Computer Support Forum

Help with removal of hijacker after Win7 security virus removal

Question: Help with removal of hijacker after Win7 security virus removal

Hey there experts =)

My son clicked something a few days ago, giving us the Win 7 security virus. I followed the directions here, and removed it with malwarebytes.
Everything was running smoothly.

Today I get home and see that my browsers (all of them, firefox, chrome) are being redirected. When they are being redirected my McAfee detects a virus and removes it, yet it continues to happen. After much reading, here and on other computer boards ... there seems to be something leftover from that virus that isn't always detected? From what I've read, there's a possibility there's a virus in the MBR ?

I do not have a Windows 7 disc, as this came pre-installed, nor do I have a recovery disc. All advice points towards running combofix, although all that advice comes saying 'DO NOT RUN combofix unless instructed to do so by a professional'

Well? You guys are the professionals so here I am. You're my last resort to getting this fixed, sans taking it into a shop which I'm REALLY trying to avoid. ;)

I do work a full time job, so my responses may not be immediate, but I will check daily or multiple times daily when I can and follow your directions ... if you can and are willing to help!

Thanks in advance!

Beachy

Relevance 100%
Preferred Solution: Help with removal of hijacker after Win7 security virus removal

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Help with removal of hijacker after Win7 security virus removal

Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform quick scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here.Be sure to restart the computer.The log can also be found here:C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txtOr at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt=============================================================================Please download GMER from one of the following locations and save it to your desktop:Main Mirror
This version will download a randomly named file (Recommended)Zipped Mirror
This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply.Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.IMPORTANT! If for some reason GMER refuses to run, try again.If it still fails, try to UN-check "Devices" in right pane.If still no joy, try to run it from Safe Mode.

14 more replies
Relevance 86.51%

My computer is infected with the zlob hijacker virus that changes my homepage and creates redirecting problems while trying to go on other web addresses.If anyone knows of a way to remove this safely it would be very appreciated.To repliers i will supply the logs, scans, etc. to whoever responds.
 

More replies
Relevance 85.28%

So I've ended up with Safer Browser on my computer and have been to a few different website tutorials and discussions attempting to figure out how to remove it. I came across this forum post...http://www.computing.net/answers/se......and have been utilizing the advice to attempt to remove it. So far with limited success.I've already "uninstalled" it via the Control Panel, and I've run both Malwarebytes and AdwCleaner and quarantined/deleted every malicious item each found and subsequently rebooted. But Safer Browser is still on my computer in the form of a desktop icon, so I'm certain there are still Safer Browser files on my computer.As per Johnw in the previous thread I mentioned, I've downloaded and run OTL by OldTimer. And I did run it with the settings Johnw mentioned. (From his post May 3, 2014 - near the bottom of the thread.) I've got the logs, but I'm not sure what I'm looking for - and I really don't want to delete or quarantine anything that isn't related to Safer Browser/a virus or malware.If someone could please assist me and take a look at the logs and let me know what needs to be deleted, it would be very much appreciated.Thanks for any help/advice in advance. I'll post the logs in a separate post momentarily.

Answer:Safer Browser Hijacker/Virus Removal Help

OTL Extras logfile created on: 4/19/2015 4:38:24 PM - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Serah\Downloads64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstationInternet Explorer (Version = 9.11.9600.17728)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.89 Gb Total Physical Memory | 6.03 Gb Available Physical Memory | 76.48% Memory free15.89 Gb Paging File | 13.81 Gb Available in Paging File | 86.93% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 910.40 Gb Total Space | 817.14 Gb Free Space | 89.76% Space Free | Partition Type: NTFS Computer Name: ATLATICA | User Name: Serah | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Include 64bit ScansCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation).url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].cpl [@ = cplfile] -- C:\Windows\SysWow64\contro... Read more

9 more replies
Relevance 82.82%

Hey all, seems my computer has contracted one of those fake antivirus spyware programs that's just trying to gain a purchase.
Ive been working at it for a while but have hit a brick wall. I finally found one of the main files(?) and after I cleared that off it hasn't opened itself. Still after I did that though Symantec is still reporting blocking hundreds of access attempts per hour. (at least Symantec is catching it now)

It's saying the stuff is located in my temp folder.
Note: I have already run TFC, malware bytes, spybot, and symantec...Malware/spybot found the bulk of the virus but there are still some picky files they couldn't grab which I guess is re-downloading the rest of it or something.
I would love any help.
Thanks, Adam.
 

Answer:Win7 Security 2011 removal help

12 more replies
Relevance 82.82%

Hi There

It may be that my PC is a few years old but it is very slow booting up/logging on to user. Any help very much appreciated.

All steps followed and logs attached.

Thanks

Ranklin
 

Answer:Malware Removal Guide (incl. spyware, virus, trojan, hijacker)

Hi there again

And here's the final attachement.

Cheers

Ranklin
 

2 more replies
Relevance 82%

I have followed your instructions as per thread: READ & RUN ME FIRST Malware Removal Guide (incl. spyware, virus, trojan, hijacker) by chaslang. Last edited by chaslang; 09-23-11 at 22:56

http://forums.majorgeeks.com/showthread.php?t=35407

Let me congratulate with the clarity of expression and the methodical approach to problem solving showed by chaslang. I found the guideline very useful and easy to read.

This is what I have done. I have followed step 1 to 7 (however I missed out step 6 by mistake), so I had to start all over again from scratch after I ran Combofix.

For the records:
1. SUPERAntiSpyware took a staggering 3hrs to run first time. Second time it took only just over 40minutes;
2. Malware Anti-malware took nearly 2hrs the first time. just over 30 minutes the second time.
3. Combofix deleted some .dll the first time. Unfortunately I have no log file as I had realised i DID NOT DISBALED CD emulator then...so I started all over again.

Results:
Nothing was found by the various removal tools. I have attached log files to this thread for your consideration.

Current status:
- apparently cleaned laptop (windows xp sp3)
- AVG 2012 re-installed with firewall.
- Defogger still disabled
- Settings.dat file has appeared on my desktop (I think this was created by Combofix)
- When rebooting system the screen shows black screen with three option
- Normal
- safe mode
- (cant remember the third option). Sorry. The system reboot OK. Normal mode.
- Malware Anti-malware ... Read more

Answer:READ & RUN ME FIRST Malware Removal Guide (incl. spyware, virus, trojan, hijacker)

Re: READ & RUN ME FIRST Malware Removal Guide (incl. spyware, virus, trojan, hijacker

Welcome to Major Geeks!

Please do no make your own ZIP files. Attach the logs as requested. Please attach the original C:\MGlogs.zip file as is. What you attach does not have the MGlogs.zip file required.
 

5 more replies
Relevance 82%

See new READ ME PROCESS dated 10-09-05 below or above depending on how you chose to display threads ( oldest first or newest first ).
 

Answer:READ & RUN ME FIRST Malware Removal Guide (incl. spyware, virus, trojan, hijacker)

READ & RUN ME FIRST. Malware Removal Guide

Please Read These Important Notes for the Malware Removal Guide: Yes we know they are long but they are important!

NOTICES:

Backup Important Data First - While in most cases, we do not have problems, we cannot guarantee that there will not be any. Thus it would be a very good idea for you to begin by backing up all important personal information before undertaking the act of malware removal. You can bypass this step at your own risk, but remember that we cannot guarantee what the result will be from trying to remove malware from your PC.
After the automatic cleaning procedures/instructions in this guide, additional manual removal steps will almost always be required. So do not be surprised if you still have problems when you finish the instructions.
Do not make the false assumption that this thread is old or out of date based on the date the thread was started ( 10-09-05 02:49 ). Look at the Last Edited date at the bottom of this message as this procedures does evolve with time.
Please do not create any new threads ( even at different websites ) on this same topic while we are working on your system as it wastes another volunteer's time. If you are being helped elsewhere or have solved the issue or no longer wish to continue, please post a message in your thread and it will be closed.
Please do not try to fix anything without being asked.
Please attach all requested logs. Do not post them inline with your messages or ... Read more

1 more replies
Relevance 78.72%

Hi,I have tried many ways to get rid of some Malware that has only recently infected my PV. I hope someone can help me as this is my work PC and I need to plug back into my office network in a few days, but think this would be a bad idea at the moment.The problem first showed itself by insisting I had many viruses etc, and I should install Internet Security 2010. I have installed Malware Bytes removal tool, and installed as instructed. It found the above, said it was removed, but still it appears to exist, although the name of the infection has changed a few times, and is currently redirecting my brower to a similar page to the above malware. A popup now shows that I should install Cyber Security to remove the infections. This is obviously another malicious antivirus/malware program.I have McAfee Enterprise installed (which I can't seem to disable)I have also run SuperAntiSpywarePlus, which did the trick removing a similar problem about a year ago on a different PC. However, although this program also finds problems, and supposedly removes t5hem, the problem is still there.Please help. I have shown Hijackthis log below.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:58:42 PM, on 29/12/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16945)Boot mode: NormalRunning processes:C:\windows\system32\csrss.exeC:\windows\system32\winlogon.exeC:\windows\system32\services.exeC:\windows\... Read more

Answer:Cyber Security removal; Malware removal not working

Hi,I have tried everything I know of to remove this pesky piece of malware. It seems to keep changing names, starting out as Internet Security 2010, and redirecting me on a google search to a webpage trying to convince I was riddled with viruii and malware, and then trying to sell me thier software, which is really just a scam. I ended up here after a few days of tearing my hair out, almost beaten. I went through the tutorials, but unfortunately that was before I fired off a post in desperation. Please delete my previous post, as I have now followed the suggested path, and run the utilities to help diagnose my problems. The resulting files are attached.Please help. I hope the files uploaded can provide an insight into whats happening.Apologies for jumping right in and posting a Hijackthis log before I had read the tutorials.ntents belowDDS.txt contents pasted belowDDS (Ver_09-12-01.01) - NTFSx86 Run by Greg.Middleton at 15:30:23.26 on Tue 29/12/2009Internet Explorer: 7.0.5730.13Microsoft Windows XP Professional 5.1.2600.2.1252.61.1033.18.3063.2330 [GMT 9.5:30]AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}============== Running Processes ===============C:\windows\system32\svchost -k DcomLaunchC:\windows\system32\svchost -k rpcssC:\windows\Syst... Read more

3 more replies
Relevance 78.31%

Hi,I am using Windows Vista Ultimate 6.0.6002 Service Pack 2 Build 6002 and have recently been infected by the Live Security Platinum virus (PUM.Disabled.SecurityCenter) and have cleaned it using the method from here.Everything's been going ok actually, except for the fact that now the whole of my Windows Security Center is unusable. I suspect it is due to the system files that were removed or modified during the removal process.Now Windows Update is not even present in the Services list and Windows Defender gives a "failed to initialize" error.It would be great if you could shed some light to me for this problem.Thank you.

Answer:Windows Vista Security Center problem after successful removal of Live Security Platinum virus

DownloadFSS Checkmark all the boxesClick on "Scan".Please copy and paste the log to your reply.

31 more replies
Relevance 78.31%

My computer was recently infected with the win 7 virus, and I got rid of it by following the directions posted on this site (FixNCR, RKill, & Malwarebytes). But the day after I got rid of it, the computer started to run a bit slower than usual and had no internet connection. It's been two days now, but there is still no internet connection. Everything else seems to be working fine, except that I was watching a dvd and after about 40 minutes, windows media player suddenly shut down and stopped working.

Thanks in advance!

Answer:No internet connection after win7 virus removal

Downloadhttp://download.bleepingcomputer.com/farbar/FSS.exeand run it on the infected PC.* Click on "Scan".* It will create a log (FSS.txt) in the same directory the tool is run.* Please copy and paste the log to your reply.

11 more replies
Relevance 77.08%

Good morning. I have an emachine El 1200-05w running XP that has the security virus. I have been to many forums and have tried numerous programs to remove the virus.
 
The virus will not allow me to run any programs to kill the virus. I have tried several methods to boot from USB and the process will not allow me to complete the effort. I have tried safe mode and all other recommendations
 
I have attached the DSS logs from running the program. 
 
The computer will boot up in both safe and normal mode, but does not allow any installs or exe files to run. I have also lost the ability to run explore.exe to see the bottom task bar and start menu so to run programs, I have to go through task manager.
 
Thanks for the assistance. I would rather not let the virus beat me than to throw the PC away.
 
Cheers
 
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by John Toye at 9:22:32 on 2013-11-15
AV: Norton 360 *Enabled/Updated* {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 *Enabled*
.
============== Running Processes ================
.
C:\Program Files\HitmanPro\hmpsched.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NewT... Read more

Answer:Help With Security Virus Removal

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/514124 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

2 more replies
Relevance 76.67%

Okay, so this afternoon in school, I was trying to remove a stupid "search.fast-find.net" virus that I contracted some how. I am a techy so I am not stupid about sites I go to either.

Anyways, while trying to remove it, I used Kaspersky's free virus removal tool. Once it scanned it said I needed to restart to remove the infection (it did find the virus).

So I restarted. Once I did, windows kept on hanging up at the boot screen where the little dots grow & swirl.

I have tried system restore, safe mode, start-up repair, and nothing. I am not able to get past that boot screen on safe mode either.

When I use safe mode to see where it hangs, it is at:
C:/Windows/System32/Drivers/CLASSPNP.SYS

SO, I tried going into recovery mode and using the command prompt to rename it:
C:/Windows/System32/Drivers/CLASSPNP.SYS CLASSPNP.OLD

But the result I get it "The system cannot find the path specified".

Is there anyway to restore just that file.

***I HAVE ABOUT 1000 PHOTOS ON THERE THAT I NEED FOR MY PORTFOLIO FOR COLLEGE NEXT YEAR SO I NEED THESE FILES BACK!!!!!***

PLEASE HELP ME!!!!!

-Jordan

Answer:Win7 x64 [email protected] CLASSPNP.SYS after run Kaspersky Virus removal tool

I suggest creating an antivirus boot disk.

I cannot attest to this one:
FREE Bootable AntiVirus Rescue CDs Download List

4 more replies
Relevance 76.26%

Hi Guys,
Recently I have gone through a serious virus which is not catchable by updated anti-virus symantec 14 october 2009.
When i put my pendrive, the system shows autorun.inf deleted. But the underlying virus,
autorunme.exe exists in location Drive:/RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe.

Even I delete this virus, this gets automatically generated by itself or recreates itself.
autorunme.exe is not the actual virus, but it is just a duplicate.

Then actual underlying virus which triggers autorunme.exe is SERVCE.EXE
Note SERVCE.EXE is not service.exe or services.exe. It is new named SERVCE.EXE

Manual removal autorunme.exe process:
After connecting your pendrives, when it shows the file RECYCLER in hidden state,Open your task manager and end the process SERVCE.EXE

Now delete the entries Drive:/RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe , Drive:/RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\desktop.ini and Drive:/autorun.inf.
They will not recreate now.

Then open C:/WINDOWS and find SERVCE.EXE and to be on safe side just make a local copy of file to some other place and delete SERVCE.EXE

Now even if you restart your computer, since SERVCE.EXE is not running at start up of system, the system is safe and manual removal of virus is complete.

SERVCE.EXE is the actual culprit. http://static.techguy.org/smilies/biggrin.gif
 

More replies
Relevance 76.26%

I'm working to rid a computer of the fake virus protection called System Security. I can't post a HJT log because it won't let me install it. Also when I search for ways to remove it, I get re-directed to pop ups and it will not let me install any anti-malware software. Please help!
 

Answer:System Security virus removal

hello?
 

3 more replies
Relevance 76.26%

I just went through the procedure on your site for removing the virus My Security Shield. Everything went fine until I reached the final step. I downloaded the Hostsperm.bat file and ran it. I then went in and deleted the Host file in C:\Windows\System32\Drivers\Etc to place the new file into it, I received the following error message,

You do not have permission to save in this location.
Contact the administrator for permission.
Would you like to save in the Debbie folder instead?

The problem is that I am the only person on this computer and I am signed on as admistrator. How do I get this file on my computer?

I am running Vista Business, Internet Explorer 8

Thank you
Debbie

More replies
Relevance 76.26%

Hey everyone,

I'm new to this site but a quick Google search seems to suggest this is a really useful forum. I'm not particularly knowledgeable about the inner workings of computers, so I'm here to seek help with the removal of the malware "XP Home Security".

I've actually looked up some Youtube videos and read some forums, leading me to do some work myself. However, I'm not sure if I'm actually clean and I'm worried I might be still infected since I didn't use Rkill or something like it. What I did was the following:
1. Used system restore, using one week prior to today as my restore point.
2. Updated existing Malwarebytes Anti-Malware on my computer and ran it (quick scan; took maybe 45 minutes or so).
3. MBAM found 10 infected files, so I had the program delete the files. It restarted my computer and this is where I am now.

It LOOKS LIKE I have no problems now, but I would like to know if there are flaws with what I have done. How can I be sure I'm clean? I am currently running MBAM again (full scan of my C drive) and waiting for results.

Also, my computer uses the family wi-fi connection. Should I be worried that the other 3 computers in the house might be infected? My infected computer is currently offline (I'm using a netbook to write this) with the hopes that it won't be able to infect the other ones.

I apologize for the massive email in advance, but I would really appreciate any feedback anyone might have abou... Read more

More replies
Relevance 76.26%

Security Tool virus has taken over my computer. I can't run task manager, regedit, msconfig, How do I remove this from my computer, please?

Answer:security tool virus removal

Hello and welcome... Iam moving this from Vista to the Am I Infected forum.You need to do all the steps ..Please follow our Removal Guide here How to remove XP Security ToolYou will move to the Automated Removal InstructionsAfter you completed that, post your scan log here,let me know how things are.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

25 more replies
Relevance 76.26%

I have a laptop running windows XP and recently got the smart security virus. I used spyware terminator and avast anti virus to scan and remove it, but i cant get on the internet.l If i start the system in safe mode i can go on the internet.

If i open the security centre it says that smart security is my antivirus software so i guess the virus is still on the system, however nothing i use can find it. I guess this is my problem but no idea what to do now.

Anyone any ideas?
 

More replies
Relevance 76.26%

Hi all,
 
First post on your forums and hoping you can help.
 
I was wondering if you had any suggestions for software that would scan your machine after you had removed any viruses/malwares, that would check the security of your PC. 
 
As we all know, most viruses will mess with a number of PC settings to open it up to future infection and allowing easier access for the "hacker" to get information etc.  So once you have removed the virus that did this, is there any other software you can run that will look for any loop holes left in your systems security, from simple things like decreases IE security settings to other more complex issues?
 
Idealy I would like completely free software that is available to individuals and companies.
 
Thanks.

Answer:Checking PC security after virus removal

to BCBefore continuing, please let me know what security scans have you performed thus far and what did they find?

7 more replies
Relevance 76.26%

hi all, i've read through everything and still have big problems my laptop has the above issue but i cannot run anything to remove it. i already had MAMB but i can't run it, can't access the net either.the pc is on in safe modeany pointers would be great..

Answer:ms removal / xp security 2011 virus help!!

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. 1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.2. The fixes are specific to your problem and should only be used for this issue on this machine.3. If you don't know or understand something, please don't hesitate to ask.4. Please DO NOT run any other tools or scans while I am helping you.5. It is important that you reply to this thread. Do not start a new topic.6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.7. Absence of symptoms does not mean that everything is clear.If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line. **********************************************************You will have to use the above method to download and transfer these programs to your computer.Please download and run the below tool na... Read more

1 more replies
Relevance 76.26%

Hi, this is a new labtop, damn not even a month old. I let little sister use and she has somehow downloaded this win 7 security 2011 virus. How can i remove it??
Please help me!!!

Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft Windows 7 Home Premium , 64 bit
Processor: Intel(R) Pentium(R) CPU P6200 @ 2.13GHz, Intel64 Family 6 Model 37 Stepping 5
Processor Count: 2
RAM: 3894 Mb
Graphics Card: Intel(R) HD Graphics, 1723 Mb
Hard Drives: C: Total - 274812 MB, Free - 222171 MB;
Motherboard: TOSHIBA, Portable PC, Base Board Version, Base Board Serial Number
Antivirus: Microsoft Security Essentials, Updated and Enabled
 

More replies
Relevance 76.26%

I could sucessfully remove the Security Shield virus using Rkill.

Download link for Rkill.........
http://www.bleepingcomputer.com/virus-removal/remove-my-security-shield

1) Download the file iExplore.exe to your computer
2) Run the file as Administrator
3) The application takes few minutes to run and remove the virus
4) A log file will be generated after completion of the removal process.

Thanks to BleepingComputer for providing the solution to remove the virus.

More replies
Relevance 76.26%

Hello, I recently got a virus that masquerades as an anti-virus program and won't let me access the internet or launch certain programs. I've been trying various methods at removal but none have worked so far. Please help me out! Thanks!

The following is my HijackThis log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:39:19 PM, on 4/25/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16766)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Users\Robert\AppData\Roaming\Microsoft\conhost.exe
N:\OTL.exe
C:\PROGRAM FILES (X86)\PROCESSEXPLORER\PROCEXP.EXE
N:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.mywebsearch.com/mywebsearch/default.jhtml?ptnrS=ZUfox000&ptb=RddAa6VN_0QCLF2SCkPfRw
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSe... Read more

More replies
Relevance 76.26%

My daughter's laptop has the Security Tools virus on it and I would like some help to remove it? I have downloaded the exeHelper to the desktop and I ran it, but I cannot get the log file to open with any software. It seems this virus has disabled a lot of stuff. So I am copying the exehelperlog file contents onto a thumb drive and working back and forth between her computer and mine. I would log in to this site on her computer, but I wouldn't be able to open and copy results from her computer because text programs like word or notepad won't open.The details of her laptop are as follows:Windows 7 Home PremiumIntel Core i3 CPU M330 @ 2.13GHz4.0 GB64 bit operating systemI included these details, because I noticed when assembling this question, that your site tracked the OS and CPU/RAM info of my computer and not her laptop.Here are the contents of the exehelperlog file. FYI I ran it twice. Not sure if that ruined anything or not.exeHelper by RaktorBuild 20100414Run at exeHelper by RaktorBuild 20100414Run at 13:46:31Thank you for any help you can give.Cindy

Answer:Help with Security Tools virus removal....

Check out my post here: http://hitanykey.webs.com/removefak...

4 more replies
Relevance 76.26%

tried using the removal instructions from this site and I get to downloading "Process Explorer" to dektop and then change name to explorer.exe but when i double click it doesn't run/open. This virus won't let me open anything from HD, USB flash or CD drive. I can access the internet but not run applications. Is there an updated version or a work around.

I'm about to the point of just wiping clean and reinstalling OS. If I do that do I just reinsall with original OS and driver discs or do I need to wipe hard drive first to get rid of virus.

Thanks

Answer::system security" virus removal

Hi stephenisr and to BleepingComputer!Lets see if we can get Malwarebytes Antimalware to work. If your infectec computer is preventing you from downloading it, use a flash drive, but make sure you use Flash Disinfector to make sure you do not infect another computer.Please download Flash_Disinfector.exe by sUBs and save it to your desktop.Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.Wait until it has finished scanning and then exit the program.Reboot your computer when done.Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.MALWAREBYTES ANTIMALWARE-------------------------------------------Please download Malwarebytes Anti-Malware and save it to your flashdrive (in case you are not able to download it direct to your infected computer). Rename mbam-setup.exe to winlogon.exealternate download link 1alternate download link 2MBAM may "make changes to your registry" as part ... Read more

1 more replies
Relevance 75.44%

Hi

Im pretty stuck here, googled and found your tutorial for the removal of this virus but can't get past step 3 as rkill keeps getting blocked before it can do anything, I have tried as suggested leaving the pop ups in place and trying again but still the same problem

I then followed the link for further help - Preparation Guide For Use Before Posting A Hijackthis Log, but unable to run this software either, its just blocked dead.

I don't know exactly how this virus got on the pc, no one is owning up.

There are no desktop icons, it has disabled the wireless internet connection, you cannot run system restore, I have been downloading the software onto a usb and transfering ot onto the pc. It won't let any software run that might remove it basically.

Any help gratefully received. Im running XP & have ESET Security installed

Answer:Security Tool Virus removal problem

Hello snowball2 and welcome to Bleeping Computer! My username is swagger and I'll be helping you. Have you tried downloading and running RKill with the different extensions? rkill.pifrkill.scrrkill.comrkill.exePlease Download Link #1. Save it to your Desktop. Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.Double click the RKill desktop icon to run the tool.
If you are using Vista please right click and run as Admin!A black screen will briefly flash indicating a successful run.If this does not occur please delete that application and download Link #2.Continue process until the tool runs.NOTE: 1. Try running RKill using Link 1, if it does not run, download Link 2 and delete Link 1 then try running it again. 2. If you still can't run RKill, repeat the same steps using Link 3 and 4. Please tell me if all the link does not work.*If the tool does not run from any of the links, Please tell me about it.Regards,swagger

3 more replies
Relevance 75.44%

Windows XP computer infected 12/22/11 with "SECURITY SHIELD" virus. Followed bleepingcomputer.com Unininstall Guide instructions exactly (obtained via another computer that could access internet). Malwarebytes Malware virus tool identified virus files and supposedly removed them. But when rebooted out of SAFE mode virus present and active. REPEATED ENTIRE PROCEDURE TO NO EFFCT! Second attempt scan reported finding no virus infection files to be removed! But rebooting out of SAFE mode has virus stll present, including hijacking internet access attempts and with a SECURITY SHIELD button on the taskbar. Any suggestions or solutions?

Answer:SECURITY SHIELD VIRUS REMOVAL INEFFECTIVE

FROM TOPIC ORIGINATOR ryoungberg. 12/23/11 UPDATE: SITUATION (I HOPE) RESOLVED. The two previous attempts to Remove the Security Shield malware were done while in SAFE mode. This morning, since I now had iEXPLORE.EXE(RKILL)and Malawarebyte's Anti-Malware installed on DESKTOP, I ran uninstall procedure again. I ran iEXPLORE.EXE TWO times. The first time it reported terminating several processes; the second run produced a clean report(nothing stopped). Then I ran the Anti-Malware program again with a FULL scan. Previous two full scans ran 45-50 minutes, this third ran 1 hr. 38 min., and reported NO INFECTIONS FOUND! But no virus action occurences and tne SECURITY SHIELD icon on the right of the tasbar was gone. Rebooted normally and everything still OK (but keeping my fingers crossed). IF UNINSTALL PROCEDURE FOR THIS MALWARE MUST BE RUN IN NORMAL RATHER THAN SAFE MODE, THEN GUIDE SHOULD BE UPDATED TO CLARIFY THIS AFTER USER BOOTS IN SAFE MODE TO BE ABLE TO ACCESS BLEEPING COMPUTER AND DOWNLOAD REMOVAL PROGRAMS.

2 more replies
Relevance 75.44%

I somehow got a windows security alert virus and I can't get rid of it. I used malwarebytes and it did not find anything. I can't get on internet from my laptop and every few seconds windows pop up telling me I have a virus and asking me to run scans and download things.

How do i get rid of this?

Answer:windows security alert virus removal

Try this: How do I remove the Microsoft FakeAV Alert

1 more replies
Relevance 75.44%

Alright so the desktop, using windows xp, has the "total security" pop ups telling us we're infected blah blah virus. I tried looking at results for other people on this problem such as the "tsc.exe" removal but couldn't find it. So yea pretty much just need help removing it any help is greatly appreciated. Thank you in advance.
 

Answer:Total Security 4.52 Virus. Help needed for removal

16 more replies
Relevance 75.44%

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No inp... Read more

Answer:Virus removal/remove Total Security

Due to lack of feedback, this topic is now closed.

If you are the original topic starter and you need this topic re-opened, please send me a PM.

Everyone else, please start a new topic.

2 more replies
Relevance 75.44%

Hi! Problems on my pop's computer again. He called to say a pop-up window informed him that Microsoft Security Essentials was not functioning and displays the message that:

"Couldn't start the Security Essentials service.
The specified service does not exist as an installed service.
Click help for more information
error code 0x80070424".

He also got another pop-up for Windows XP Security 2013 claiming there was malware and to click on the "install" button to clean the system. I quickly begged him NOT to do so; just pull the internet wireless connector out and shut down his PC until I could get over there.

So having had wonderful success with cleaning his computer thanks to your kind and knowledgeable instructions, I quickly did the First Steps before posting here.

Here is the text of the DDS log:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2
Run by Keith at 2:50:03 on 2013-01-15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.991.411 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: AVG Firewall *Disabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\lxdccoms.exe
C:\Progra... Read more

Answer:Virus Windows XP Security 2013 Removal

Hello Keith,

Please download Malwarebytes Anti-Rootkit from here Malwarebytes : Malwarebytes Anti-Rootkit and save it to your desktop.

Be sure to print out and follow the instructions provided on that same page.

Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.
Double click the mbar.zip file to open it, then 'Extract all files'.
Double click the mbar folder to open it, then double click mbar.exe to start the tool.
Check for Updates, then Scan your system for malware

If malware is found, do NOT press the Cleanup button yet. Click EXIT.

I'd like to see the log first so I can see what it sees. You'll find the log in that mbar folder as MBAR-log-<date and time>***.txt . Please attach that to your next reply.

19 more replies
Relevance 75.44%

I am getting a lot of pop ups. I ran spybot and ad aware, but this did not resolve the problem. I also ran my anti-virus (panda) scan, but some malware could not be deleted nor renamed. Any help is appreciated.

-mronederful1911

Answer:Need help with virus and spyware removal [moved from Security]

Which browser are you using? What do the popups say? Do they appear only when you visit certain sites or all the time? What details do you have for the malware that "could not be deleted nor renamed"?

Please follow the instructions here (5 pages) and then post all the requested logs in a new thread here for the security analysts to look at. If you have any trouble running any of the scans, leave them and move onto the next.

The security forum is always busy, so please be patient and you will receive a reply as soon as possible. If you go to Thread Tools > Subscribe at the top of your new thread you will receive an email as soon as a reply is posted.

12 more replies
Relevance 75.44%

I followed the steps to remove Win 7 Internet security virus. I still have some problems. When I start up I recieve problem starting box (runDLL) with C:\USERS\SCOTTP~1|AppDat\Roaming\MICROS~1\Protect\pclw.uf module could not be found. I put super anti spyware and loaded malwarebytes to get rid of the virus. My computer locks up once in awhile and is slower. I had Webroot security . Lost it with the virus and reinstalled. Are the antivirus running on top of each other? Should i restore my registry ?

Answer:Win 7 internet security virus problems after removal

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Using a good restore point is an option. Lets see what I can find before going that route.Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.DDS.scr DDS.pifDouble click on the DDS icon, allow it to run. A small box will open, with an explanation about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that pop up for posting the results.Please note: You may have to disable any script protection running if the scan fails to run.Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.

22 more replies
Relevance 75.44%

I downloaded a file that contained the Internet Security 2010 virus which took over my computer. I shut it down and now i cannot reboot. When I try to reboot the safe mode selection screen comes up and if you were to select any one of the options, the computer reboots and goes back to that screen. I am running an IBM computer with XP Professional.
 

More replies
Relevance 75.44%

Hello,

We have a Lenovo notebook running Windows Vista. It has been infected with the security tool virus. I followed the instructions at http://www.bleepingcomputer.com/virus-removal/remove-security-tool and it appeared to have cleaned the system, but this morning the virus was back. We'd appreciate any assistance you can offer!
 

Answer:Security Tool Virus - removal failed

Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this do following, please.
Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds file to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt

Save both reports to your desktop. Post them back to your topic.

 

3 more replies
Relevance 75.44%

Hey guys, need some help getting this stupid security alert virus removed, its been on my computer for months and ive tried most things to try and eliminate it and no joy. Ive been using the right programs just not the right way lol. Can anyone help please?
 

Answer:Windows security alert virus removal help please?

16 more replies
Relevance 75.44%

Hi,   I have Vista and I got the virus when I went to the MLB.com website, at least that's whenmy computer when carzy. I got the blue screen of death 2 times , once almost immediately and then a second time whe I restarted the computer, not knowing what I had yet. I got the basci security suite main screen telling me I had tons of virues, which i figured out fairly quickly it was a scam virus. I went to Bleeping computer and several other forums and site in safe mode and on my laptop, to get some answers. Everyone says that you need to go into the Internet options and turn on the proxy settings, but with me it's the opposite. My proxy settings were checked and when checked I cannot access the Internet. when I uncheck them I can get online no problem. Also, in Safe mode, I am still getting redirected to other sites (which I somehow got a couple of weeks ago and can't seem to get rid of), but also when I first signed on in safe mode I opened up the help for IE8. Now whenever I do anything in safe mode, like open IE, or even trying to open RKill.com, the window for that exact hlep pops up, every time. I cannot run rkill as it closes and reports after 1 second. On the bleeping computer site they say to keep clicking until  it cathes, but I have clicked it over 200 times and nothing will stay open to run. I have run malware in safde  mode, and hijack this, trojen removal, AVG, and done everything I can from every forum I can find. My problen... Read more

Answer:I have a very different problem with Security Suite virus removal, need help

Scratch this question......I actually had read a forum wrong and I didn't have a different problem, especially with the proxy button in the LAN settings under connection in internet options. Not a big deal, but wanted to clear that up.I actually got rid of the Security suite virus by following the soft sailor directions and doing a few other things I saw on this forum, deleting some things from the registry like Tkbell and the proxy with 127.0.0.1=xxxx it was not the exact number most forums list in the xxxx area, but I knew it was bad. I googled every odd looking registry entry from hijack this and found good quality answers for each entry. Deleting the bad ones worked for me. This was much easier than I expected when combining information from this site and bleeping computer and soft sailor. All these guy and gals are great for what they post to help, I thank them all I managed to do this a strange way but it worked and my system is holding nicely now. I think I cleaned everything on my computer, but in the end it was worth it, good luck to all

2 more replies
Relevance 74.62%

Hi fellow techs

Just got d above virus and Wat a mission it was to get rid of it

However it has left some damaging things behind like win updates thinks it's not turned on when it is!!!

As well as it's made some ordinary files like movies to be marked as hidden files

And all programs is not listing a thing but they are all still present!!!!

What the&hellip;&hellip;

Can anybody help

I will try restoring to a week ago soon to see if that works

Answer:Xp security 2011 / malware removal tool virus

You are still infected. We cannot help you here with Malware removal as per forum rules. Please head over to Virus/Trojan/Spyware Help and post there for more help
NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help

1 more replies
Relevance 74.62%

Earlier this week my computer had the AV Security Suite virus and it kept popping up telling me to buy a license to clean multiple viruses. I used the instuctions on this site for removal of the virus, the virus seems to be gone but now the computer wont work. Vista crashes after several minutes every time I log on. I seem to be OK in Safe Mode.

Any known ways i can fix this?

Answer:Computer crashing after removal of Av security Suite virus

Hello,Please follow the instructions in ==>This Guide<== starting at Step 6.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Orange Blossom

2 more replies
Relevance 74.62%

Hello,

I was recently working on my computer and I walked away for 5 min - when I came back I had a full blown live security platinum virus running on my computer. I followed a few of the online guides to remove it. I am back to running fairly normal (internet and programs work), but I was not sure if I got rid of all of it.

I then noticed if I try to go to any of the anti-malware program sites like malwarebytes or superantispyware I'm immediately redirected to google.com or given a weird 404 error in google. This is very strange. Also facebook is now asking for a credit card to unblock it which is clearly a virus of some sort too. In addition to the regular logs requested, I also attached the logs from my full system malwarebytes scan (when I removed live platinum) and the rkillog. I'm running Windows 7 32-bit on a thinkpad laptop.

I also tried to install a new version of superantispyware and I'm getting a "file copy error." I tried their uninstall, rebooting, etc - nothing worked.

Thanks as always!

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by Jared at 13:26:43 on 2012-09-07
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.1944.579 [GMT -4:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\... Read more

Answer:live security platinum removal and redirect virus

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

15 more replies
Relevance 74.62%

I just removed a virus (winsvc32.exe) with Malwarebytes, which was awesome but now my Windows Security Centre is not working, the little icon for it is on the system tray with the X and says my protection is turned off. How do i fix this so that I can have it working again?
 

More replies
Relevance 74.62%

I followed the instructions from your "How-To-Do" guide http://www.bleepingcomputer.com/virus-remo...t-security-2010. After restarting my desktop computer, this error occurred at the "Log On to Windows" screen. svchost.exe - Application ErrorThe instruction at '0x7d4caa9b' referenced memory at "0x00000010". The memory could not be 'read'Click on OK to terminate the programClick on Cancel to debug the programI clicked on either OK and Cancel on two separate occasions with nothing happening. I got thru the "Log On to Windows" screen. Just the desktop picture showed up. In the Task Manager, I opened a New Task and manually started the Start menu. My start menu and icons on the desktop now show up.My internet connections do not work. I tried disabling and then re-enabling. Not sure what to do, if this is related to the above application error. I'm working off my laptop not infected to use this forum.Any suggestions appreciated. For the most part, the virus appears to be removed. thanks for that!--trailyak

More replies
Relevance 74.62%

Today I had suddenly XP Security 2012 malware on my computer. I removed it following the instructions under this link: http://www.bleepingcomputer.com/virus-removal/remove-vista-internet-security-2012

Malewarebytes found 5 infections and deleted them. After restart I opened Firefox and noticed google search results got redirected to other websites. I followed the instructions in the Preperations Guide and created logs running dds and gmer. During this process I had a window error message popping up about a ping.exe and Avira found a TR/Rootkit.Gen2 in Windows\system32\drivers\ipsec.sys

Can you please help me removing this malware I still having on my computer? Thank you so much.

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_22
Run by Assmann at 18:14:42 on 2011-12-10
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1031.18.1022.253 [GMT -8:00]
.
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {00000000-0000-0000-0000-000000000000}
AV: Avira Desktop *Enabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804E5358-FFA4-00DA-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804E5358-FFA4-00EB-0D24-347CA8A3377C}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System3... Read more

Answer:Google redirect, ping.exe virus after XP security removal

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

41 more replies
Relevance 74.62%

i cant even get Hijack this to work as soon as i run it it disappears so i cant even post that here to show whats going on with my computer.. im using windows XP... i keep getting redirected when i try to search on yahoo or google... using mozilla firefox. ive also tried to run in safe mode but i keep getting a blue error screen and cant move past that.

Answer:advanced virus removal / security tools malware?

Let's see if we can get a scan to workIf this works, go ahead and repost in the HJT forum. If not, post back hereRun this application and then immediately run your scanPlease download Rkill by Grinler and save it to your desktop.Link 2Link 3Link 4Double-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.Do not reboot the computer or you will have to run it again

8 more replies
Relevance 74.62%

Hi,I've picked up a nasty virus tonight, where "Vista Home Security 2011" dialog box popped up. It has completely shut me out of all my applications, including MBAM and Avira. In SafeMode, when I attempt to open them (using "Run as Administrator"), I get a message box stating "This file does not have a program associated with it for performing this action. Create an association in the Set Associations control panel." I am using Mozilla Firefox in its own safe mode, and have attempted to download other virus scanners, but I receive the same message when I try to run the app.I followed the instructions from the link below, to manually remove Windows & registry settings as directed. After rebooting, it didn't improve anything.http://www.precisesecurity.com/rogue/vista-home-security-2011/Please help me out!Thanks.MI managed to run DDS, but I am not able to access Defogger & GMER (due to same reason as stated above).Here are the DDS results:DDS (Ver_10-03-17.01) - NTFSx86 NETWORK Run by Mike at 0:10:14.13 on 2011-04-01Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_22Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.2.1033.18.3454.2810 [GMT -4:00]SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windo... Read more

Answer:Vista Home Security 2011 virus removal

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

21 more replies
Relevance 74.62%

After I followed the removal instructions I haven't been able to get an internet connection. I tried to repair it, but it say it is trying to renew my IP address. My desktop can't connect but I still can get WiFi on my phone. Any help would be appreciated.

By the way I've tried to do a system restore and it won't let me do one.

Answer:After removal of Xp security 2012 virus no internet connection

Hi -Have you done the basic check ->Must be Internet Explorer > (Across the top) Tools > (Bottom Item) Internet Options > (Across the top) Content > LAN Settings > Make sure the only box ticked is the top one - Automatically detect settings -Always a quick first check -

10 more replies
Relevance 73.8%

Since the ComboFix will not run on Vista or Windows 7 64-bit, I have to look for new malware/virus removal apps... It was good while it lasted. So what tools do people use for Vista these days when the computer says: "WARNING! YOURS COMPUTER IS AN INFECTED BY HARMFUL VIRUS!!!!"

Answer:64-Bit Virus Removal & Malware Removal Tools?

64-bit Anti-Virus:List of 64-bit Anti-Virus For VistaAnti-virus protection in 64-bit environmentsFree Anti-virus:avast! Free Antivirus Avira AntiVir Personal - Free AntivirusAVG Anti-Virus Free Edition 8.5Microsoft Security EssentialsPanda Cloud AntivirusKingsoft Free Antivirus (Cloud Scan)Paid for Anti-virus:NOD32 Anti-Virus PersonalMcAfee AntiVirus PlusTrend Micro AntiVirus plus AntiSpywareNorman Antivirus & AntispywareCA Anti-Virus Plus Anti-Spyware64-bit Anti-Malware tools:Malwarebytes Anti-MalwareSUPERAntiSpywareKaspersky Virus Removal Tool - How to install and use documentationSpyware TerminatorWindows Defender (64-bit)PrevxSpybot S&DAd-AwareNorman Malware CleanerSunbelt Counterspy (free Trial)Comodo BOClean Anti-MalwareSophos Anti-rootkitSanityCheck Advanced Rootkit and Malware DetectorESET Online Antiivirus ScannerESET SysInspectorAnVir Task Manager FreeWinPatrolStart with these:How to use Malwarebytes' Anti-Malware to scan and remove malware from your computerHow to use SUPERAntiSpyware to scan and remove malware from your computer

3 more replies
Relevance 73.8%

Hello:
I 'm not playing word games here. A month or two ago, I downloaded and ran the "Kaspersky virus removal tool". It found problems the other programs were missing. I followed directions and let it remove the problems. My big mistake was in keeping the program on the desktop to try again sometime. At some point WinUtilities, or Ashampoo Winoptimizer removed the Uninstall made by Kaspersky for this tool. The virus removal tool is not listed as a program, on Revo, Advanced Removal tool, or windows. It won't click to delete, but I feel it's a program, so maybe it shouldn't. It contains 321 MB,& 4890 files. Looking in permissions(security) of this "program", I seem to be lacking "Special Permission" . I'm afraid to tinker with permissions.
I would appreciate sincere , simple, step by step, help. I tried reinstalling a new Kas.virus removal tool, and then uninstalling it. Got rid of the new one , didn't touch the problem.
Thanks.

Answer:Virus Removal Tool Program removal

Try this tool at your discretion*. The utility should pick up on any remaining traces of the program and display it on its list for removal.* The Windows Installer CleanUp Utility is provided "as is" to help resolve installation problems for programs that use Microsoft Windows Installer. If you use this utility, you may have to reinstall other programs. Caution is advised.

4 more replies
Relevance 73.8%

MS Removal Tool is a rogue software. It restricts you from accessing your desktop. You cannot start Task Manager, and you cannot open Internet Explorer or any other programs. This situation is the result of malware (a variant of Win32/Winwebsec) that is infecting your computer.
To remove the MS Removal Tool, follow the steps below: Boot your computer into Safe Mode.
Windows XP and Windows Vista:Start your computer and press and hold the F8 key.A Windows Advanced Options menu will appear. Use your arrow keys to scroll to Safe Mode and click the Enter key.Click the Start button, and then click Run.Type cmd then click OK. A black command prompt window will appear.Locate the affected directories:
Windows XP:Type cd c:\Documents and Settings\All Users\Application Data\ and press the Enter key.Type dir and press the Enter key.
Windows Vista:Type cd c:\ProgramData\ and press the Enter key.Type dir and press the Enter key.Type c:\Users\All Users\ and press the Enter key.Type dir and press the Enter key.Scroll through the list to find directories with random names that contains 18 characters. For example: cHl08200gMhHd08200 , pJg08200fBmPl08200.Type rd /s /q <random name>, and then press the Enter key. Replace <random name> with the 18 character name. Repeat this step for each random name you find.Type reg delete hkcu\software\microsoft\windows\currentversion\run once /v <random name> /f, and then press the Enter key. Replace <random name> with the 18 cha... Read more

More replies
Relevance 73.8%

I received the security tool virus while randomly browsing the internet about two weeks ago. Upon infection, I followed the removal instructions at http://www.bleepingcomputer.com/virus-remo...e-security-tool. The virus seemed to be removed successfully, however I now have a browser hijacker. Whenever searching google and clicking on a link my browser is typically redirected to a faux antivirus site. This usually occurs successively three times and on the fourth time my browser directs me to the correct link. The redirect seems to occur more often when I'm clicking on links dealing with security/virus removal. I also get random pop-ups of the website survey and local-news-online.com periodically. I observe no other effects other than browser redirection, that I am aware of. I received this virus while using Internet Explorer and since have changed to using Firefox. I have also updated my computer security from Symantec Anti-Virus and Windows default firewall to Avast!, COMODO Firewall, and Malwarebytes Anti-Malware. I have run scans with MBAM, SuperAntiSpyware and Spybot, all were unable to fix the problem. In addition, when trying to download the DDS file, my computer recognizes the .scr file extension as an AutoCad script and opens it in notepad. I no longer have AutoCad on my computer and am not sure how to change this, but therefore I can not run the DDS program. The ARK.txt file from rootrepeal is attached. Thank you for any help.

Answer:The Website Survey redirect after "Security Tool" Virus Removal

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.[i]Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Thanks Please run OTL instead of DDSDownload OTL to your desktop.Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.When the window appears, underneath Output at the top change it to Minimal Output.Under the Standard Registry box change it to All.Check the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy [b](Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

3 more replies
Relevance 73.8%

Dear all,
this is my first post here.
I am desperate for some help, as Security Tool has totally taken over my life since yesterday.

I am running XP professional
I got the Virus yesterday and used various online suggestions on how to remove it (stop process, delete exe and folder
delete regisrty etc.)
then XP did not start anymore
I started in Safe mode, ran Avast and had Avast delete a bunch of infected files
Still no regular start anymore
I then downloaded Spydoctor, which found a few more files. I deleted those manually.

Still cannot start XP other than in safe mode.
Tried to create a new user profile, but it is still stuck.
Cannot do system restore, even if I choose a very old restore point from 2008

I tried to reinstall XP booting from CD, but that did not work either.

I did manage to run DDS, but when I tried the root repeal scan the computer just froze so I cannot post a log.

I hope to receive some help here.
I did do a search and saw a few other posts, but I am not sure what to do.
So I figured before I make things worse, I ask for help.

Any feedback is appreciated.
Thanks
Vacky

More replies
Relevance 73.8%

I have the security system 2009 virus (or is it system security?) and I can't run any of the anti-spyware fixes I've seen in various blogs and at various sites (Malware Bytes, Spyhunter, etc). I can do limited things in safe mode but nothing at all in regular mode. Firefox is almost useless even in safe mode, as anything I download using it generally won't run or install. I'd downloaded 3.5 right before getting the virus and was having some issues with the program right before and after the update. IE has seemingly random pop-ups in safe mode and sometimes will totally ignore commands and do its own thing. I did the hijack scan but upon reading the blog found that there is another process to follow. I'm hoping since the hijack program directed me to this blog that I may have enough information in the log because I have to leave for work so I can't at the moment. I also had some issues on the computer from prior viruses that I could never seem to get rid of completely so some of that may be in the log. I don't know what other information is needed but I hope I've given something of use. I've been up all night so I'm pretty discombobulated so I apologize for the scattered message. Thanks for any and all help and advice!

Answer:System Security 2009 Virus - unable to run removal tools

Hi My name is Extremeboy (or EB for short), and I will be helping you with your log.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.If you do not make a reply in 5 days, we will need to close your topic.You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.Please take note of some guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Even if things appear to be better, it might not mean we... Read more

8 more replies
Relevance 73.8%

I got the 2012 Vista Security Virus yesterday, and I followed these removal instructions:
http://www.bleepingcomputer.com/virus-removal/remove-vista-security-2012

I finished all the steps, and today I can access the internet, but some programs (Spotify, MestReNova) will not open. I checked the task manager and Firefox, MBAM, and the previous programs have become .exe *32. Their icons also include the Vista Security Virus Logo.

Thanks in advance for the help!!

Answer:2012 Vista Security Virus Post Removal Issues

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

3 more replies
Relevance 72.98%

I have what I believe is a hijacker which I cannot seem to get rid of. Currently when I am on the internet I am getting redirected when I try to go to websites. Also, I hear from my computer speakers what sounds like commercials but there is no video. This is the logfile from hijack this. Any help would be appreciated. I am a college student and can't really afford to take my computer to a professional.

Also, when I run Hijackthis I get a message saying I am being denied access to host files. It says to right click on the hijackthis icon and run as administrator but I can't do that for some reason. When I run Norton I also get an error message about not being able to delete something in the host file.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:18:32 PM, on 4/6/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19019)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Spybot - Search & Destroy\T... Read more

Answer:Hijacker Removal Help

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

12 more replies
Relevance 72.98%

Hi - I'm new to this forum and hope someone may be able to help me - I believe I ahd a virus and I think I removed most of it through Spybot and Adadware but I still get what I believe is a web page hijacker as a page keeps popping up when I make a search - this page goes to a blank page and I need to close it but it keeps coming back - any help would be most appreciated - many thanks, WB
DDS (Ver_09-01-07.01) - NTFSx86
Run by Warren at 21:22:37.54 on Sun 01/11/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_02
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1273 [GMT 0:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
FW: ActiveArmor Firewall *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Belkin... Read more

Answer:hijacker removal help please

Please download Malwarebytes' Anti-Malware from HERE or HERENote: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.NEXTPlease download RSIT by random/random and save it to your Desktop.Double click on RSIT.exe to run RSITBefore you click "Continue", make sure you change the List files/folders created or modified in the last 3 monthsClick Continue at the disclaimer screen.Once it has finished, two lo... Read more

21 more replies
Relevance 72.98%
Question: hijacker removal

I am the IT for a business and I am having problems removing a hijacker. I have installed Spyware Doctor and ran it and it still does not find the problem. It is redirecting the enternet explorer to go to a web sight www[dot]adbaaz[dot]com. It happens after someone goes to the same sight a couple of times. Then the only thing that the screen shows is "error please contact your ISP provider". I don't know what else to do. I am also running McAffee on each computer and it is not seeing it also. Has anybody else had this problem?
 

Answer:hijacker removal

Welcome to Majorgeeks!

Its quiet possibe that this redirector and its resulting site is trying to install malware on the PCs.

The best options to allow our malware experts to assit you in removing what ever this malware is, is to follow the below guide and attach the requested logs, from there they will be able to issue you some tailored removal instructions to clear this up.


Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

READ & RUN ME FIRST. Malware Removal Guide
 

1 more replies
Relevance 72.98%
Question: Hijacker removal

I have several problems with my laptop. I have a highjacker that keeps changing website names. I installed Malwarebytes, but it keeps stalling before completing the scan. I installed Spyware Doctor two years ago, but it does not remove the highjacker. I keep My computer will not allow me to boot in safe mode. I keep getting error messages every time a program starts that the program.dll is not correct and to check my installation disk. My computer would not allow System Restore, I was able to re-enable System Restore, but it will not allow me to create a restore point. Please let me know what I can do to fix this. Thanks.

Answer:Hijacker removal

Hello let's try getting a log like this.Please download Rkill by Grinler and save it to your desktop.Link 2Link 3Link 4Double-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.You will need to run the application again if reboot the computer along the way.Rerun MBAM (MalwareBytes) like this:Open MBAM in normal mode and click Update tab, select Check for Updates,when doneclick Scanner tab,select Quick scan and scan (normal mode).After scan click Remove Selected, Post new scan log and Reboot into normal mode.Next run ATF and SAS:Note.. SAS doesn't open the registry hives for other user accounts on the system, so scans should be done from each user account.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".From your regular user account..Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..DO NOT run yet.Open SUPER from icon and install and Update itUnder Scanner Options make sure the following are checked (le... Read more

1 more replies
Relevance 72.98%
Question: Hijacker removal

Many thanks to boopme for getting me started. DDS and combofix logs attached. The system seems clean of malware/viruses except for this persistent hijacker. I look forward to your comments.

many thanks again

Answer:Hijacker removal

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting... Read more

2 more replies
Relevance 72.98%

How to remove the Mandiant U.S.A Cyber Security ransomware (Virus Removal Guide):

Tried removal instructions but after scan by Kaspersky Rescue Disk and it stops at 1% scan and points to object: c:/msvcr70.dll. Can't find a way to quarantine or delete the file. It was an incomplete scan. Instructions also point to do updte but not working since I don't have internet access. I deleted it during one minute access to computer but did not make a difference.
 

Answer:How to remove the Mandiant U.S.A Cyber Security ransomware (Virus Removal Guide)

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

7 more replies
Relevance 72.98%

After removal Antivirus Security Pro virus with Malwarebytes Anti-Malware and SpyHunter 4 my e-mail AOL stopped working. I tried to restore the Dell Studio 540 computer to an earlier date. It did not help. I tried several earlier dates in safe mode. After that Windows 7 boots only in Safe mode whatever I do (msconfig, services.msc...). I conducted all diagnostics via F12 - everything is OK; F8 - reboot in normal mode - it does not, again in safe mode. 

Answer:After removal Antivirus Security Pro virus computer boots only in safe mode

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/507569 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

2 more replies
Relevance 72.98%

Greetings,
 
My laptop was infected with the Rogue Malware called Internet Security 2013. I had some success in removing it after using Malwarebytes, but there are corruptions that linger. For instance, my Microsoft Security Essentials was not recognizing the only user as the administrator. I fixed this by entirely removing MSE with Microsoft's fix it program; however, I'm now unable to reinstall MSE--even from a flash drive. It is an installation error (probably due to lingering corruption) and not a download error. Of second order is the problem with Internet Explorer. With the infection of the rogue software, IE9 began to refuse everything I tried to download (firefox[second browser], all antivirus/anti-malware software) as a virus and rejected it. I am able to use firefox (once again, ported from a flash drive) and download anything including software.
 
I have run several different programs
Malwarebytes
Security Check
AdwCleaner
RogueKiller
Microsoft Fix It
RKill
DDS (logs below and attached)
I'll post additional logs as you want them.
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16576
Run by Jane at 13:32:17 on 2013-05-18
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3003.1954 [GMT -4:00]
.
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\sys... Read more

Answer:Corruption Lingers Following Removal of Rogue Virus, Internet Security 2013

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

3 more replies
Relevance 72.98%

I am using Windows XP Professional operating system on my computer and last night i had the pleasure of getting attacked by the "Security Suite" rogue virus that i actually came to BleepingComputer to get help with removal for. I followed the steps on this linkBleeping Computer Security Suite Removal Stepsin an attempt to remove said malware from my computer (but i also used some other programs that were already on my computer for malware removal) and after all the scans and deletions. I can't get out of safe mode to check and see if it actually killed the virus. Whenever i try to boot normally the computer goes to the Windows XP loading screen (the one with the little bar that shows it loading with the logo) before the screen that says "windows is starting up" or whatever. The "windows is starting" screen is blue, the loading screen is all black except the windows xp logo. While it is still on the black screen (loading screen) it freezes, and restarts the computer, says that booting was not successful and gives me the option to try again in normal mode, or the safe mode options. After failure it also gives me the option to revert to the last booting that was successful (would this take me back to safe mode since that is what ive been using? or would it restore settings to before i did all the virus scans and give me the virus infected computer again?)I am in safe mode right now. i can give you the names of the programs that i have used to sc... Read more

Answer:Trouble booting in normal mode after removal of Security Suite Virus

Have you tried running chkdsk /r from safe mode?

You followed the instructions...in the BC Removal Guide...explicitly and fully?

Louis

3 more replies
Relevance 72.98%

Hi,I am using Windows Vista Business and have recently been infected by the Live Security Platinum virus and have cleaned it using the method from here.Everything seems recovery ok but I can't connect to www.google.com by either the IE or ping. I have use ipconfig to flush the DNS but it doesn't help. The other PCs behind the same router can connect or ping www.google.com (will jump to www.l.google.com) successfully so I am pretty sure it is not the problem of the gateway.I have also checked the host file in the affected PC but it seems normal. There is also NO proxy setting in the IE.Could you help me on it? Thanks a lot!P.S. I noticed that the "windows defender" in the control panel can't be opened and gave error message when double-clicked. However, since I have never used it, I am not sure now it is the problem even before the infection.

Answer:Can't connect to www.google.com after successful removal of Live Security Platinum virus

DownloadFSS Checkmark all the boxesClick on "Scan".Please copy and paste the log to your reply.

25 more replies
Relevance 72.98%

this was my original topic that describes my problems: http://www.bleepingcomputer.com/forums/t/260661/please-help-me-with-advanced-virus-removal-software-cannot-even-load-windows/ i was told at the end to post this log:Running from: H:\Documents\Win32kDiag.exeLog file at : C:\Documents and Settings\Administrator\Desktop\Win32kDiag.txtWARNING: Could not get backup privileges!Searching 'C:\WINDOWS'...Found mount point : C:\WINDOWS\$hf_mig$\KB890046\KB890046Mount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\$hf_mig$\KB912812\KB912812Mount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\$hf_mig$\KB912945\KB912945Mount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\$hf_mig$\KB916281\KB916281Mount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\addins\addinsMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP176.tmp\ZAP176.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP21D.tmp\ZAP21D.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP300.tmp\ZAP300.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\assembly\temp\tempMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\assembly\tmp\tmpMount point destination : \Device\__max++>\^Found mou... Read more

Answer:advanced virus removal/total security malware problem on my laptop

excuse me, i know you guys are busy, but it's been 3 days and i havent gotten a reply yet. i thought i read somewhere that topics that dont get activity after 3 days get locked or deleted, so was just wondering about that.

even if you may not answer my question immediately, a response would be appreciated.

4 more replies
Relevance 72.16%

Google tab for ie, Firefox, and google chrome have all changed to www.web-find.me. I have tried to research removal of this but haven't had luck with finding the steps for this specific virus. Used malwaretips steps for onlinewebfind.com but I'm not sure if this is the same virus. I have webroot pro and it doesn't detect a virus. I can still get on other sites no problem. Anyone else have issues with this?
 

Answer:Help with browser hijacker removal

I also followed these steps because I couldn't find anything for my specific issue. http://malwaretips.com/blogs/onlinewebfind-com-removal/ Still not working. I will that my firefox is working but IE is still bringing up www.web-find.me in place of my google tab. I ran adwcleaner and it didn't show anything. I went into my programs to look for something that shouldn't be there to be uninstalled but didn't see anything. Ran malwarebytes anti-malware and it 2 things on my registry but I'm still having issues after restarting.
 

2 more replies
Relevance 72.16%

Daughter's PC on WIN ME has picked up a malware that causes IE5, a few moments after opening, to start opening additional pages that go to various advertising sites. I have identified (I think) this as msg121.dll and it comes from an advertising company at click hereI have heard there is a removal programme somewhere called kill2me but can't find it.If anyone can assist either pointing me to kill2me or any other removal programme I will be grateful.She is running AVG, Zonealarm, SpybotS&D and Adaware.

Answer:IE6 Hijacker - msg121.dll - removal help please

click here

4 more replies
Relevance 72.16%

Hi, it's my first time on this forum, so I hope I have everything I need in this post, if not, let me know. First I'll describe my computer briefly straight from Dxdiag:

------------------
System Information
------------------
Time of this report: 11/10/2006, 21:24:48
Machine name: DDB2B7B1
Operating System: Windows XP Home Edition (5.1, Build 2600) Service Pack 2 (2600.xpsp_sp2_gdr.050301-1519)
Language: English (Regional Setting: English)
System Manufacturer: Dell Computer Corporation
System Model: Dell DE051
BIOS: Phoenix ROM BIOS PLUS Version 1.10 A01
Processor: Intel(R) Celeron(R) CPU 2.53GHz
Memory: 510MB RAM
Page File: 340MB used, 907MB available
Windows Dir: C:\WINDOWS
DirectX Version: DirectX 9.0c (4.09.0000.0904)
DX Setup Parameters: Not found
DxDiag Version: 5.03.2600.2180 32bit Unicode

Anything might be included in the hijackthis! log, I'm not sure. Anyway heres the situation:

My computer is located upstairs in my house, specifically for office use, I don't install games, or download anything suspicious, I try to keep it well maintained. Recently I have discovered a popup on the taskbar that appears every so often:

When clicking on the link it opens internet explorer and shows an anti-spyware product page, virusburster. It urges the user to download for free scanning, and one of the member of my family has already done so, but I promptly deleted it. It may or may not be a legitimat spyware removal program but it has taken over the homepa... Read more

Answer:IE Hijacker suspected, need removal help!

6 more replies
Relevance 72.16%

spysherriff wont go away.. background is set to some stupid message and cant change...

Logfile of HijackThis v1.99.1
Scan saved at 9:19:37 PM, on 6/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Stardock\Object Desktop\ThemeManager\wbload.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Advanced Interactive Multimedia\aim.exe
C:\Program Files\Hcvm\Crtas.exe
C:\Program Files\Information Update\iu.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common File... Read more

Answer:SPYSHERRIFF hijacker removal

Closing duplicate thread. Continue here: http://forums.techguy.org/showthread.php?t=376607
 

1 more replies
Relevance 72.16%

I have managed to contract this PCeU hijacker which has locked me out of my laptop.[XPS M1210] AMD chip. I searched online for fixes but cant find a solution that I can use or that works on the Laptop. Im running an old version of XP Pro 5.1 so cannot use 'Safe Mode with Networking' as the PCEU page loads once that I have logged on to the user account. I have tried 'Safe Mode with Command Prompt' then typing > CD Restore > rstrui.exe to get to system restore to choose a restore point before the infection. However the system cannot find the path specified when I type the initial cd restore command.

I have Malwarebytes on my desktop but cant access it and the machine im typing this on is a Linux OS and wont let me download to a stick. Can anyone provide instruction to remove this properly, I have searched through the topics and cant find a solution and im not very proficient at fixing problems without a guide.
Thanks in advance.

Answer:PCeU Hijacker removal in XP Pro - help please

Removal instructions, http://www.bleepingcomputer.com/virus-removal/remove-police-central-e-crime-unit-reveton-ransomware .

One of the most important parts of the removal instructions...suggests initiating a topic in the appropriate forum, beginning with "If you still have problems..." Please follow the instructions and ensure that you post in the correct forum.

Good luck .

Louis

3 more replies
Relevance 72.16%

Need help getting rid of Hijacker Tubby. I know there have been a lot of threads on this but been 2 years since the last one. I tried to use ComboFix (on my own) and almost made it worse. Just want some advice on a program to remove it or if it is ComboFix, I need some guidance or assist. So can anyone point me to the best solutions? Thank you
 

Answer:Hijacker Tubby Removal

Welcome to the Malware Removal Forum.

Please read ALL of this message including the notes before doing anything.

Pleases follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide


and attach the requested logs when you finish these instructions.

**** If something does not run, write down the info to explain to us later but keep on going. ****
Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.


After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:


If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
If you cannot seem to login to an infected user acco... Read more

1 more replies
Relevance 72.16%

When i search and internet sight assoon as i click on it i get redirected 80% of the time to btcar.com and at other times various sites, I have tried many methods and even after a virus scan detecting 8 threats and curing them the problems still persists. Here is my current hijackthis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:57:35 AM, on 6/01/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exeC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\Java\jre1.6.0_03\bin\jusched.exeC:\Program Files\Microsoft IntelliType Pro\itype.exeC:\Program Files\Microsoft IntelliPoint\ipoint.exeC:\WINDOWS\system32\LVCOMSX.EXEC:\Program Files\Logitech\Video\LogiTray... Read more

Answer:Btcar Hijacker Removal

Welcome to the BleepingComputer HijackThis Logs and Analysis forum. My name is Richie and i'll be helping you to fix your problems.Apologies for the late response,as i'm sure you can appreciate we are absolutely snowed under with logs.If you still require help,please post a new Hijackthis log into your next reply.

1 more replies
Relevance 72.16%

I have found out I have the "btcar hijacker" and have run several online scans with no results. I have read I can do this "Hijack This" scan and here is the report. Can you help me???

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:03:51 PM, on 4/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.ex... Read more

Answer:need help with btcar hijacker removal

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 6.
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep yo... Read more

1 more replies
Relevance 72.16%

I accepted a friend on FB, thinking it was a new member of K of C, only to discover that it was not a real person. I saw a post that said not to friend the "person" as it was actually a hacker, but unfortunately saw the post too late. When I went to check, the "friend" did not appear in my list of friends.

I'd be interested in knowing what kinds of freeware might exist that would protect me accidentally getting into this position in the future.

Any help you can offer would be greatly appreciated!
Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft Windows 7 Starter , Service Pack 1, 32 bit
Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz, x86 Family 6 Model 28 Stepping 2
Processor Count: 2
RAM: 1015 Mb
Graphics Card: Mobile Intel(R) 945 Express Chipset Family, 256 Mb
Hard Drives: C: Total - 142368 MB, Free - 112489 MB;
Motherboard: ASUSTeK Computer INC., 1005HA, x.xx, EeePC-0123456789
Antivirus: Lavasoft Ad-Watch Live! Anti-Virus, Disabled

My computer seems to have been hijacked. I did download and run the three programs I was told to run on the first time user page. The logs from those are here:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:23:17 AM, on 8/11/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\Program Files\asus\SystemSetting\WallPaperAgent.exe
C:\wind... Read more

Answer:Hijacker and malware removal

Methuselah1 said:


I accepted a friend on FB, thinking it was a new member of K of C, only to discover that it was not a real person. I saw a post that said not to friend the "person" as it was actually a hacker, but unfortunately saw the post too late. When I went to check, the "friend" did not appear in my list of friends.

I'd be interested in knowing what kinds of freeware might exist that would protect me accidentally getting into this position in the future.

Any help you can offer would be greatly appreciated!
Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft Windows 7 Starter , Service Pack 1, 32 bit
Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz, x86 Family 6 Model 28 Stepping 2
Processor Count: 2
RAM: 1015 Mb
Graphics Card: Mobile Intel(R) 945 Express Chipset Family, 256 Mb
Hard Drives: C: Total - 142368 MB, Free - 112489 MB;
Motherboard: ASUSTeK Computer INC., 1005HA, x.xx, EeePC-0123456789
Antivirus: Lavasoft Ad-Watch Live! Anti-Virus, Disabled

My computer seems to have been hijacked. I did download and run the three programs I was told to run on the first time user page. The logs from those are here:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:23:17 AM, on 8/11/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\Program Files\asus\SystemSetting\... Read more

2 more replies
Relevance 72.16%

Please help me remove this Livesearchnow.com virus. T_T Spybot, GooredFix and antivirus scan didn't work.

1. HighjackThis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:26:27 AM, on 21/01/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 4\PMonitor.exe
C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe
C:\Users\jennifer\AppData\Local\Akamai\netsession_win.exe
C:\Users\jennifer\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Users\jennifer\AppData\Local\Akamai\netsession_win.exe
C:\Users\jennifer\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program... Read more

Answer:LiveSearchNow Hijacker Removal

11 more replies
Relevance 72.16%

Hi, thanks in advance for any help. I have a nasty browser hijacker that has been around for maybe a month. I was too busy to try dealing with it at first, and it was only affecting maybe 30% of searches. Used to be able to back up out of the redirect and then choose one of the search results, and it would work the 2nd time. That's no longer the case. Now, it seems to redirect 100% of the time, and backing out of the redirect doesn't work.

When I first developed the problem, a security alert came on (I think it was from Webroot) when I'd search using Google or Yahoo. The alert listed 173.212.218.188 as some sort of known threat address. The redirections occur, btw, whether I use Firefox or Explorer. I think I even tried Alta Vista, and it still hijacked it.

Thanks again for whatever advice you can offer!

Here's the DDS report:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_21
Run by Upstairs Office at 23:59:52 on 2011-10-10
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6071.4282 [GMT -4:00]
.
AV: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {53211D91-0C31-95F2-E3A5-7661FB22889E}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {E840FC75-2A0B-9A7C-D915-4D1380A5C223}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system... Read more

Answer:Browser Hijacker Removal Help

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

17 more replies
Relevance 72.16%

Hello,

I have had this annoying problem for about 2 weeks. It also seems to switch off the IE status bar every time I turn it on and I am also blaming it for disabling the system restore function somehow. Have tried two different system restores with the same results after reboot saying something like "Restore incomplete, unable to restore, no files have been altered".

Anyway, here is my generated HijackThis log file if anyone has the time to evaluate it and make suggestions it would be MOST appreciated.

Many thanks
Lee.

===
Logfile of HijackThis v1.99.0
Scan saved at 8:59:11 AM, on 3/12/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Active Task Manager\atmsrv95.exe
C:\WINDOWS\System32\AvMonitor.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Telstra\Cable Login\bpcable.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBar... Read more

Answer:ADS234 Hijacker Removal Help

9 more replies
Relevance 71.34%

Hello.

My web browser(Google Chrome) have been infected with a hijacker called ads.alpha00001.com. I didn't know where I got this. I ignored it in the beginning because I thought it's just an app from Chrome but then weeks past and I got annoyed with the pop ups coming out in new tabs even if there is no browser on. So I searched in google for problems like this and found out that it is a hijacker. I have downloaded search and destroy and Anti-Malware(free trials) hoping that they can fix it. Now its been in my computer for like 1 month and I want/need to remove it as soon as possible. I would appreciate any help you can give me. Thanks in advance! and by the way i'm using Windows XP.

Answer:Browser Hijacker Ads.alpha00001.com Removal Help

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

48 more replies
Relevance 71.34%

Hi Guys,I think I picked this bug up after downloading from P2P software and it is very difficult to remove, and hides well from all antivirus software I have tried (Malwarebyte,Spybot,Superantispyware,AVG,Norton 360,Kaspersky).IE and Firefox both redirect me to other websites from a google search. Currently it sends me to sites via blueseek.com but earlier today it was essearch.net.The common thread is a Chinese symbol that appears left of the URL in the address bar or either browser.I have attached the required logs...My DDS log is:DDS (Ver_09-12-01.01) - NTFSx86 Run by michael at 23:00:07.73 on Sun 07/02/2010Internet Explorer: 8.0.7600.16385Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.3063.1803 [GMT 10:00]SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Windows\system32\lsm.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:... Read more

Answer:Malware/Hijacker removal request

Spybot has detected this as Virtumonde.dll . It can remove it, but it recurs upon reboot. I'm desperate for help!!!!!Thanks.

4 more replies
Relevance 71.34%

I have a browser hijacker that keeps reinstalling after I scan and remove it with any number of anti-malware software. I have followed the instructions for runing rkill.exe and then doing a full scan with malwarebytes or other software like Spybot Search and Destroy but it keeps coming back. It keeps showing up as:Registry Values Infected:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\asg984jgkfmgasi8ug98jgkfgfb (Trojan.Downloader)Each time I run any software the eliminates it, it simply appears in my registry right away. I have tried removing it while disconnected from the internet, but that hasn't helped either. I previously had vundo on my computer which i though i had successfully removed, but this lone problem keeps showing up and now my internet keep redirecting to junk sites and I have gotten notice from my ISP that there is illegal activity due to a virus coming from my computer.I have also tried manually deleting the file from my registry but it reappears immediately. Does anyone have any idea how I can locate and eliminate the installer?Please help,Thanks.I forgot, here is the rest of my Hijack This log. I've bolded the problem registry entryR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.football365.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/f... Read more

Answer:Hijacker/Malware Keeps Reinstalling after removal

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No inp... Read more

2 more replies
Relevance 71.34%

Good day! Hi, I've come here to ask for some help. My apologies in advance if I'm doing something wrong in this posting.

I think my web browser unfortunately (primarily Google Chrome) have been infected with this so-called 'ads.alpha00001.com' malware. Since just yesterday, these pop up ads, i.e. enterfactory.com, have randomly opened in new tabs. I can still close them at will but I'm afraid this could be a very dangerous infection. I am running on Windows XP. I've downloaded malwarebytes anti-malware hoping to remove it, and the ads stopped coming up. However, good as it seems, every now and then it notifies me that it has successfully blocked a malicious website which I suspect is still the same malware. I'm using the anti-malware on free trial, and I was hoping that this will be fixed permanently.

I've read around here a similar concern (though I can't seem to find it now) and I think the 'ads. ...' was in one of the posted logs. Sir Gringo helped the member every step of the way and they've successfully fixed the problem. I wanted to just follow what they did, but I figured I ought not to and speak to the experts first. Hence, I came here to try my luck, too. Thank you!!! :D

Answer:Web Browser Hijacker/Pop up Ads Malware Removal Help

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the ... Read more

18 more replies
Relevance 71.34%

hello, i have used superantispyware multiple times and every time i remove Browser Hijacker.Deskbar. So then when the computer restarts, i do another scan and i find it there. I also was having some vundo problems but, i THINK that i have removed it using VirtumundoBeGone. Are these 2 related? please help asap. Also random pop-up windows come up. Also superantispyware dectects adware.tracking cookie. I

Please Help

Answer:Browser Hijacker.deskbar Removal Help

Hello whitefire293 and welcome to BC I see that you have an HJT log posted here: http://www.bleepingcomputer.com/forums/t/151795/browser-hijackerdeskbar-lots-of-pop-ups/ Because you have this log posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting y... Read more

1 more replies
Relevance 71.34%

Hi,I'm having some issues with a hijacker and a trojan. I run Bullguard but it's not picking up anything. Neither does Spybot S&D. However, Trend Housecall says I have troj_seekwel.toIn IE I am being redirected when I click on Google search links. Often IE is crashing and saying that the add on pcmfd3.dll is causing the issue.Firefox is running fine.Would be grateful for some assistance in getting rid of this nasty.Here is my Hijack This file:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 19:50:21, on 28/06/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome�... Read more

Answer:troj_seekwel.to / Hijacker removal problems

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

50 more replies
Relevance 71.34%

I have gone thru all of the processes with hijackthis and help2go. Problem seems to be o1-Hosts 69.20.16.183 auto.search.msn.com, Hosts: 69.20.16.183 search.netscape.com and 69.20.16.183 ieautosearch but when I check fix they are not removed. Can anyone tell me why and what is my problem? Thanks
 

Answer:Common hijacker removal help needed

That's is a Look 2 Me VX2 problems. Normally when there is one problem there are others. Please follow the steps below. And after that we can move on to the VX2 issue.

To help us to best help you, please follow the steps below closely and in the order given and do not skip anything. If you have any difficulty, please post back letting us know what steps you have completed, what you found while doing the scans if anything along with details about any problems you may have encountered in completing the steps. The more details you can provide the better. Don't be afraid to ask for additional help if you don't understand something!

- Run ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus RemovalMake sure you check version numbers and get all updates.

- Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.
After doing ALL of the above you still have a problem:

- Download HijackThis 1.99.1

- Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

- Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

- Before running HijackThis: You must close each of the following:your web browse... Read more

2 more replies
Relevance 71.34%

Hi there,
I could not find this by searching BC's site. Can you direct me to a link to guide me through removing searchonme virus, which gets into all browsers and hijacks them?

Thanks,
JudyLou

Oops, never mind. I found bleepingcomputer's help page on this by searching the internet, so will follow those instructions. Please excuse.

Answer:Removal of searchonme.com browser hijacker

No problem...let us know the outcome of your efforts.

Louis

1 more replies
Relevance 71.34%

My machine is a
Dell Dimension E310 with XP and Pentium 4 HT
 
I have started following the instructions at
http://www.bleepingcomputer.com/forums/t/495194/i-need-help-with-sweetpack/?hl=+sweetpack
and have gotten as far as downloading and running
DDS
I have the 2 logs generated by DDS and can paste them in my next message if that is the correct next step.

Answer:Request help: removal of 'Sweetpack' hijacker

You need to follow the Prep Guide...initiate a new topic in the forum which contains the Prep Guide...and post the DDS logs, awaiting further instructions within that forum from Staff personnel or HelpBot.
 
Thanks .
 
The topic you started here...will be closed. once you have followed the instructions, initated a new topic and posted the logs...in the proper forum.
 
Louis

3 more replies
Relevance 71.34%

Hello Major Geeks,

I am here once again, as I can not seem to get rid of Spyware FunWeb Products.
I have ran Spybot and Adaware Ten times to no avail.
Any help greatly appreciated.
Also my son visited a web site for video game cheats and we were inundated with pop-ups and I beleive a virus or two.

I found out that my Symantec Norton Anti-Virus has expired. What is the best Anti-Virus software to purchase.
I have ran a HighJack This log entered below. All help so appreciated.
Thank you,
River

Edit by chaslang: Old version, unrequested, inline log removed
 

Answer:Spyware Removal & Virus Removal - please help

Please read the announcement and sticky threads. HJT logs should only be posted when requested and then they must be attachments to your message. Your HijackThis version is way out of date too.


Please run the steps below.

- Run ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

Make sure you check version numbers and get all updates.

- Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.
After doing ALL of the above you still have a problem, boot into normal mode and make sure you follow these directions:
- Download HijackThis 1.99.1

- Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

- Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

- Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

- Run HijackThis and save your log file.

- Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).
 

4 more replies
Relevance 71.34%

My laptop does not work properly. I think virus has attacked my laptop. How to remove virus from laptop ?

Answer:Virus Removal / Spyware Removal

Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully. First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem. Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me. Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts. If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean. My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.    Scan with DDSDownload DDS and save it to your desktop from here or here orhere.Disable any script blocker, and then double click dds.scr to run the tool.When done, DDS will open two (2) logsDDS.txt: save to your desktop then post its contents in your topicAttach.txt: save t... Read more

3 more replies
Relevance 70.52%

Hello everyone, I just wanted to know how can I block those scam pop ups, that says to dial some stupid numbers for online support and also how to remove malware, adwares, browser hijackers from my MAC and Windows Computer
 

Answer:Malware, Adware and Browser Hijacker removal

We do not have the tools for Mac, only for Windows.

Hello,

Please follow this topic and attach required reports

http://malwaretips.com/threads/preparation-guide-before-requesting-malware-removal-help.20334/
 

1 more replies
Relevance 70.52%

I believe I got Vosteran when I was downloading FireFox.  Guess I didn't use the correct download version.  I want to remove Vosteran and add a virus/malware protection.
 
Thanks for your help.
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-01-2015
Ran by Denna (administrator) on DENNA-PC on 28-01-2015 22:07:02
Running from C:\Users\Denna\Desktop
Loaded Profiles: Denna (Available profiles: Denna)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
() C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
() C:\Program Files (x86)\ace race\bin\utilacerace.exe
() C:\Program Files (x86)\ace race\updateacerace.exe
() C:\Program Files (x86)\ace race\bin\acerace.expext.exe
() C:\Program Files (x86)\ace race\bin\acerace.PurBrowse64.exe
() C:\Program Files (x86)\ace race\bin\acerace.BrowserAdapter.... Read more

Answer:Infected with Vosteran hijacker - need removal instructions

Hi there,
my name is Marius and I will assist you with your malware related problems.
Before we move on, please read the following points carefully.
First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.
 
 
We need to remove some programs with Revo Uninstaller Free:Note: Revo Uninstaller is more thorough in deleting programs on ... Read more

6 more replies
Relevance 70.52%

My browsers in firefox and IE have been jacked. Even the ads on my yahoo mail page have changed to enlargement ads. I ended up blocking them so I don't have to see them.

I ran trend micro and it found a COOKIE_LIVE PERSON , whichi it quarantined, and a couple others that it deleted. but the problem still exists.

Whenever I use yahoo or google search, i have to literally fight the browser not to go to a page for yellowdot search, or some stupid cow survey where it asks what is the animal pictured abocve, and who referred you there? I'm thinking its a private joke by the jerks who hijacked my browser.

Here's my DDS log per request when posting here. i'm hoping someone can help.
DDS (Ver_09-02-01.01) - NTFSx86
Run by bg at 18:04:22.56 on Sat 02/14/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2413 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)
AV: Trend Micro Internet Security *On-access scanning enabled* (Updated)
FW: Trend Micro Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd... Read more

Answer:browser hijacker removal needed. unsure of which name

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for p... Read more

2 more replies
Relevance 70.52%

browser hijacker known as trotux change my homepage and default search engine for all my browser, after that there is this annoying software that keep appearing and install by it self ( winsnare, kyubey.exe, bikaq RSS )

the known software keep appearing and install by itself ( winsnare, kyubey.exe, bikaq rss and 2 or 3 software that i forgot the name ) and after they keep incoming, they disable my microsoft security essential software, i need manually activate the MSE
even i still have zemana anti malware in my system (trial 5days left), the software suddenly installing itself
im using this software :
malwareantibytes,
adwcleaner,
hitman pro
and zemana anti malware

i already clear the problem arround 10-12 march, i run all scanner everyday, at it show clean system, but suddenly today the adware and malware come up again

maybe you can give me some advice and help, thanks in advance
 

More replies