Computer Support Forum

android: malware removal steps not working

Question: android: malware removal steps not working

Ransom virus popped up on kid's phone (yeah, I know)...Samsung Axiom running Android 4.1.2. None of the tactics found online work. Avast does not open. Tried installing Malwarebytes...installed, but unable to open through play store. I tried hooking it up to a pc with Malwarebytes, but the program won't let me scan the phone.
 
I need ideas. Please help.

Relevance 100%
Preferred Solution: android: malware removal steps not working

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: android: malware removal steps not working

G'day nomad, Click on THIS LINK,...(I am assuming this is not the avast program you already have) ....install the program, follow the prompts, and let me know if it gives you any joy.

3 more replies
Relevance 72.16%

Hello
I have tried to research this myself but am still unsure.
When the antivirus program quarantines a trojan, does it do any harm to leave it there?
There are choices;1-remove,2-repair,3-report to Mcafee.
I asked them but am getting contradictions and vague answers.
I do not want to remove a necessary file with a 'simple' removal but how are you supposed to know what will happen when you click remove?
I will continue to research this but could use an educated response.
Thank you
 

Answer:malware removal steps

peterr said:





When the antivirus program quarantines a trojan, does it do any harm to leave it there?Click to expand...

No, other than the fact that other scanners could detect it. Once you are sure that something that was quarantined was not a false detection, you can empty the quarantine.





peterr said:





There are choices;1-remove,2-repair,3-report to Mcafee.
I asked them but am getting contradictions and vague answers.
I do not want to remove a necessary file with a 'simple' removal but how are you supposed to know what will happen when you click remove?Click to expand...

If something is truly malware, it needs to be fixed. Sometimes a fix means delete the file since it is not a necessary file; however, other times a file that is necessary for Windows or for some other program could truly get infected and the first thing you would like to do is repair (i.e. remove the infection) if possible. Sometime a repair is not possible and you will need to delete/quarantine the file and then replace it with a good copy. Care must be taken not to delete a file required for your PC to boot or run properly which is why sometimes a scanner may detect a problem but could say that it cannot be fixed. If the fix it, it could make your PC unbootable.

Sometimes scanners will have False Positives (FP) which McAfee has quite a few of and you need to report them or they will never fix them and they will ke... Read more

5 more replies
Relevance 72.16%

hi, recently ive been noticing a lot of pop ups, usually with every new address i open, or i will have a really slow internet activation time (when i start google chrome it takes forevaaaaa). I have also noticed a program called strongvault, i immidiately googled it and came to this awsome forum site, when i was reading through a post, i realized i also had what i thought was another malware program: delta search bar. I left my room door open one day and my roommates friend went on a downloading spree and since ive been having these problems. I have also noticed toolbars in my mozilla and chrome popping up when i start them, i reinstalled mozilla and chrome and that fixed it. since i ran ccleaner (today), i havent really had many pop ups, but i did do all of the other steps and i have some logs for you awsome tech savy people to look thru =P. I noticed quite a few threats detected with all of the scans that i did, however tdsskiller did not show results for threats so i left that log out. I greatly appreciate the effort you all put forward to helping people like me(i feel so lost haha). i am a very patient person, so no bumping of this thread will happen i assure you. THANKS!
 

Answer:malware removal *followed all steps (1-4)

Rerun MBAM and have it fix everything it found.

Now Double-click RogueKiller.exe to run. (Vista/7 right-click and select Run as Administrator)
When it opens, press the Scan button
Now click the Registry tab and locate these detections:

[TASK][ROGUE ST] 0 : c:\program files (x86)\internet explorer\iexplore.exe -> FOUND
[TASK][ROGUE ST] 4808 : wscript.exe C:\Users\Jonathan Hawley\AppData\Local\Temp\launchie.vbs //B

Place a checkmark each of these items, leave the others unchecked.
Now press the Delete button.
When it is finished, there will be a log on your desktop called: RKreport[2].txt
Attach RKreport[2].txt to your next message. (How to attach)
Do not reboot your computer yet.

Now rerun Hitman and have it fix everything it found.

Reboot and rescan with both RogueKiller and Hitman and attach those new logs as well.

Be sure to tell me how things are running.
 

10 more replies
Relevance 72.16%

Hello-

My wifes pc started having problems and when I ran spy bot it showed braviax infection. Removed but continued to have problems. Ran a few other programs to try and get it all cleaned up but no luck. Found your site and followed the steps.

It appeared to have cleaned the issues up...malwarebytes and SAS showed clear. But I ran Kaspersky and got a hit for some wurldmedia files. I'll include that log as well.

This same braviax issue infected her pc a year ago. I'm wondering if I left some trace behind that it re-infected with.

Thanks in advance for any help you can give!

James
 

Answer:followed malware removal steps..gone?

attached are two more logs...thanks
 

19 more replies
Relevance 72.16%

Hi.

4 days ago my machine began running slow, mouse was erratic, net was dragging and every re-boot I got the error window as in the attatched screenshot.

After running Norton as standard - and Advance System Care (which I then deleted) and finding nothing I came here - and followed your advice to the letter . The log attatchments are below. Im stumped - please help. Thanks.

Im running W8, 64 Bit. 6.00 gig Ram, i5.
 

Answer:Malware Removal? All steps taken?

plus this TDSKILLER log.
 

31 more replies
Relevance 72.16%

Hello,
I've completed the Read and Run Me First steps, and the various scans have turned up a lot of scary-looking files. My laptop, which runs Windows 7, has been experiencing a few ongoing problems:

I have to reconnect to my wireless Internet whenever I log out of Windows even though I have set the computer to log in automatically. This has been going on for a month or so.
Whenever I use a search box on a web page, advertisements automatically appear. I haven't been able to remove this problem, which has been happening for at least a month.
My bank's web site alerted me that I may be getting redirected to an unsecure site. This was alarming.
My Internet has been getting steadily slower. I realize this could be due to a number of causes.
I'd very much appreciate advice on how to proceed. Thank you in advance.
 

Answer:Malware Removal Next Steps?

Welcome to Major Geeks!

While I look thru all of your logs, run Hitman Pro again and allow it to remove all of the Malware remnants and Potential Unwanted Programs items it found. Then reboot your PC. After reboot, run a new scan with Hitman Pro and attach the new log.





neilers17 said:





My bank's web site alerted me that I may be getting redirected to an unsecure site. This was alarming.Click to expand...

Have you used a different PC to change all passwords? Or called your bank to ask them to change passwords?
 

2 more replies
Relevance 72.16%

So In the past maybe 5? months I've been redirected to:
2 times aferesearchgroup.com claiming to be a charter survey (Charter doesn't know about this at all and the website is basically unlisted on google)
1 time Browser hijacker and my anti-virus/mbam were unable to find anything wrong.
 
I've run adwcleaner, jrt, and rkill to try and remove any threats..
 
Is there anything else I can do to block any potential attacks?
 
 
 
Edit: I use webroot pro and google chrome

More replies
Relevance 71.34%

Please can someone look at my logs, not sure if I got rid of all virus. I've run through the malware removal steps and here are my logs for superanti spyware/malwarebytes anti-malware/HJTSUPERAntiSpyware Scan Loghttp://www.superantispyware.comGenerated 12/07/2008 at 07:04 PMApplication Version : 4.21.1004Core Rules Database Version : 3665Trace Rules Database Version: 1645Scan type       : Complete ScanTotal Scan Time : 00:39:02Memory items scanned      : 313Memory threats detected   : 0Registry items scanned    : 5797Registry threats detected : 7File items scanned        : 22934File threats detected     : 12Adware.Tracking Cookie   C:\Documents and Settings\Matt & Ariana\Cookies\matt_&[email protected][1].txt   C:\Documents and Settings\Matt & Ariana\Cookies\matt_&[email protected][1].txt   C:\Documents and Settings\Matt & Ariana\Cookies\matt_&[email protected][2].txt   C:\Documents and Settings\Matt & Ariana\Cookies\matt_&[email protected][2].txt   C:\Documents and Settings\Matt & Ariana\Cookies\matt_&[email protected][2].txt   C:\Documents and Settings\Matt & Ariana\Cookies\matt_&[email protected][2].txt   C:\Documents and Settings\Matt & Ariana\Cookies\matt_&[email protected][1].txt ... Read more

Answer:Logs for following malware removal steps

Download ComboFix? by sUBs from one of the below links. Be sure top save it to the Desktop.Link #1Link #2**Note:  It is important that it is saved directly to your DesktopClose any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. Double click combofix.exe & follow the prompts.For Windows XP Systems install the Recovery Console:- If you are using Windows XP and do not already have the Recovery Console installed, please ensure your Internet connection is active (if possible) and click Yes.- If for some reason your Internet is not working click No.- If you are not using Windows XP, you will not be prompted.- When prompted to accept the EULA click OK.- Accept Microsoft's EULA (Click Yes).- When you are told that the RC is installed correctly click YES to continue scanning for malware.When finished ComboFix will produce a log for you.Post the ComboFix log and a new HijackThis log in your next reply.Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

1 more replies
Relevance 71.34%

I'm brand new to the forum, and somewhat of a novice at this... the problem first started off with the Antivirus 2010 windows popping up all over the place, followed by my icons, toolbar and everything else dissapearing on my desktop. I was able to get rid of the majority of the virus problems with malware bytes. But im still unable to download the current definitions for the program. The malware is blocking Malware bytes, ad aware, and spybot from connecting to the internet. Any help will be greatly appreciated. Thanks, Brandon.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:30:18 PM, on 2/16/2010Platform: Windows Vista SP2 (WinNT 6.00.1906)MSIE: Internet Explorer v8.00 (8.00.6001.18882)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\system32\taskeng.exeC:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exeC:\Program Files\Microsoft IntelliPoint\ipoint.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Windows\system32\wbem\unsecapp.exeC:\Program Files\Hewlett-Packard\Shared\HpqToaster.exeC:\Program Files\Synaptics\SynTP\SynTPHelper.exeC:\Windows\Explorer.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\system32\SearchFilterHost.exeC:\Program Files ... Read more

Answer:malware still present after trying all removal steps.

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

2 more replies
Relevance 71.34%

i completed the malware removal process step by step(i think). attached are logs. please check and advise. thanks in advance...bridgeman001
 

Answer:Malware removal steps completed, what now

Welcome to Major Geeks!

It would be more helpful if you explained what malware problems you are having. Also have you been working on malware removal in another forum. I see you have BFU installed and I wondered why.

You forgot to attach the log from SUPERAntiSpyware. Did it find anything?


The only items I question right now are the below two files which appear to be drivers. Do you know what these are from?
Code:

2008-10-11 23:32 .2008-10-11 23:32 11,264 -a- H:\WINDOWS\system32\drivers\uzi0ote5.sys
2008-10-10 22:24 .2008-07-08 14:54 148,496 -a- H:\WINDOWS\system32\drivers\21466736.sys

R1 is-H3JRUdrv;is-H3JRUdrv;H:\WINDOWS\system32\DRIVERS\21466736.sys [2008-07-08 148496]
R1 uzi0ote5;AVZ-RK Kernel Driver;H:\WINDOWS\system32\Drivers\uzi0ote5.sys [2008-10-11 11264]

 

1 more replies
Relevance 71.34%

Im having problems with my Windows 7. The machine has been behaving odd lately, a few random bluescreens, the display drivers seem to be buggy as in windows aero is not working and I cannot view any videos in vlc, having a considerate amount of missing .dll issues and I cannot access device manager to check anything. I suspect some kind of malware. I have the 5 logs attatched to my post.
 

Answer:Help with malware removal - have completed steps in FAQ

Your logs are clean. You may need to post in the software forum for further assistance. You should remove either AVG or Kaspersky Internet Security.

Have you tried doing a system restore?
 

7 more replies
Relevance 71.34%

I got a message yesterday and this morning when I started the computer and clicked to go online from my anti-virus program and something about a bad browser add-on called CBrowserHelper Object.

I have been having issues with the computer suddenly shutting down on me (sometimes after it has been on for less than an hour and other times when it has been on for a few hours). But when I turn the computer back on there is no message about the computer having been shut down improperly.

I was thinking that perhaps is is getting too hot since I know that hard drive is good (brand new one in fact and it passed all the hard drive tests) and since the battery on this laptop is really old I do not use it anymore and just keep it plugged into an outlet. I do keep the laptop elevated and the stand it is on has a fan running to help keep airflow to the underside of the laptop. I have eneded up getting a small fan and putting it behind the laptop and keep that running as well to keep the laptop cool and then it does not shut down on me (at least not yet) which is why I was thinking that there might be an issue with the cooling of the laptop. It is a Gateway M1629 running Vista Home Premium 32 bit operating system with 3GB of RAM and an AMD processor.

However, After getting that message yesterday and this morning I figured I had better run the Malware steps here. I already run spyware and malware scans a few times a week and they found nothing. Unless the last step found some... Read more

Answer:just ran all steps for malware removal and cleaning

Before we continue I would like for you to use MSConfig to put this machine back into normal start up mode.


Search-Results Toolbar <<< Uninstall this.


Re run Hitman Pro and have it remove everything APART from:





Miniport ____________________________________________________________________

Primary
DriverObject . . . : 876B6688
DriverName . . . . : \Driver\atapi
DriverPath . . . . : \SystemRoot\system32\drivers\atapi.sys
StartIo . . . . . : 00000000 +0
IRP_MJ_SCSI . . . : 884451F8 +0
Solution
DriverObject . . . : 876B6688
DriverName . . . . : \Driver\atapi
DriverPath . . . . : \SystemRoot\system32\drivers\atapi.sys
StartIo . . . . . : 00000000 +0
IRP_MJ_SCSI . . . : 85C88A2C \SystemRoot\system32\drivers\ataport.SYS+18988Click to expand...


And the entry on the Repairs tab is okay too I believe.



Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Attach JRT.txt to your next message.


Now run the C:\MGtools\GetLogs.... Read more

17 more replies
Relevance 71.34%

I've got Bifrose Backdoor trojan?!. My Spyware Doctor keeps picking it up, I quarantine & delete it, then it comes back next time I reboot.

I've run everything in the 'malware removal' thread (which I have saved as it's been used many times successfully!) & still it's returning!

Any idea's anyone?

Cheers in advance, appreciated.

PS-here's the HijackThis log:
 

Answer:Ran the malware removal steps, still got a problem...

Welcome to MajorGeeks.com, please follow our standard cleaning procedures:

Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support


Make sure you check version numbers and get all updates.
Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above and you still have a problem, make sure you have booted to normal mode and run the steps in the below thread to properly use HijackThis and attach the log:

Downloading, Installing, and Running HijackThis

Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around..
In your next post, please make sure you attach the following logs and that you have run these scans in the following order:

CounterSpy - ONLY IF you were not able to run Windows Defender
Bitdefender - from step 6
Panda Scan - from step 6
runkeys.txt - the log from GetRunKey.bat
newfiles.txt - the log from ShowNew.bat
HijackThis
NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!
 

5 more replies
Relevance 71.34%

Here are the reports. Let me know what to do next.

Also, I play online rpg's a lot (particularly City of Heroes/Viallains). I find myself getting a lot of "lag" when I play. Any way to put an end to this annoyance?

Thanks
 

Answer:Malware removal steps 1 - 6 completed

Hi Bookman1269!
Welcome to Major Geeks!

I'm missing 4 of your scans and the ones you ran weren't installed correctly. There is another way to do this which is a bit easier and produces less logs. Please go to this link NEW READ & RUN ME FIRST WITH MG TOOLS and follow the instructions. I suspect part of your lag may be from too many temporary files, which should be aided by running CCleaner at the beginning of the instructions in this link. You may also have malware, but I can't tell you that without seeing the logs.
When you finish with the instructions, you should have 4 logs:

- AVG Antispyware 7.5
- BitDefender (BDScan)
- Panda (activescan)
- mglogs.zip

Please make sure to follow the instructions for your operating system. Once we have a chance to look at these logs, we can tell you a little more about what's going on with your computer.

abri
 

1 more replies
Relevance 71.34%

I have/had a virus/spyware/malware problem and upon doing an internet search I found your forum.   I have followed the steps in "Read this before requesting malware removal help".  Background - I mistakenly authorized a download (my AVE internet security warned me) and immediately knew it was loading bad software.  Being a novice I panicked and tried to shutdown my computer and disconnected my high speed internet.  When I restarted I had several anti-spyware icons on my desk top.  I ran my AVE virus checker and it was finding viruses, but was running very slow.  As it continued additional windows popped up warning that software was trying access the internet.  At first I clicked OK to not allow access, but then Internet explorer would open.  I decided not to click any more windows and just let my virus scan run.  At one point the scan stopped before completing it's check.  It had removed and placed Trojans and other viruses in the vault.  So I cancelled the scan. I was still receiving software unauthorized internet access windows popping up.  I decided to run my Max Registry Cleaner to restore a prior registry.  Following this no more unauthorized accesses occurred.  I reran my virus scan and it ran fast.  The only issue I have now is Windows Automatic Update is off and I can't turn it on.  It will also not run manually.  I received a error code 0x8DDD0018, but Micros... Read more

Answer:Malware removal help (dkinfl)- all steps followed

Open Hijackthis and select Do a system scan only then place a check mark next to:O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)Now click Fix checked, exit Hijackthis and run CCleaner.The logs look fine, any more signs of malware?-----Look here for your error message. http://support.microsoft.com/kb/910337

5 more replies
Relevance 71.34%

My first post.
Problem computer is on a domain. User clicked on a link in an email they thought was from Linked In. Problems included multiple windows claiming read/write delay; bad hdd-memory. All desktop icons disappeared, etc. Symantec reports "Suspicious.Ad" infection.
I ran the malware removal steps. mbam, MG, RR & Superantispyware logs are attached. Combofix hung up at the scanning stage ("may take ten minutes . . . could be double") so I never got a log. This may be due to Symantec Real time Scanning which I couldn't disable because this is an Endpoint client machine on the network. I may have to uninstall that.
After cleaning symptoms:
no browser redirects but occassionally a browser window opens on its own for facebook login or something about twitter. This user doesn't do facebook or twitter.
Most folders on C drive are marked hidden; start>programs folder is empty; memory errors when trying to create PDF files. Trying not to use the computer so there may be other symptoms I haven't encountered.
Your help is appreciated.
Thank You,
Jody
 

Answer:Malware removal steps didn't fix everything

No logs attached I'm afraid.

Also you need to take a look at this:

I want you to run TDSSKiller so refer to the below for how to do so.

TDSSkiller - How to run


Please also download MBRCheck to your desktop

Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
It will show a Black screen with some information that will contain either the below line if no problem is found:
Done! Press ENTER to exit...

Or you will see more information like below if a problem is found:
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.
MBRCheck will create a log named similar to MBRCheck_07.16.10_00.32.33.txt which is random based on date and time.

 

11 more replies
Relevance 71.34%

I did all the steps for windows xp cleaning and still have problems. The two biggest are 1. When I boot my computer I'm flooded by notifications of mass outgoing e-mailings that my norton antivirus blocks and 2. I can't get my custom wallpaper to show up-it only shows up when i'm shutting down my computer. Spyware doctor (free trial) shows that I have over 70 infections. I'm attaching all sorts of logs that I have to date. I believe the malware infected my computor through an infected exe file. I would really appreciate any help I can get.
 

Answer:Malware Removal Help-I did all the steps and still have problems

more log files
 

6 more replies
Relevance 71.34%

Hi,I have another laptop that seems to have gone all wonky.  It is a Toshiba Laptop that was originally for Vista but the company wanted it to run XP Professional so they rigged it for XP.  It has up to Service Pack 3 installed.I'm able to follow the removal steps up until SAS and Malware.  Both programs can be downloaded but they won't execute from the desktop.  I've even tried to rename Malware to just mbam and still didn't work.  I can't even seem to install Hijack this either.

Answer:Can't follow the Malware removal steps :(

HijackThis doesn't need installing - it should just run from the route of the main drive.Try putting in the C:\ directory then reboot and access safe mode (F8 on boot up). Try running what scans you can there. You most likely won't be able to install anything in safe mode though.

5 more replies
Relevance 71.34%

I keep getting redirected, probably 90% of the time, when I use any sort of search engine link, usually I get redirected to anotehr search engine with results similar to whatever i lookup up in my original search engine. I also get a popup window a few times a day, usually linking me to a news ad about google ads. If you need to know anything more specific please let me know, but those are the only things I can see not working properly. And here are the results of the scans I was requested to run and paste, thank you for your help!

Also, I do not have access to my Windows Install Disc

DDS (Ver_10-03-17.01) - NTFSx86
Run by Dan at 9:27:07.89 on Tue 09/28/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1407.711 [GMT -6:00]
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe... Read more

Answer:Reply to First Steps for Malware removal

Hello and welcome. Please follow these guidelines while we work on your PC:Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I?ve given you the ?All clear.? Absence of symptoms does not mean your machine is clean!
Please do not run any scans or install/uninstall any applications without being directed to do so.
Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.
Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please download Rootkit Unhooker and save it on your desktop.Disable your security programs
Double click RKUnhookerLE.exe to run it
Click the Report tab, then click Scan
Check Drivers, Stealth Code, Files, and Code Hooks
Uncheck the rest, then click OK
When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
Wait till the scanner has finished then go File > Save Report
Save the report somewhere you can find it. Click Close
Copy the entire contents of the report and paste it in your next reply.
Note - You may get this warning it is ok, just ignore it:"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"Please include the following in your next post:Rootkit Unhooker log

14 more replies
Relevance 71.34%

Good evening,

Earlier today I clicked on a website link after searching for lyrics to a particular song. Immediately, a large, full-page pop-up alerted me to the fact that I had some sort of infection and that my computer was at risk. No matter how many times I attempted to click the red X and remove the box, it just reappeared and prevented me from returning to the IE browser tab to close it. The warning box gave a phone number to call to get help with the situation.

At first, I thought that the message was from Microsoft and called the toll-free number. When some other company answered, I told them I did not want their help and hung up. I, instead, manually opened the Microsoft Security Essentials control box and started a full scan. At the end of the scan, I was told that the scan found no issues which surprised me since I thought that the warning box was still inhibiting my access to my IE browser.

Looking around in an attempt to find more information, I selected the MSE History tab and found two items previously quarantined. I selected them and removed them. Afterward, I was able to close the IE tab associated with the warning box by hovering over the IE icon in my taskbar, but I don't know if that timing was simply a coincidence since the quarantined items were not from today's scan.

I provided all of the information because I am not sure whether I need to do anything else, at this point. Everything appears to be back to normal, but I don�... Read more

More replies
Relevance 71.34%

Hi.In the last week or two, i have noticed that my computer is running slower than normal, as in taking a long time to open web pages, and on a few occasions i have been viewing a website, only to find that it dissapears and a completley different website appears.I have ran windows defender, that turned up nothing.I also have spybot, that turned up a load of usage tracks, which i removed anyway.So i just thought i would post these three logs to you to see if there is anything interesting in there.I am new to all this, but i have printed the "self help" pages out for the computer hope hijack this process  tool, to try and understand it a bit more.I am running windows xp pro sp3.internet explorer 8Thankyou for your time at looking at the logs.[attachment deleted by admin]

More replies
Relevance 71.34%

Hi. Hope I'm doing this right. I'm confused because I thought I would be removing the malware that was detected by Hitman by the Hitman software, as opposed to sending something in. Forgive my ignorance.

Here are some logs you asked that be saved.
 

Answer:Finished the Malware Removal steps. What's next?

Welcome to Major Geeks!
Exit any programs that you may have started.
Please disconnect any USB or external drives from the computer before you run this scan!
Rerun RogueKiller ( if running Vista,Win7, or Win8 user right-click and select Run as Administrator to run ) for WinXP and Win 2K just double click to run
Wait until Prescan has finished
Then Click on "Scan" button
Wait until the Status box shows "Scan Finished"
click on "delete"
Wait until the Status box shows "Deleting Finished"
Click on "Report" and attach the content of the Notepad into your next reply.
The log should be found in a new RKreport[x].txt on your Desktop
Exit/Close RogueKiller and reboot your PC.
Now run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista or Win 7, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
R3 - URLSearchHook: (no name) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - (no file)
O2 - BHO: (no name) - cardisabled - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no nam... Read more

14 more replies
Relevance 70.52%

I ran all the malware removal steps and everything went well. I am attaching logs. I also have MGlogs.zip on my hard drive will you guys need this? Thanks for the help its worked well. Everything went in the order the directions said.
 

Answer:I ran all steps from READ & RUN ME FIRST. Malware Removal Guide

Sending the MGlogs.zip file
 

2 more replies
Relevance 70.52%

Hi....I'm new, and not very PC smart. It's taken me a week to go through all your steps for malware removal, but I'm still getting them!

My OS is Windows XP Professional service Pack 2 (build 2600) version 7.1h.
Hard Drive is 119.96GB with 107.56 free. RAM is 254MB.

The processor is 2.4 gigahertz Intel pentium 4, 8 kilobyte primary memory cache, 512 kilobyte secondary memory cache.

Don't know what all this means, but I think you need it....

Here's the problem.

Firstly, we suddenly got an automatic Windows style dial-up connection window. This had not been the normal way for us to get on line. The dialing program window shows C\WINDOWS\system32\fd2ba95f.exe

Then a series of pop-ups which include "SYSTEM INTEGRITY SCAN WIZARD", "MALICIOUS SOFTWARE REMOVAL WIZARD", ULTIMATE WINDOWS DEFENDER" TRIUMPH ON-LINE CASINO", " BT YAHOO ONSPEED", REAL PLAYER UPDATE", "THERE IS NO VIRUS PROTECTION DETECTED ON YOUR PC", and lastly, "YOUR COMPUTER IS AT RISK. NORTON VIRUS IS SWITCHED OFF". It wasn't.

To the best of my ability, I ran all the steps as outlined in your pre-posting requirements. I don't get these pop-ups all the time, in fact, they are quite rare, but they are annoying, and I don't like the idea the PC is still infected.
The dial-up connection window is always there. We just ignore it.

I have saved, ready for sending, an Activescan log, a BD scan lo... Read more

Answer:I've completed the required steps for malware removal...now what?

Welcome to Majorgeeks!

Yes! As requested in the READ & RUN ME, attach your logs if still having problems.
 

5 more replies
Relevance 70.52%

I have followed the removal guide to the letter and I am still getting the trojan downloader BHO.BHG or BHO.BGL thing anytime I hit a webpage, its making my AVG work overtime. I am also getting website redirects. I did have the virtumonde thing and tried the alternative scan for that, it keeps trying to fix the same thing every time I reboot.
the spybot scan: "couldn't fix all problems, associated files in use (memory)", I never saw that before.

Attached are the requested files when asking for help, everything was done in order.

I appreciate any help that you folks could provide and thank you in advance.

Brian
 

Answer:Malware removal steps completed, problems still around...

Additional scans requested
note, the AVG scan saved in the .tab format, it will not upload.

Thanks in advance
Brian
 

11 more replies
Relevance 70.52%

Hi,I need some help with my laptop.Hope computer hope can help me.  At first my laptop cannot run any applications. the file **** is infected. I tried to format my laptop but can't, it keep on shutting down when I try to boot from CD. Thus, I followed all the malware removal steps. then, everything is running back to normal. Just that I can't get connected to the internet. Can you help me, how to fix this? Herewith, I paste all the logs, in case if it is needed.SuperAntispyware log:SUPERAntiSpyware Scan Loghttp://www.superantispyware.comGenerated 08/16/2010 at 01:00 PMApplication Version : 4.41.1000Core Rules Database Version : 5360Trace Rules Database Version: 3172Scan type       : Complete ScanTotal Scan Time : 02:21:40Memory items scanned      : 578Memory threats detected   : 0Registry items scanned    : 8322Registry threats detected : 2File items scanned        : 131293File threats detected     : 22Trojan.Agent/Gen-Frauder   [jjlghcfp] C:\DOCUMENTS AND SETTINGS\IMAN\LOCAL SETTINGS\APPLICATION DATA\AFLGBTIDE\NCKLCBSSHDW.EXE   C:\DOCUMENTS AND SETTINGS\IMAN\LOCAL SETTINGS\APPLICATION DATA\AFLGBTIDE\NCKLCBSSHDW.EXE   [jjlghcfp] C:\DOCUMENTS AND SETTINGS\IMAN\LOCAL SETTINGS\APPLICATION DATA\AFLGBTIDE\NCKLCBSSHDW.EXEAdware.Tracking Cookie   C:\Documents and Settings\iman\Cookies\[email protected][1].txt &... Read more

Answer:done the malware removal steps, but can't get connected to the internet.

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs. 1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.2. The fixes are specific to your problem and should only be used for this issue on this machine.3. If you don't know or understand something, please don't hesitate to ask.4. Please DO NOT run any other tools or scans while I am helping you.5. It is important that you reply to this thread. Do not start a new topic.6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.7. Absence of symptoms does not mean that everything is clear.Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger.Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.Exit out of MessengerDisable then delete the two files that were put on the desktop.************************************Open HijackThis and select Do a system scan onlyPlace a check mark next to the following entries: (if there)R1 - HKCU\Software\Microsoft\Windows\Curren... Read more

8 more replies
Relevance 70.52%

I was having trouble with win32:malware-gen and some other assorted baddies. Every time I double-click on "My Computer" or most of my desktop icons, it automatically tries to install SmartWebPrinting and I was also getting redirects through Firefox and it wasn't letting me get at it until I found you guys. Went through the malware removal process and the redirects seem to be gone, but my system still tries to install SmartWebPrinting anytime I double-click an icon.

Here are my logs from the steps of the process. Thank you for your help!
 

Answer:Followed malware removal steps, but one lingering issue...

Here is the SAS log...
 

4 more replies
Relevance 70.52%

Infected by viruses, ran Spybot and Malwarebytes, MWB had been turned off, not normal. Still had problems, so Completed Read Me steps, Still have problems

Computer would not operate in std mode, so steps up to combofix were done in safe mode. Safe mode did not allow uninstall of Java, so this step was skipped.

Running Vista 64 so RootRepeal was not done.

Everything was fine for a few minutes. Browsed major geeks for a moment and start-up programs seemed fine.

When re-enabling user account control, double clicking the EnableUAC.reg brought up the windows does not recognize this file extension, browse to find the correct program. Tried twice, same result. So i did it manually through control panel and rebooted. Everything fine.

After re-start, step 6 of Vista instructions, right clicked Computer and things went bad. Computer locked. Tried a few times rebooting and problems got worse. Now in STD mode computer locks or screen goes black. Task manager will not come up to see what apps and processes are running. Sometimes desktop or startmenu will fade to grey and everything locks.

Also of note, in STD mode, I get a pop-up window titled Security Alert: You are about to view pages over a secure connection... no one will be able to see pages etc. I closed the window clicked google chrome to nav to Majorgeeks and all seemed well enough. Clicked restore pages, then naving MajorGeeks the browser locked with the message waiting on cache.

Now computer boots in STD mod... Read more

Answer:Malware removal steps complete, still have problems

Other MWB logs attached...
 

49 more replies
Relevance 70.52%

I still seem to be having issues with pop-ups. I've attached the 5 logs from running the MGtools. Can anyone take a look and tell me if I still have problems that weren't removed?
 

Answer:I performed all the steps following the malware removal guide, but...

Here are the other two logs.
 

13 more replies
Relevance 70.11%

I've i ball andi 4.5 d royale previousely my antivirus is cm security, but now I turned to 360 security. After checking for virus scan it shows com.sts vulnerablity Which indicates it need to "Force stop" But I don't know what is com.sts Do i STOP IT OR NOT. Is it a malware???
 

More replies
Relevance 69.7%

Initial problems were:

Popuppers Advertisement Window65
mssvchost.exe file cannot be found
cannot find: syscfg32.exe, servicelog.exe
error load NVQTWK

last boot still had mssvchost.exe problem.

I have run all the steps and encountered the following problems along the way.

Step 5: Counterspy in Safe mode did not allow me to save a log. I went in later & saved the history of the scan as a .txt and will attach this file.

Step 6A: I could not install the Latest Sun Java version: Got the message that policies were in place by administrator -- I'm the administrator & did not put any policies in place -- so no BitDefender or Panda files possible.

Thanks in advance for help
Linda
 

Answer:Have finished all steps in malware removal-- please analyze logs

Here's the Newfiles file.

Again,
Thanks,
linda
 

5 more replies
Relevance 69.7%

Followed all steps to the word...A lot of things have been fixed. However there are still problems like pop ups and my computer is very slow to connect to the internet.
 

Answer:Computer very slow after Malware removal steps completed

Computer very slow after Malware removal steps completed...bdscan

this is my bdscan results
 

10 more replies
Relevance 69.7%

Hi, I've been trying to complete the steps for malware removal.   I cannot do a THING with my laptop, can't connect to the internet or run any programs (I was trying to do the steps listed on the HOPE forum and was only able to get through the first few steps (rrkill and Super Antispyware) AND run the scan. but from there I've been unable to do anything further. What do I do now???Thanks!Lisa

Answer:Malware removal - can't perform any suggested steps with .exe file

Oh, I'm running Vista 64 bit.

14 more replies
Relevance 69.29%

My Android Tablet has been rendered useless by this "fbi" malware and I am about to throw it away, can you give simople instructions so I may continue to use for e-m and web surf plus pandora and crackle?
 

Answer:HELP Removal of FBI malware on Android Tablet

We only provide Malware Removal for Windows machines.
 

1 more replies
Relevance 68.88%

My computer has been browsing slow and error messages about scripts not running appear often so I did all of the steps you recommended and would like you to see if I have anything to fix. After running one of the scans I got a message about a group of malware which started with zwalertresumethread and other similar names so I think I may need your help. I will attach all of the logs. Thank you
Herb
 

Answer:I Did The Steps Outlined In The Malware Removal Post And Found Things.

Fix what Hitman found. Otherwise I am not seeing any malware. What exact issues are you having?
 

5 more replies
Relevance 68.88%

Hi I went through the malware cleaning steps just a bit ago to remove a redirecting page that kept coming up while browsing on chrome. It's been mainly causing problems with a single website right now that did not have any prior issues, but it could potentially be popping up with multiple websites on chrome. Usually if it does pop up again, it is after clicking on chrome or another tab after leaving it for a couple minutes. I've run through all the steps so far on the malware removal on the site but still have been having no luck with removing the file thats causing the problems. Any help you have would be greatly appreciated.

Thanks,

Bod
 

More replies
Relevance 68.88%

Hello, I am a new adult content webmaster and I have been exploring some different sites to get some ideas on how to build my site. I came across a site that I believed downloaded a nasty little bug on my computer. A lot of sites (mostly adult) I try to go to are having the URLs rewritten to all kinds of other sites.

I followed all of the steps to remove malware but my browsers are still being hijacked. Attached are my logs.

I couldn't get a CounterSpy log because I guess it won't let you create logs in safe mode. But the CounterSpy scan came up clean anyway.

Thanks for any help.
 

Answer:A lot of adult sites being redirected...followed malware removal steps. Still problem

Re: A lot of adult sites being redirected...followed malware removal steps. Still pro

Three more logs.

GetRunKey
ShowNew
HiJackThis
 

5 more replies
Relevance 68.47%

I tried renaming like it says and I still get the win32 error. I want to stay in order. What do I do now? Also my other computer keeps booting up, and won't stop, regardless of safe mode. How can I stop this so I have something else to work on in the meantime.
 

Answer:Working through the removal steps. How can I get SuperAnti Spyware to run?

Or do I just skip this step?
 

2 more replies
Relevance 68.47%

I dowloaded both malwarebytes Anti malware and smithfraudfix. Malwarebyte won't open and smithfraudfix does not get rid of the virus. Please help as this is VERY annoying.

Answer:Personal AntiVirus Removal steps not working

If mbam won't install or runSome types of malware will disable MBAM and other security tools. If MBAM will not install, try renaming it. Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run.

8 more replies
Relevance 68.47%

A friend of mine has w32.blaster.worm. I've tried to help him remove it with all the normal steps, downloaded the removal tool from Symantec from here:http://www.symantec.com/security_re...I have attempted to navigate to the registry key that's supposed to be there but it's not listed, as discussed in this article:http://deletemalware.blogspot.com/2...His Norton anti-virus is expired and he doesn't have an alternate virus software (he won't make that mistake again!). I tried to have him download Adaware and install it but it will not allow him to install in either normal or safe mode. He receives an error message that he does not have admin rights while booted normally and in safe mode it won't allow the install either.While in safe mode he can run Hijack This & the removal tool/executable but when he attempts to run anything in normal boot he receives the error that he does not have admin rights to the machine.I had him download Hijack This and got the log file from safe mode (normal boot gives the admin error). I was hoping someone could take a look and see if they can see what we need to do? Any help is greatly appreciated.Safe mode log:Logfile of Trend Micro HijackThis v2.0.4Scan saved at 12:53:21 PM, on 2/8/2011Platform: Windows 7 (WinNT 6.00.3504)MSIE: Internet Explorer v8.00 (8.00.7600.16700)Boot mode: Safe mode with network support Running processes:C:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\AOL 9.5\waol.exeC:\Program Files (x86)\Common ... Read more

Answer:W32.blaster.worm removal steps not working

Looking at his log I've seen something I didn't realize before. He was saying he has XP this entire time and now I see that the log shows Windows 7.GRRRRRR.I found the following article that talks about the removal and this seems to fit right in line with what is happening for him.http://social.answers.microsoft.com...Does anyone know if there's a better way or should we just follow these steps?

2 more replies
Relevance 67.65%

My computer recently became infected. At first, my taskmanager and regedit were locked. Next, my desktop background was locked. I fixed these problems, but continue to be bombarded with malware in my running processes which regenerate upon rebooting. Eventually, I could not startup Windows. Once the Windows loading page was finished, my computer would restart. I upgraded to XP Pro, can now log on, but still have malware. Please help! Thanks for your time!
 

Answer:completed steps in "READ & RUN ME FIRST MALWARE REMOVAL GUIDE" and still have malware

Re: completed steps in "READ & RUN ME FIRST MALWARE REMOVAL GUIDE" and still have mal

Here is my MGTools.zip log. Thanks in advance for your help. Any addition info needed please let me know. Take care.
 

4 more replies
Relevance 66.83%

I ran the steps in the Malware removal guide, i haven't seen any new pop-ups, but i noticed that there were a few problems that bitdefender could not fix, and my laptop is still running slow.

I am running windows XP, and will attach all logs.

Thank you in advance for all you assistance.
 

Answer:ran all the steps in "Read & Run Me First malware removal guide," still have malware

Re: ran all the steps in "Read & Run Me First malware removal guide," still have malw

Here are the last three logs.
 

10 more replies
Relevance 63.14%

What is Android.Hippo ?

Android.Hippo is a Trojan horse that disguises itself as popular game software and it has been seen on Android app marketplaces in China and fake app.
Once installed, this malware sends premium SMS messages to a hard-coded Chinese service provider (at the victim's expense).
It also monitors incoming SMS messages, and deletes any SMS whose originating phone number begins with 10. Those are typically other SMS messages from legitimate service providers.
The malware also tries to update itself, downloading a newer version from a remote web server.

Am I infected?

This is a screenshot of this malicious app.:

[attachment=723]

Removal Instructions
Open the Google Android Menu.
Go to the Settings icon and select Applications.
Next, click Manage.
Select the application and click the Uninstall button.

If you are still experiencing problems on your machine, please start a new thread here.
How can I prevent these infections?

The Android platform?s open nature makes it more attractive to cybercriminals than many other mobile operating systems. Even though the steps may seem obvious or overly simple, we can?t stress their importance enough.
Use your smartphone?s built-in security features - Knowing how to activate a smartphone?s security features is a step in the right direction. We strongly urge users to familiarize themselves with and take advantage of their smartphone?s built-in security features.

Disable Wi-Fi auto-connect - ... Read more

Answer:How to Remove Android.Hippo (Android Trojan)[ Removal / Uninstall Guide ]

Jack said:

All major antivirus software vendors offer Mobile Security products :

Norton Mobile Security
Kaspersky Mobile Security
ESET Mobile Security
F-Secure Mobile Security
BitDefender Mobile Security
Click to expand...

What about adding Dr.Web Antivirus for Android, It's what I and my family use on their Androids.
 

3 more replies
Relevance 62.73%

I went through all the suggested steps within the Malware Removal Guide and Windows XP Cleaning Procedure. My issue is the "Data Execution Protection" error from Windows only when opening Windows Explorer and only on one of the three accounts on this computer. I haven't noticed this error while using any other programs. After going through all the suggested steps, I am still having the same issue. Thank you very much for the help.

behappy7458
 

Answer:ran all the steps in "Read & Run Me First malware removal guide," still have an issue

Re: ran all the steps in "Read & Run Me First malware removal guide," still have an i

Here are the other log files.

behappy7458
 

14 more replies
Relevance 62.73%

I have run through all "Read & Run Me First malware removal guide," steps except that I could not download RootRepeal. Attached are the four logs produced. Am running only NAV 2009 on Windows XP. However, after latest reboot "NAV has detected threats that require your attention - High, INFOSTEALER, Remove Failed" appeared yet again. Please, any assistance would be most welcomed. Many thanks.
 

Answer:Re: ran all the steps in "Read & Run Me First malware removal guide,"

Welcome to Major Geeks!

We cannot continue until you attach the other 2 requetsed logs from RootRepeal and MGtools. If your problem with downloading RootRepeal said something about bandwidth limits, just scroll down to one of the other links given where it can be downloaded from on their web page.
 

1 more replies
Relevance 61.09%

Hi,I have tried many ways to get rid of some Malware that has only recently infected my PV. I hope someone can help me as this is my work PC and I need to plug back into my office network in a few days, but think this would be a bad idea at the moment.The problem first showed itself by insisting I had many viruses etc, and I should install Internet Security 2010. I have installed Malware Bytes removal tool, and installed as instructed. It found the above, said it was removed, but still it appears to exist, although the name of the infection has changed a few times, and is currently redirecting my brower to a similar page to the above malware. A popup now shows that I should install Cyber Security to remove the infections. This is obviously another malicious antivirus/malware program.I have McAfee Enterprise installed (which I can't seem to disable)I have also run SuperAntiSpywarePlus, which did the trick removing a similar problem about a year ago on a different PC. However, although this program also finds problems, and supposedly removes t5hem, the problem is still there.Please help. I have shown Hijackthis log below.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:58:42 PM, on 29/12/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16945)Boot mode: NormalRunning processes:C:\windows\system32\csrss.exeC:\windows\system32\winlogon.exeC:\windows\system32\services.exeC:\windows\... Read more

Answer:Cyber Security removal; Malware removal not working

Hi,I have tried everything I know of to remove this pesky piece of malware. It seems to keep changing names, starting out as Internet Security 2010, and redirecting me on a google search to a webpage trying to convince I was riddled with viruii and malware, and then trying to sell me thier software, which is really just a scam. I ended up here after a few days of tearing my hair out, almost beaten. I went through the tutorials, but unfortunately that was before I fired off a post in desperation. Please delete my previous post, as I have now followed the suggested path, and run the utilities to help diagnose my problems. The resulting files are attached.Please help. I hope the files uploaded can provide an insight into whats happening.Apologies for jumping right in and posting a Hijackthis log before I had read the tutorials.ntents belowDDS.txt contents pasted belowDDS (Ver_09-12-01.01) - NTFSx86 Run by Greg.Middleton at 15:30:23.26 on Tue 29/12/2009Internet Explorer: 7.0.5730.13Microsoft Windows XP Professional 5.1.2600.2.1252.61.1033.18.3063.2330 [GMT 9.5:30]AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}============== Running Processes ===============C:\windows\system32\svchost -k DcomLaunchC:\windows\system32\svchost -k rpcssC:\windows\Syst... Read more

3 more replies
Relevance 60.27%

Trend Micro has released a ebook on how to increase the security of your smartphone in 5 simple steps.

You can read the full guide here.
 

More replies
Relevance 57.81%

I am working on my Dad's computer in his office and I have a few questions BEFORE I run CCleaner. I am in the process of following the "Read and run this before posting" but I want to make sure of a few things first. When I run CCleaner am I to let it clean all the cookies as well? I know that there are a few sites that my Dad goes to on a regular basis and I am afraid that it will wipe out cookies that he needs. Could someone please advise?
 

Answer:Smitfraud-C Removal and removal steps questions

While cookies are not really problems to be concerned with, it is better to let CCleaner remove them so that the other scans don't take as long to run. In addition it can tremendously reduce the size of logs that have to be read. So yes clean cookies but you can first just tell Ccleaner which cookies to keep. It is part of the features which you should learn to use and configure.

Be careful with Spybot and SmitFraud-C. Lately I have been seeing it remove rundll32.exe which you do not want to do. Also if you truly have SmitFraud, you should run one of the special removal procedures (mentioned in the READ ME). Like one (only one) of the below:

SpywareStrike, Smitfraud, SpySheriff, SpyAxe & PSGuard Removal

SpywareQuake & SpyFalcon Removal Procedure
 

5 more replies
Relevance 56.17%

Original Problem: My IE is currently not working. I noticed a program called AntiMalware Doctor running on my computer with pop up screens and I used the guide I found on your website to remove it. I now have Norton Security Suite and Maleware bytes' Anti Malware installed. I have already ran a scan with both programs and removed the infected files. The only program I am currently having difficulty with is IE. When I open it, it the window stays white and it finally says that the program stopped working. My system is Vista with IE 8. If someone could please help me I would be greatful!

Thanks!

EDIT** Norton has identified and blocked several 'Intrusion attempts'. All originating from the same IP address but with different sources listed.

Also, I have received an error message that states that the 'Windows Host file stopped working.' I would like to be 100% sure My laptop is clean and working properly.

Here is the DDS log:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Jacalyn at 19:21:01.02 on Wed 04/27/2011
Internet Explorer: 8.0.6001.18865
Microsoft? Windows Vista? Home Premium 6.0.6000.0.1252.1.1033.18.3069.1052 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows... Read more

Answer:IE Not working after Malware removal

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
Do not d... Read more

6 more replies
Relevance 56.17%

My IE is currently not working. I noticed a program called AntiMalware Doctor running on my computer with pop up screens and I used the guide I found on your website to remove it. I now have Norton Security Suite and Maleware bytes' Anti Malware installed. I have already ran a scan with both programs and removed the infected files. The only program I am currently having difficulty with is IE. When I open it, it the window stays white and it finally says that the program stopped working. My system is Vista with IE 8. If someone could please help me I would be greatful!

Thanks!

EDIT** Norton has identified and blocked several 'Intrusion attempts'. All originating from the same IP address but with different sources listed.

Answer:IE not working after Malware Removal

Still having the same problem, though I have installed Firefox and it works fine. I would still like to make sure my laptop is clean and get everything back working. I did receive some sort of error message that says 'Host Process for Windows Services stopped working and was closed'. Did another Malewarebytes scan and it found 0 infected files.

6 more replies
Relevance 55.35%

I recently (about a week ago) had adware on my computer. I am not sure where it came from but that's not the point. I had it completed wiped the malware out today and now the internet connection is not working for my the used to be infected computer.
 

Answer:Internet Not working after malware removal

I meant adware sorry...
 

6 more replies
Relevance 55.35%

Hi,

My computer has been attacked by malware.
Now I followed the instructions on the opening thread of this forum and download DDS.scr, but I cannot make it to work.
After opening the program, I dont think it is doing anything. No logs are created.

Please let me know how to go about the first step
Btw, the symptoms of my machine are -

1) Random new browser windows opening with hoax antivirus pop-ups asking for download
2) Firefox crashing everytime it is launched. Crash report submittal is failing.

3)Unable to connect to Internet through wired LAN. It shows connected status but no sites open.

4) Sometimes my McAfee Antivirus is closing down abrutly throwing warning that it has been closed although the system guard icon of McAfee is still active.

Thanks!
Ron

Answer:Need help to get started with malware removal-DDS.scr not working

Hi
Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized, if not you'll find it in c:\rsit folder)

19 more replies
Relevance 55.35%

I have worked on a couple of machine lately that have had rootkits (.zeroaccess) and after removal devices would not work. I tried the easy stuff like uninstalling/reinstalling devices, replaceing driver files, reinstalling inf files for the devices, SFC, and repair installs but the devices do not work correctly again. On one machine it is the CDROM, on another the mouse and keyboard. The mouse/keyboard with work ater a removal and reinstall but stop working after a reboot. A wipe and reinstall will do the trick but I sure would like a better answer. Has anyone else run into this or found an answer?

Answer:Devices not working after malware removal

Are you looking for a general answer or do you have an infected machine?

2 more replies
Relevance 55.35%

USB port not working after malware removal. I use a card reader on the usb port loacated on the front of my computer. After succesfuly removing "my way s#ar#h assistant", The card driver doesn't work. Do I need to insal a driver to get it functioning properly?
Thanks for all your help
 

Answer:USB port not working after malware removal

Hi

I would say your are best to follow what Chaslang posted HERE and attach the logs in that thread of yours in malware forum as while you may look ok and malware free, their maybe some malware files causing this.

We may be able to reinstall the driver but that may not change anything, unless all malware is removed first.


The info we would need to get the correct driver is in below steps, but TBH, do make sure you are fully clean from malware first.





If your PC is one from the likes of DELL, HP, Sony, etc what is the Make and model varient as this will assist us if we need drivers?

If your PC is a home or custom build what is the motherboard make and version?

Download and install Everest to find this info, at times a summary log of your PC can help, to do this

Install Everest and run
Click Report (top menu) > Report Wizard > Next
Choose System Summary Only > Next
Choose Plain Text > Finish and wait for report to generate
Click Save to File and leave the File Name as Report, then click the Save as Type dropdown and choose Report files (*txt) and click Save (n.b. Save to desktop is best as easy place to find it, use Browse to locate desktop)



Then attach your log to your next post as per these instructions HOW TO: Attach Items To Your Post [/URLClick to expand...


 

1 more replies
Relevance 54.94%

Hello, I've just about given up trying to fix this and am ready to reinstall the OS, but maybe someone here knows what's wrong and how to fix it. The computer was upgraded to Windows 10 and had some minor malware that was removed. After the clean up the printer no longer works (I'm not sure if it was working before the clean up since it wasn't tested). The computer has no other problems or errors in the event log.


The printer is an HP OfficeJet 8500 A909g. The OS is Win 10 x64.


Symptoms:

-The printer is detected in devices and printers
-The scanner actually works
-It will print an internal test page of some kind from the HP Solution Center, but not the Windows test page or anything else.
-The same problems happen with both network and USB installs
-When printing a text document it says "The handle is invalid." with a yellow triangle and exclamation mark.
-When printing a Word Document it says "We couldn't print because there doesn't seem to be a printer installed :-(" with a yellow triangle and exclamation mark and a "show help >>" button.
-Opening the printer properties from devices and printers gives the following error with a red X before the properties windows opens: "C:\Windows\Explorer.EXE Function address 0x3f416fda caused a protection fault. (exception code 0xc0000005) Some or all property page(s) may not be displayed."

Attempted repairs so far:

-Uninstalled the printer and rein... Read more

Answer:Printer not working after Win 10 upgrade plus malware removal

Hi jcompguy and welcome to Tenforums.

That's a problem, yes, and you've tried just about everything I would have tried.

Have you run the Utility-Diagnostic Tool (just below the driver/software download) here?
HP Software and Driver Downloads for HP Printers, Laptops, Desktops and More | HP® Customer Support

If the printer works with other machines, then it's definitely that computer. Perhaps you could run sfc /scannow to make sure all system files are intact?

Also, before doing a clean install, I always try a repair install using an in-place upgrade. That just might do the trick.

Hope that helps!

0 more replies
Relevance 54.94%

Hello,

Sorry for the length of this post, but I try to describe in detail what I've done. I have used the instructions in the "READ & RUN ME FIRST. Malware Removal Guide".

The reason I have done this is, because Avast On access scanner periodically alerted me to trojans in the temporary internet folder for the past two weeks. I instruct Avast to delete these files but the messages always come back a short while later. Two days ago it started alerting me of blocking access to a malicious site (the url for this site is garbled and ends in .cn). This message would pop up every 5 to 10 seconds. So I attempted to remove the malware on the pc with the help of the instructions of this forum yesterday night.

I am not sure where the trojan/malware originated from, as I am not the only user of this computer (my parents also use it). Around the time that the problems started, I visited a reputable (or so I thought) job site (engineeringcareers.co.za) - upon visiting Avast alerted me to a trojan attempting to download and gave me the option to block the connection to the site, so I did so.

Now, on to how I followed the instructions in your guide and the problems that I encountered:

I followed all the instructions to the letter, up to and including the Malwarebytes' Anti-Malware. Super antispyware had to be renamed to SAS.exe to run, as the explorer window crashed if I tried to run it normally. After MBAB finished, I could not connect to the interne... Read more

Answer:following malware removal instructions - MGTools not working

Hello again,

Here are the combofix and rootrepeal logs I intended to post. I wanted to post them directly after my earlier post, but real life interfered in the time between posting and my post showing up in the forum. This will probably be seen as a bump, but oh well - so far it looks like my problems are sorted out, so far Avast has not given me any more alerts to trojans/rootkits.

Thanks again,

Z.
 

8 more replies
Relevance 54.94%

I have discovered some Malware on my computer - under advice from my own techie friend I have run MalwareBytes and Combofix to remove and both do so for a short period of time and then the computer gets reinfectedThe virus disables all my .exe files and am sure probably more than that and I just want to clear it for goodI use Symantec as my anti virus etc all installed by a professional so really would like some help in clearing thisBelow is the log from Malweare and Combofix run in that order today - Malware always finds the same 6 problems Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4485Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.1870229/08/2010 09:27:51mbam-log-2010-08-29 (09-27-51).txtScan type: Quick scanObjects scanned: 172496Time elapsed: 26 minute(s), 31 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 2Registry Data Items Infected: 4Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\secfile\shell\open\command\(default) (Rogue.MultipleAV) -> Quarantined and deleted successfully.Registry Data Items Infected:HKEY_LOC... Read more

Answer:Removal of Hijack This etc Malware and COmbo not working

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please downloa... Read more

more replies
Relevance 54.94%

Hey

So my hp tablet (windows xp) was infected with fake virus alerts which would not allow me to connect to the internet.

The malware has been removed, but I still cannot connect to wireless at any location (others can). Wired ethernet works. Right now my laptop is connected to a wireless router via an ethernet cable.

I can "see" wireless networks. When I try to connect, I am told I am connected, but I can't do anything and become disconnected in about 5 seconds. The connection continues to "connect" and "disconnect" every 5-10 seconds, although I still can't use the internet either way.
When I "repair" connection, I am told the ip address cannot be renewed. I have renewed the ip address manually in command prompt, but that doesn't change anything.

When I run ipconfig/all in command prompt, I get this (minus the host name):

Windows IP Configuration
Host Name . . . . . . . . . . . . :
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Wireless Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Description . . . . . . . . . . . : Intel(R) PRO/Wireless 2200BG Network
Connection
Physical Address. . . . . . . . . : 00-16-6F-94-32-DB
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
... Read more

Answer:Solved: Wireless not working after malware removal

16 more replies
Relevance 54.94%

Hi, I have been using Google Chrome for many months without a problem. However, last night I was somehow infected by malware. A fake anti-virus program appeared in my system tray and I could not kill it or any other processes. It prevented me from running MalwareBytes or getting to the Task Manager. I restarted my computer in safe mode and ran MalwareBytes and it removed 7 things. However, since then, I have not been able to use Google Chrome or Internet Explorer; I am currently only using Firefox because that is the only browser that works. I did some searching online and found that other people have had this problem after removing malware from their computers as well.I would greatly appreciate it if someone could help me figure out what is wrong with my computer.I am running Windows Vista (64-bit) SP 2.As stated in the Preparation Guide, here is the log produced by DDS. Also, I ran GMER, and I attached the file that I saved from it. However, a bunch of the options were grayed out, so I wasn't sure what else to do. I will await further instruction and rerun GMER if need be.Thank you so much!DDS (Ver_10-03-17.01) - NTFSX64 Run by Ken at 13:18:11.29 on Sat 07/10/2010Internet Explorer: 8.0.6001.18928 BrowserJavaVersion: 1.6.0_14Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.4093.2571 [GMT -4:00]SP: Windows Defender *enabled* (Updated)
google_ad_client = "ca-pub-3249370012249755";
/* Forums - Bottom */
google_ad_slot = "5165859604";
google_... Read more

Answer:Google Chrome not working after malware removal

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.Note** If you are having problems posting the complete log into this thread upload them here http://www.rapidshare.com/ and post the links in this thread We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.I order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is ... Read more

13 more replies
Relevance 54.94%

Hi,
I got infected with some unknown spyware and decided to use AdwCleaner to remove it. Unfortunately, after removal and restart of my comp, all my browsers (chrome, firefox and ie) shows that I'm unable to connect to proxy server and i cannot get on the internet

Below are my stats and the Adw Reports

Thanks

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 8.1, 64 bit
Processor: Intel(R) Core(TM) i5-3337U CPU @ 1.80GHz, Intel64 Family 6 Model 58 Stepping 9
Processor Count: 4
RAM: 8077 Mb
Graphics Card: NVIDIA GeForce GT 740M, -2048 Mb
Hard Drives: C: Total - 190423 MB, Free - 4238 MB; D: Total - 264346 MB, Free - 44283 MB; G: Total - 476799 MB, Free - 476786 MB; H: Total - 953861 MB, Free - 6912 MB; I: Total - 476927 MB, Free - 476171 MB;
Motherboard: ASUSTeK COMPUTER INC., K46CB
Antivirus: Windows Defender, Disabled
 

Answer:Internet not working after removal of malware using AdwCleaner

# AdwCleaner v4.208 - Logfile created 06/08/2015 at 18:22:38
# Updated 09/07/2015 by Xplode
# Database : 2015-08-01.1 [Server]
# Operating system : Windows 8.1 (x64)
# Username : Gladwin - GLADWIN
# Running from : C:\Users\ASUS\Downloads\Programs\adwcleaner_4.208.exe
# Option : Scan

***** [ Services ] *****
***** [ Files / Folders ] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml
File Found : C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\eakacpaijcpapndcfffdgphdiccmpknp
File Found : C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_niloccemoadcdkdjlinkgdfekeahmflj_0.localstorage
File Found : C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_niloccemoadcdkdjlinkgdfekeahmflj_0.localstorage-journal
File Found : C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
File Found : C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
File Found : C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_user.qzone.qq.com_0.localstorage
File Found : C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_user.qzone.qq.com_0.localstorage-journal
File Found : C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_v.qq.com_0.localstorage
... Read more

6 more replies
Relevance 54.94%

Hi,
2 weeks ago Malware.Trace & Net-Worm.Win32.Koobface were removed from my pc (using F-Secure and MAB). Things seemed ok at that point.

Last week I noticed I wasn't able to access the SEARCH function. A few days later Windows Media Player wasn't working and my scanner wasn't being recognized by the system.(Had a death in the family and didn't have time to pursue the issues at that time.)

Today I reinstalled Media Player and the scanner. Scanner is fine.

Both Windows Media Player and the SEARCH function work just fine when I use the Administrator account.

When I try to run WMP in any of the 3 limited user accounts I get this message: "An internal application error has occurred."

When I try to use the SEARCH function in the limited accounts, a window opens with only a blank folder in the title bar.

Please let me know what you think I should do.

Thanks a lot!

Answer:Computer not working right after virus/malware removal

You never really did post any logs in your last topicIt's possible that you could still be infectetedUpdate mbam and run a FULL scanPlease post the resultsThen run ATF and SASATFPlease download ATF Cleaner by Atribune & save it to your desktop.Double-click [Please download Dr.Web CureIt, the free version & save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows:Double-click on launch.exe to open the program and click Start. (There is no need to update if you just downloaded the most current versionRead the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.The Express scan will automatically begin.
(This is a short scan of files currently running in memory, boot sectors, and targeted folders).If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All.When complete, click Select All, then choose Cure > Move incurable.
(This will move any... Read more

12 more replies
Relevance 54.94%

Hello, I've just about given up trying to fix this and am ready to reinstall the OS, but maybe someone here knows what's wrong and how to fix it. The computer was upgraded to Windows 10 and had some minor malware that was removed. After the clean up the printer no longer works (I'm not sure if it was working before the clean up since it wasn't tested). The computer has no other problems or errors in the event log.


The printer is an HP OfficeJet 8500 A909g. The OS is Win 10 x64.


Symptoms:

-The printer is detected in devices and printers
-The scanner actually works
-It will print an internal test page of some kind from the HP Solution Center, but not the Windows test page or anything else.
-The same problems happen with both network and USB installs
-When printing a text document it says "The handle is invalid." with a yellow triangle and exclamation mark.
-When printing a Word Document it says "We couldn't print because there doesn't seem to be a printer installed :-(" with a yellow triangle and exclamation mark and a "show help >>" button.
-Opening the printer properties from devices and printers gives the following error with a red X before the properties windows opens: "C:\Windows\Explorer.EXE Function address 0x3f416fda caused a protection fault. (exception code 0xc0000005) Some or all property page(s) may not be displayed."

Attempted repairs so far:

-Uninstalled the printer and rein... Read more

Answer:Printer not working after Win 10 upgrade plus malware removal

Hi jcompguy and welcome to Tenforums.

That's a problem, yes, and you've tried just about everything I would have tried.

Have you run the Utility-Diagnostic Tool (just below the driver/software download) here?
HP Software and Driver Downloads for HP Printers, Laptops, Desktops and More | HP® Customer Support

If the printer works with other machines, then it's definitely that computer. Perhaps you could run sfc /scannow to make sure all system files are intact?

Also, before doing a clean install, I always try a repair install using an in-place upgrade. That just might do the trick.

Hope that helps!

8 more replies
Relevance 54.94%

Hi all, let me first introduce myself. My name is Andrew.

Here is my current situation: The other day while on my computer, I started receiving messages I've never received before. I kept receiving popups on my desktop saying that threats had been detected and then proceeded to perform a fake system scan. The "dialog box" said something like 'PC AntiSpyware 2010'. I also had the little red circle with the white X in my system tray. Anytime you'd mouse over it, a warning balloon would pop up.

After doing a little research around these forums, I decided the best bet would be to download, update and run MalwareBytes' remover tool. I did a scan, checked all the objects that came up (all 44 of them! OUCH!) and had the program delete them. I then restarted my PC and voila! No sign of the malware at all. Awesome.

Except now my internet doesn't work. Both my wireless adapter tray icon (D-Link DWL-G122) and my wireless network icon are shown as being connected and having excellent signal strength. I even did a ping of google.com using the CMD prompt and it showed no errors in either direction! Weird. It doesn't appear to have anything to do with my network either, as every other computer connected to this network also connects to the internet with no problems at all.

So my question is wtf is going on here!? lol

I'm running out of ideas and would really like to get this resolved ASAP. Any help/advice at all will be greatly appreciated!

Thanks... Read more

Answer:Internet not working after malware removal. Please help, I'm desperate!

Mods, please close this thread as I am already receiving help elsewhere.

Thank you and I apologize for the inconvenience.

2 more replies
Relevance 54.94%

Problems:1) automatic updates unable to turn on (can't even manually start using services list)2) On Avant Browser, new windows with content related to open tabs pop up randomly3) Can't use gmail or google on Firefox (this may be application problem)4) Frequent pop-ups in Internet 7 browserPrograms:Used to have Ahnlab V3 Security Center (along with Adaware, Spybot, and Spydoctor (disabled) ), but switched to AVG upon review of this thread with similar problem (located here: http://www.bleepingcomputer.com/forums/t/36589/automatic-update-not-working/ ). Enabled Spydoctor and added C-Cleaner and did several online scans with programs on said thread. Computer started getting slow after installing V3Malware may have found it's way in after installation of the game Peggle. (See AVG log)I did an AVG scan and spybot scan in Safemode, log is as follows:AVG 8.0 Anti-Virus command line scannerCopyright ? 1992 - 2008 AVG TechnologiesProgram version 8.0.134, engine 8.0.0Virus Database: Version 270.4.7/1546 2008-07-11HKLM\SOFTWARE\Classes\MayaAsciiFile Found Adware.CommonName C:\Documents and Settings\Bienna Song\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Locked file. Not tested. C:\Documents and Settings\Bienna Song\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested. C:\Documents and Settings\Bienna Song\NTUSER.DAT Locked file. Not tested. C:\Documents and Settings\Bienna Song\ntuser.dat.LOG Locked file. Not tested. C:\Document... Read more

Answer:Automatic Updates Not Working/malware Removal

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.... Read more

14 more replies
Relevance 54.53%

At some point during the removal of malware, the Task manager of one of two user accounts stopped working. When accessed, it appears without headings or options except New Task at the bottom right of the pane. When I click on it, I get "Create New Task" box, which says, Open: Combofix. If I click the down arrow I get the following list: Combofix/uninstall, Combofix\uninstall, Notepad.exe, Regedit, cmd, appwiz.cpl, System recovery. I recognize these as being remnants of the clean-up process that was just completed. If I click ok, I get Combofix box - "Windows cannot find Combofix." Combofix was uninstalled after we were done removing all the malware.
The other user account is working fine. Also, I downloaded and installed the latest Internet Explorer 8 and Windows updates, but that didn't seem to do anything. The other user account, the one with the functioning Task Manager, is running better in general, updated. ? There is a thread that describes what we did, but I don't know how to link it to this thread.
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit
Processor: Intel(R) Pentium(R) M processor 1.60GHz, x86 Family 6 Model 13 Stepping 8
Processor Count: 1
RAM: 502 Mb
Graphics Card: Mobile Intel(R) 915GM/GMS,910GML Express Chipset Family, 128 Mb
Hard Drives: C: Total - 71186 MB, Free - 57582 MB;
Motherboard:
Antivirus: Microsoft Security Essentials, Updated: Yes, On-Dema... Read more

Answer:Solved: Task Manager not working after Malware removal.

11 more replies
Relevance 54.53%

I?m running Windows XP (2002). Yesterday, I had the ?Hard Drive Diagnostic? issue that I removed using the self-help guide. I ran rkill, Malwarebytes? Anti Malware, and Unhide.exe. Doing so took care of all problems and put all of my documents back in the ?my Documents? folder, except that the start menu shortcuts were not there (a bunch of empty folders where I anticipated links to MS Word and the like) and the background of my desktop had changed to the basic blue (or whatever that color is). I tried to follow the advice today of disabling antivirus software and running unhide.exe again; however, I was shortly being bombarded with the annoyance of Malware Protection. (I should note just prior to doing disabling AV software, I ran a Malwarebytes scan to make sure I wasn?t missing anything and came up with zero infected files.)

I tried starting in Safe Mode with Networking and running rkill; however, every time that I did so, the command window would open and state hat it was running and to be patient. Less than a half minute later, I would get a desktop message: ?Windows is running in safe mode. This special diagnostic mode of Windows enables you to fix a problem which may be caused by your network or hardware settings. Make sure these settings are correct in the Control Panel and then try starting Windows again. While in safe mode, some of your devices may not be available. To proceed to work in safe mode, click yes. If you prefer to use System Restore to restore your co... Read more

Answer:Malware Protection removal and TDSS Killer not working

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator&#... Read more

29 more replies
Relevance 54.53%

Hi
I have a Windows 7 64bit home laptop, it was infected with Malware. I installed MSE and it removed the malware but now can't browse the Internet, I've tried chrome and IE. I have tried to install malwarebytes but get a runtime error. I contacted their support and was asked to run FRST and send them the two log files which I did but not heard back yet. If anyone has any suggestions it would be really appreciated.

Answer:Internet Explorer and Chrome not working after malware removal - please help!

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/593024 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

2 more replies
Relevance 54.53%

Hello all, let me thank you in advance for your time on this.
I am working on my mother's computer (Aspire 6gig ram, 1T HD, Pentium)
She has been unable to access her email for a while now, and I took an initial run at the issue with HighjackThis. (I'll attach the logs)
HJT recommended a series of fixes, which I checked, only to find that they didn't go away.
I then turned to this faithful site.
I have run the Vista, Win 7 and Win 8 Malware Removal/Cleaning Procedure.
Attached are those logs.
As always, all advice and attention is greatly appreciated.
Thanks.
-Dave.
 

Answer:Working through Vista, Win 7 and Win 8 Malware Removal/Cleaning Procedure

Added the log files.
Thanks.
-Dave.
 

2 more replies
Relevance 54.12%

A short while back the malware forum helped me with a PUP issue.

http://forums.majorgeeks.com/index.php?threads/checking-before-i-delete-pups.296008/

I now have a new build and I am wanting to keep it as clean as possible. I am wanting to install a PDF editor program. My choices of programs all seem to have "Ghostscript" as part of their install. I cannot get solid confirmation from the web regarding the safety of Ghostscript. Yesterday I posted a thread in MG Software, but , as of yet no one has replied.

So, thus my following question. If I install a program with GhostScript and find that the GhostScript itself also brings with it some malware - then can I basically follow the same steps as the above linked thread to start and/or complete a cleaning? After installing the program I plan on doing a Malwarebytes scan to find out if any infection has taken place.

In fact, I guess I should actually install Malwarebytes 'before' installing the software that contains GhostScript.

Also, should I start a new thread, aside from this thread, if I find any signs of Malware from the install of any software containing GhostScript?

Thanks for any advice and guidance.

Dekade
 

Answer:Can I Use The Same Removal Steps As Before???

You should install Malwarebytes first then scan whatever downloaded PDF editor program before installing it. You could even upload the file to VirusTotal for scanning.




Dekade said:





Also, should I start a new thread, aside from this thread, if I find any signs of Malware from the install of any software containing GhostScript?Click to expand...

No - do not start another thread. In the case of a suspected malware infection, this is ALWAYS the starting point to receive help, as noted under the heading of this forum.




Malware removal forum. Please see the READ ME FIRST thread before you post. Forum is staffed by a small number of volunteers, please be patient.Click to expand...

READ & RUN ME FIRST Malware Removal Guide (incl. spyware, virus, trojan, hijacker)
 

10 more replies
Relevance 53.71%

Hi

REGISTRY/DRIVER ISSUE

I have an Acer Aspire 5740g laptop running windows 7 (log attached below).

I'm already indebted to you guys for your "READ & RUN ME FIRST. Malware Removal Guide" by chaslang, because it helped me to remove some nasty malware that was popping up on startup.

I ran through that guide till completion, including re-enabling UAC and doing the system toggles etc, including running all the anti-spyware programs even after the problem seemed to have been solved (although only the first two seemed to actually finish). The problem is gone thankfully but I've noticed an unusual side-effect:
audio no longer runs in browsers.

I'm wondering if some driver/registry change has caused this change. I've only tried testing the problem by opening clips that use sounds in youtube and megavideo (i'm using latest IE).

So far I have tried:
-restarting my computer
-updating adobe flash player to the latest version
-changing a flash player setting which is supposed to help in some situations (according to their support site)
-uninstalling and reinstalling flash player
-updating my sound drivers (found on the acer website- which involved removing the old drivers and installing the driver i downloaded).
-going into IE internet options> advanced> checking the "play sounds in webpages" box is checked
-closing all IE windows and restarting IE
-trying out (the limited) solutions google has thrown up

... Read more

Answer:Audio stopped working in browsers after running malware removal

Hi

It would be best as you have had malware on your PC to as you mention you have run the read me guide to actually attach the logs that that guide has you produce to your thread in malware forum HERE so that the experts in that area can give you an all clear on any remianing malware components, as while you may not see any issues outwardly, there maybe malware components left that are causing the audio issues, so need to remove them first before trying any driver fixes.


Once given the al clear on malware then post again here and we can try a few fixes.
 

9 more replies
Relevance 53.71%

Dear Tech Support Guy,

I have come across several other threads where you systematically guided people through the various tools needed to successfully remove SVCHost.exe virus. I too have that issue and wish to be guided through fixing this problem. I will wait to hear from you.

Best regards,

-Hunter
 

Answer:SVCHost.exe Removal Help Steps

Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 2:21:33 PM, on 2/2/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Opera\opera.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Users\Hunter\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search.yahoo.com/?fr=w3i&type=W3i_SP,204,0_0,StartPage,20120102,16897,0,6,0 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Int... Read more

3 more replies
Relevance 53.71%

hello,i have a problem with my google chrome...few weeks ago when i reinstalled it my search engine changed from google to arabyonline and also in addition random ads popping up all the time which i unable in extensions.

currently,i have the search engine locked to be Arabyonline, "enforced by administrator", by search engine was google before and had icons on right top ,but after ths arabyonlin e becoming the default search engine ,that is missing and also when i try to search no more suggestions appear like how they appeared when i used google .i have no idea if anything else is infected as well

i did many things, tried to install the following:,malwarebytes, AVG internet security, spyhunter and I also un installed chrome and re installed it, all of this only fixed the home page, everything else is still the same.Please, help me out! I tried everything I can, I've been trying for the past few weeks to get rid of it, i managed to get rid of the ads and take control of the home page but thats it!
My search engine is still locked to Arabyonline saying "enforced by administrator".
after seeing some of your posts i have scanned using farbar recovery and attached first and addition files.
kindly tell me the further procedures. please help me !
 

Answer:arabyonline(removal steps please)

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

6 more replies
Relevance 53.71%

Continuation to http://www.bleepingcomputer.com/forums/t/333603/mebroot-removal-steps/i ran DDS 3 hrs ago and had the files ready for your request. Hoping that doesn't change anything. Please check attached files.Gmer runs well for me its just i don't know how to really use it.

Answer:MeBroot removal steps

In response to Orange Blossom here:http://www.bleepingcomputer.com/forums/t/333603/mebroot-removal-steps/I thought i should inform u folks that i ran CC Cleaner to fix my reg as opposed by "you should NOT make further changes to your computer " . So am i required to re-run DDS script ?

9 more replies
Relevance 53.71%

Could one of you pros take a look at the logs, just to be sure? In particular, I'm curious what you think of the ATI startup and RRLog results.

My system was near instantaneously infected when I enabled Vuze -- P2P. Surprise, surprise. Well, actually I was surprised that it was so quick, and so brutal...

System froze up, then rebooted... 3 virus protection scanners didn't work, access control lists were modified to lock out access, I could not enter safe mode, etc.

I disconnected from the net immediately and tried to recover. Safe mode was the problem -- after correcting AGP440 and MUP issues, in Safe Mode Combo Fix allowed the operation of all other tools (without it, none worked except CCleaner and SuperAnti-Spyware, which failed to detect any issues.)

The rest ran smoothly, and my system appears fine. I would really appreciate it if someone would skim the logs. I wouldn't be surprised if there were at least cleanup ops that you would recommend. All suggestions welcome.

In advance of any reply, THANK YOU for the help so far. I encountered many issues and it took 2 days to "recover", but your guide is excellent.

S
 

Answer:Removal steps worked, Thanks! OR, uh, so it seems?

Final log of 5, attached
 

2 more replies
Relevance 53.71%

I have been to several forums and about Mebroot removal and i still don't follow on exactly how to do them. I would like experts to please tell me exactly wat steps to follow. I have used Superantispyware, Malwarebytes and ESET( it is the only one that notfies me about Mebroot) I also have combofix and rootrepeal but i don't know how to use them. Also tried ESET Mebroot removal tool and FixMeBroot by symantec which doesn't help.

Ads from internet explorer keeps poping up and my volume continues to get disabled.

mbr gives me the following:

device: opened successfully
user: error reading MBR
kernel: MBR read successfully

Answer:Mebroot removal steps

Hello, Please go here....Preparation Guide ,do steps 6 - 9.Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.If Gmer won't run,skip it and move on.Let me know if that went well.

2 more replies
Relevance 53.71%

I've completed all the recommended steps and I'm wondering what to do next. I think I've attached all the necessary logs. Any help would be greatly appreciated!
 

Answer:Completed removal steps, what next?

Welcome to Major Geeks!

You forgot to attach your ComboFix log which I see is extremely large. You will need to put it into a ZIP file so that it gets compressed to be small enough to attach. Then attach it. We will get started without it but I do need to see it.



Okay now we need to use a new tool.

Download and save to RenV.exe to your Desktop (must be on the Desktop)
Now Copy the bold text in the below code box to notepad. Make sure you scroll thru all of the code box to get all lines selected. Save it as Log.txt to your desktop. (It must be on your Desktop).

Code:

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
C:\Program Files\Apoint2K\Apoint .exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\Lexmark 2300 Series\ezprint .exe
C:\Program Files\Lexmark 2300 Series\lxcgmon .exe
C:\Program Files\Lexmark Fax Solutions\fm3032 .exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent .exe
C:\Program Files\ltmoh\Ltmoh .exe
C:\Program Files\McAfee.com\Agent\mcagent .exe
C:\Program Files\McAfee.com\Agent\mcupdate .exe
C:\Program Files\McAfee.com\Agent\MCUPDA~1 .EXE
C:\Program Files\McAfee.com\Agent\MCUPDA~2 .EXE
C:\Program Files\Messenger\msmsgs .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe... Read more

8 more replies
Relevance 53.71%

About 3 weeks ago i started getting random pops ups when i was on the web. Firefox/IE crash at random, and will not reopen untill i restart my system.  Restarting also takes longer then it used to, it has to save some dill program that has been running, and i always just click "END NOW" instead.  My computer has been slower, and my NOD 32 antivirus program keeps saying it found somthing, but it has not been able to remove it.  I think it is " TROJAN/VUNDO ".  I dont know much about computers, but i can follow directions -somewhat   I'm not in a rush so plz don't attempt to help me if you are.  I am not sure which log files i shoud post on here, so i will wait till i get a response. Thank You ALL - THIS WEBsite it Amazing

Answer:Problem, please help - I already went through Removal Steps

first:http://www.computerhope.com/forum/index.php/topic,69848.0.htmlalso, right now we really only have one active malware removal specialist- our other one is very busy with this new game called "real life"  .Since there is only one, he has to help all the people requesting help in the malware forum.IMO he is quite quick. However since he runs through from bottom to top(first come first serve)- and bumping your thread puts it at the top- it makes it take longer.

1 more replies
Relevance 53.71%

My problem:

Trying to remove bts.scour from my computer. Looked up and followed the following script from an earlier post request that was similar...

Have done the first step and have posted the scan results below the 1st step.

My computer is Windows 7

Do i go to the 2nd step and proceed as though it is the same issue?
(2ns step, Download aswMBR Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log, Post the log results here

3rd step, Download, ESET online scanner, Install it, Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats
Export the list to desktop,copy the contents of the text file in your reply)
johnsherry
Member

Group:Members
Posts:22
Joined:05-September 12
Posted 05 September 2012 - 08:08 AM
Apparently picked up a redirect virus that is not detected by my antivirus protection as I have run scans with both. I went through the system files and could not readily identify anything there for a chance of manually removing it. I need help removing this virus from my PC.

Thanks in advance.

John

Back to top

--------------------------------------------------------------------------------

#2 narenxp
Forum Addict

Group:BC Advisor
Posts:8,516
Joined:24-October 11
Gender:Male
Location:India
Posted 05 September 2012 - 08:10 AM
Download

TDSSkiller

Launch it.Click on change ... Read more

Answer:bts.scour removal steps

Will wait for other two logs

13 more replies
Relevance 53.71%

I first noticed a problem Saturday 9/26/09. To the best of my memory, I got redirected to a website on saturday that my antivirus said was malicious. I use AVG 8.5 but when I left the site my computer began giving warnings that it was infected. My browser started to open what appeared to be inocuous websites. I went to my AVG and ran it. It detected a virus and a couple of Trojans and deleted them but I got an errror mssg after trying to delete the other files it detected. When I tried to run the AVG again, it appeared fine but wouldn't start a scan. I went to Major Geeks and downloaded various spyware removers and a virus remover, i.e AVIRA which detected and deleted some torjans and/or viruses, AdAware which also deleted some malware and Spybot Search and Destroy which errored with a message that it would not run because I lacked the special priveleges. I was still having trouble with AVG so I deleted it and reinstalled, at first it would get error messages and wouldn't allow me to delete it but I eventually got it to delete. I reinstalled and ran a scan again. Subsequent to that, I was unable to run again and unable to delete it. I went to your forum and followed the malware removal instructions. SuperAntispyware ran well and found infections that it deleted but Malewarebytes wouldn't run, If memory serves, it would start but the quickly disappear from the screen. ComboFix, Rootrepeal and and MGTools all ran well. Unfortunately I am still having the ... Read more

Answer:Cannot run all the Removal Steps, still having problems

Welcome to Major Geeks!





schmitz5 said:





and now am unable to open SuperAntispyware to retrieve my log so I am unable to include that.Click to expand...

You don't need to run it to attach the log. The log is already save to the below location. Just attach it.
Code:

"C:\Documents and Settings\Gary.CHLOEII.001\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Logs\"
Sep 27 2009 1073 "SUPERAntiSpyware Scan Log - 09-27-2009 - 12-11-22.log"

Now we need to use ComboFix

Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
If it is not on your Desktop, the below will not work.

Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
If ComboFix tells you it has expired or need to be updated to a new version, make sure you allow it to update.
Open Notepad and copy/paste the text in the below quote box into it:




KILLALL::

File::
C:\WINDOWS\win32k.sys
C:\WINDOWS\Temp\1e6d6ece-f365-4eb7-8f4d-ee6d3c9b102a.tmp
C:\WINDOWS\Temp\238d0b4d-8553-488c-b82e-89314456e9c8.tmp
C:\WINDOWS\Temp\321d99a2-81a5-4453-af13-aef73db7577b.tmp
C:\WINDOWS\Temp\355c352e-6742-41b5-8120-706a6995c685.tmp
C:\WINDOWS\Temp\613bec91-27c3-456d-9918-85af90bfeda1.tmp
C:\WINDOWS\Temp\7d7c99a2-5be8-4591-b795-7516622556ff.tmp
C:\WINDOWS\Temp\b4b807b7-bca1-4bb1-bf84-97a... Read more

15 more replies
Relevance 53.71%

Thanks to Grinler (and to all the other BP volunteers/staff) for posting easy to follow step-by-step removal instructions for common malware.http://www.bleepingcomputer.com/virus-removal/andhttp://www.bleepingcomputer.com/forums/t/171335/spyware-and-malware-removal-guides-index/You guys and gals have helped me multiple times in the past and don't get enough praise! For all you other newbs, the links above are great places for self-help before you attempt to scan or post logs asking for help.

Answer:Thanks for the Removal step-by-steps

Thanks for the kind words and you're welcome on behalf of the Bleeping Computer community.

1 more replies
Relevance 53.71%

I'm so glad you're out there to help! I followed all the steps outlined on your site & I still need some removal help. I'm working on my nephew's machine & he doesn't have the CD's that came with his laptop, so starting over wasn't an option.

He has a Toshiba Satellite laptop, celeron 2.8 ghz, 192 mb ram, 60 gb hd with 20 gb free. Running Windows XP Home with all updates. The machine is running with no major problems now, but I know there are still some bad things out there. I ran a new hjt this morning since I ran all the others last weekend. I'm attaching what I can now.

Thank you so much for your help! Shelley
 

Answer:Need Removal Help-Followed Defined Steps

Continue by downloading a tool we will need - Pocket KillBox

Save it to its own folder somewhere that you will be able to locate it later.
Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
C:\WINDOWS\System32\n?pdb.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O4 - HKLM\..\Run: [vz8YXH4uh] C:\documents and settings\billy gene\local settings\temp\vz8YXH4uh.exe
O4 - HKLM\..\Run: [VvQWF] C:\documents and settings\billy gene\local settings\temp\VvQWF.exe
O4 - HKLM\..\Run: [u7Xy] C:\documents and settings\billy gene\local settings\temp\u7Xy.exe
O4 - HKLM\..\Run: [p0yp81WI] C:\windows\system32\p0yp81WI.exe
O4 - HKLM\..\Run: [o7yrOCUPm] C:\documents and settings\billy gene\local settings\temp\o7yrOCUPm.exe
O4 - HKLM\..\Run: [Lo] C:\documents and settings\billy gene\local settings\temp\Lo.exe
O4 - HKLM\..\Run: [lMm4zGyC7] C:\documents and settings\billy gene\local settings\temp\lMm4zGyC7.exe
O4 - HKLM\..\Run: [Ijc.exe] c:\windows\system32\Ijc.exe
O4 - HKLM\..\Run: [iGYTExK9] C:\documents and settings\billy ge... Read more

22 more replies
Relevance 53.71%

Im running windows xp. service pack 2
only started having problems tonight. i had searched for an episode of "flashforward episode 6" on google. got a link that look trustworthy on ask yahoo. clicked to dl video controller so i could watch. problems occured after that. i get redirected on all searches etc. spybot wont run. avg completely disapeared from my computer after a restart..
found this site.

Followed all steps possible.
I have a 64 bit computer so i had to skip a the parts listed.
completed all steps in registration email. got to the xp cleaning section.
installed and used superantispyware. when rebooted and tried to run again for log file. I got message: windows cannot access the specified device, path or file... i tried to use alternate start and nothing happens. used repair and got message that i dont have privaliges. how can i retreive log file. i cant even find any txt files in superantispyware folder..it did find and delete 5 trojans and 1 other file

moved onto install of mb.exe
i renamed files as told to. started program after install. chose quick scan as told. program closed on its own. reinstalled program, double checked re-naming of files etc. and used full scan this time, program closed again.
cant run other programs because im on 64 bit processor...

installed mgtools to c:\mgtools.exe
double clicked .exe with no av running and black window briefly apears, then disapears. nothing happens..

ran win32diag.exe
program stops
... Read more

Answer:Completed all steps for removal. please help

why is my post completely gone? i followed all steps in the registration email. i was up till 1:30 am doing all the things asked of me. i wake up looking for good news and i have my whole post gone?

Kyle
 

15 more replies
Relevance 53.71%

Hi gents. I've recently (2 days ago) been infected by the virus/trojan which was started when I stupidly downloaded a fake "adobe" video codec.

Symptoms were that my desktop background changed, some tabs were disabled in properties (right click on backround picture > Properties). It also had a Windows "AntiVirus XP 2008" program which ran scans saying I have thousands of viruses.

I have followed all the steps shown in this thread: http://forums.majorgeeks.com/showthread.php?t=139313

However, after restarting my computer after running combofix, the desktop properties and back ground picture changed back to the infected state. And I get popups of a false "Windows Security Alert" every now and again.

This is really doing my nuts in Please help me sirs.
 

Answer:Still Infected after removal steps

Here is the MGtools log.

Hope this provides enough information
 

8 more replies
Relevance 53.3%

A Chinese advertising company is responsible for two of the biggest waves of malware for both the Android and iOS ecosystems, a recent Check Point report reveals.

Yingmob, an advertising company based in Chongqing, China, is supposedly the group behind the YiSpecter iOS malware and the HummingBad Android malware.

Both function in the same way, meaning they infect devices to show ads and secretly install other applications, earning their creators money from pay-per-install programs.

Crooks making over $300,000 each month
Check Point estimates that HummingBad alone delivers over 20 million ads per day that achieve a click rate of 12.5 percent, which is the equivalent of 2.5 million clicks per day. Additionally, HummingBad installs over 50,000 fraudulent apps per day.

Putting all these numbers together, Yingmob earns over $3,000 per day from clicks alone and another $7,500 from fraudulent app installs. That's around $300,000 each month, or $3.6 million per year.

Check Point researchers say that HummingBad has managed to infect 85 million devices at the moment, and Yingmob has complete control over these smartphones because it illegally rooted the devices and can push any type of malware or make the devices take any action.

Read more: Chinese Advertiser Behind YiSpectre iOS Malware and HummingBad Android Malware
 

More replies
Relevance 52.89%

STEP 1: Remove Hao.360.cn redirect with AdwCleaner
STEP 2: Remove Hao.360.cn browse hijacker Junkware Removal Tool
STEP 3: Clean up the various Windows shortcuts that have been hijacked by Hao.360.cn virus [cant be done. my properties doesnt have the extra links behind]
STEP 4: Remove Hao.360.cn virus with Malwarebytes Anti-Malware Free
STEP 5: Double-check for the ?Hao.360.cn? malware with HitmanPro
(OPTIONAL) STEP 4: Scan your computer with Zemana AntiMalware [detected the virus but failed to remove] SEE ATTACHED , previously firefox url was in zemana too, but somehow it got removed.
(OPTIONAL) STEP 5: Reset your browser to default settings
DongFang input was installed and uninstalled but nothing else has happened until this time. Is it due to my McAfee recently expired and I have not download free AVG? Please help! Thanks!
 

More replies
Relevance 52.89%

Still having issues with Roll Around after completing many steps I have found online:

Tried to find and uninstall program (nothing under rollaround, I did find one program by a different name that showed up as associated with roll around, which I uninstalled.)
I looked for recently installed programs, but all I see look legit. (iTunes)
Reset browser settings.

Ran McAfee and Malwarebytes a couple of times before looking up help. Followed steps on your website: Downloaded and ran AdwCleaner/deleted/rebooted. Downloaded and ran Junkware Removal Tool, Ran Malwarebytes again, (no threats found this time), Downloaded and ran HitmanPro, found four items and deleted them. (they were all trackware)
 

Answer:Roll Around Virus after many removal steps

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

5 more replies
Relevance 52.89%

Hello, I am a victim of the FBI Virus and have tried every forum and YouTube video but have gotten no where! I have a Eee PC tablet with Windows XP Home Edition. The virus has locked me out of one of my administrator accounts. Each time I logged in using any of the safe modes I get a big white screen. I cannot log into any. I have logged into the other administrator account on my computer and tried to access my main account (that's locked) but failed. I keep getting an "access denied" message. I really need to retrieve all of the photos and videos from the account that is locked, that is why I am so desperate to get into it. Please, with the information given, can someone tell me how to remove this virus? Thank you.
Eee PC Netbook******** I apologize!!

Answer:FBI Virus Removal Steps Needed

Run the scans from the other admin account Please download TDSSKiller from here and save it to your DesktopDoubleclick on TDSSKiller.exe to run the application, then click on Change parameters


Check Loaded Modules  and Detect TDLFS file system.  Do not check Verify file digital signatures (even though it is checked in the example)If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now


Click Start Scan and allow the scan process to run

If threats are detected select Skip for all of them unless I instruct you otherwiseClick Continue


Click Reboot computerPlease post the contents of  TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)in your reply===================================================aswMBR--------------------Download aswMBR and save it to your desktop.
Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.If you need help to disable your protection programs see here and here.Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.

When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.

Please post the contents of the log in ... Read more

5 more replies
Relevance 52.89%

I have been working on this for 7 hours, trying to get everything exactly as the read me file suggests and the other links in that thread. I am not that computer literate, plus dont fuss me if I didnt do something right :-o I'm trying. Thank You for any help Here is my only 2 logs I could get (1 incompleted)
super antispyware log
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/03/2009 at 06:45 PM

Application Version : 4.31.1000

Core Rules Database Version : 4332
Trace Rules Database Version: 2186

Scan type : Complete Scan
Total Scan Time : 00:55:41

Memory items scanned : 389
Memory threats detected : 0
Registry items scanned : 5130
Registry threats detected : 2
File items scanned : 13934
File threats detected : 4

Adware.Gamevance
HKU\S-1-5-21-507921405-813497703-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0ED403E8-470A-4A8A-85A4-D7688CFE39A3}
HKU\S-1-5-21-507921405-813497703-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BEAC7DC8-E106-4C6A-931E-5A42E7362883}

Trojan.Agent/Gen
E:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\1E.TMP

Trojan.Dropper/Sys-NV
E:\WINDOWS\SYSTEM32\1D.TMP
E:\WINDOWS\SYSTEM32\FDE32.DLL

Trojan.Agent/Gen-FraudLoad
E:\WINDOWS\SYSTEM32\FDE32(2).DLL

MGtools log (not complete) attached
 

Answer:virus removal, problem with some of the steps

I FORGOT TO ADD MY NOTES AS REQUESTED IN READ ME AND OTHER STEPS ON THREAD.......
unable to download ccleaner says error 500
try to download defragmenter from maintenance page and it doesnt start
the download. i have 2 antivirus programs ...my antivirus that came
with my computer, symantec corporate edition has been disabled, and i
cant enable it. i cant run a scan, it says files are missing or moved.
i tried to remove the second antivirus (avg pro trial edition) rebooted
and its not in add/remove programs anymore. but still in system tray
functioning.
tried to download malewarebytes anti male ware. I click on the link
to start the malewarebytes program and the download doesnt start.
(i didnt download the programs that didnt except the 64 bit bc i didnt
know what i had)
i downloaded root repeal to my desktop. i double click on it and it says
windows cannot open the file, choose from a list to open it for you.
i didnt continue since i wasnt sure of what i was doing.
i downloaded mgtools. double clicked it and it started a prompt screen
during the scan for mgtools (i have a "windows -no disk"
error message that reads....
EXCEPTION PROCESSING MESSAGE C0000013 PARAMETERS 75B6BF9C 4 75B6BF9C
75B6BF9C)...im not sure if thats any useful information just thought i'd
include it. (it just came up again) (i clicked continue) (and the scan
has stalled out) not continuing the scan.... i had to close the window after about 30
minutes. i tried to re... Read more

14 more replies
Relevance 52.89%

Dear all,

I have completed all Malware Removal steps after all index.php files on one of my webhosting provider were injected with
<img heigth="1" width="1" border="0" src="http://imgaaa.net/t.php?id=">

Since this apparently can only happen when my FTP passwords are retrieved I suspected my computer was infected by a keylogger? I included all log files except one(super antispyware), since this ran already for 1,5 hrs and nothing found yet, I will rerun this during the night again. I am running W7-64bit so didn't run rootrepeal.

3 files were deleted by combofix, are these indeed some kind of keyloggers? And am I free of this malware so I can startup my websites again?

Many thanks in advance.

Regards,

Kelvin
 

Answer:Confirm Removal Steps Succesfull?

I am not seeing any malware in your logs. I am also not seeing any AV protection software. What issues are you still having?
 

3 more replies
Relevance 52.89%

Hello,

There was/is an extensive thread on removing the MyWay Search Assistant posted in 2005. I carefully followed all steps up to where she was instructed to copy some items into the registry. I've saved all logs but am new to this so will wait to hear from someone before posting them.
What I have is that MyWay is still listed in the Add/Remove programs but it fails and cannot remove it.
Running Super AntiSpyware on a brief scan does not find it but on a complete or full scan it does. Searching the registry using regedit I find it in multiple locations. Not sure how to get a txt file from redit. The other suggested registry search tool in that old thread is now a broken link.
Thank you for any assistance you may offer.
 

Answer:I've followed all the steps in the old 2005 MyWay removal and no joy

Welcome to Major Geeks!

Instructions from 3 years ago may no longer apply and using instructions given to someone else is not always a good idea either. Try the below:

Click Start, Run, and enter the below into the Run box and click OK.

msiexec.exe /quiet /x{78d944d7-a97b-4004-ab0a-b5ad06839940}

If the above does not work, you will need to do the below.


Please read ALL of this message including the notes before doing anything.

Please follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide
and attach the requested logs when you finish these instructions.

**** If something does not run, write down the info to explain to us later but keep on going. ****
Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.
After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:
If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto an... Read more

1 more replies
Relevance 52.48%

I hope I have posted this in the right forum - most of the topics I see here on the first page seem to have the "Moved" tag on them. Despite what the title and the first paragraph describing my problem may suggest on a quick skim, I don't believe this problem is currently being caused by malware nor removed with malware removal tools, but rather being a system problem in nature.

I recently cleaned a Windows XP SP3 Media Center Edition machine of SystemFix, which was quickly followed by another malware program I don't remember, and after that by AV Protection 2011, using MalwareBytes' Anti-Malware. Since then, the computer shows in Network Connections that it has been connecting to our Linksys router, but no packets are being sent or received and there is no internet access available, and I can't even access the router administration page from the affected computer. The internet works without issue if I boot to Ubuntu Linux off of a CD/USB drive, so the problem should be with the Windows software. I've tried just about every possible solution I could possibly find on the internet, as well as a few I made up on the spot, which to my memory includes but is not limited to the following (all under an account with administrator rights, of course):

- scanned computer with MalwareBytes' Anti-Malware, COMODO Antivirus, SuperAntiSpyware, Ad-Aware, ESET, IOBit Advanced SystemCare 5, Sophos Anti-Rootkit, and avast! aswMBR.exe
- attempted to run tdsskiller.e... Read more

Answer:Internet not working after malware removal - system/registry/setting damage suspected

and welcome to the Forum

We have a malware removal forum and I suggest you post there. Please follow our pre-posting process outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, please post the requested logs in the Virus/Trojan/Spyware Help forum, not here.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

2 more replies