let me know. Take screenshots, that would be useful.
 

21 more replies
Relevance 46.33%

Mods: if this counts as malware removal/Operating System error please help me determine either or.

Back story:

I have a client computer with me. Today I receive it and It had all kinds of junk Malware/ect you name it I have it.

Hopefully I got the virus/malware out I need help for that to verify that there is no more malware.

So I did the usual MSE and Malwarebytes. I couldn't use a self-tutorial because it had so much virus.

So After I did that all day the client said "when I put in a CD/DVD it wont play any disc"

So I troubleshoot it and it just spins and reply "Please insert a Disk" that all

What I have done

Installed MSE and Malwarebtyes
Run two completed sweeps several hours
CCleaner didn't use REG cleaner
Remove allot of programs some were Registry Cleaners
sfc /scan now "reported corrupted entries and cannot be fix"
run chkdsk /f
Try to troubleshoot CD/DVD didn't correct the problem

Basically I have it working without the CD/DVD reading because of the virus i believe

I will be backing off from it because I did what I could

I don't have any Recovery disc and I about to just say to reformat

Computer Specs
Windows Vista Home Premium
3GB of Ram
Gateway JM30 Laptop

I will be gone tomorrow so I will have this thread mark on replies so please move this if necessary. Thank you have a great evening.

Answer:Strange day (Cleaning Malware)

Hi, coxchris! I'm going to try to help you out. TDSSKillerI need you to run a scan using TDSSKiller.Download TDSSKiller from here, and save it to your desktop.Double click the file to launch the program. Once the program starts, click Start Scan. Don't change any default scan settings.Once the scan is finished, you'll find a log in your root drive (usually C: ) that will start with TDSS in the file name, please copy and paste it into your reply.MalwarebytesI need you to run a scan with Malwarebytes Anti-Malware.Double-click the MBAM shortcut on your desktop to open MBAM.Click the Update tab, and check for updates. If a new version of MBAM is included in the update, follow the prompts and install it.Once the program is done updating, select the Perform full scan option on the main interface. Then click the Scan button, hit Scan, and let the scan run.Once the scan is finished, a log will pop up. If any malware was found, click the Show Results button, and make sure everything present is checked and click Remove Selected. If MBAM asks you to reboot, do so immediately. Either way, please copy and paste the log into your reply. If your PC is rebooted, you can find the log by opening up MBAM and going to the Logs tab.Please tell me how all of this went in your next reply.

12 more replies
Relevance 46.33%

Good Day All
I believe I have completed the READ & RUN ME FIRST. Malware Removal Guide as you advised and I have included the log postings for your expert review. Thanks in advance.

Original Post
Hello

I would like to first thank you for helping me to resolve some previous issues with my system. I think you are AWESOME!

I recently had a problem accessing automatic windows updates(error 1058). I went through some scaning & cleaning recommendation I found on your site. I believe I have resolved that issue. I am now able to get the updates automatically (Thanks 2 U).

I would like to be certain that all malware and possible infections have been removed. Please tell me what I need to provide so that you can evaluate my system and point me in the right direction if I need take further action.

Thank you Computer GODS!!!
 

Answer:Malware System Cleaning

ComboFix log





Pretteyes said:





Good Day All
I believe I have completed the READ & RUN ME FIRST. Malware Removal Guide as you advised and I have included the log postings for your expert review. Thanks in advance.

Original Post
Hello

I would like to first thank you for helping me to resolve some previous issues with my system. I think you are AWESOME!

I recently had a problem accessing automatic windows updates(error 1058). I went through some scaning & cleaning recommendation I found on your site. I believe I have resolved that issue. I am now able to get the updates automatically (Thanks 2 U).

I would like to be certain that all malware and possible infections have been removed. Please tell me what I need to provide so that you can evaluate my system and point me in the right direction if I need take further action.

Thank you Computer GODS!!!Click to expand...


 

12 more replies
Relevance 46.33%

I have malwarebytes installed in my computer and I keep getting a notification that xmlclick-g.com is getting blocked. I've run a scan and it doesn't find anything but it keeps happening I'm wondering if I can get help cleaning it out all together. Thanks.

Answer:Looking for help cleaning out my computer from any malware

Update: I found the path to where the popup is coming from it's C:\Users\Cristian\AppData\LocalLow\{7757EA05-3AA4-42F4-1684-B9C6693E0C79} And all the folders and files are titled with gibberish but upon looking through them there's a rundll32.exe in one of the folders and I feel like that's gonna ruin my computer more cause I know that's a damn dll rewrite
 
Edit: The whole folder is full of dll processes and I can't get rid of them manually this is annoying. 

14 more replies
Relevance 46.33%

EDIT - I forgot to note that the initial infection was from Antivirus 2010.Hi All,I'm trying to clean up this computer after a bad infection, but after running spybot and malwarebytes I'm still running into some issues. On bootup I'm getting "The application or DLL C:\DOCUME~1\NETWOR~1\ntuser.dll is not a valid windows image" and also "Error loading C:\DOCUME~\NETWOR~1\ntuser.dll %1 is not a valid Win32 application".I'm also getting some virus notification from symantec from time to time saying that it had to quarantine or delete something so there's definitely still bad things in this machine. I'll post the HijackThis logs below. Any help is appreciatedLogfile of Trend Micro HijackThis v2.0.2Scan saved at 11:59:06 AM, on 11/29/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\... Read more

Answer:Need some help cleaning up a malware infection

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 46.33%

I ran frst64, rkill, mbam, tdskiller, Kaspersky kvrt, adswt, jrt.  Malware is gone but IE crashes periodically especially on www.msn.com.
 
My original scans are attached as well with the malware before cleaning.

Answer:IE Crashing after Cleaning a lot of Malware

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

start

EmptyTemp:
CloseProcesses:

Task: {392B9F1B-9658-41F7-AFD1-307DB50259E3} - \WordSurfer Auto Updater 1.10.0.19 Core No Task File <==== ATTENTION
Task: {7E53D741-2CE4-4DD8-93AD-82091ACB0AD4} - System32\Tasks\STUAYCQHXY1 => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION
Task: {B502AE21-BEB7-451A-8E28-4050B2B58EFB} - \WordSurfer Auto Updater 1.10.0.19 Pending Update No Task File <==== ATTENTION
Task: C:\Windows\Tasks\STUAYCQHXY1.job => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.The location is listed in the 3rd line of the Farbar log you have submitted.Run FRST and click Fix only once and wait.Restart the computer normally to reset the registry.The tool will create a log (Fixlog.txt) please post it to your reply.===Reset Internet Explorer:Menu > Tools > Internet Options > Advanced Tab.Click the Reset button on the bottom of the pane.Click the Apply button.Close IE.Clean the Internet Explorer Cache.https://kb.wisc.edu/page.php?id=15141===How is the computer running now?

7 more replies
Relevance 45.92%

My parents' Vista computer is only 6 months old but has been infected with spyware many times. I've cleaned most of it using Malwarebytes but I think there might be something I can't detect. It's pretty slow considering it's a relatively new computer, and it's not letting me turn on Windows Security Alerts.These are the DDS logs:DDS (Ver_09-03-16.01) - NTFSx86 Run by Lee at 14:54:51.56 on 2009-04-28Internet Explorer: 7.0.6001.18000Microsoft? Windows Vista? Home Basic 6.0.6001.1.949.82.1033.18.2038.933 [GMT -5:00]FW: Sunbelt Personal Firewall *enabled*============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\System32\spoolsv.exeC:\Windows\system32\taskeng.exeC:\Program Files\Avira\AntiVir Desktop\sched.exeC:\Windo... Read more

Answer:Cleaning Parents' Computer of Malware

Hi 1amagico,The malware on this computer is different than yours. The important step is to run ComboFix.Regards,farbarDownload ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Information on A/V control HERE)Double click on ComboFix.exe & follow the prompts.When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Please copy and paste a fresh Hijackthis log to your reply.Please include in your next reply:The Combofix log.A fresh Hijackthis log.Any comment or feedback about how it went.

8 more replies
Relevance 45.92%

Hi folks, I'd like to let you know that your Malware Cleaning Guide has helped me out a lot in the past.

Now, I have a used computer recently given to me by a relative and, after buying and installing Avira Antivirus, found that it had a Trojan Horse on it (Avira found and was unable to delete 338896.SYS).

Note that I uninstalled Avira as part of my preparation to run the Malware Cleaning scans.

Here are my concerns:

1. After running Super Anti Spyware and maybe Malwarebytes but prior to running Combofix, I found that the computer would no longer reboot normally. In other words, choosing "restart" causes it to shut down to the point of getting an initial Intel screen, but I have to manually shut it off and turn it back on to get it to come up again. I have just tested it again and continue to have this problem.

2. When running Combofix, I let the computer sit overnight before manually restarting it (I gave it time since the Combofix instructions said to let Combofix reboot it).

3. In the interests of backing up the computer before doing anything, I bought a Seagate FreeAgent Goflex external hard drive, which shows as the F:/ drive on the computer. I am concerned that Combofix deleted the autorun and setup files off this new disk; I had backed up the C:/drive and not the new F:/drive and would like to get the files back that came with the new F:/drive. Also, after the scans as below, I am now getting periodic pop-up boxes that say: Meme... Read more

Answer:Malware Cleaning/ a few concerns (RootRepeal etc.)

I am not seeing any malware in your logs. We can restore the files to your external.

* Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
If it is not on your Desktop, the below will not work.
* Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
* If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
* Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):

Code:

KILLALL::

DeQuarantine::
C:\Qoobox\Quarantine\F\Autorun.inf.vir
C:\Qoobox\Quarantine\F\Setup.exe.vir

QUIT::

* Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
* At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
* You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
If it asks you to overide the previous file with the same name, click YES.
* Now use your mouse to drag CFscript.txt on top of ComboFix.exe

* Follow the prompts.
* When it finishes, a log will be produced named c:\combofix.txt
* I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

Note: If after runnin... Read more

1 more replies
Relevance 45.92%

Hello,

I have Windows 7 on my HP laptop. One or two times every week Windows freeze completely, and I have to reboot my laptop by pressing power button.

I have run Malware Removal/Cleaning Procedure. SuperaAntiSpyware detected and removed Trojan and Browser Hihacker Tubby. I rerun SAS and it shows, that everything was clean.

This is my two logs.
 

Answer:Malware Removal/Cleaning Procedure

I have run Malware Removal/Cleaning Procedure. SuperaAntiSpyware detected and removed Trojan and Browser Hihacker Tubby. I rerun SAS and it shows, that everything was clean.Click to expand...

Would still like to see the logs from those if you don't mind. Thanks.
 

29 more replies
Relevance 45.92%

HIJACK THIS LOG

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:07:01 AM, on 5/17/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Users\ih8\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\ih8\AppData\Local\Temp\vcheck.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsearcher.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsearcher.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Se... Read more

Answer:malware returns after cleaning/restart

bump
 

1 more replies
Relevance 45.92%

I followed your guide on malware removal (I've used it/recommended it to quite a few people, thank you). I cleared up the majority of the obvious malware, but I'm concerned I still have malware.

I hit a site with a java msg in firefox. It loaded a message asking to scan using microsoft's virus scanner. Like an idiot I clicked remove, when I do not have microsoft's virus scanner. I relized what I did, and unplugged my computer to stop the malware installation I could. Avast was no help.

1. chrome dies(aw snap) immediately after starting up. (removed it, deleted all it's temp files/registry, reinstalled it, installed the beta version, no dice)
2. league of legends fails to load. (It worked just before the malware)

I only have 4 files, because I couldn't get rootReveal to run on my computer. Error msg below.
FOPS - DeviceIoControl Error! Error Code = 0x0000024 extended Info (0x000000dc)
DeviceIoControl Error! Error Code = 0x1e7

I also ran Kaspersky Rescue disk, which found one piece of malware which it removed...
 

Answer:connection issues after cleaning malware.

Before we continue I would like for you to use MSConfig to put this machine back into normal start up mode

WinSCP 4.1.9 <--- Uninstall this if you did not intentionally install it yourself.

Running from: G:\ComboFix.exe <--- Combofix needs to be directly on your desktop.

Now we need to use ComboFix

Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
If it is not on your Desktop, the below will not work.

Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
Open Notepad and copy/paste the text in the below quote box. Ensure you scroll down to select ALL the lines:

Code:

KILLALL::

File::
c:\windows\system32\drivers\wqkycbv.sys
Folder::
c:\users\scary\AppData\Roaming\Uzdix
Driver::
wqkycbv


Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
Now use your mouse to drag CFscript.txt on top of ComboFix.exe




Follow the prompts.
When it finishes, a log will be produced named c:\combofix.txt
I will ask for this log below

Note:

Do not mous... Read more

5 more replies
Relevance 45.92%

(Sorry if this post seems terse, but I just spent my lunch hour writing an eloquent one that disappeared into the void when I tried to post it & it claimed I wasn't logged in anymore--probably a cookie problem.)

I'm fighting malware--tracking popups--on XP.

I printed all your "read me first dammit" pages & linked pages, and actually RTFM'd.

I downloaded all the software you list for scanning, etc. to my desktop.

When I boot in safe mode, that username is not an option. I log in as admin, and I cannot see the software on the other username's desktop.

--Do I have to download it all again to the Admin desktop?
--Can I "see" it somehow without downloading it all again?

I also tightened up a lot of my explorer settings for privacy & security thinking that could prevent these popups (to no avail), so now my system is very hard to work with.

--What should I have my Internet--Tools settings set to for the best balance of security & functionality during the cleanup as well as before-and-afterward, in your esteemed opinion?

Muchas gracias,
ZenPup
 

Answer:Can't reach malware cleaning sw I downloaded

Run as much as you can in normal mode ....and attach the requested logs ...(I also replied to your welcome center post ...click the "remember me" box when you log in.)

In safe mode...as admin...you should be able to right click start / explore and find the items under the users name ...

Let us know how you make out.
 

4 more replies
Relevance 45.92%

I've picked up an infection this morning that it appears a few others have as well. Initially it featured processes including b.exe amongst others and reg keys for Monopod. It has disabled my virus scanner, Symantec AntiVirus amongst other problems. I've followed the Removal Guide as much as it will let me.

Steps 1-5 of the removal guide were no probs, but the program seems bent of preventing me following the Windows XP Cleaning Procedure.

SuperAntiSpyware - Started scan, the program just disappeared.
Attempting to reopen gives - Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item. Alternate startup gives no sign of action.

Malwarebytes Anti-Malware - Started preparing for scan then died.
Attempting to reopen gives - Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item.

ComboFix - Got to attempting to create restore point then died. I can start this one up again multiple times, but with the same result.

RootRepeal - Got further than any of the other programs, was scanning windows directories and died.
Attempting to reopen gives - Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item.

MGtools - Started, but seems to stop mid-way through the process. Having checked other zip files, it seems like mine is not able to call all the pieces it needs.... Read more

Answer:Malware blocking cleaning tools

Welcome to Major Geeks!

I'm going to give you some steps to follow. You MUST follow these steps exactly and they MUST be performed in the order written. I suggest that you read thru all of it first before running any steps.

Download The Avenger by Swandog46, and save it to your Desktop.
Extract avenger.exe from the Zip file and save it to your desktop but DO NOT RUN IT.
Now download and save the below two files to the root folder of your Windows boot drive. Normally this would be drive C. If you do this correctly, you will then see C:\MGtools.exe and FixAVP.exe You need to redownload this MGtools file because it is a new version. Just overwrite your previous version.
MGtools
FixAVP

Now run MGtools.exe by following the instructions given here Using MGtools which will help your understand how to run it and what will happen. You don't need to worry about attaching the MGlogs.zip file that it mentions yet because we have more to do and new log will be obtained later.
Now run the FixAVP.exe file by double clicking on it. This will attempt to automatically run Avenger (which you downloaded above) and it should also try to reboot your PC so don't be alarmed when this happens.
After Reboot, and if all goes well, a new scan by MGtools should automatically take place because Avenger will try to run C:\MGtools\GetLogs.bat which will begin all the scans again.
When GetLogs.bat finishes running, there will be a new C:\MGlogs.zip file and now it will be time to attach i... Read more

6 more replies
Relevance 45.92%

Okay, before i post this log, here's how it began......All I did was install my new external harddrive and moved a bunch of music files to it (about 10gb worth, which should have freed up more space and made my pc faster........but no)...........after that, it seemed I had some trojan....I had the Internet Speed Monitor issues, but i got rid of that...i got rid of something called winable.exe too........BUT then i still kept getting tons of pop up's in Internet Explorer & Firefox that automatically hijack my browser to various types of search sites and id get all kinds of pops up saying i'm infected and trying to get me to download registry scans and such.....it seems that i fixed that problem with Vundofix.....but my system is still way slower than it was with less space available on my main harddrive......Another very strange thing is that I have a Mobile Phone Tools folder, but the contents are something called watchdog??????.......Now to top it all off my Symantec Anti-virus is messed up.........it keeps saying Symantec Auto-Protect failed to load. I can't turn it on no matter what I do. ....I ran HJT & Vundofix and pasted the scans here.....Can someone please analyze this HJT log and let me know where to go from here???...I need help getting everything clean for sure and getting my pc back up to par......I need to also add that restarting my pc is slower for some reason, even though i've dropped all start up programs to the near minimum..... Read more

Answer:Solved: Need HJT Analyzed & Help with cleaning off any malware

15 more replies
Relevance 45.92%

I recently went through steps provided on this forum to rid my system of a malware infection. Although I believe the actual infection is mostly gone, my system is still extremely slow and I think there may be some processes associated with the infection that are causing it to slow down. After reading the tutorial "How malware hides and is installed as a service", I don't feel comfortable removing entries from my registry and would really appreciate some direction on what to do. I downloaded the SysInternals PSSERVICE file on that page, so here is the list of services installed on my system:
SERVICE_NAME: ALG
DISPLAY_NAME: Application Layer Gateway Service
TYPE : 10 WIN32_OWN_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 2728
FLAGS :
DESCRIPTION : Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows Firewall.

TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\alg.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Applicat... Read more

More replies
Relevance 45.92%

I've just finished malware removal with the 'fantastic' Chaslang and he recommended that I post here for a registry clean up.

I also have to ask why C:\WINDOWS\system32\msiexec.exe is running?
I keep getting a pop up for MS Office 2000 SR1 telling me I'm trying to install a feature which is on the master CDrom disk. It happens very often when I'm surfing.

Once again, thank you in advance for your assistance - it is very much appreciated.

Stuart
 

Answer:Need help with registry cleaning after malware removal

Hello Sutartie485.

Well it seems that possibly your MS Office 2000 may still be installed in your PC.
Few questions first. Do you use MS Office 2000 at all? If not, I'd suggest removing it, and that should fix that issue, if you do. We can still assist. Also, why the MSIexec.exe is running, its probably due to the fact of why its prompting you for an install Medium. MSIexec.exe is used for installing/uninstalling programs. Its used also for when installing with the .msi extension.

Hope this sheds some light.
 

6 more replies
Relevance 45.92%

Hi, this is my first post so I am learning how to use this site. I successfully cleaned OpenCloud Security with RKill and Malwarebytes. However I can get not to Google.com with IE8 or a new install of FireFox. Computer runs slower now even in Safe Mode with Networking while Task Manager says 90%+ free. A rerun of MalwareBytes is error free. Tried to install HiJackThis but got an error about not having privilages even though the account has Administrator privilages. Running XP-Pro with LogMeIn remote access. Thanks for you help...

Answer:Can't Access Google From IE After Malware Cleaning

Hello, you may still have some infection. I moved this to Am I Infected.Please download GooredFix from one of the locations below and save it to your DesktopDownload Mirror #1Download Mirror #2Ensure all Firefox windows are closed.To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).When prompted to run the scan, click Yes.GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).I'd like us to scan your machine with ESET OnlineScanHold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScanClick the button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on to download the ESET Smart Installer. Save it to your desktop.Double click on the icon on your desktop.Check Click the button.Accept any security warnings from your browser.Under scan settings, check and check Remove found threats Click Advanced settings and select the following:Scan potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth technologyESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.When the scan completes, push Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report ... Read more

7 more replies
Relevance 45.92%

I've been trying to remove the Malware Doctor program for the past few days, but all my attempts have been unsuccessful. It will disappear for a few hours, but it always returns without warning. My system appears clean at the present time, but I want to be sure I've completely removed it. Can you please review my log files and guide me where to go from here?

Below is the process I recently did to clean my system:

1. Delete avast!antivirus.exe from my system in safe mode
2. Update MBAM, scan in safe mode, restart system
 mbam_log_2009_05_25__13_25_44_.txt   1.16KB
  12 downloads
3. Run Combofix in safe mode and restart
 logcf.txt   13.37KB
  13 downloads
4. Fresh Hijack log after restart
 hijackthis.log   4.66KB
  8 downloads
5. RSIT log
 rsitlog.txt   21.53KB
  18 downloads
6. Ran a Kaspersky Scan because it may be asked for in future.
 kasperskylog.txt   4.02KB
  18 downloads

Let me know if I need to run any more logs or programs. Thanks for your help guys. I know you stay extremely busy!

Answer:Malware Doctor - Returns after cleaning

Hi!Welcome to Bleeping Computer. My name is etavares and I will be helping you with your log.I'd like to let you know that I am in training here at BC. At each stage of the process, my work will be checked by an expert coach. That means there may be a slight delay between my responses as they check it. Don't worry, we won't leave you.Here's a few things to get started: Please subscribe to this topic, if you haven't already, and wait for me to get back to you. Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible. Please reply to this post so I know you are there. In your reply, please post an updated RSIT log so we have the most up to date information. Please also let me know any symptoms your computer is showing.Due to the number of people waiting for help, if I don't hear from you in 3 days, I'll bump the topic, then close this topic the next day if you haven't replied.Thanks!

5 more replies
Relevance 45.92%

I cleaned my computer at MWR and I am free of malware.
That is good, but they feel some files are now missing.
I can not get my defragmenter to work. It opens, but does not analyze or run.

Answer:Missing files after cleaning malware.

Hi .Before you post about a problem - http://www.bleepingcomputer.com/forums/t/18367/before-you-post-about-a-problem/ I'm retired Army...and MWR to me means "Morale, Welfare, and Recreation" and I'm sure that's not what you mean.Care to educate us?And...who is this "they" who "feel" that files are missing?Does your system indicate that anything is wrong? Any error messages?Louis

1 more replies
Relevance 45.92%

Hello all,

If scanning from boot be the first step of cleaning one severe infected machine by malwares, what bootable anti-malware(s) is/are your suggestion(s) that has/have worked well?

Thanks in advance.

Answer:First step of cleaning the machine up from malware

Windows Defender Offline

9 more replies
Relevance 45.92%

Hello. I have a intel i946GZ chipset, Acer E946GZ motherboard with a built-in marvel semiconductor yukon 88E8056 PCI-E ethernet card.

When I'm in safemode without network support, windows accepts that it's working perfectly. However, if I enable network support, or go into regular bootup, all the devices under the networking card are hit with a black and yellow exclimation point and refuse to work.

Any help would be greatly appreciated, thank you.

Oh, and I have done a driver update, it doesn't make a difference unfortunately.
 

More replies
Relevance 45.92%

One of my coworkers got her machine heavily infected with crap the day before yesterday. It started out that internet explorer wouldn't let her connect to our intranet or internet, displaying a popup about trying to use a Dial-Up.
Yesterday morning the corp virus program displayed a notification that it found and deleted a trojan. I ran multiple AdAware's, Spybot's, and Registry Repair scans with them all finding and fixing and cleaning stuff. There was some stuff uncleanable, some stuff I had to boot into safe mode to get rid of, etc, etc.
Today it had another trojan that it couldn't even delete. I ran more scans, cleaned more stuff, and I think it still has some problems. Basically, the crap keeps coming back.

Here is the most recent Hijack This scan after I've done as much as I can:
-----------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:43:43 AM, on 12/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\DWRCS.EXE
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\... Read more

Answer:Need help cleaning machine of trojans and malware

Any chance anyone can take a look at this right now? I'd like to be able to try something else before we leave work for the day (due to a snow storm). Otherwise I'll be having to wait until tomorrow morning to try getting it working properly.
Now she's been having her machine graphics get scrambled on her twice so far and having to shut down and reboot for it to start working again.
 

2 more replies
Relevance 45.92%

New member and followed instructions but uncertain where to go from here.
attaching files
Questions such as RoqueKiller..do not fix, when do they get fixed
Set up firewalls and plan to restore system
 

Answer:Windows XP Malware Removal/Cleaning

Greetings, Trouble911, and welcome to MajorGeeks.

I strongly suggest that you perform all of the steps listed in the Read & Run Me First guide, then start a new thread in the Malware Removal Forum and attach the requested logs to your first post(s) in that thread.

Good luck!
 

7 more replies
Relevance 45.92%

I got a message yesterday and this morning when I started the computer and clicked to go online from my anti-virus program and something about a bad browser add-on called CBrowserHelper Object.

I have been having issues with the computer suddenly shutting down on me (sometimes after it has been on for less than an hour and other times when it has been on for a few hours). But when I turn the computer back on there is no message about the computer having been shut down improperly.

I was thinking that perhaps is is getting too hot since I know that hard drive is good (brand new one in fact and it passed all the hard drive tests) and since the battery on this laptop is really old I do not use it anymore and just keep it plugged into an outlet. I do keep the laptop elevated and the stand it is on has a fan running to help keep airflow to the underside of the laptop. I have eneded up getting a small fan and putting it behind the laptop and keep that running as well to keep the laptop cool and then it does not shut down on me (at least not yet) which is why I was thinking that there might be an issue with the cooling of the laptop. It is a Gateway M1629 running Vista Home Premium 32 bit operating system with 3GB of RAM and an AMD processor.

However, After getting that message yesterday and this morning I figured I had better run the Malware steps here. I already run spyware and malware scans a few times a week and they found nothing. Unless the last step found some... Read more

Answer:just ran all steps for malware removal and cleaning

Before we continue I would like for you to use MSConfig to put this machine back into normal start up mode.


Search-Results Toolbar <<< Uninstall this.


Re run Hitman Pro and have it remove everything APART from:





Miniport ____________________________________________________________________

Primary
DriverObject . . . : 876B6688
DriverName . . . . : \Driver\atapi
DriverPath . . . . : \SystemRoot\system32\drivers\atapi.sys
StartIo . . . . . : 00000000 +0
IRP_MJ_SCSI . . . : 884451F8 +0
Solution
DriverObject . . . : 876B6688
DriverName . . . . : \Driver\atapi
DriverPath . . . . : \SystemRoot\system32\drivers\atapi.sys
StartIo . . . . . : 00000000 +0
IRP_MJ_SCSI . . . : 85C88A2C \SystemRoot\system32\drivers\ataport.SYS+18988Click to expand...


And the entry on the Repairs tab is okay too I believe.



Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Attach JRT.txt to your next message.


Now run the C:\MGtools\GetLogs.... Read more

17 more replies
Relevance 45.92%

Hello Tech Support Guy:
I've got a problem. (who doesn't )
Well I managed to get some malware on my system and I used malware bytes to remove it. Now I have no internet connectivity.
I've tried for three days and evenings solid to track down the problem, using every tool that I can get my hands on to fix the situation. To the best of my knowledge, my WINSOCK, and WINSOCK2 to are corrupted.
This entry in the system information : Fuh Dun over (MSAFD Tcpip (TCP/IP)) leads me to believe it's corrupt.
However, I cannot delete the entries in the registry. (my sign on is administrator) Nor can I uninstall the Tcp/ip protocol in the Lan connection status
I used a combination of: ADWclean, Malware bytes, CCreg to clean up the malware mess.
I'm desperate now as this desktop is my primary design station. (auto cad, coreldraw, and others)
I've tried the netsh reset, and a full host of other CMD prompt commands to reset the thing and get the connection back up to no avail.
My connection is good for my laptop via wireless (macbook pro and Apple time machine) I'm on Cox cable broadband.
Can you guys help me out?
I'm attaching a group of TXT files that I got when I ran FRST and Farbar
Really could use a hand I'm reaching desperate, as I'm no IT expert and do not want to reformat and reload all the software, if possible.

Thanks
Trix
 

More replies
Relevance 45.92%

Hi Flavalee gave me a website to do the clean and reinstall but for some reason I am having a hard time to get it to do what it is doing on the instructions on the website.

Can someone please help me do it step by step.

Thanks
 

Answer:Solved: Help havine a hard time cleaning har drive and reinsatting vista basic!

16 more replies
Relevance 45.92%

I recently had CheckDisk malware, which I removed by deleting the registry keys and files that a website directed me to do (I have a number of websites in my history from my research and can't remember which one I finally acted on). At the same time, I started to get random Google redirects and audio ads playing from time to time. I deleted those registry keys and files as well, but, a few days later, the redirects have begun, if only intermittently. Obviously I missed something and would like some help figuring out how to clean my computer of this malware.

As instructed, I've attached the attach.txt and ark.txt logs. The DDS.txt log follows below.

Thanks so much!
DDS (Ver_10-11-10.01) - NTFSx86
Run by Owner at 12:51:11.03 on Tue 11/23/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.72 [GMT 0:00]

AV: Trend Micro AntiVirus *On-access scanning disabled* (Outdated) {7D2296BC-32CC-4519-917E-52E652474AF5}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Tr... Read more

Answer:Redirect malware after removing checkdisk malware

Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far. Upon completing the steps below another staff member will review your topic an do their best to resolve your issues. If you have already posted a DDS log, please do so again, as your situation may have changed. Use the 'Add Reply' and add the new log to this thread. Thanks and again sorry for the delay. We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scr DDS.pifDouble click on the DDS icon, allow it to run. A small box will open, with an explaination about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that... Read more

9 more replies
Relevance 45.51%

I have a home network with a Dell Dimension XPS GEN 2, Pentium 4 3.40GHz 1.00GB RAM running WIN XP PRO ver. 2002 SP2 plus all applicable current MS updates, and a Dell Latitude D610. Pentium M 1.86 GHz 781 MHz 1.00 GB RAM with physical Address extension also running WIN XP PRO ver. 2002 SP2 plus all applicable current MS updates.

The network runs over a Linksys Wireless B Broadband Router BEFW11S4-VN with current Linksys firmware. The Latitude laptop connects to the router over a WPA secured link.

Both PCs are running Symantec Antivirus ver. 10.0.2.2000 with scan engine 71.3.0.25 and the virus definition files are updated daily. Both PCs are also firewall protected with Zone Labs Integrity Flex ver. 5.1.556.168 and the true vector engine and drivers are ver 5.1.556.168 also.

The problems first surfaced about 10 days ago. When I did a restart after downloading and installing the latest monthly MS updates on the Dimension system I noticed a new user account named asp.net had popped up and since I only have one user account on the system I was puzzled.

I had installed some MS net framework software as part of a previous MS update and wondered if this had created the new user account. I checked the user account in ADMIN Tools and saw it had full administrator privileges so I decided to uninstall the net framework package to see if the new user account would disappear. It didn't so I deleted it with ADMIN Tools, restarted the system and it didn't reappear so I thought... Read more

Answer:Suspect Malware Interdns.exe/MicerDNS - Need Help Cleaning

Hi..


Please download Combofix from HERE or HERE

Save ComboFix to the desktop.


Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.


Open *notepad* and copy/paste the text in the quotebox below into it:



Quote:





KillAll::

File::
C:\WINDOWS\system32\interdns.exe
C:\z.exe
C:\WINDOWS\system32\svchhost.exe




Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.




Refering to the picture above, drag CFScript.txt into ComboFix.exe

Restart your computer.

When finished, it shall produce a log for you at C:\ComboFix.txt

Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please.


*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall*

18 more replies
Relevance 45.51%

I get BSOD when I attempt to boot into safe mode, but can boot into normal mode win xp. Stop code 0x0000000A (0xF799A354,0x000000FF,0x00000001,0x804E2E51). It always hangs up at drivers/mup.sys. I have not installed any new hardware or software other than suggested malware detectors and cleaners, along with new version of McAfee (which I uninstalled a couple of days ago) and Web Root Security Complete which I am running now.

I cleaned up various malware infections a couple of months ago which involved using safebootkey to access safe boot. Computer seemed to be normal then except was unable to boot into safe mode after cleanup. I then suffered another infection a couple of weeks ago which I cleaned up with MBAM but still unable to boot safe mode. A BC adviser had me send various logs and did some further cleaning with ComboFix and scripts, then declared me clean and suggested I post in Windows forum for help with safe boot problem (http://www.bleepingcomputer.com/forums/topic356014.html/page__pid__2000208#entry2000208).

I have used chkdsk and found no errors on boot disk. I am afraid to use MSCONFIG to force boot in safe mode for fear I will not be able to boot normally.

Any suggestions?

Answer:Can't boot safe mode after cleaning up malware

Where did you get malware removal assistance?

more replies
Relevance 45.51%

Hi,

Under House Cleaning in the Malware removal prep guide it says to Empty ALL Quarantine type folders for antivirus and antispyware applications.I ran AVAST and I have several infected files quarantined. Avast! warned me that some of them may be system files and that I may not want to remove them; so I just quarantined them. My question is which, if any, of these files should I delete from the quarantine/Virus Chest? I have listed the files down below including the "non infected" ones Avast placed in the Virus Chest.

The Virus description on each is "WIN:MalOb-F [Cryp]" and their location was C:\System Volume Information\_restore...(followed by a long number that looks like a software key).

9 of the files are of this type:

A0099467.DLL
A0099468.DLL
etc.

3 are these:

A0100542.EXE
A0100543.EXE
bwjcfmfa.exe

Those are all in the Infected folder. However when I click 'All Chest Files' on the left under Categories, 3 other files show up below the infected files I listed above:

kernal32.dll
winsock.dll
wsock32.dll

When I check the properties of these last 3 files kernal32.dll,
winsock.dll, & wsock32.dll the Virus Description is blank.

Thanks in advance for any help you can provide. It is greatly appreciated.
 

Answer:question regarding House Cleaning for malware removal.

Welcome to Major Geeks!

Just ignore the emptying of quarantine files and continue all the way thru the rest of the instructions. Attach the 5 logs when you finish.
 

1 more replies
Relevance 45.51%

Last night I apparently ran afoul of some viruses/malware. I had a fake antivirus-scanner popup and I could not open anything on the computer. Eventually got Malwarebytes running by renaming it and reinstalling it, and got Norton running. Both found and removed TONS of virus files. But after the restart I still had the popup and couldn't open anything (firefox, etc). I couldn't update malwarebytes so I had to get a friend to send me the latest rule definition file to help update it since I couldn't connect to the internet, and then when I ran it again it found rootkits and more viruses. Then when it rebooted the popup was finally gone and I could open programs. The comp ran ok for a little while, then I decided to scan again to make sure there wasn't more, and it crashed in the middle of it, BSOD.

I ran malwarebytes again and got nothing. I downloaded and ran ad-aware and got 13 more viruses and removed them. I started up and scanned again with both adaware and norton, they found nothing. But then after i restarted because it was running slowly I got BSOD again, as soon as i tried to open outlook.

error:

BCCode: 10000050 BCP : BA72C000 BCP2: 000000 BCP3: B9E99CCB
BCP4: 0000000 OSVer: 5_1_2600 SP: 2_0 Product 256_1

and files

C:\docume~1\xxx\locals~1\Temp\WER02d4.dir00\mini100610-01.dmp
..........................................................................\sysdata.xml
My browser also appeared to st... Read more

Answer:Mega problems cleaning rootkit/malware

Please follow the instructions in ==>This Guide<==.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Once you have created the new topic, please reply back here with a link to the new topic.

3 more replies
Relevance 45.51%

I was going through the Read & Run Me steps given to get rid of some malware that was giving me the BSOD, the only steps I couldn?t complete were the sun java step and the last step, when I try to install the cleaners or the java update/ or remove an older java version, I get either an error message saying "windows installer failed to complete, Windows installer may not have been installed correctly, please contact support and help" or I don?t get anything and the program never installs.

Any help would be much appreciated, thanks. Also im using windows vista.
 

Answer:Windows Installer error while cleaning malware

i've just noticed this after a program told me it couldnt run in safe mode, but it appears that my pc is starting in safe mode without me telling it, cause the toolbar where the start menu is located is white instead of blue. could this be the problem im having? if so how do i fix it? Also when i start my PC and click F8 im not given the option to enter safe mode.
 

2 more replies
Relevance 45.51%

I noticed that a google search was redirected on my in-law's computer, and asked if the system had been running slow. The answer--of course--was 'Yes!'

Spybot was already on the computer, as well as Avast. I ran scans and fixes through both, and got HijackThis to create a log to share with people that know a lot more than me about this type of thing. Since I downloaded and ran HJT, there have been two Avast warnings/quarantines of trojans (according to Avast).

On a side-note: When I started this, last night, I wasn't even allowed to start disk defrag to analyze, but now I can. I don't know if that helps, but I did think it was odd that defrag wouldn't run until after I ran Avast and Spybot scans/fixes.

The computer is a Dell Dimension DM051, XP Pro SP2, P4 3GHz, gig of RAM

Here's the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:08:05 AM, on 7/11/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOL... Read more

Answer:Cleaning in-law's system - Malware and trojans help needed

16 more replies
Relevance 45.51%

I was downloading movies using bittorrent. I deserve whatever virus I got. First thing I did was delete BitTorrent. I really need some help removing this thing.

It freezes at random times. Also when restarting it freezes. Sometimes I have to restart 3-4 times before it will load up completely without freezing. Computer runs very slow as well. At first I couldn't toggle between programs at the bottom. I would have to minimize one, and then restore another. I also couldn't right click on programs down in the taskbar.

I tried to solve the problem myself at first by checking which one looked like a virus in my Task Manager. I searched for the .exe and then went into safemode and deleted it. It said it had been created on November 29th. The .exe was called THEEE4.EXE. When I got back to windows there was another file in there, newly created, made up of random numbers and letters 6 characters long. It was in the C:\WINDOWS\Temp folder.

Anyway, that's all the information I can think of, here's my .zips and .txt's
 

Answer:Some sort of Malware. Not solved by cleaning procedure

Hi JLong!
Welcome to Major Geeks!

No one deserves a virus or any other bad thing to happen to them.



1)Please go to add/remove programs and uninstall the below:

J2SE Runtime Environment 5.0 Update 10"
J2SE Runtime Environment 5.0 Update 3"
J2SE Runtime Environment 5.0 Update 6"
J2SE Runtime Environment 5.0 Update 9"
Java(TM) 6 Update 2"
Java(TM) SE Runtime Environment 6 Update 1



2)Reboot after uninstalling the above.

3)Install the current version of Sun Java from: Sun Java Runtime Environment You still have not done this.

I will get back to you with other instructions after I've had a chance to look through your logs. This can take time, so thanks for your patience.

abri
 

7 more replies
Relevance 45.51%

Hi!

I hope you can help me, I completed the cleaning process but I am still having some problems.

Friday September 7, 2012 I was watching a movie on Netflix in full screen mode when the screen minimized and I saw that my Norton Anti virus icon had a red x on it.

I clicked on the icon and it said my virus and spyware definitions are not up to date, and that my computer was at risk. I ran an update, and it said the problem was not fixed. I clicked on the support icon expecting to be taken to the Symantec website for support, but an error window came up saying this was not a trusted site. I have copied and pasted the error message here:

The site's security certificate has expired!
You attempted to reach www-secure.symantec.com, but the server presented an expired certificate. No information is available to indicate whether that certificate has been compromised since its expiration. This means Google Chrome cannot guarantee that you are communicating with www-secure.symantec.com and not an attacker. Your computer's clock is currently set to Monday, December 10, 2012 11:15:42 AM. Does that look right? If not, you should correct the error and refresh this page.
You should not proceed, especially if you have never seen this warning before for this site.

The date is September 10th not December 10th as stated above!

I did not proceed, but instead got a support number from Symantec by a Google search and called them. After 90 minutes of remote access to... Read more

Answer:Windows XP Malware Removal/Cleaning Procedure

Welcome to Major Geeks!



MizVic said:





The site's security certificate has expired!
You attempted to reach www-secure.symantec.com, but the server presented an expired certificate. No information is available to indicate whether that certificate has been compromised since its expiration. This means Google Chrome cannot guarantee that you are communicating with www-secure.symantec.com and not an attacker. Your computer's clock is currently set to Monday, December 10, 2012 11:15:42 AM. Does that look right? If not, you should correct the error and refresh this page.
You should not proceed, especially if you have never seen this warning before for this site.

The date is September 10th not December 10th as stated above!Click to expand...

It may be September 10th, but your computer clock is set to Dec 10th which is why you got that message. You logs all show you clock to be set to Dec 10th. Fix your clock and then see what happens.
 

8 more replies
Relevance 45.51%

I have finished the malware removal process. Computer still extremely slow. some programs run slower than others. Seems to have moments of freezing. Especially unkind to facebook. Kicks out of it when responding to status/posts.

I have attached the logs except for the HITMAN log. I get a message in attachments saying that it is larger than allowed for this thread.

View attachment TDSSKiller.3.0.0.19_30.01.2014_12.15.44_log.txt



View attachment RKreport[0]_S_01302014_113134.txt



View attachment MGlogs.zip



View attachment mbam-log-2014-01-30 (11-41-29).txt



Thanks
 

Answer:finished the malware removal/cleaning process

Uninstall the below programs. If you do not find them or they will not uninstall, just keep going.
BabylonObjectInstaller
BeFrugal.com Toolbar
CWA Reminder by We-Care.com v4.1.22.3
DealCabby
getsav-in
Java(TM) 6 Update 29
Mobogenie

Now install the current version of Sun Java from:

Go here for 64 bit OS = Sun Java 64 bit Runtime Environment Make sure that when you see the form asking about installing Ask Toolbar that you uncheck this.
Go here for 32 bit OS = Sun Java 32 bit Runtime Environment Make sure that when you see the form asking about installing Ask Toolbar that you uncheck this.

Please download OTM by Old Timer and save it to your Desktop.

Run OTM.exe by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).
Copy the lines from the below codebox to the clipboard by highlighting ALL of them and pressing CTRL + C
(or, after highlighting, right-click and choose Copy): Do not include the word Code: which is just a title line of
the code box

Code:

:Processes
explorer.exe

:Files
C:\Users\Anita\AppData\Roaming\newnext.me
C:\Windows\tasks\BeFrugal.com Toolbar.job
C:\Windows\tasks\Driver Booster Update.job
C:\Windows\tasks\SLOW-PCfighter64-Anita-Notification.job
C:\Windows\tasks\SLOW-PCfighter64-Anita-Startup.job
C:\ProgramData\BeFrugal
C:\Program Files (x86)\Microsoft Security Client
C:\Program Files (x86)\Mobogenie
C:\Program Files (x86)\MyPC Backup
C:\Windows\TEMP\*.*
C:\Users\A... Read more

3 more replies
Relevance 45.51%

My Dell Inspiron 1420 (Vista SP 1) suddenly started running sluggishly after I woke it up out of hibernation yesterday. It won't open programs such as System Restore and MSWord, but it runs Firefox and CCleaner without a problem. Task Manager shows up in the tray but won't open as a window.

It also locks up when I try to shut it down, and I've had to force it manually. It boots up fine.

I've defragged recently, cleaned the registry, cleaned out temp files, run scans with SpyBot. Then I followed the instructions on the malware removal guide in this forum, and nothing seems to have changed. I wasn't able to run the SUPERAntiSpyware program (stalled on the "preparing to install" dialogue), but the other three programs seem to have worked fine. I've attached those logs here.

Also, I don't know if this is relevant, but two new processes try to run at every start-up: "apntex.exe" (which I understand to be related to the touchpad driver) and "services.exe".

Thank you for any advice you can give me!
 

Answer:Malware cleaning procedure attempted, still have problems

Welcome to Major Geeks!

Your logs are clean. Thus you are not having malware problems. I suggest that you post in the Software Forum. I do see a very large memory dump file that indicates you had a system crash:
Code:

2009-03-14 21:54 . 2009-03-14 21:56 310,825,039 --a------ c:\windows\MEMORY.DMP

We need to cleanup from running the READ & RUN ME:

We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
"%userprofile%\Desktop\combofix" /u
Notes: The space between the combofix" and the /u, it must be there.
This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.

Delete the C:\combofix folder from combofix (if it exists)

Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
Go to add/remove programs and uninstall HijackThis.
You can ... Read more

3 more replies
Relevance 45.51%

Hi, I will have to post more than once in order to upload all logs on a problem that started appearing approximately 8/15/2012.

1) Clearly describe in detail the problems you are having:

1st Symptom: When I reboot my Lenovo-E87C63AA, at Windows XP User Login prompt I receive the following dialog:

svchost.exe - Application Error

The instruction at "0x7c919af2" referenced memory at "0x00000010". The memory could not be "written".

Click on OK to terminate the program

Click on CANCEL to debug the program.

2nd Symptom: attempting to install new programs or uninstall a program leads to a timeout where the scroll bar indicator times out and stops moving forward while the Windows Task Manager shows the Task Status as "Running".

3rd Symptom: Tried booting into F8 Safe Mode and could not unless running this function from MSCONFIG.

4th Symptom: System Performance is slow, especially when shutting down and restarting. Windows Task Manager Page File Usage typically exceeds the physical 2GB RAM

2) and how long ago they started:

Approximately when Microsoft Security Essentials detected and Quarantined Adware:Win32/Adkubru on 8/15/2012 and Trojan:Win32/Comisproc on 8/21/2012 and Exploit:Java/CVE-2012-0507.CG on 08/24/2012.

I recall having a web browser Adware/Malware appear approximately this same time. Frankly I use so many browsers such as Safari, Chrome, Firefox and IE I do not recall how I removed this.

I am m... Read more

Answer:Windows XP Malware Removal Cleaning Post #1

Windows XP Malware Removal Cleaning Post #2

Edit: Logs
 

15 more replies
Relevance 45.51%

Thanks in advance for any help you can offer.

COMPUTER/OPS INFO
Dell Dimension 3000 ? Desktop/Tower model
Processor Speed 2.34 GHz
512 MB RAM
Microsoft Windows XP
Home Edition
Version 2002
Service Pack 3

AVG free 8.0, Spybot free versions are active.
My Microsoft Firewall is now turned on.
I often use Ad-Aware as a stand alone program I run to check for malware.
======================

I've noticed a slowing down of the machine & the internet connection over the last 2-3 of weeks, & even in retrieving docs for use in Word & Excel. It's also often frozen-up on startup (for a longer period) in loading some programs, & I have to manually turn it off by pushing in the button & rebooting to get everything loaded.

Then, a couple of days ago, I discovered mucho Trojan/hijack problems, which I think I've cleaned up after reading posts here & elsewhere (see below for more on this process).

After cleaning it, I discovered my Windows firewall was turned off. I don't remember doing this, but it's been turned back on.

CONTINUED PROBLEM:
There still seems to be a sluggishness in my internet connection ? the Mpbs rate on my wireless connection is consistently lower than it had been up to about 2 weeks ago. It's also more sluggish/hesitant in web page loading. I've also noticed a hesitancy/hanging in retrieving documents for use in Word and Excel.

Since my Trojan rroubles, I have let Spybot run its protection, w/ AVG & Windows f... Read more

Answer:Sluggish computer, even after cleaning off mucho malware

Just wanted to add, I ran chkdsk before posting the above post

I just ran

sfc /scannow

AFTER I posted the above, (some malware was removed from my system32 file) no problems/alerts/warnings came up

FYI, the answer to another post I had here points to articles describing how to use sfc /scannow

1 more replies
Relevance 45.51%

I've recently had a ci.dll BSOD during a browsing session, which lead to an infinite startup recovery loop that I managed to fix. That problem was described in this thread.

But since the recovery, I've come to realize that the problem was probabaly caused by a malware infection. Here are the symptoms I've experienced:

1. The aforementioned ci.dll BSOD. It occurred during a browsing session (with Firefox 4). I opened a page (don't remember which), and then the browser froze for a long time (up to a minute), and then the BSOD hit.

2. After recovering Windows, my MS Security Essentials won't start "properly". Upon boot, it will show Red and say that the real-time protection cannot be started. If I start it manually, it will pause some time and then say after a while that the operation timed out. But usually right after this the real time protection turns on and the security status goes back to Green.

3. Every several hours, a program will open a web page in my browser, pointing to an address at something like www.ejiaou.com/... (don't remember the whole thing). The page contains a Java element and requires an additional plug-in to be installed, which is automatically blocked by Firefox. The program also attempts to establish a connection, which is detected and blocked by Windows Firewall.

4. The above mentioned program is located in my UserDir\AppData\Roaming\<RandomFolderName>\<RandomFileName>.exe . The file name and folder is dif... Read more

Answer:Help cleaning a webpage-opening and ci.dll corrupting malware

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Due to the restrictions on Windows 7, all tools should be started by right-click > Run as Administrator

------------------------------------------------------

Your Windows 7 User Account Control UAC has been disabled. Sometimes, malware disables it, sometimes the end user does.

Please read this

Before you go any further, protect this system and re-enable that feature. Click Start > Control Panel > User Accounts and Family Safety > User Accounts > Change User Account settings and set it back to Default.

------------------------------------------------------

Please visit this webpage for download links, and ins... Read more

19 more replies
Relevance 45.51%

Hello, i followed the steps and here are my logs, i hope you can help. Thanks for your time
luis
p.s. i have two more logs that i need to post
 

Answer:logs from malware removal/cleaning procedures

laonofre said:





Hello, i followed the steps and here are my logs, i hope you can help. Thanks for your time
luis
p.s. i have two more logs that i need to postClick to expand...

i hope i uploaded the mg log correctly
 

13 more replies
Relevance 45.51%

I successfully downloaded and retrieved logs of everything mentioned with the exception of RootRepeal. I was never able to get that one to work. Below are my log files:

I am unable to locate the MG Tools log....
 

Answer:Cleaning procedures complete, malware found.

It's not at C:\Mglogs.zip? :confused Have you tried running a search for it? If it's really not there then you need to run C:\MGTools.exe again and then attach the log.
 

9 more replies
Relevance 45.51%

i was ask by my host provider to go through these steps becouse of this below

Thank you for your reply.

It's been our experience that 90% of the time when there is a password compromise, this has been due to a virus or other malicious software on a device used to access the account. The virus gives all passwords entered on the device to malicious users who install phishing sites, spam, and undertake other malicious activities with it. The other 10% of the time, the malicious user manages to guess the password.

If you would like help with cleaning malware from your personal computer, we've found this forum post to give an in-depth description of things to consider: http://forums.majorgeeks.com/showthread.php?t=35407

Please let us know if there are any questions or concerns we can assist you with.

Best Regards,

Hostgator.com LLC
 

Answer:check cleaning malware from your personal computer

Follow these procedures then and we will see if any malware is present.

Please read ALL of this message including the notes before doing anything.

Pleases follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide


and attach the requested logs when you finish these instructions.

**** If something does not run, write down the info to explain to us later but keep on going. ****
Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.


After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:


If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
If you cannot seem ... Read more

1 more replies
Relevance 45.51%

I see that this is a somewhat common problem on the forums here. I ran the programs in the Windows 7 Malware Removal/Cleaning procedures and still have my Firefox address bar hijacked by searchqu. Before finding your forums I tried on my own with CCleaner and Spybot Search and Destroy. I know enough to be dangerous on a pc and that is about it. I can follow directions though and would appreciate any help. I have enclosed the logs from the Windows 7 Malware Removal/Cleaning procedures.
 

Answer:searchqu still around after Malware Removal/Cleaning Procedure

Here are the other 3 logs that were on the forum section sticky
 

8 more replies
Relevance 45.51%

Hello, I am wondering if it's possible for me to have a check-up on my PC for any possible Malware infection. I currently do not have symptoms of any malware infection, but it's always nice to ensure that I have a clean PC and updated programs.
If anyone can help me that would be greatly appreciated. 
If I posted this in the wrong section then I apologize, and let me know where to correctly post this. 
 

Answer:Cleaning check-up on malware and updated software.

Greetings wincom32 and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.If you would allow me to call you by your first name I would prefer to do that. ===================================================Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter prob... Read more

3 more replies
Relevance 45.51%

Hi,

I was referenced to this forum after finally clearing out some pesky malware, a root-kit which appeared to be slowly taking up space on my hard drive until i had only 70mbs left. After clearing out the malware, uninstalling the anti-malware programs, and now deleting all but the most recent restore points, I'm left with about 2gbs hard drive space left. I was hoping to have someone look through my current windows and other files to see if I can further eliminate any more unnecessary or irregular files to help give me more Hard Drive space and to improve my CPU's performance.

Using the WinDirStat program I developed the following log, which is current. Please take a look and let me know any recommendations you may have.

Here is a link to my Malware Forum Posts and Cleanup: http://www.bleepingcomputer.com/forums/topic478451.html

Thank you,

Bill

Not sure what you want to see, so I'll copy some over. My Documents, photos, music, files, etc are 40 Gb. I didn't include those items in this list. Below is break down of the results... If you'd like to see any of the other folders please let me know. "GCC" is my college.
239.3 GB C:\
214.8 GB C:\Documents and Settings
169.4 GB C:\Documents and Settings\All Users
44.9 GB C:\Documents and Settings\DerochaWS1
474.3 MB C:\Documents and Settings\Administrator
15.8 MB C:\Documents and Settings\LocalService
13.8 MB C: ... Read more

Answer:Cleaning up my Hard Drive after Malware problems

You've focused on the wrong files.

The files in My Documents, etc...are the files that need to be either moved or removed, if the goal is to free up hard drive space on the C: partition.

Any intelligent look will verify that these files take up the greatest amount of space...and the reality is that these files are only on the C: partition because Microsoft thought it a great convenience to users when first devised. The individual files in the My Docs, My Photos, etc. can easily be moved to a different partition or stored on an external drive...and still be fully accessible to any user.

Louis

6 more replies
Relevance 45.1%

I was hearing ads play in the background of my computer.. even when nothing was open. I tried several other things before I came across this site. I followed all of the steps that were given and ran all of the programs that I was asked to download one at a time. I really hope that this solves my problem.

I do have one question though. When I ran hitman, it found 6 threats.. I ignored them as requested. Is someone going to let me know what needs to be deleted out of there?

I appreciate the help.
 

Answer:attatching log files from MG Malware Removal/Cleaning Procedure

Hello A.R.Cloud,

- Rescan with HitmanPro and allow HitmanPro to repair all the items it found. The repairs should require a reboot. Go ahead and reboot and then attach a NEW HitmanPro scan log when finished.
 

1 more replies
Relevance 45.1%

I first noticed the infection while browsing the internet, when my browser became increasingly sluggish and I noticed that my memory usage was sky-high. I looked in Task Manager, found that Acrord32.exe was the cause of the huge bloat. I killed it, closed the browser, ran Malwarebytes. Malwarebytes found nothing, but upon reopening the browser, I found myself being redirected to random ad/search sites when clicking links found on Google. I attempted to resolve the problem myself by booting into safe mode and running Combofix, but no such luck- Combofix gets to stage 50 of it's scan and reports 'Not enough main memory to complete the sort', then completes as normal but without taking any action.

So, now I've run through READ & RUN ME FIRST, and the Windows XP malware removal guide. Some hidden system files have been found, but nothing removed during any of the scans.

PROBLEM DETAILS:
I'm using Firefox and only experiencing redirects when clicking on links from a Google search page. I haven't had any redirects when going to an address directly. The redirect almost never happens when I click a link I've visited before, only when trying to load a completely new page. The redirects happen when clicking links to reputable sites (such as this one) and others that I've visited many times with no problems before this, so I'm quite sure it's caused by malware on my end and not the links themselves. The pages I'm redirect... Read more

Answer:Malware causing redirects, aggressively resists cleaning

MGTools log included. I also noticed that 'Not enough main memory to complete the sort' message during it's scan, although it went by too fast to tell you what else the scan was doing when it happened.
 

10 more replies
Relevance 45.1%

I have a home network with a Dell Dimension XPS GEN 2, Pentium 4 3.40GHz 1.00GB RAM running WIN XP PRO ver. 2002 SP2 plus all applicable current MS updates, and a Dell Latitude D610. Pentium M 1.86 GHz 781 MHz 1.00 GB RAM with physical Address extension also running WIN XP PRO ver. 2002 SP2 plus all applicable current MS updates.

The network runs over a Linksys Wireless B Broadband Router BEFW11S4-VN with current Linksys firmware. The Latitude laptop connects to the router over a WPA secured link.

Both PCs are running Symantec Antivirus ver. 10.0.2.2000 with scan engine 71.3.0.25 and the virus definition files are updated daily. Both PCs are also firewall protected with Zone Labs Integrity Flex ver. 5.1.556.168 and the true vector engine and drivers are ver 5.1.556.168 also.

The problems first surfaced about 15 days ago. When I did a restart after downloading and installing the latest monthly MS updates on the Dimension system I noticed a new user account named asp.net had popped up and since I only have one user account on the system I was puzzled.

I had installed some MS net framework software as part of a previous MS update and wondered if this had created the new user account. I checked the user account in ADMIN Tools and saw it had full administrator privileges so I decided to uninstall the net framework package to see if the new user account would disappear. It didn't so I deleted it with ADMIN Tools, restarted the system and it didn't reappear so I thought ... Read more

Answer:Re: Suspect Malware Interdns.exe/MicerDNS - Dimension PC - Need Help Cleaning

Hi....

Please download Combofix from HERE or HERE


Save ComboFix to the desktop.

1. Double click on combo.exe & follow the prompts.
2. When finished, it will produce a logfile located at C:\ComboFix.txt.
3. Copy and Paste the contents of that log in your next reply with a new hijackthis log. Do not use Code or html unless asked for.
Note: Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.

13 more replies