Computer Support Forum

my pc is infected with some form of malware but i'm not sure how to remove

Question: my pc is infected with some form of malware but i'm not sure how to remove

hi my avast and mbam have been picking up a trojan.clicker.fms aswell as win32:malwaregen on avast 
i've located the hidden folder where it is coming from as well any ideas?
i also have logs from the 2 programs for scans.
 
http://i.gyazo.com/41d74805b9a9ec6cb7040ce8ff690cfe.png link to what it shows

Relevance 100%
Preferred Solution: my pc is infected with some form of malware but i'm not sure how to remove

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: my pc is infected with some form of malware but i'm not sure how to remove

Hello anthm8 and Welcome.
 
The IP that you suspect as being a problem, is actually a Weather Wiget on your desktop.
 
If you are concerned about it, please follow these directions..........
 
First -Please download MiniToolBox  to desktop to run it.
 Checkmark the following boxes:
List content of Hosts
Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
 Click Go and Copy and Paste the result. (result.txt)
 
 
Next -
Download Screen317 Security Check  and save it to your Desktop.
 * Double-click SecurityCheck.exe
 * Follow the onscreen instructions inside of the black box.
 * A Notepad document should open automatically called checkup.txt
 * Please post the contents of that document. Note 1:: If any security program requests permission to access the Internet, allow it to do (it is 100% safe)NOTE 2. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! (or similar) message, restart computer and Security Check should run
 
Next :
Download AdwCleaner by Xplode and save to your Desktop.
Double-click on AdwCleaner.exe to run the tool.
 * Vista/Windows 7/8 users right-click and select Run As Administrator.
Click on the Scan button (only once)
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Report button only once for accuracy.
A report (AdwCleaner[R0].txt) will open in Notepad for your review.
Check the listed removals and see if you are OK with them.
If you have questions, post the Report log back here.
 Next
Click on the Clean button only once for accuracy
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK finally to allow AdwCleaner to Restart the computer and complete the removal process.
After rebooting, a log report (AdwCleaner[S0].txt) will open automatically.
**Copy and Paste the contents of that log in your next reply.**
To restore an item that has been deleted by accident : Open the program again,
Go to Tools (top left) > Quarantine Manager > check what you want restored > now click on Restore.
Note: With most Adware / Junkware / PUPs it is strongly recommended to deal with it like a legitimate program and uninstall from Programs and Features or Add/Remove Programs in the Control Panel. In many cases, using the uninstaller of the adware not only removes the adware more effectively, but it also restores any changed configuration. After uninstallation, then you can run specialized tools like AdwCleaner and JRT to fix any remaining entries they may find.
 
 
Next -
Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/
Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.
If normal mode still doesn't work, run the tool from safe mode.
When the scan is done Notepad will open with rKill log.
Post it in your next reply.NOTE. rKill.txt log will also be present on your desktop.
 
 
Please download Malwarebytes Anti-Malware
Follow the simple directions to install the program to desktop
Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
If you find malware and tick it to remove it, you may be asked to re-boot the computer to finish cleaning.
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.
 
 
Next -
Download Malwarebytes Anti-Rootkit (A.K.A. MBAR) from HERE
Open the folder where the contents were unzipped and run mbar.exe
Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
Click on the Cleanup button to remove any threats and reboot if prompted to do so.
Wait while the system shuts down and the cleanup process is performed.
Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain.
If they do, then click Cleanup once more and repeat the process.
When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt
 
 
When you post those logs, we will have a better idea if there is actually an infection involved ...
 
Thank You -

6 more replies
Relevance 65.6%

First of all Im running a dell computer with Windows XP Service Pack 3 installed on it.

Of late, whenever I try to run the computer in normal mode it crashes or freezes up and goes to a blue screen error message which says something along the lines of DRIVER_IRQL_NOT_LESS_OR_EQUAL. Currently I am running my computer in Safe Mode with Networking. I didn't install any new hardware or software prior to this error message, so I have no idea what is causing it. (Could it be malware?)

I also think that my computer is infected with something. I have done multiple scans using windows defender yet it doesn't come up with any viruses. Normally in the past Spybot Search & Destory has been most effective in removing malware, but whenever I right click the Spybot Search & Destroy icon in the system tray and select RUN nothing happens.
I don't know if I have malware that is blocking the program from opening.

In the past, I had malware called AntiSpyCheck installed on the system, which I thought I completely removed with SS&D. This appears not to be the case, as the other day SS&D came up with a Registry change warning, and the path of the program that was altering the registry was C:\\Program Files\ASpyC\.

My system started having problems shortly after the download of a Torrent from TPB. I use the BitTorrent client, and prior to the torrent that I downloaded the system was running perfectly fine.

Here is a Hijack This log:

Logfile of HijackThis v1.99.1... Read more

Answer:I've been infected by some form of malware.

Hello and Welcome to TSF.

We no longer use HijackThis as our initial analysis tool.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please start a new thread in our Virus/Trojan/Spyware forum along with the required logs

1 more replies
Relevance 63.55%

When using google links,I keep being redirected to other sites. Have tried using McAfee, ad-aware and malwarebytes to resolve the issue but to date this hasn't helped.

.
DDS (Ver_2011-06-03.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Owner at 14:00:41 on 2011-06-09
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3063.1559 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows&#... Read more

Answer:infected with some form of malware that causes google links to redirect

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

12 more replies
Relevance 60.68%

Dear helper,

Am I infected ?? What should I do ?

Window XP, Internet Explorer 6, Sony VGN-SZ18GP laptop bought in 2006.

System crash last night, with rapid lost of hard-disc drive space (from 15 GB down to 100 Mb within 2 hours). Norton security (2006 version) & Internet explorer were busted afterward, was not able to run at all. The build-in system recovery programme was also affected.

Was forced to use back-up system recovery CD to restore the laptop back in its origin shipping state.

However afterward it is still not right. Installed McAfee (from my internet service provider) but the update function is not working - repeatly state that it can now update because I am not connect to the internet, when I'm actually conneted to your website typing this email right this moment. Also internet access to microsoft and all other common antivirus website (Norton, McAfee, AVG, Kaspersky, Avast, etc) are all block. Hence I can't even attempt to find out what happen to my laptop.

What virus have I been infected ? What programme should I use to remove the malware now that I cannot access to any of the antivirus website or microsoft website ?

Thank you

Jason

More replies
Relevance 56.99%

I keep getting pop ups asking me to download malware alarm and also others asking me to download other anti spyware programs as well as some privacy protection software. Everytime it starts with a window popping out saying:'NOTICE:if your compuetr is infected,you could suffer data loss, erratic PC behaviour, PC freezes and crashes. Detect and remove viruses before they activate themselves on your PC to prevent all these problems.Do you want to install AntiSpywareMaster to scan your PC for malware now?(Recommended)'If I click OK or Cancel or try to close it, it will all bring me to some anti spyware site and then a window would pop up saying 'Your computer has been running slower than normal, it may be infected with viruses, Adware or Spyware.AntiSpywareMaster will perform a quick and completely FREE scan of your system for malicious programs.Download AntiSpywareMaster for FREE now.'When I try to close it,it immediately starts scanning so I try to close the website it brought me to. From there it will repeat the same notice like the first one.When I try to close this one another window pops up and says' AntiSpywareMaster will scan your sistem for viruses now.Please select 'RUN' or 'OPEN' when prompted to start the installation.This file has been digitally signed and independantly certified as 100% free of viruses, Adware or Spyware.'Only when I close this one will it stop. Please help me,I'm not sure of what to do.I tried your Manual Remoal Instructions For Malware Alarm but a... Read more

Answer:Please Help. Infected By Malware. Don't Know How To Remove I.

HiPlease run a Kaspersky Online Scan Please do an online scan with Kaspersky WebScanner Click on Kaspersky Online Scanner Click AcceptYou will be promted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then begin downloading the latest definition files: Once the files have been downloaded click on NEXT Now click on Scan Settings In the scan settings make sure that the following are selected: Scan using the following Anti-Virus database: Extended (if available otherwise Standard)
Scan Options: Scan Archives Scan Mail BasesClick OK Now under select a target to scan: Select My ComputerThe program will start and scan your system. The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected. Now click on the Save as Text button:Once finished, save the log to your Desktop as filename KAV.txtTHEN ...Please Download Malwarebytes' Anti-Malware from Here :-http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.htmlor here :-http://www.besttechie.net/tools/mbam-setup.exeDouble Click mbam-setup.exe to install the application.* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.* If an update is found, it will download and install the latest version.* Once the program has loaded, select "Perform Quick Scan", then click Scan.* The scan may take some time to finish,so please be patient.* When... Read more

2 more replies
Relevance 56.17%

Ok so one of my comps got infected with this Malware defender 2009 and i am having no luck getting rid of it. I first tried to download the malwarebytes program but my searches were misdirected and/or dead links it seemed. I could download the program on another computer in my network and share it but the infected computer would not install malwarebytes. I found this site and read and tried to follow the instructions in the uninstall list but again I could not download the program malwarebytes. After some searching I found refrences to renaming the program and was able to get the install to start, but it would get to a full status bar during the install and freeze up. I have tried in and out of safe mode and have had no luck in getting the program to install.here is the DDS file reportDDS (Ver_09-12-01.01) - NTFSx86 Run by sa001 at 9:28:55.89 on 2010-01-15Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.502.10 [GMT -5:00]AV: Malware Defense *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}AV: Norton AntiVirus *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton AntiVirus *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\Program Files\Lavasoft\Ad-Awa... Read more

Answer:infected with malware defender and can not remove it

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

16 more replies
Relevance 56.17%

I have a HP mini 110-1150NR with 2gig ram and 1.60mhz processor. The OS is Xp home edition 32bit. It started when I have always had the virus protection AVG and a few weeks ago a friend told me to try Norton 360 cause it has always been good for his computers. Well I download a trial version and erased my AVG and what a mistake that was!! After my trial was over instead of it still protecting my computer it just made my computer very vulnerable and when I went to download a new virus protection (which was AVAST) I had to restart my computer for changes to be made and when I did that I was infected with a hellasious virus and I am stressed out and frustrated cause I have been trying to get help for 3 days now and have not received any help!! I have spent over 30hrs on researching the problem and I am to afraid to do anything without the professional help of someone that knows what they are doing. I cant run any malware scans, virus scans, system restores, and some of my documents. When my computer starts up I get a .dll error and when I run my system restore it says "system restore will not protect you computer and to restart and try again". I have done that in safe mode and regular and nothing happens and I get the same error message. I cant install microsoft security essentials and anyother security softwares. When I pull up my task manager all of my processes have an .exe behind them and some things are on there I have never really noticed. There are schost.exe an... Read more

Answer:Infected!!!! Help Remove Malware and viruses!! Please!!

Hello and welcome to TSF.


As stated in our sticky topic:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum


Quote:




NOTE: We are aware that users sometimes seek help from several Forums at the same time. Unfortunately, this can cause confusion and actually wastes time and resources - yours, ours and other Volunteers across the community. If you have already posted at another Forum, please advise us, or them, and choose just one.




Since you've posted for help at another forum, and are receiving help already, this thread is closed so a helper will not spend time researching unnecessarily.

1 more replies
Relevance 56.17%

Hello,

I'm am having severe problems with my computer. I constantly use Malwarebytes to remove infections, but they seem to keep coming back. I use AVG Anti-virus and there are a few viruses this program can not heal. I'm sorry, but I don't know the names of the infections. I know I keep seeing "backdoor virus" I also just had a problem where I couldn't open any .exe files. I fixed that with exefix.reg. I just encountered a problem where by desktop backround changed to say something to the effect of "WARNING. YOUR [sic] COMPUTER IS INFECTED..." I run Malwarebytes about once a week and it always finds something. My computer is running extremely slowly. Upon startup I recieve several error messages:

"Windows cannot find 'C:\WINDOWS\system32\mshfvgh.exe'"
"Could not load or run 'C:\WINDOWS\system32\mshfvgh.exe' specified in the registry. Make sure the file exists on your computer or remove the reference to it in the registry"
"Windows cannot find 'C:\WINDOWS\system32\msujlcd.exe"
"Could not load or run 'C:\WINDOWS\system32\msujlcd.exe' specified in the registry. Make sure the file exists on your computer or remove the reference to it in the registry"

DDS (Ver_09-06-26.01) - NTFSx86
Run by Vince at 22:22:09.73 on Tue 07/14/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.502.136 [GMT -5:00]

AV: AVG Anti-V... Read more

Answer:Infected with Malware - Malwarebytes can not remove

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

14 more replies
Relevance 55.76%

I am infected with the safesearch malware, I tried following http://malwaretips.com/blogs/remove-safesearch-toolbar/ and no luck. It seems to slow my pc and bootup speed and even though i managed to get my homepage back to google it does still show up when i open mozilla as a extra tab.
 
Please help!
 
I think I am using windows 8.

Answer:Safesearch malware. Infected even after following a guide to remove

Hi XanatosNemos.
 
 Please download AdwCleaner by Xplode and save to your Desktop.
Double click on AdwCleaner.exe to run the tool.Vista/Windows 7/8 users right-click and select Run As Administrator
The tool will start to update the database, please wait a bit.
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.
-------------
 
   Please download Junkware Removal Tool to your desktop.
Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and w... Read more

24 more replies
Relevance 55.76%

When I came home from work today my pc loaded kind of funny and had some popups when it finished loading. I only use the internet for normal things banking and listening to music (legaly through rhapsody) and mainly playing online games like cod 2. my home page is msn.com and i have the yahoo tool bar when using internet explorer. but when i connected online it went to this site http://www.bestsecurityguide.com/ and told me i had malware and needed to download programs to remove it, and that people can get my credit card info cause of it!!! im at a lost i have up dated nortons anti virus and all my updates. it wont let me change my homepage back to msn.com it keeps it at http://www.bestsecurityguide.com/ and wont let me use the yahoo tool bar. if anyone can help that'll be awesome. thanks

Logfile of HijackThis v1.99.1
Scan saved at 2:02:36 AM, on 4/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\syste... Read more

Answer:Solved: malware infected but cant remove HIJACKTHIS log

16 more replies
Relevance 54.94%

Hi, my machine as of lately had been seizing up on me after a few hours working on it. Mostly my disk and CPU usage would inexplicably go to 100% (or close to it), so I figured the system had to be compromised In some way. I found a very thorough guide on malware removal from Wintips and managed to find some junk on the system. The only problem I have left is regarding something called udiskmgr found with Malwarebytes. I remove it, but once I reboot, and scan again, it pops up. Even tried running everything in Safe Mode.
 
Something else I've noticed is that I can restart the Windows Defender protection. And for some reason, I can't boot/summon the recovery mode by Shift+Restart or any of the other methods I've searched. Only very sporadically can it be summoned after hard restarting the system by holding the power button of the laptop. I read somewhere that Chrome's sync options could be the culprit so I disabled all syncing, and went so far as to uninstall Chrome with Revo Uninstaller. Still can't remove the pesky udiskmgr.
 
I've ran FRST and these are the two logs/dumps below:
 
==================== Start of FRST.txt ============================
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-12-2017
Ran by Rafael Cedeno (administrator) on RCEDENO (26-12-2017 12:13:47)
Running from C:\Users\Rafael Cedeno\Downloads
Loaded Profiles: Rafael Cedeno (Available Profiles: Rafael Cedeno & Visitor)
Platform: Windows 10 Home Version 1709 ... Read more

Answer:Infected with udiskmgr imagepath malware and unable to remove

Hi racedeno My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happensAs long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist youThe same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your systemIf you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!If you don... Read more

28 more replies
Relevance 54.94%

Hello,
A few days ago I noticed that I've been infected with the adult camers . info popup and I can't seem to remove it. I've reset Chrome and even did a system restore to an original install of my windows and the popup is still there. I also found out that my housemates on the same WiFi connection have the same issue. I'm now at a work connection and the popup is still there so not sure it's an infected router. Strangely enough it primarily happens on certain websites such as smugmug and other news sites. 
 
I've read the posting guidelines and here are my logs from FRST
 
____________________________
FRST.txt
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by Jammin (administrator) on JAMMIN-PC on 02-02-2015 12:59:17
Running from D:\Programs\Malware Tools
Loaded Profiles: Jammin (Available profiles: Jammin & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Progr... Read more

Answer:Browser infected with adultcameras.info, please help remove this malware

Your logs show obvious signs of having cracked software on your system. This is the main reason your computer is infected. Visiting cracksites/warezsites - and other questionable/illegal sites is always a risk.Even a single click on the site can drop multiple forms of very serious malware, many of which disable your onboard protection, and System Restore.If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.Additionally, cracked programs are illegal. Referring to the Forum Rules which you should have read at the time of Registering at this forum, this forum does not support illegal activity. As such, be advised that any request for assistance in removing malware may go unanswered, or may be discontinued, if the cracked (illegal) software is still present on the machineHaving said that we can help you clean your machine this time BUT this would be a ONCE ONLY offer on the understanding that all cracks are removed. This would apply not only here but at many other Malware Support forums if you were to appear again with cracks onboard, as many of us analysts work at multiple support sites. Please remove all cracked software and illegally obtained copyrighted material you have on the system so we may continue with the clean up.

4 more replies
Relevance 54.53%

Hi,My computer is infected, and no matter what I did (Working on it 2 days already), the problem still occurs.Problem description:1. An error message is popping up after windows finish loading. This is the message - "RUNDLL | Error loading augry.vko. The specified module could not be found"Problem 2. When I open a folder for example "c:\my folder's\mymusic", the folder/window is getting closed and desktop disappears and appears again.Which means that I can't use the files in this folder.I tried to "Clean" this infection by doing many many things:1. Used Hiren's cd and run different tests like: Malwarebytes' Anti-Malware, Spybot - Search & Destroy. Also Microsoft Security Essentials, AVG scan, NOD32 online scan etc.2. I did the scans above also in SAFE MODE and in XP mini OS (Available in Hiren's CD).These scans did find many infections and I think that also cleaned all of them.. (Sort of..)3. I run also ComboFix but the problem still occurs.ComboFix showed me this 2 messages:System file is infected !! Attempting to restore "X:\i386\system32\lpk.dll"System file is infected !! Attempting to restore "X:\i386\system32\imm32.dll"But in the second Scan I did with ComboFix - It didn't show it anymore.4. I did restored the com via the Microsoft "Restore point" method.But the problem/VIRUS still occurs!This is the ComboFix logs:QUOTE**Lo... Read more

Answer:help| Infected an Cannot remove the virus (Used: ComboFix, Malwarebytes' Anti-Malware and more)

Anyone can help me please?EDIT: Please be patient. There are over 480 unanswered topics in this forum at present and the current average wait time to receive help is 6 days. ~BP

2 more replies
Relevance 54.53%

Yesterday when I clicked on what appeared to be a harmless image in Google image search (of a giant caterpillar), my browser was redirected to a bogus antivirus website. It was resized & locked, I was hit with ominous dialogue windows, etc. A Malwarebytes scan revealed infection with Stolen.Data and Malware.Trace that so far repopulate after removal.

I'm assuming it was the above incident that installed them, but it's possible they were present beforehand (my most recent scan was maybe a week ago).

Ran Defogger & DDS, but for some reason GMER only wants to scan Services, Registry, & Files - all other checkboxes are grayed out. Is this a result of the infection or just some setting I'm missing? Either way I've held off on the GMER scan until it can be done correctly.

DDS log follows and Attach.txt is, well, attached. Any help would be much appreciated!

.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Robert at 16:03:09.69 on Fri 05/06/2011
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_23
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.3057 [GMT -7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system3... Read more

Answer:Infected with Stolen.Data and Malware.Trace, unable to remove

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

7 more replies
Relevance 54.53%

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:25:18 PM, on 10/6/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:WINDOWSSystem32smss.exeC:WINDOWSsystem32winlogon.exeC:WINDOWSsystem32services.exeC:WINDOWSsystem32lsass.exeC:WINDOWSsystem32nvsvc32.exeC:WINDOWSsystem32svchost.exeC:WINDOWSSystem32svchost.exeC:WINDOWSExplorer.EXEC:WINDOWSsystem32spoolsv.exeC:Program FilesMcAfee.comAgentmcagent.exeC:Program FilesMcAfeeMBKMcAfeeDataBackup.exeC:Program FilesAPCAPC PowerChute Personal Editionmainserv.exeC:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exeC:Program FilesBonjourmDNSResponder.exeC:Program FilesJavajre6binjqs.exeC:PROGRA~1McAfeeMSCmcmscsvc.exec:PROGRA~1COMMON~1mcafeemnamcnasvc.exec:PROGRA~1COMMON~1mcafeemcproxymcproxy.exeC:PROGRA~1McAfeeVIRUSS~1mcshield.exeC:Program FilesCommon FilesMicrosoft SharedVS7DEBUGmdm.exeC:Program FilesMcAfeeMPFMPFSrv.exeC:Program FilesCDBurnerXPNMSAccessU.exeC:WINDOWSsystem32PnkBstrA.exeC:WINDOWSsystem32PnkBstrB.exeC:WINDOWSsystem32svchost.exeC:WINDOWSsystem32SearchIndexer.exeC:PROGRA~1McAfeeVIRUSS~1mcsysmon.exeC:WINDOWSsystem32ctfmon.exeC:Program FilesTrend MicroHijackThisHijackThis.exeR1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLMSoftwareM... Read more

Answer:Infected with Malware - Redirects my Google Searches - It came back again but now I can't remove it

Hi My name is Extremeboy (or EB for short), and I will be helping you with your log.We apologize for the delay of response. If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs as well as a RootRepeal log and a description of any remaining problems or symptoms you may still have please.If for any reason you did not post a DDS log or RootRepeal log please refer to this page and in step #6 and Step #7 for further instructions on downloading and running DDS & RootRepeal. If you have any problems just let me know in your next reply or simply post a Hijackthis log.For your next reply I would like to see:-The DDS logs---DDS.txt and Attach logs-RootRepeal logs-Description of any remaining problems you may still have.Thanks again and we apologize for the delay.With Regards,Extremeboy

3 more replies
Relevance 54.53%

I, too, recently started seeing redirects from my google searches to www.happili.com. It seems to occur only when I run google searches from Internet Explorer. I (so far) haven't seen the issue when I run google searches from Firefox. I'm running Windows XP professional. eSet's quarantine logs indicate that it detected and supposedly removed a variant of Medfos.F trojan from my system yesterday. But the redirect occurred again today, so I believe there are remnants of the malware on my system. Would be very grateful for any guidance you can give me for removing it from my system.

Thanks!!

Answer:Another Happili redirect virus/malware infected system - how to remove?

Same computer?
http://www.bleepingcomputer.com/forums/topic168645.html/page__p__941045__fromsearch__1#entry941045

4 more replies
Relevance 54.53%

Lately my browser has been unbearably slow. I'm not sure what Malware I have been infected with but I would really appreciate some help. Thank you so much!
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17280  BrowserJavaVersion: 10.67.2
Run by Seth at 20:22:35 on 2014-10-01
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6051.3050 [GMT -4:00]
.
AV: Norton AntiVirus *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton AntiVirus *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\Explorer... Read more

Answer:Infected with unknown Malware, Browser extremely slow, please help me remove it!

Hello shaq237,

Welcome to Bleeping Computer.
My name is fireman4it and I will be helping you with your Malware problem.

Please take note of some guidelines for this fix:
Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
   If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
   Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

   Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  I will be analyzing your log. I will get back to you with instructions. 1.Please download AdwCleaner by Xplode and save to your Desktop.Double click on AdwCleaner.exe to run the tool .Click on the Scan button.AdwCleaner will begin to scan your computer.After the scan has finished...Click on the Clean button.Press OK when asked to clo... Read more

21 more replies
Relevance 54.53%

I received notice that I had an issue and clicked on the button, not realizing I was letting in the malware virus or whatever after that could only do certain things on the web. Google kept redirecting me to an xp page that wanted me to buy the software to fix the problem. My techie friend told me it was a bogus site just wanting your credit card info and pointed me to this site to help get things fixed up.
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Linda Jo Landau at 10:29:59.75 on Thu 05/05/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.907 [GMT -5:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFi... Read more

Answer:Infected with a malware google keeps redirecting to xp virus remove which is bogus

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

3 more replies
Relevance 52.07%

I have viruses/trojans and I don't know what else on my computer. My Task Manager is disabled. I have run Malwarebyte's Anti Malware. I have also run an online Windows Security scan. They both caught and removed some 3000 items together but my computer still does not function properly. I am still locked out of Task Manager. Also my address bar in IE is not existent anymore. In Control Panel I cannot Add/Remove programs. My date is always turning the AM to PM and vice versa. Also Spybot S&D is unable to open. It remains in the bottom tray with a lock icon on it.
Please help. My DDS.txt is as below
DDS (Ver_09-02-01.01) - NTFSx86
Run by Latika G at 23:06:46.71 on Thu 03/05/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.503.88 [GMT -8:00]

AV: eScan Internet Security Home for Windows *On-access scanning disabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\PROGRA~1\eScan\VISTA\avpmapp.exe
C:\PROGRA~1\eScan\TRAYSSER.EXE
C:\Program Files\Common Files... Read more

Answer:I have been infected with trojans and malware that have disabled my task m anager and my control panel add/remove programs amon...

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. Please download Trend Micro - HijackThis. Do a new scan with Trend Micro - HijackThis and post it in your next reply. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instructed to do so! Let me know if any of the links do not work or if any of the tools do not work. Tell me about problems or symptoms that occur during the fix. Do not run any other programs or open any other windows while doing a fix. Ask any questions that you ... Read more

2 more replies
Relevance 52.07%

I tried to remove this program on add and remove program on my computer but it didn't work. What can I do?

Answer:How to remove this form add and remove programs on your comp

Hello pickles3579, what program are you trying to get rid of? What operating system? I am moving this topic to a forum where you will hopefully find some help if you provide more information.

8 more replies
Relevance 47.97%

Yes I have uploaded a Hijack Log and do not know if I have anything that needs to be removed or not. My program Advanced System Care recommended that I look at my OS and make sure everything is in order but I need help doing so. Thanks just send me a reply to I am new to this sort of attack my antivirus is Avast and it has found 20 virus's that are linked to Iobit 360 Security I have uploaded pic of them as well.

Answer:Please let me know if I need to remove any items form my OS.

hi,Sorry for delay, if you still need help please see step #7 about posting a DDS log. here.FYI: Unless you enjoy spam I wouldnt post my E-mail address in a public forum. I deleted it out of your post.

1 more replies
Relevance 47.56%

I have an HDD bug, i used the rkill, then malwarebytes and they both worked, when i reboot though everything comes back, i tried this a couple different times and each time it comes back with the reboot. Im getting a windows no disk error as well.

here are my logs, any help would be appreciated.

DDS (Ver_10-12-12.02) - NTFSx86
Run by DBennett at 0:35:49.07 on Mon 12/13/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.67 [GMT -5:00]

AV: Symantec AntiVirus Corporate Edition *Enabled/Outdated* {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn&#... Read more

Answer:Infected with some form of HDD

Hello and welcome to Bleeping ComputerI'm judicandus and I'll be helping you out.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.Please post a DDS log and Gmer log. For instructions please read this post:http://www.bleepingcomputer.com/forums/topic34773.html

2 more replies
Relevance 47.56%

I have been using Beyond TV 4 to record TV and I would like to know what are some good software that I can use to remove the commercials from the shows without having to use Windows Movie Maker. I record them into MPEG-2 and it finds and breaks up the commercials for me but they are still there. Cheap/free is good and I don?t care if I have to watch the shows in real time just as long as I can delete the commercials. I use XP Pro so I do not have Media Center.

Answer:Remove TV commercials form recorded TV

Number of hits on Google: HERE

1 more replies
Relevance 47.56%

I'm printing on a continuous page and I want to stop the printer from feeding the rest of the page when finished printing. I there a way to remove the form feed in word? or in visual basic by calling a macro?
 

Answer:Remove form feed when printing

If your printer is capable of using continuous sheet paper, and the computer has the correct driver loaded, do you not get the option under page setup for continuous?
 

1 more replies
Relevance 47.56%

Im being attacked by these pop ups coming from rond.starsdoor.com i have seen another guy who have been helped on this matter in another thread: http://www.bleepingcomputer.com/forums/ind...mp;hl=starsdoorunfortunately my log file does not look like the one infected in the thread above, so i cant use the solution in that thread therefore, can anyone help me get rid of the same problem (pop up attacks from rond.starsdoor.com ), by analyzing my hijack this log file and tell me what to do, to get rid of this totally annoying spyware thing.i would like to remove it completely from my systemhere is my log file:****************************Logfile of HijackThis v1.99.1Scan saved at 12:01:51, on 20/04/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeD:\Programs\Adobe Creative Suite\Adobe Version Cue CS2\bin\VersionCueCS2.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXED:\Programs\Norton Ghost\Agent\PQV2iSvc.exeD:\Programs\Adobe Creative Suite\Adobe Version Cue CS2\data\database\bin\mysqld-... Read more

Answer:Help Remove Pop Ups Form Rond Starsdoor.com

Welcome to the BleepingComputer HijackThis Logs and Analysis forum peet2200 Download SDFix and save it to your desktop.http://downloads.andymanchesta.com/RemovalTools/SDFix.zipPlease then reboot your computer into Safe Mode by doing the following :* Restart your computer* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;* Instead of Windows loading as normal, a menu with options should appear;* Select the first option, to run Windows in Safe Mode, then press "Enter".* Choose your usual account.* In Safe Mode, right click the SDFix.zip folder and choose Extract All,* Open the extracted folder and double click RunThis.bat to start the script.* Type Y to begin the script.* It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.* Press any Key and it will restart the PC.* Your system will take longer that normal to restart as the fixtool will be running and removing files.* When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.* Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt into your next reply.* Also post a new Hijackthis log please.

5 more replies
Relevance 47.15%

New PC: Built 31/01/2015
New Windows 8.1 Install
No Internet access yet
Believe it has picked up some malware from my external hardrive.
When I run exes I get this error "Windows cannot "C:\Users\Michael\Desktop\rkill.exe" find make sure you typed the name correctly then try again?"
Managed to get rkill to run in safe mode, here are the results.
 
Rkill 2.7.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html
 
Program started at: 02/01/2015 08:55:03 AM in x64 mode. (Safe Mode)
Windows Version: Windows 8.1 Pro 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * Base Filtering Engine (BFE) is not Running.
   Startup Type set to: Automatic
 
 * DHCP Client (Dhcp) is not Running.
   Startup Type set to: Automatic
 
 * DNS Client (Dnscache) is not Running.
   Startup Type set to: Automatic
 ... Read more

Answer:Seem to have some form of Malware

Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware (MBAM) to your desktop.NOTE. If you already have MBAM 2.0 installed scroll down.Double-click ... Read more

1 more replies
Relevance 47.15%

I keep seeing these three folders pop up in the AppData folder:
 
EmieBrowserModeList
EmieSiteList
EmieUserList
 
When I delete them they reappear when I reboot.  I ran Malwarebytes and McAfee and they both came back clean. I did some research and it recommended I post in a malware removal forum. Is this something you can help me with?
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by Kyle (administrator) on KYLE-ACER on 24-01-2015 02:12:30
Running from C:\Users\Kyle\Desktop
Loaded Profiles: Kyle (Available profiles: Kyle & Administrator)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Windows\SysWOW64\ASGT.exe
(Qualcomm Atheros Commnucatio... Read more

Answer:I think I have some form of malware.

Hey, What's with the Addition Log?

19 more replies
Relevance 47.15%

Hello, as stated in the description I recently got infected with some malware/adware that redirects my search results to http://www.bestwebsearch.net/index.php?sea...mp;x=38&y=3, the redirects that. It also opens up false web-pages In IE and I do not even use IE much less open it!Help is much appreciated!Opens this page in IE as wellhttp://samebleepasiteverwas.com/traf/tds/default.cgialso in the scans nothing popped up, I use norton 360DDS (Ver_09-05-14.01) - NTFSx86 Run by Anthony at 14:40:22.83 on Mon 06/01/2009Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_13Microsoft? Windows Vista??? Home Premium 6.0.6001.1.1252.1.1033.18.2038.978 [GMT -5:00]SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\taskeng.exeC:\Windows\System32\spoolsv.exeC:\... Read more

Answer:Infected with some form of Adware

Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this post a fresh dds.txt log, please.

2 more replies
Relevance 47.15%

My Laptop was on home while I was at work and when I tried to log to my Laptop via "Team Viewer" I found my browser open and the "PayPal" website, but there was no information to log in 'cuz I just changed my OS. But I used "LastActivityView" software and "Event Viewer" and I found that there was an action on my lap top in my work hours and no one home to do such thing.
Plz help me what should I do, Thx.

Answer:My Laptop act form itself "Am I infected?"

Hi to BleepingComputer
 
It seems you are a victim of the latest Security problem affecting TeamViewer that isn't exactly clear what happen.
 
 
There is a guide here about what you should do to secure your TeamViewer access.

0 more replies
Relevance 47.15%

One of my lovely children clicked something they should not have and I seem to have what looks to be a virtumonde popup hijack going on. If browsing with IE, various ads will pop up with the nasty little Antivirus 2009 being prominent. I see some stuff in my HiJackThis log that looks funny, but when I try to delete those entries, they pop right back. Here is my log;Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:07:20 PM, on 12/29/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\D-Link\D-Link RangeBooster N DWA-542\acs.exeC:\WINDOWS\arservice.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\McAfee\SiteAdvisor\McSACore.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\program files\common files\mcafee\mna\mcnasvc.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\PROGRA~1... Read more

Answer:Infected with some form of Virtumonde

Please download Malwarebytes' Anti-Malware from HERE or HERENote: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.NEXTPlease download RSIT by random/random and save it to your Desktop.Double click on RSIT.exe to run RSITBefore you click "Continue", make sure you change the List files/folders created or modified in the last 3 monthsClick Continue at the disclaimer screen.Once it has finished, two lo... Read more

2 more replies
Relevance 47.15%

My PC is infected. I wasn't using any antivirus. Now then I tried to install antivirus software. But after installing the software it's not working. If there any link from where I can scan my PC and remove the virus?

Answer:Scan and remove virus in my PC form online

Try this online virus scan & removal utility from ESET: http://www.eset.com/us/online-scanner/When your system is clean, install a good antivirus software immediately & never run your PC without one again!

4 more replies
Relevance 47.15%

HELP! I received a message about possible malware & it said to quarantine it until I decide what to do, so I did. Now I realize this is a program I WANT. I can not seem to find where the quarantine file is so that I can remove this item from quarantine. How do I find the avg quarantine file & remove this item from quarantine? PLEASE answer ASAP as I now realize this is a file I need to use right away, I just didn't recognize the file at the time!
Thanks so very much!!!!
 

More replies
Relevance 47.15%

rundll32.exe uses huge ram quantity . Can I safely remove it from my pc. There seems to be conflicting arguments on this issue?
 

Answer:rundll32.exe.. can I safely remove it form windows 7?

No. Leave it alone. Are you having some specific problem with your system? If not, don't worry about how much ram a process uses.

2 more replies
Relevance 47.15%

when i was transferring some data from a pen drive to my laptop (vista) i saw shortcuts to all the folders and when in reopen pendrive all my folders were missing so i searched the internet and i gotsome information of how to restiore the folders and i got them back but my c\\ drive and d\\ drive are infected (recycler.ini) so how to get rid of this kindly help me out..

Answer:how to remove shortcut virus form vista

Run some antivirus program. Get Security essentials at least. 1/3 of highway deaths are caused by drunks. The rest are by people who can't drive any better than a drunk.

2 more replies
Relevance 47.15%

I recently downloaded Kakaa, but was not happy with the adverts/pop ups and response time, so I uninstalled it. However there are still 3 entries shown in msconfig startup that relate to the programme. I have unmarked them so that they do not load at start up but is there a way to remove them completely, to tidy up the file?

Answer:Remove items form msconfig startup.

click here this will help, you will also be glad you have uninstalled Kazaa it is as much spyware as you can handle, good luck

5 more replies
Relevance 47.15%

This msg appear "the item "bauuwo.scr" that this shortcut refers to has been changed or moved, so this shortcut will no longer work properly" when trying to open a foldder in my pendrive

Answer:how to remove bauuwo.scr form folders which hav bn blocked

Right-click & delete the shortcut it's referring to.

3 more replies
Relevance 47.15%

when I try to uninstall RegClean Pro in Programs and Features, I get the message "Messages file "C:\Program Files\ReGClean Pro\ unins000.msg' is missing. Please correct the problem or obtain a new copy of the program." I have tried removing the dll files from the registry using the command line, but have gottene rror messages form this as well.
 

Answer:Cannot remove RegClean Pro form Windows Vista

Try the free Revo Uninstaller.
I wonder if RegClean Pro was stupid enough to delete its own files?!?

You should definitely avoid Registry Cleaners, Boosters, Optimizers, TuneUp Utilities... This type of software will do a lot more harm than good. Most members coming here with WEIRD symptoms had their computer messed up by malware and/or registry cleaners. There have been reports from members saying registry cleaners had fixed a specific problem with their computer. Although it might be possible in some cases, legitimate files still in use will be deleted in the process, crippling some programs and Windows applications beyond repair.

Keep in mind that they will always find "errors" to fix, even on a fresh Windows install! In itself, this should be enough to convince non-believers...

Why I Don’t Use Registry Cleaners

Registry Cleaners and System Tweaking Tools

Do I Need a Windows Registry Cleaner?

http://www.bleepingcomputer.com/forums/topic347491.html/page__p__1932993

http://forums.techguy.org/windows-xp/997274-registry-got-messed-up-advanced.html
 

2 more replies
Relevance 47.15%

I got a Compaq Presario 7000 from my Father In Law and need to remove a dvd drive form the drive bay. I'll be carned if I can figure it out. I'm use to the type you just screw into the bay area. This has some sort of plastic slides that go into slots in the bay. But I can not see how they come out and I"m afraid I'll break something. I've tried searching online but with no luck. Please help!!
 

Answer:How do I remove dvd drive form presario 7000?

I did a search on HP's site, hoping to peek at a manual. I have 110 products when I typed in Presario 7000. Do you have more identifying information?
There are SV700 desktops, S7000 desktops, 7EL7000T desktops, 7000 desktops with names like 7AP or 7EL or 7PL or 7PLK or 7PLM or 7QS or 7RPK, or 7RPM there is one in this list that is a plain old 7000US.
I'll try that one first.
okay I can't download the manual, only Adoe Acrobeat Reader, which I do not want!

I'm sending some feedback to HP. I owned 2 HP computers, 3 printers and a camera and I resent being forced to use Adobe Reader if I chose not to. {end of rant}
 

3 more replies
Relevance 47.15%

I am running XPpro Sp2 and I have a microphone icon displayed in the tray and can not remove it.

The icon appeared after I had to do a system restore this morning.... I have right-clicked the icon and tried closing the 'language bar' but can not remove the icon.

Any asisstance would be appreciated!

Answer:Trying to Remove Microphone ICon form tray

If you go to Start>Run and type msconfig /ok - you should be able to find the program associated with the microphone icon and disable it from starting up and showing on the toolbar.

Peter

3 more replies
Relevance 46.74%

GMER & Combofix blue screens of deaths (yes i know realized i should not have done this)

TDSS finds nothing.

Computer runs fairly well, but randomly crashes sometimes. Avira finds a trojan daily in the system restore (not sure how to safely remove this)

any help would be great. Thank you.

Answer:Some form of malware/ seems undetectable

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue. Don't worry about the GMER log.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

3 more replies
Relevance 46.74%

I appear to have the typical redirect virus, although this one appears to be very subtle. I can use google search with no problems, and I am redirected only occasionally to websites such as "askthecrew.net" and some search engine called "sour". Nonetheless, I am being redirected by something and want it gone for obvious security reasons. Mostly hits me on Tumblr.com, but I'm fairly sure that's just because I'm on there often.

I have windows 7 64 bit, and have attempted to use malwarebytes, Microsoft sec. essentials, AVG, and Ad-Aware. None have been successful.
I'll post logs of whatever you want, just tell me.

Thanks for whatever help you guys can provide.

Answer:Some form of Redirect Malware

Hello diesmiley and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Admin... Read more

19 more replies
Relevance 46.74%

Hey guys, hate to ask for help on my first post, but kinda in a bind here. My computer is running fine from what I can tell, but I was going to do a hijackthis log but it would only load, start the scan, and then crash and seemingly uninstall. I figured this might have been a configuration issue with my computer, so i tried using malwarebytes, runscanner, and rsit. All with the same result. AVG, ccleaner, avira, and avast work fine though, but don't come up with anything.Kinda at a loss here as to what might be causing this...hoping you guys could help.Thanks, WillEDIT: I was able to get a combofix log done thanks to some help on another forum..here's that if it helps.ComboFix 09-09-22.02 - Administrator 09/22/2009 20:22.1.4 - NTFSx86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2736 [GMT -4:00]Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exeAV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}AV: avast! antivirus 4.8.1351 [VPS 090922-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).C:\HijackThis.exec:\program files\driverc:\windows\msa.exec:\windows\msb.exeInfected copy of c:&... Read more

Answer:Pretty sure I have some form of malware...

ComboFix logs should not to be posted or discussed outside the HijackThis forums. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.Please create a new topic in the Am I Infected forum.http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/Explain the nature of your problem. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.If needed, we will direct you to our HJT Preparation Guide.This topic is now closed. The BC Staff

1 more replies
Relevance 46.74%

In a moment of sheer stupidity, I managed to get a variant of the Windows Antispyware infection. I'm not quite sure exactly which one it was. The filename a random string of letters, and both Avira and Antimalware failed to spot it. When I Googled the filenames, I got absolutely no hits. Luckily, it wasn't very aggressive (would lock down programs after startup and start the warning popups, but I managed to get Task Manager up before it loaded and stopped the process), so I was able to remove (or at least stop it) it myself rather easily. However, now I'm not sure that my system is fully clean. I'm afraid there's some lingering malware. Would anyone be willing to take a look at my logs to help make sure? My System Restore was also disabled by group policy (despite being on Windows XP Home), so if anyone could pass along some instructions for how to reenable that, I would also be grateful. Thank you guys so much for all your help!DDS (Ver_10-03-17.01) - NTFSx86 Run by Lauren at 1:45:47.81 on Mon 05/24/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.577 [GMT -5:00]AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svcho... Read more

Answer:Infected with some form of Windows Antispyware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

2 more replies
Relevance 46.74%

Logfile of HijackThis v1.99.1Scan saved at 1:08:42 AM, on 9/10/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5700.0006)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\PCODEC\isamonitor.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\PROGRA~1\mcafee.com\agent\mcagent.exeC:\Program Files\McAfee.com\VSO\mcvsshld.exeC:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exec:\progra~1\mcafee.com\vso\mcvsescn.exeC:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exeC:\Program Files\McAfee.com\VSO\oasclnt.exeC:\PROGRA~1\mcafee.com\mps\mscifapp.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exeC:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\WINDOWS\... Read more

Answer:Infected With A Trojan That Comes Form Isamini.exe

Hi adaletaDownload SmitfraudFix (by S!Ri) to your Desktop.http://siri.urz.free.fr/Fix/SmitfraudFix.zipExtract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.Open the SmitfraudFix folder and double-click smitfraudfix.cmdSelect option #1 - Search by typing 1 and press EnterThis program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.IMPORTANT: Do NOT run any other options until you are asked to do so!

2 more replies
Relevance 46.74%

Dear TSG

I think I've been infected by a form of WinAd.exe. I've been getting advertisements when I don't even have Internet Explorer open. The adds are completely random going from poker advertisements to "This is the fart button.". Please Help!. Included are the processes running I found using Highjackthis. I've also tried using adaware SE and Spybot but somehow the spyware keeps reinstalling itself. It came along with an MSN Messenger virus that I have now gotten rid of by reinstalling the product. Anyways, any advice or help would be appreciated. PS. I also find it hard to type, is this because of the virus.?

Logfile of HijackThis v1.99.1
Scan saved at 7:47:46 PM, on 11/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Microsoft Shared\Media Manager\airsvcu.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\services.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Dell\Support\Alert... Read more

Answer:Solved: HELP I think I've been infected by a form of WinAd.exe

12 more replies
Relevance 46.74%

Hello everyone!

I am quite a newbie, and I am aware that previous posts regarding Antivirus2008 exist here, however I havent found anything related to the version I apparently have.

I have Windows XP Home.

My main problem in getting rid of it through the steps details out there, is that it has blocked and deleted every access for me to remove it or kill the process, since

a) It deleted the access to my C: drive
b) It deleted the Start menu access to the Control Panel
c) It deleted the Start menu access to Run
d) It blocks my Task manager
e) It apparently blocks me from installing Ad-Aware (upon install I get a message saying the process has been blocked from the Manager)

and all of this in my Safe Mode with Networking enabled. I even had a software for removing SmitFraud, but when opening it now it has got my computer stuck.

Any ideas how to start dealing with this horrible bug?


Kind regards from Chile
Germán
 

Answer:[Infected] Antivirus2008 Pro [Aggressive form]

Welcome to Major Geeks!

Please follow the instructions in the below link and attach the requested logs when you finish these instructions. If something does not run, write down the info to explain to us later but keep on going. Do not assume that because one step does not work that they all will not.

READ & RUN ME FIRST. Malware Removal Guide
 

5 more replies
Relevance 46.33%

I have some weird kind of spyware that will not go away. Here is what I have done to try and remove it: Killed its process (asct.exe) Killed recycled the .exe file when it was not in use. I have put it in system mechanics incinerator, and it comes right back. I have quarantined it with norton and it comes right back. It is undetected by spywaredoctor, norton antivirus, and adaware. I have changed its code and given it write protection. It comes right back. I have made a dummy file of it with write protection. It came right back!! I cannot kill it! Here is a "hijackthis" readout:

Note: This was after I killed its process, so it didnt show up in the readout

Logfile of HijackThis v1.99.1
Scan saved at 7:41:45 PM, on 11/1/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program... Read more

Answer:Solved: Strange form of replicating spyware! Cannot remove!

16 more replies
Relevance 46.33%

Was wondering if the Mail App removes messages from the server after retrieving [email protected]
Is there a setting for this?

I have 2 email accounts: Roadrunner and Gmail.

Thanks,
James

Answer:Does the Mail App Remove Messages form Server After Retrieving?

It's not a sophisticated program.

Please see discussion here - I don't use it - so hopefully others will contribute from their experience.
windows 10 mail - delete email from server - Microsoft Community

0 more replies
Relevance 46.33%

Hello,

I have recently tried using a oldlatop that was given to me. The first sign of problems, was the laptop unbootable boot volume. I manage to use the recovery option in a xp installtion disk to fix it. Once i boot into the system, the computer was very very sluggish. Startup would take extremly long time. At first i merely attributed this to the bloatware and crappy processor. Then I installed various antispyware and antiviruses programs. Lo and behold,avast caught about 30 malware objects with a boot scan. Malwarebytes caught an additional 3. Superantispyware caught another 3 infections. Lastly Avira caught 2 infections. At this rate. I know that there are still malware on my laptop, which may be regenerating itself, or be stealthed. Anyway if you want these logs, feel free to ask. Thank so much for reading this and here is my hijack this log at the bottom of this post.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:01:07 PM, on 6/2/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:... Read more

Answer:Severe infestation of various form of malware

6 more replies
Relevance 46.33%

If you know about security in website and computer then tell me how to secure Website from Malware Attack. And what is the role of Google Webmaster in security purpose?
 

More replies
Relevance 46.33%

Hey Bleeping Computer,

I am running Windows 7 Home Premium, 64bit.
Someone logged into a few of my game accounts last night while I was sleeping which in turn got my accounts locked. The games were World of Warcraft, Guild Wars 2 and Star Wars: The Old Republic. I received emails stating that unauthorized persons logged into all 3 accounts. And each account has a different Email and Password. I am not sure if they logged into any of my other emails or anything since I haven't received any warnings from anyone.

My computer has been running well, but for the past week or so my browsers have been a little slower than usual. I use Mozilla mostly, but I tested IE as well and it was slow too. Also, every 20 minutes or so, my desktop icons refresh, and if I'm on a webpage, it does the same. I'm not sure how to word it exactly, it doesn't actually "Refresh as in F5" but it (blips)or reloads if that makes any sense.
When I woke up and found out my accounts were logged into from elsewhere, I immediately ran an Avast(Free) full scan, followed by a boot scan and the results came up clean. I then ran Spybot S&D, and again, the results came up clean. After that I ran Malwarebytes(Pro) and they came up clean as well. Then I ran all 3 in safe mode but got the same clean results.

I generally keep my computer pretty well maintained since I play a lot of games. Which includes defragging every night before I shut it off, running Avast and Spybot once... Read more

More replies
Relevance 46.33%

I went to dictionary.com of all places and the classic virus scan popped up. I reacted slowly and I had part of the virus transmitted onto my computer. I went through the steps I used in the past. Rkill, Hijackthis, Mbam and even combofix. The problem is that Mbam and Combofix wont even open. I don't have the annoying pop ups or anything of that nature. I do have minor browser hijacking.

How do I get Mbam to work? I have never used Combofix but I was willing to give it a shot to fix the comp, but that didn't work. All my attempts were from the networking windows safe mode.

---

I stumbled on to a post that recommended using TDSSKiller. I tried it and now Malwarebytes is working. I will keep you all updated on this.

---

TDSKiller removed one threat and one possible threat. I skimmed Malwarebytes over my PC and it managed to remove a trojan. I am currently applying an in depth scan to my PC. Is there anything else I should consider doing in order to make certain I managed to get everything?

Answer:Need help ASAP. My computer is infected with a mutant form of AV

Hello,Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Orange Blossom

1 more replies
Relevance 46.33%

Hello, last week I did a deeply scan in my PC. I get two messages that make me feel uncomfortable...

from HAXFIX log:

"checking for matching services
matching services found
aspi 32"

from GetRunKey log:

"Looking for forms of Trojan.Haxdoor
------------------------------------------------------------------------
Haxdoor Trojan, pptp form found!

"DriverDesc"="Minipuerto WAN (PPTP)"
"Minipuerto WAN (PPTP)"=hex(7):31,00,00,00,00,00
"DeviceDesc"="Minipuerto WAN (PPTP)"
"DisplayName"="Minipuerto WAN (PPTP)"
"Description"="Minipuerto WAN (PPTP)"
"DriverDesc"="Minipuerto WAN (PPTP)"
"Minipuerto WAN (PPTP)"=hex(7):31,00,00,00,00,00
"DeviceDesc"="Minipuerto WAN (PPTP)"
"DisplayName"="Minipuerto WAN (PPTP)"
"Description"="Minipuerto WAN (PPTP)"
"DriverDesc"="Minipuerto WAN (PPTP)"
"Minipuerto WAN (PPTP)"=hex(7):31,00,00,00,00,00
"DeviceDesc"="Minipuerto WAN (PPTP)"
"DisplayName"="Minipuerto WAN (PPTP)"
"Description"="Minipuerto WAN (PPTP)"

I tried to fix the "problem" using Haxfix (step 1 firts, then 2 auto fix and also 3, manual fix, but couldn't include pptp key, haxfix doesn't accept it, and says ... Read more

Answer:Is my PC infected with a haxdoor form pptp trojan?

Welcome to Major Geeks!

The info from GetRunKey is false. GetRunKey was written for English based Windows PCs and did not recognize the format for your PPTP text formatting.

I doubt you have a Haxdoor infection.

If you really want to continue to check your PC for malware, you will have to follow the directions in the READ & RUN ME properly and completely.
You are using MSconfig to control startups and was requested that you not do this in step 0 of the READ ME.
You did not do step 2 of the READ ME.
You did not install and rename HijackThis as requested in step 7.
And you did not attach the other 3 requested logs from the READ ME
CounterSpy
BitDefender Online Scan
PandaActiveScan

I do suggest that you delete the below three files:

Code:

"C:\WINDOWS\system32\"
lap20n~1.dll 9 May 2007 18909 "lap20nh3l4dkszi4a.dll"
qke3ki~1.dll 9 May 2007 3521 "qke3kixfeflkszi4a.dll"
xkh1ud~1.dll 9 May 2007 28613 "xkh1udoe84fkszi4a.dll"

 

12 more replies
Relevance 45.92%

Hi

I am trying to make a simple form. Everything is going fine in terms of functionality, layout, and design. My problem is that part of my form requires whoever is filling it out to type in a large body of text (3-5 sentences). The default grey background is alright when there is a zipcode or first name but on a paragraph it is really distracting. Is there a way to turn off the grey background? If you need more information just ask.
 

Answer:Is there a way to remove the grey background to form fields in Word 2003.

While I now use Word 2007, which has the command in a different place, in your case (and my memory) it is under Word - Tools - Options.

Look for a check box for field shading and uncheck it.

And Welcome to TSG!
 

2 more replies
Relevance 45.92%

i am fairly certain i have a form of virus and/or malware. i am being redirected to gambling sites, internet explorer is showing up in processes without my starting it and the computer has, in general, slowed down. i have used bitdefender and malwarebytes with hitman pro as a secondary detector. some malware and viruses were removed and the problem lessened slightly but it is still present. below i will post my hijack this and DDS logs. attached is the DDS attach.txt file. as i am running a 64 bit system there is no ark file. i would appreciate any help which may be given.

hijack this------------------------------------------

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:42:01 AM, on 11/11/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\CrossriderWebApps\Crossrider.exe
C:\Program Files (x86)\FlashGet Network\FlashGet 3\Flashget3.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Razer\Copperhead\razerhid.exe
C:\Program Files (x86)\Razer\Copperhead\razertra.exe
C:\Program Files (x86)\Razer\Copperhead\razerofa.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Pr... Read more

Answer:unidentified and hard to remove virus/malwarei am fairly certain i have a form of vir

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

One or more of the identified infections is a backdoor trojan/rootkit.

This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Please refer to Microsoft's Online Safety article for tips on creating a strong password.

Do not change passwords or do any transactions from the infected computer until it has been cleaned.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follo... Read more

5 more replies
Relevance 45.92%

Hi,

This is probably the most googled question abotu Toshiba laptops, but I can't get a straight answer so I thought I would come to a forum. I've got a brand new Toshiba Satellite P870 and the start-up is quite slow, and the general performance of the computer could be better.
From the list of pre-installed stuff below, I'd like to know if it would A) make any difference to performance/speed and B) whether I should actually delete them

Programs:

Toshiba Assist
Toshiba Config Free
Toshiba Disc Creator
Toshiba Eco utility
Toshiba Face Recognition
Toshiba Hardware Setup
Toshiba hDD protection
Toshiba HDD/SSd Alert
Toshiba Media controller
Toshiba Media controller plug in
Toshiba PC health Monitor
toshiba peak shift Control
Toshiba Recovery media Creator
Toshiba ReelTime
Toshiba Remote Control manager
Toshiba Resolution and Plug In for Windows Media Player
Toshiba Service Station
Toshiba Speech Systems Applciations
Toshiba Speech system SR Engine (US) version 1.0
Toshiba Speech System TTs Engine (US) version 1.0
Toshiba Supervisor password
Toshiba Value Added Package

I haven't really encountered/used any of these yet and want to know which are worth keeping around, and which I can straight out delete.

any advice would be greatly appreciated, however I have tried the Decrapifyer program and it didn't really help much.

Answer:Which Pre-installed Toshiba programs are safe to remove form my laptop?

Hi and welcome to our community.

If this is most googled question I really hope we will find final answer here. ;)
At first I must say that every one of us has maybe different opinion about all this. Some of us want to use some certain tool and some of us don?t like some of them so it is not possible to give precise answer to your question.
Anyway I will start with my personal opinion but at first some general information. Toshiba recovery image contains many Toshiba specific tools and utilities and some additional software. Toshiba specific tools and utilities are designed to help user with full notebook control and also help notebook owner to get some useful information about updates.

I repeat again, what I will write here is my personal opinion and I just want to describe what I do.
After clean OS installation I remove from the system
Tempro, Toshiba ReelTime, Toshiba Service Station and some other things like links for eBay or additional stuff that is completly useless for me.
Listed Toshiba specific tools are OK but I don?t need them. They start with notebook and sow down the start-up. Tempro and Toshiba Service Station are monitoring tools and inform you about new BIOS or drivers updates. As I wrote it is very nice but if the system works perfectly don?t change anything.

I will go trough your list and write short comment for each listed program.
-Toshiba Assist ? very usefull tool where you can find shortcuts for all Toshiba important tools and utilities... Read more

3 more replies
Relevance 45.92%

Help still needed very badly,After finally eliminating AV Security Suite I still have problems with the computer Freezing, Hanging when opening normal programs, Extreme Scrolling problems, Removing programs, Getting online and a lot of other headaches that didn't exist before. I have enclosed both DDS Logs and the GMER or ark.txt as it was instructed. I couldn't get my WinZip program to rezip the file for posting, it froze. I hope they are the correct log files. I also really hope they will allow someone to help me get my computer working again. Thanks to all again. Sincerely,TQUADDDS (Ver_09-02-01.01) - NTFSx86 Run by TOM at 16:13:50.85 on Sat 02/21/2009Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_03Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.218 [GMT -6:00]AV: CA Anti-Virus *On-access scanning enabled* (Updated)============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Seagate\Schedule2\schedul2.exeC:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exeC:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exeC:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exeC:\WINDOWS\system32\nvsvc32.... Read more

Answer:Malware Removal Request Form Per Instructed

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 45.92%

Our system seemed to act strangely beginning in early March. We use ZoneAlarm firewall and it seemed to auotmatically lock on occasion upon log-in, requiring a manual "un-lock" before the internet could be used. I was suspicious there was something trying to get in or out that ZoneAlarm was "catching" and locking the firewall.

To try to detect the problem, I downloaded the latest version of "MalwareBytes" and ran a scan. It found a few issues and I chose to quarantine a few of them, but not all as some looked legitimate to me.

Upon re-booting the next time, everything went bad. A pop-up came up with the windows installer and then it said it was trying to install HPPhotosmartEssential. The system became very sluggish and the hard drive was constantly being accessed. After numerous "Cancels" to the install, it finally stopped trying to install. However, the hard drive continued to be accessed non-stop and the system was very slow. I became very concerned something was going on in the background so I shut the system down.

I tried to re-boot in safe mode and it would not boot, it either hung or gave a disk error suggesting c:\windows\system32\wbem was corrupt or unreadable and chkdsk should be run. I immediately felt I needed to do a system restore back a couple of weeks to clear off the issues. Upon trying to run the restore I received a message that the application failed to start because framedyn.dll was not found and that re-... Read more

More replies
Relevance 45.92%

When I first fire up my computer, the following message pops up as Windows starts:

Microsoft Networking
The following error occurred while loading protocol number 0.
Error 38: The computer name you specified is already in use on the network. To specify a different name, double-click the Network icon in Control Panel.

I'm sure others have experienced this. I am not on a network, and this has happened for the last couple of days. I am running 98SE (I know...way past time to upgrade.) My Hijack log follows. I appreciate any help. Thanks.

Logfile of HijackThis v1.99.1
Scan saved at 7:18:41 AM, on 1/9/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\STARTER.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\MY DOCUMENTS\HIJACK\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.ajc.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ajc.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.ajc.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.ajc.com
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO... Read more

Answer:Error message - Is this some form of malware at work?

hi there,

Did you run this scan from safe mode as there isn't much in the log?

I don't see anything in your log, have you gort an anti virus programme? if not download anti vir from below?
Anti-vir

http://www.free-av.com/
you don't appear to have a firewall, even if you have a router you still need
a software frewall, downlaod the one from the link below!

Filseclab Personal Firewall Professional Edition

http://www.filseclab.com/eng/download/downloads.htm

http://www.wilderssecurity.com/showthread.php?t=92710

you have spysweeper, update it and runn ascan from that post it's log if it finds anything?
go to this site and download these tools and once you get both
adaware Se 1.6 and spybot, update both of them.

Set adaware to do a full system scan and deselect, "search for neglible risk
entries". Click next to start the scan. Delete everything adaware finds.

reboot and now run spybot

Spybot: Search and destroy.

Delete what spybot finds marked in red. After updating spybot hit the
immunize button.

reboot again
With CWshredder close all browsers and programmes and select the FIX button.
All tools can be downloaded at the link below and found on that page!

. Trend micro CWShredder
. SpyBot search and destroy
. AdAware SE personal
http://www.majorgeeks.com/downloads31.html

*Download Cleanup from Here

http://www.stevengould.org/software/cleanup/download.html

* A window will open and choose SAVE, then DESKTOP as the destin... Read more

3 more replies
Relevance 45.92%

Hello.

Im new here, I have been looking for information about 2 applications called "Home Cloud" and "Form1".
When I go to my Alt+TAB menu I can see these applications there, but I cant acces them.
Also in my Task Manager I can see both applications.
I dont know why there are running and how work these applications.
It could be something normal but since im a noob in this things I cant tell if they are not a malware or not.

Can anyone explain me what are these applications for and why their are in my PC?
Can I remove it both or they are some kind of essentials for my PC?

I got a capture of my Alt+TAB menu:
Selected one is Home Cloud, the one on the rigth is Form1.

Regards and thanks.
 

Answer:Home Cloud + Form 1, Malware? Virus?

I'm moving this to appropriate forum.
 

1 more replies
Relevance 45.51%

I have inadvertently allowed a malware that creates infinite popups and has hijacked my web browser. I am continuously redirected to their website offering to sell me a virus protection program.My son directed me to open in 'safe' mode and contact BleepingComputer. He thinks you can help someone as old as I am!I would appreciate any assistance, I have tried to follow your guide to complete the scans, etc. before posting for help.Thanks,Lynne

Answer:Malware in the form of popups claiming a virus infection

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

6 more replies
Relevance 45.51%

Ok, I'm a graphic artist, and use my computer for my work, but other than that, i'm pretty much "out of the loop" on terms, virus names etc...

so a short while ago i switched from firefox, to google chrome. to see what it was like. and while i love the browser, i seem to have acquired some form of virus or malware while using it.

does anybody have any idea firstly, how to get rid of it? because every time Avast says it's been deleted, i'll get a message about 10 minutes later saying "it's back loser" (not those words exactly, but i feel my machine is mocking me...)

and secondly, whether chrome actually has massive security risks? or if it's just coincidence that i've gotten this stuff while using it.

here is the HJT log:
Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:53:40, on 20/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program File... Read more

More replies
Relevance 45.51%

 

by Dan Goodin
Microsoft developers have fortified Internet Explorer with new protections designed to prevent a type of attack commonly used to surreptitiously install malware on end-user computers.
The "isolated heap for DOM objects" made its debut with last week's Patch Tuesday. Just as airbags lower the chance of critical injuries in automobile accidents, the new IE protection is designed to significantly lessen the damage attackers can do when exploiting so-called use-after-free flaws in the browser code. As the name suggests, use-after-free bugs are the result of code errors that reference computer memory objects after they have already been purged, or freed, from the operating system heap. Attackers can exploit them by refilling the improperly freed space with malicious code that logs passwords, makes computers part of a botnet, or carries out other nefarious behavior.
Source

More replies
Relevance 45.51%

OK I've followed all the steps in the 5-step process. Here's the problem, when I'm typing or even just scrolling in the current window of IE it will de-highlight and become inactive. Sort of like what happens when you get a pop-up but I'm not seeing the pop-ups. Here are my logs. First Active Scan:

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-05-29 16:51:17
PROTECTIONS: 1
MALWARE: 76
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Symantec AntiVirus Corporate Edition 10.1.0.394 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================... Read more

Answer:[SOLVED] Current window keeps de-activating...some form or spy/malware?

Welcome to TSF.

I don't recommend using file sharing programs like Limewire as they can contribute to malware infections.

Please print the below instructions or copy them to Notepad. Make sure to work through the fixes in the order mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Download ATF Cleaner at http://www.atribune.org/ccount/click.php?id=1
Double-click ATF-Cleaner.exe to run the program. Under Main choose Select All
Click the Empty Selected button.

If you use the Firefox browser click Firefox at the top and choose Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use the Opera browser click 'Opera' at the top and choose 'Select All'
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

O2 - BHO: (no name) - {1530C3A4-CA76-4F11-B091-C3B77565A91B} - C:\Program Files\ComPlus Applications\fojeru66225.dll
O2 - BHO: BeSideit IE Helper - {83C35173-E029-42f1-9692-0341EE379A0D} - C:\Program Files\QdrDrive\QdrDrive16.dll (file missing)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "... Read more

7 more replies
Relevance 44.28%

Computer has virus/worm on it that I am unable to remove. Scanned with # of malware scanners. Only Zemana identified launchpad.org. But after quarantine, it still remained. Then ran Adwcleaner, which identified a number of possible problems. Quarantined those and then ran Hijackthis, which found many other possible issues. I saved the log files from all three. I need help in getting these off my computer.

Answer:How to remove virus that malware scanners fail to remove

Forget HijackThis it is too outdated to be of any use and doesn't understand the locations for Windows 10. DO NOT remove anything it reports or you might wreck the system.Run the ADWCleaner Clean then run these two:Junkware Removal Tool (JRT)https://www.malwarebytes.org/junkwa...(blue Download button).Download and "Save" the file somewhere. Go to the saved file then double click it to run JRT. It might appear to have stopped at times or flash the screen but sit tight until it has finished.MalwareBytes:https://www.malwarebytes.org/(use the "Free Download" button rather than the "Buy Now" button).After the install go to "Settings > Protection". Under Scan Options move the "Scan for rootkits" slider over to On and Run the Threat Scan. Quarantine anything it finds. If anything is found please copy/paste the logs on here.Always pop back and let us know the outcome - thanksmessage edited by Derek

3 more replies
Relevance 43.87%

Hi, I'm suddenly having a lot of trouble with malware. My computer seemed to be running okay but I ran Malwarebytes as I occasionally do, and it picked up a fair amount of malware on my system. I deleted it and rebooted, but that's when my problems really began. Upon restarting, my internet connection has become almost unusable. It's extremely slow and generally I can't even open a page that I want after trying to refresh several times. Oddly though, google is working perfectly and a few other sites seem to work too, including this one. I've tried running MBAM again and again, each time it picks up more malware and I remove it, then reboot and the cycle renews. I can't seem to get rid of all of it, every time I scan my system there's just more of it. I've tried ComboFix but it doesn't seem to have done anything. One persistent thing seems to be photo_id.exe, I've got a few messages from MBAM saying it can't be removed and I need to reboot. Also, I've noticed that if I'm trying to reach a webpage, although it won't load there seems to be some redirecting, for example I just tried to reach a wikipedia page and it says &quot;The server at topsearchfeed.com is taking too long to respond&quot; For some reason I can't bloody format this properly no matter how hard I try, so here's an attached HJT log:
 

Answer:Malware removal attempt led to unusable internet, still can't remove all malware

problem has become more serious, now my mother has told me that the internet on her laptop is also extremely slow and essentially unusable, I'm worried that something from my computer has got on to hers via the wireless network we're both connected to. Somebody please help me
 

2 more replies
Relevance 43.87%

Gud day to everyone,

My computer having some malware activity, i have used adware 2008, spyware removal tool, norton anti-virus and other removal tool, but still those malware cannot be deleted.. My Computer icon could not display its properties, instead it appears like a file when you see its properties. It also disabled TCP/IP that why until now i cannot connect to the internet.. I don't have WindowsXP SP2 cd for repair..

Please help me as soon as possible, because it is a server..

Answer:Urgent! My XP SP2 have malware activity!.. cannot remove using malware removal tool

Hello frozenfire03, Welcome to TSF!

I recommend that you read this article… "Having problems with spyware and pop-ups? - First Steps"; follow the instructions very carefully; then, post all the requested logs and information; as instructed, in the HiJackThis Log Help Forum.
(Simply, click on the coloured links to be re-directed.)

Please ensure that you create a new thread in the HiJackThis Log Help Forum; not back here in this one.

When carrying out The 5 Steps, if you cannot complete any of them for whatever reason, just continue on with the next one until they are all completed.
However,it is extremely important to make mention of the fact that you could not complete any of the steps in your post to The HJT Help Forum; where an Analyst will assist you with other workarounds.

Once done, please be patient, as the Security Team Analysts are usually very busy; one of them will answer your request as soon as they can.

Good Luck with it.

Kind Regards,

7 more replies
Relevance 43.87%

Hi. There is something going on with my computer, can't get on internet and many pop up messages, and I have tried to run MBAm. When I click on "Remove Selected" it starts doing the removal but then a box pops up with "Malwarebytes Anti-Malware has encountered a problem and needs to close." There are three boxes to choose to click on...Debug, Send Error Report, or Don't Send. When I click on Debug I get a new pop up box with "DrWatson Postmortem Debugger has encountered a problem and needs to close". Same three boxes to choose to click. I click on Debug and then get a pop up box with "Microsoft Visual C++ Runtime Library. Runtime error. Program:C:\Windows\System32\svchost.exe.

I have multiple pop up boxes coming up when I just log on:

dsca.exe-Application error

27578134.exe has encountered a problem

Sysfader:IEXPLORE.EXE-application error. Instruction at "0x03a0bdd9" referenced memory at "0x03a0bdd9". The memory could not be written. When I click "OK" to terminate this it came up with multiple other boxes with different numbers...0x0403bdd9,0x03eabdd9,0x0455bdd9,0x053abdd9.

ctfmom.exe Application error

Data Execution Prevention-Microsoft Windows...to help protect your computer Windows has closed this program: Internet Explorer.

I am unable to get on the internet from my computer and am currently using my husbands laptop to post.

I would appreciate anyones advise or help.... Read more

Answer:Malwarebytes Anti-Malware unable to remove selected malware

I would try logging in to safemode with networking and then run the scanfrom there. To log in to safemode gently tap the F8 key as the computer reboots and then select safemode with networking from the list. If you are able to run the scan in safemode then there's probably some infection that was preventing it from runnig in the regular Windows mode. If not then there may be a problem with the Malwarebytes. I have had a similar problem and I had to un-install it and then re-install it. I emailed their tech support and was told it was possibly a conflict between it and AVG free though I'd never had that problem before... EVER.

I suspected it was something buggy with the update that had come through.

4 more replies
Relevance 43.87%

Already did some scans with tdsskiller and hitmanpro and they detected Trojan-Spy.Win32.Zbot, Rootkit.Win32.PMax.gen, and rootkit boot.cidox.b, I'm not sure how this machine got so badly infected. The user may have opened a link or some file by accident.
 
The infected svchost.exe is causing the most problems, creating multiple various connections and slowing down the internet connection. Explorer.exe would also crash and would create connections as well. Internet explorer would pop up to back-linking websites.
 
No restore cd for this computer. Although I do have a copy of xp meant for dell machines and this is a dell.
 
Just need to know how i can stop the svchost.exe from creating connections.
 
dds attached

 dds1.txt   9.67KB
  1 downloads

Answer:Infected with mutliple malware, Cidox,Trojan-Spy.Win32.Zbot,Infected svchost.exe

Hello! Welcome to BleepingComputer Forums!
My name is Georgi and and I will be helping you with your computer problems.
Before we begin, please note the following:
I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.
 
 
Please download Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your re... Read more

15 more replies
Relevance 43.87%

I have a mild adware infection that is affecting every computer that goes through my network. Superantispyware can find and remove ONE file(no active, no registry) that is associated with this attack and the problem is resolved (ie. it does not come back unless i log into this particular network, it's still gone when I restart the computer, etc). The adware does not affect any of my cleaned computers unless I am logged into MY network. A clean load of windows XP with service packs loaded will immediately be infected on my network without so much as going anywhere aside from google.com.

As best I can tell my hijack this log is clean, but here it is for those of you who are far superior at this than I am. This is from the machine I am using which is currently infected.

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 10:43:09 AM, on 12/24/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\TrendMicro\HiJackThis\HiJ... Read more

More replies
Relevance 43.87%

I was at a hotel a few weeks ago, and afterwards firefox kept redirecting me to ad sites. I ran Microsoft Security Essentials and detected and removed (partially?) a program called Nimda, but the redirects continued. None of my security software indicated any other problem, and the redirects seemed to be to fairly harmless sites, so I figured I'd wait for my programmer brother to get home for thanksgiving to fix the issue. Today, firefox redirected to a site with the words "please wait, loading." I immediately closed out but my computer was already infected. A program called "privacy.exe" in taskmanager started up- it's your typical faux-security program that prompts you to "clean your computer" presumably by downloading all kinds of other awful crap. This particular program kept closing down taskmanager after a couple seconds every time I tried to open it, automatically closed security essentials, closed all my other background programs, and wouldn't let me open hijackthis or firefox. I restarted in safe mode and ran security essentials, which found and removed something called "VirTool:JS/Obfuscator.CE," then restarted normally, but the situation hadn't changed. After some trying, I was able to open taskmanager and manually shut down "privacy.exe" before it shut me out, and that's as far as I've gotten. Keep in mind when reading my DDS log that I shut this program down already, because it prevents me ... Read more

Answer:Infected with unknown trojan/malware, has infected pc with rogue:win32/fakerean, VirTool:JS/Obfuscator.CE, and others so far

Hi,BitTorrentAbove listed ones are P2P file sharing programs. P2P downloads are nowadays one of those things that most likely bring infection into the system. My recommendation is to uninstall these (and other if present) P2P file sharing programs.Please visit this webpage for download links, and instructions for running ComboFix tool:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully first.Please continue as follows:Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards.

Click Yes to allow ComboFix to continue scanning for malware.When the tool is finished, it will produce a report for you. Please include the following reports for further review, and so we may continue cleansing the system:C:\ComboFix.txtNew dds log.A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

2 more replies
Relevance 43.87%

Hello,

I was contacted by some friends last Sunday who said they received lots of wierd emails from my email account. The emails contained nothing but a link. I did not send any emails over the weekend so I don't know how this happened. This must be a virus, right? I noticed my antivirus (avast!) began (a few days back) blocking a couple of malwares when downloading emails to Outlook 2007 on my laptop. It identified a infection called "Win32-Malware-gen". It now does this everytime I try to download emails and I now have duplicate emails in my Inbox. My antivirus identified the infected emails having subject "DHL Express Delivery" or "FedEx Service Notification" and a document.zip attachment which I think contained document.exe if I'm reading the Avast! log correctly. I did not open any of these emails. The antivirus moved them to chest but it seems the problem wasn't resolved. I then get a microsoft message saying Outlook encountered a problem and cannot exit. It offers me an "End Now" button, but it seems to get into a loop and the whole scenario happens again whereby Outlook reloads and I get the malware messages again.

Another problem I noticed which might be connected is that in IE8, whenever I attempt to login to any site it blocks and reloads webpage with "This tab has been recovered - A problem with this website caused Internet Explorer to close and reopen tab" message. Then it asks me t... Read more

Answer:Infected with Win32-Malware-gen - Emails (Infected?) spammed from my email account to many recipients without my knowledge etc.

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

13 more replies
Relevance 43.46%

Hi! I accidentally installed an unknown .exe file few days back which didn't seem suspicious though I think it infected my computer with malware that has hijacked my Chrome. I looked for it in the Control Panel and uninstalled anything that seemed suspicious. I even downloaded and installed various malware removal tools, include Malwarebytes and IObit malware fighter. But none of these were able to get rid of it completely as after a few days my homepage changed again.
What keeps on happening is that new malware keeps on showing up. In the beginning my homepage got changed to "indiatimes.xyz". I looked up online and uninstalled the unknown software from Control Panel and also reset my Chrome settings. After a few days, it came back in the form of Snap.Do and then again I tried to remove it and it went away. But now it's back and again my homepage has changed. BUT this time I keep on getting ads from "Safe Finder" . After trying again for a malware search and restarting my computer it seems to have gone away but I don't think that the problem is gone. 
Also, it also seemed to have taken over my ESET NOD32 and forced it to block websites that were safe. Among the websites that my ESET was blocking was the official ESET website, so I got rid of ESET as well.
I don't know what to do. I've tried a lot but nothing seems to help. Please I need help!! Please respond as soon as possible. 
Thank you so much. 
My operating system is Windows 10.
 
UPDATE : It is back.... Read more

Answer:Help! Unable to remove malware and new malware showing up daily!!

Welcome.. Please try thisPlease download Rkill by Grinler and save it to your desktop.Link 1Link 2Double-click on the Rkill desktop icon to run the tool.If using Vista/Windows7, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.Do not reboot the computer, you will need to run the application again.......MiniToolBoxPlease download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.AdwCleanerPlease download AdwCleaner by Xplode and save to your Desktop.Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As AdministratorClick on the Scan button.AdwCleaner will begin...be patient as the scan may take some time ... Read more

1 more replies
Relevance 43.46%

If it wasn't for bitdefender i would even get pop ups, i constantly get a message that a malware infested page was blocked and that my system is "safe"... I don't know if this helps but the name of the site that it keeps blocking is called mnh.winnershed.info/ and then a whole list of random characters.

I have tried several things as you can see above and nothing helped. Although yesterday i was hopeful after installing hitman pro, it found a few things and deleted it. I then opened up around 50 links and never got redirected. Then today i start my pc up and there it is again.

There is not much more to say besides the info i have given so far. I hope someone has any idea what i can do to get rid of it, because this is one tough sob...

Thanks
 

Answer:Infected with rootkit or virus that redirects me to malware infected pages.

This topic will be closed due to presence of pirated content.

Piracy policy
 

1 more replies
Relevance 43.46%

Please reopen the case:http://www.bleepingcomputer.com/forums/t/278792/infected-by-various-malware-help/ Original message, posted on December 14, 2009:My computer is infected by malwares. Earlier I got help from bleepingcomputer staff under topic malware and has tried to use these software to clean my infected computer but still to no avail. The volunteer who helped me earlier asked me to use hijackthis and paste the logs on this forum.Malwarebytes Anti-Malware (v1.41)TFC by Old TimerKaspersky Virus Removal ToolEset Online Antiivirus Scanner.Kaspersky Online Virus Scanner.Sophos Anti-rootkitNorman Malware CleanerThe problems are:- When I use Internet Explorer or Mozilla, sometimes another window open automatically that mentions google hiring, websurvey, etc- When I use search engine to find something, I could not click the link to bring me to the shown result that I want, instead it brings me to an unfamiliar site. I have to copy and paste the web address to open it. If I click the link, sometimes it brings me to an anti-virus ad that force me to download the software (it would not allow me to close the browser) so I have to end the whole internet session forcefully.----------------------------------------------------------------------------------------------------------------------------------------------LOGFILE IS ATTACHEDLogfile of random's system information tool 1.06 (written by random/random)Run by USER1 at 2010-01-07 19:27:45Microsoft Windows XP Professional Service Pa... Read more

Answer:Closed TopicStart new topic > Infected by various malware. Help !!, Malware pop ups and could not open link from se...

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand cor... Read more

17 more replies
Relevance 43.46%

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:36:36 μμ, on 26/5/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16827)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Creative\Shared Files\CTAudSvc.exeC:\Program Files\Unlocker\UnlockerAssistant.exeC:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exeC:\Program Files\Motorola\SMSERIAL\sm56hlpr.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exeC:\Program Files\Creative\Sound Blaster X-Fi Surround 5.1\Console Launcher\CTAPR2.exeC:\Program Files\Creative\Shared Files\Module Loader\DLLML.exeC:\WINDOWS\system32\RunDll32.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Pr... Read more

Answer:Infected with a virus that causes NOD32 to remove any .exe that is not infected

Hello and to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.-----------------------------------------------------------We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, ... Read more

2 more replies
Relevance 43.46%

I have run into a terrible problem and can no longer use my computer. It started a few days ago when I believe I was infected by malware...I noticed a program running in my task manager...one of those short 3 letter exe programs, so I decided to run malware bytes. Malware bytes succesfully found that program and I think called it a rootkit or something else. I chose to remove the found problems and then it asked me to restart. Following restart, I get a blue screen of death shortly after the windows XP title comes on. When I choose any of the options (Safe Mode, Safe mode with networking, Safe mode with command prompt, or normal windows) I always get the blue screen and cannot log into windows.

The error message reads:
A problem has been detected and windows has been shut down to prevent damage to your computer. If this is the first time you've seen this stop error screen restart your computer. If this screen appears again follow these steps: Check for viruses on your computer. Remove any newly installed hard drives or hard drive controllers. Check your hard drive to make sure it is properly configured and terminated. Run CHKDSK /F to check for hard drive corruption, and then restart your computer.

Technical Information:
STOP: 0x0000007B (0xBA4C7524, 0XC0000034, 0x00000000, 0x00000000)

So at this point I ordered startup/recovery CDs from dell. I am using a dell computer with OEM installed windows XP home edition. I got the recovery CD today, and can now boot from CD.... Read more

Answer:Blue screen after running malware bytes - infected with malware

Hello, lets see if we can find the cause of this problem. I will move this topic to the malware removal forum.Try this please. You will need a USB drive.Download GETxPUD.exe to the desktop of your clean computerRun GETxPUD.exeA new folder will appear on the desktop.Open the GETxPUD folder and click on the get&burn.batThe program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.Click on Start and follow the prompts to burn the image to a CD.Remove the USB & CD and insert it in the sick computerBoot the Sick computer with the CD you just burnedThe computer must be set to boot from the CDGently tap F12 and choose to boot from the CDFollow the promptsA Welcome to xPUD screen will appearPress FileExpand mntsda1,2...usually corresponds to your HDDsdb1 is likely your USBClick on the folder that represents your USB drive (sdb1 ?)Press Tool at the topChoose Open TerminalType the following and press enter:

dd if=/dev/sda of=mbr.bin bs=512 count=1

Press EnterAfter it has finished a file will be located on your USB drive named mbr.binRemove the USB drive and insert it back in your working computer and navigate to mbr.bin, zip it up and attach it to your next reply.This will allow me to have a look at the MasterBootRecord of your drive and see if it is infected.

4 more replies
Relevance 43.46%

It is so similar to MaxGen's problem that I have used some of his description of what is happening to me(us).I got infected by a nasty malware while surfing the internet. popups were created immediately so I knew right away something was happening. I wasted no time in running Norton AV and Ad-aware. Norton says it had found and removed the problem (Trojan.Vundo and Trojan.Metajuan)and I should restart. But everything got worse after first restart. No programs wanted to work. I even tried to backup personal files to Cd/Dvd and Nero did not recognize my burner. Now my situation is:1. Even in safe mode, I cannot run any anti-spyware software: Spybot and Spyeraser do not show up even though they are seen running in windows task manager. Then the .exe application file will no longer work. When I tried to run them again, it will say "Windows cannot access he specified device, path, or file. You may not have the appropriate permission to access the item."2. Cannot connect to any website, it always shows trying to connect. (The connection itself shows OK). - I downloaded AVG after the first restart and it found and fixed 8 of 12 problems found. I rebooted and was then unable to get on internet and AVG does not work anymore. 3. Worst of all, I can't even post the HijackThis logs. It does not start - telling me I do not have permissionsLike MaxGen there could be other symptoms I have yet to discover. I too have never seen this kind of nasty stuff. Please help!... Read more

Answer:ME TOO!! Infected by extremley nasty malware, can't even run HJT, please help, Unknown malware, windows XP

If you cannot get DDS to work, please try this instead.Please download RSIT by random/random and save it to your Desktop.Note: You will need to run this tool while connected to the Internet so it can download HijackThis if it is not located on your system. If you get a warning from your firewall or other security programs regarding Rist attempting to contact the Internet, please allow the connection.Close all applications and windows so that you have nothing open and are at your Desktop.Double-click on RSIT.exe to start the program.If using Windows Vista, be sure to Run As Administrator.Click Continue after reading the disclaimer screen.Leave the drop down box set to default: "List/folders created or modified in the last 1 month (30 days).When the scan is complete, a text file named log.txt will automatically open in Notepad.Save the log file to your desktop and copy/paste the contents into a new topic in the HijackThis Logs and Malware Removal forum, NOT here.Important: Be sure to mention that you tried to follow the Prep Guide but were unable to get DDS to run.If RSIT did not work, then reply back here.

6 more replies
Relevance 43.05%

Hi,My Dell Inspirion N400 notebook Running Windows 7 64 bit (Pro), [OS Version: 6.1.7601 ServicePack: 1.0] has become a playground of miscreants from four courners of earth and time is running out. It all started 2 months ago when I opened an email with title that my teenage daughter daughter sex video is on internet. I never would click such a link but it was forwarded by my mother so I was in distress, so I clicked a link in it. It was luckily daughter of someone else and not mine since I never been or had relations with anyone from Nigeria.But from that day slowly everything breaks. My virus killers (Kaspersky then Bit Defender, and Windows Defender and Titanium Trend Micro) get turned off or stop responding. Before I had 36 processes after starting up and now I have 60, and a half hour later over 100 processes that take 100% cpu, 100% of my 8gig memory, and 100% hard drive activity.I reinstalled operating system 3 times on C drive but I have on D drive all my things in storage and in matter of a day after reformatting C and reinstalling, the ghost in machine is back. I have sometimes 10-30 errors in my event logs on a good hour, and 2-3 critical errors every few days. My external monitor port on laptop stopped working, my network cable port (looks like telephone jack) stopped working and I use usb connection to adsl modem. My camera can not be found and is unknown device accepting no drivers but sometimes it turns on and looks at me.Criminal hacker gangs are locked in bat... Read more

Answer:Infected by 36 Viruses/Trojans/Malware - Infected My Professor

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

1 more replies
Relevance 43.05%

 Hi all,
 
 I am Pousoidis and I would like to thank you for the services you provide. I am pretty sure that I have a virus in my laptop. My system is an Ideapad U410 with Intel® core ™ i5-3317u 1.70ghz, 8gb ram memory, 64 operating, with windows 7.
 
 At some point I could not click on my start menu button without windows explorer notifying me that it had stopped working and that it was checking for a solution to the problem. I went online trying to read about what I could do. Eventually, I restarted my pc with the option of cheking for disk errors and that seemed to fix the start menu problem; now the windows explorer does not crash. But after that I noticed that I could not open certain programs such as skype and picasa 3 (and μtorrent which since then it has been uninstalled from my pc).
 
 It is then that I became more suspicious and decided to download and run anti-malware programs such as mabm and spybot. None of these can install itself on my pc, always some error message such as "privileged instruction". Was not sure how to proceed from that, so i searched online and came across your site. Thank you again for your help. I apologize in advance, I am not really well versed in the ways of technology. I did run 1 system restore before I visited this site.
 
so I am copy pasting my dds files: 
 
Run by Pousoidis at 13:46:22 on 2014-02-20
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8053.5... Read more

Answer:Infected with some malware. Not allowed to install and run anti-malware.

Hello Pousoidis I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same... Read more

16 more replies
Relevance 43.05%

Hello members (: Thanks in advance for helping me.
 
So, the first time I realised something was amiss was when searches in the Chrome Omnibar were redirecting to Yahoo. If I went to google.com to conduct a search, the ads at the top of the results page would flicker, and then seemed to change (font, size etc.).
 
I uninstalled and reinstalled Chrome, I signed out, I removed all my addons and extensions before reintroducing each one. I couldn't get to the root of the problem. After a quick search, it was suggested to use SpyHunter or Malwarebytes to resolve the problem. 
SpyHunter dropped a massive list of threats after scanning only 1%. When it finally finished, there were many Red Threats, but there was the stinger: I would have to pay for the advanced version, or a license, or whatever it wanted, before removing these threats. As a poor student, I turned to an alternative. That's where Malwarebytes came in. I did a scan, it found some problems and asked me to proceed, which I did, and it claimed the problem was fixed.
Certainly, Chrome doesn't redirect at the minute, but I managed to stop it redirecting it before now; only for it to start again. I ran another SpyHunter scan, and it found all the same threats as before, which, it would seem, Malwarebytes had missed. Now, I haven't bequest any windfall since yesterday, and still can't afford SpuHunter's ransom.
So far (6%), SpyHunter has found 216 threats including Blekko (192 infections), searchinternet-a.aka... Read more

Answer:Infected with Malware which redirects from omnibar, plus other found malware

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the LogFile button and the report will open in Notepad.IMPORTANTIf you click the Clean button all items listed in the report will be removed.If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Check off the element(s) you wish to keep.Click on the Clean button follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleanerCx.txt (x is a number).===Download the version of this tool for your operating system.Farbar Recovery Scan Tool (64 bit)Farbar Recovery Scan Tool (32 bit)and save it to a folder on your computer's Desktop.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first ti... Read more

2 more replies
Relevance 43.05%

Hi, i got infected because i was triying to run malwarebytes and it skip the part of analising the files, it ended in arount 1 minute in a full scan, and i tried to download dr web cure it, and it dont allow me, the computer seems fine, but those things are very strange, and when i was running the scan i was in safe mode...
 
thanks for the help

Answer:Malware infected, malware removal tools useless

Greetings samidelcueva and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.If you would allow me to call you by your first name I would prefer to do that.===================================================Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter pro... Read more

0 more replies
Relevance 43.05%

Hello,

I have malware that prevents me from running anti-malware programs (unless their names are changed to aliases). It also makes its presence known when I am NOT connected to the Internet. In that instance, a message box informs me that "Generic Host Process for Win32 Services" is not working, and gives me the option of sending or not sending the relevant information.

I attach to this thread the "Attach" output from DDS and the .log file from GMER. Unfortunately, I was unable to save the Scan results from GMER in any format other than .log, and when I tried to use the "Copy" function within GMER, my machine froze.

I have also run (in safe mode) MBAM, SpybotSD, SUPERAntiSpyware and the Windows kb890830 malware-detection apps. The first three DID find infected files, which I removed/quarantined in each of the respective apps. Perhaps not surprisingly, the Windows malware detection scan did not pick up anything.

I apologise for the dreadful formatting of the GMER output; the .log file is (I hope) uploaded.

Kind regards,
Adam

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:58:53, on 04/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17080)
Boot mode: Safe mode

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINNT\Explo... Read more

Answer:Infected w/Malware that doesn't let you run anti-malware apps etc.

16 more replies
Relevance 42.64%

Constant popups and redirect links everytime i try and click on anything on the internet... is actually driving me crazy now... seems to be since i installed the free windows 10... any help much appreciated have attached the dds files

Answer:Cant remove malware and have run avg, malware bytes, hitman pro etc

Constant popups and redirect links everytime i try and click on anything on the internet... is actually driving me crazy now... seems to be since i installed the free windows 10... any help much appreciated have attached the dds files

4 more replies
Relevance 42.23%

Hi!

I seem to have been infected with some particularly vicious malware..

I get a red bubble with a white 'x' on my taksbar. The message 'your computer is infected! WIndows has detected a spyware infection! Click here to protect your computer with spyware!'

Anti - Vir is going nuts over it (It keeps on picking up trojans and worms) Malwarebytes' Anti-Malware can't get rid of it, and neither can spybot. It has turned off Windows firewall and won't let me turn it back on.

I use Windows XP, have automatic updates turned on, am running SP2 and update Antivir, Spybot and Malwarebytes' Anti-Malware regularly.

It won't let me run ad-aware or spybot.

If you require any further information, let me know!

Many thanks in advance for any help you can give me

Rob



DDS (Ver_09-07-30.01) - NTFSx86
Run by admin at 11:14:16.37 on 02/09/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.1023.453 [GMT 1:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.ex... Read more

Answer:I'm Infected with 'Your computer is infected' taskbar malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

13 more replies
Relevance 42.23%

Hello! I am posting because I have offered to clean up a computer for a coworker, and want to make sure I do a thorough job. So far, I have seen indications of at least 4 separate malware programs. The first was Antivirus 360, which I believe I deleted for the most part via manually removing the files and registry values. I have also seen VirusProtect 3.8 and 3.9, though I had no luck locating the files I was told to delete...so I am not sure if the infection is there or not. His computer already has "Verizon Internet Security" installed, and I used that for an initial scan to see what it found. I deleted what it found, though that was done in safe mode, before I deleted all the files manually for AV360. When I enable Verizon Internet Security, it pops up two warnings, which mention a file by the name of Trojan.Win32.Monderb.xgy, in the C:\WINDOWS\system32\ljJCvSiI.dll. I looked up that file, and saw it was connected with the "Vundo" virus...or something along those lines. His computer is not connected to the internet at the moment. I am using my laptop to access the net, and transferring files via a flash drive to his computer. I have scanned with DDS, and will provide the log. I also have HJT ready to run on his desktop, as well as ComboFix. Here is the DDS log: DDS (Ver_09-01-19.01) - NTFSx86 Run by HP_Administrator at 16:34:39.23 on Mon 01/26/2009Internet Explorer: 7.0.5730.13Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033... Read more

Answer:Computer Infected/Possibly Infected With Various Malware

Hi,Your system is severly infected. I can see more malware present than anything else... Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.Also, I can't promise you we can repair all the damage it caused... Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution.So, we can try to clean this up and do what we can, but keep in mind that we can't solve ALL problems this malware already caused.In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start. Reason I am telling this is because when a system is so terribly infected and we try to clean this up manually, the damage that is already present may interfere with our removal attempts. Actually, this doesn't suprise me at all...From the log I see:AV: Authentium Antivirus *On-access scanning enabled* (Outdated)AV: Verizon Internet Security Suite Anti-Virus *On-access scanning disabled* (Outdated)FW: Verizon Internet Security Suite Firewall *disabled*What's the point in having a security Suite / Antivirus present if it's outdated and disabled.Most probably the sub... Read more

7 more replies
Relevance 42.23%

Hiya,This computer started being very slow all of a sudden yesterday. And today, I have "Malware Defender" messages popping up at me. It's pretending to be AVG, which I do have installed, by using the same colored logo.After running RRT v4.8.0.3, got a message saying "system restrictions and/or r-media malware detected! RRT needs your urgent attention!" Yup.The DDS is pasted below, and I've attached the "Attach" file. Sure do appreciate your help! - Barbaraa.k.a. WidgetWomanDDS (Ver_09-03-16.01) - NTFSx86 Run by Owner at 22:03:05.60 on Tue 03/31/2009Internet Explorer: 7.0.5730.11Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.74 [GMT -4:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Google\Update\GoogleUpdate.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\WINDOWS\System32\Drivers\WTSRV.EXEC:\WINDOWS\Explorer.EXEC:\PROGRA~1\AVG\AVG8... Read more

Answer:Infected with Malware Defender (and r-media malware?)

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until ... Read more

2 more replies
Relevance 41.82%

Hi all

I have a simple Access (2003) db which has a single form view with a subform. The main form is a record based upon a physical case file the subform only details actions past and future, a sort of event log.

I also have a continuous form which displays all upcoming actions sorted by date on all cases for a particular user so they can see just how busy they are likely to be for a particular period. What I would like to do is have an on click() property for the detail of the continuous form so that it opens the main form filtered by the record in the continuous form that was clicked. User can then update or add new events for that case before closing form and returning to the continuous form

Hope this makes sense
 

Answer:MS access open single form filtered by selected record in continuous form

coasterman, welcome to the Forum.
It makes perfect sense.
If you add a Command Button to the Continuous Form and after selecting the mainform select the "Open the Form and find specific data to display". This will give you the code that you need to add to your On Click or On Double Click property or of course leave the button and use that.
 

2 more replies
Relevance 41.82%

Hi All,

Noob first-time poster I'm afraid!

I'm new to Access 2007 (but have used 2003 & 2000 reasonably extensively).

I'm building an App and have created all the necessary tables, as well as creating the relationships in the Database Tools area (which I know are correct - I'm a SQL Server DBA in my day job)!

Anyway, it's an almost text book example of an employers and employees database; one employer having many employees (employerID is the foreign key on the employee table).

I have created an employer form (using the wizard) which is fine, but then when I add a button to open the employee form (selecting 'Open the form and find specific records', matching employerID on the Employer table with EmployerID on the Employee table) it doesnt work. Instead, I get a popup box asking me for the EmployerID! Even if I manually enter the correct employerID when the popup box appears it actually displays all records, so I'm sure that the problem is more fundamental (and therefore, probably my fault)!

I'm hoping that I've just overlooked something REALLY stupid, but would apprecaite any suggestions!

Cheers,
Ian.
 

Answer:Access 2007 Form Button Wizard - Form does not open with the correct records

I have seen this kind of problem with Access 2007 VBA code which does not work when it dod in 2000-2003.
It can be a Syntax problem which you may be able to get around, if not you can get around the problem bby using a Criteria in the Query that supplies the Employee Form.
Although I would have thought it would be better design wise to have the Employees as a Subform or Tabbed Subform on your Employer Mainform.
I do not have Access 2007, only 2003 so I can't help with the VBA, but you could post the code anyway.

Did you use a Wizard to create the Employee Form, if so check the Record Source SQL it may be preventing your EmployerID from working.
 

1 more replies
Relevance 41.82%

I sent to look at my Sent Items tonight and to my surprise I saw another email apparently sent yesterday that I definitely didn't send.

I was astonished to find this as I have just upgraded to Vista in the last 2 days and have sent minimal emails.

The subject is "Form posted from Microsoft Internet Explorer." & is sent to a Hotmail account. The attachment is a POSTDATA.ATT. When I look at this file in txt format it has info such as one of my email addresses, my website & description - as if I had filled out a web form & pressed Submit.

Now, thinking about it, shouldn't IE let you know that it is about to send data?

One strange thing is that the email is dated yesterday evening in the Sent list, but when I open the email to view it, it will always have the current date & time - seemingly from the Windows clock.

I am thinking that either

1) this is due to a bug in the new IE & yesterday I visited a website which submitted data via email without my knowledge or

2) this email is an old email that I Imported from backed up email (PST format) from a form I ACTUALLY sent that Internet Mail has redated - maybe something went

Sorry for the long post but I'm just wary, hope it makes sense! I was liking Windows Vista so far!
 

Answer:Sent Items: Form posted from Microsoft Internet Explorer. - I didnt submit any form!

I have moved this to vista forum as I believe it is more likely to be a vista live mail issue
 

3 more replies
Relevance 41.82%

I am currently in the process of trying to remove a generic artemis from my computer. I have been using these instructions (http://forums.majorgeeks.com/showthread.php?t=183341&goto=newpost ).

I am currently doing a routine clean-up before I proceed with the removal process. I am trying to remove any malware programs from my computer, as suggested however when I go to enter my add/remove programs I am unable to, the message that pops up reads:


"Windows cannot find 'C:\WINDOWS\system32\rendll32.exe' make sure you typed the name correctly, and then try again. To search for a file, click start button, and then click search"

I cannot enter my add/remove programs which I am assuming is due to my generic artemis. When I start up my computer system32 pops up right away and suggests that I do not remove any of the files in it.

How do I regain acess to my add/remove programs so I can continue with the malware removal process?
 

Answer:Trying to remove malware programs cannot get into add/remove

Welcome to Major Geeks!





lesleyS said:





when I go to enter my add/remove programs I am unable to, the message that pops up reads:


"Windows cannot find 'C:\WINDOWS\system32\rendll32.exe' make sure you typed the name correctly,Click to expand...

I believe you mean rundll32.exe

Just skip the Add/Remove programs part and continue.
 

1 more replies