Computer Support Forum

IE not working after Malware Removal

Question: IE not working after Malware Removal

My IE is currently not working. I noticed a program called AntiMalware Doctor running on my computer with pop up screens and I used the guide I found on your website to remove it. I now have Norton Security Suite and Maleware bytes' Anti Malware installed. I have already ran a scan with both programs and removed the infected files. The only program I am currently having difficulty with is IE. When I open it, it the window stays white and it finally says that the program stopped working. My system is Vista with IE 8. If someone could please help me I would be greatful!

Thanks!

EDIT** Norton has identified and blocked several 'Intrusion attempts'. All originating from the same IP address but with different sources listed.

Relevance 100%
Preferred Solution: IE not working after Malware Removal

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: IE not working after Malware Removal

Still having the same problem, though I have installed Firefox and it works fine. I would still like to make sure my laptop is clean and get everything back working. I did receive some sort of error message that says 'Host Process for Windows Services stopped working and was closed'. Did another Malewarebytes scan and it found 0 infected files.

6 more replies
Relevance 61.09%

Hi,I have tried many ways to get rid of some Malware that has only recently infected my PV. I hope someone can help me as this is my work PC and I need to plug back into my office network in a few days, but think this would be a bad idea at the moment.The problem first showed itself by insisting I had many viruses etc, and I should install Internet Security 2010. I have installed Malware Bytes removal tool, and installed as instructed. It found the above, said it was removed, but still it appears to exist, although the name of the infection has changed a few times, and is currently redirecting my brower to a similar page to the above malware. A popup now shows that I should install Cyber Security to remove the infections. This is obviously another malicious antivirus/malware program.I have McAfee Enterprise installed (which I can't seem to disable)I have also run SuperAntiSpywarePlus, which did the trick removing a similar problem about a year ago on a different PC. However, although this program also finds problems, and supposedly removes t5hem, the problem is still there.Please help. I have shown Hijackthis log below.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:58:42 PM, on 29/12/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16945)Boot mode: NormalRunning processes:C:\windows\system32\csrss.exeC:\windows\system32\winlogon.exeC:\windows\system32\services.exeC:\windows\... Read more

Answer:Cyber Security removal; Malware removal not working

Hi,I have tried everything I know of to remove this pesky piece of malware. It seems to keep changing names, starting out as Internet Security 2010, and redirecting me on a google search to a webpage trying to convince I was riddled with viruii and malware, and then trying to sell me thier software, which is really just a scam. I ended up here after a few days of tearing my hair out, almost beaten. I went through the tutorials, but unfortunately that was before I fired off a post in desperation. Please delete my previous post, as I have now followed the suggested path, and run the utilities to help diagnose my problems. The resulting files are attached.Please help. I hope the files uploaded can provide an insight into whats happening.Apologies for jumping right in and posting a Hijackthis log before I had read the tutorials.ntents belowDDS.txt contents pasted belowDDS (Ver_09-12-01.01) - NTFSx86 Run by Greg.Middleton at 15:30:23.26 on Tue 29/12/2009Internet Explorer: 7.0.5730.13Microsoft Windows XP Professional 5.1.2600.2.1252.61.1033.18.3063.2330 [GMT 9.5:30]AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}============== Running Processes ===============C:\windows\system32\svchost -k DcomLaunchC:\windows\system32\svchost -k rpcssC:\windows\Syst... Read more

3 more replies
Relevance 56.17%

Original Problem: My IE is currently not working. I noticed a program called AntiMalware Doctor running on my computer with pop up screens and I used the guide I found on your website to remove it. I now have Norton Security Suite and Maleware bytes' Anti Malware installed. I have already ran a scan with both programs and removed the infected files. The only program I am currently having difficulty with is IE. When I open it, it the window stays white and it finally says that the program stopped working. My system is Vista with IE 8. If someone could please help me I would be greatful!

Thanks!

EDIT** Norton has identified and blocked several 'Intrusion attempts'. All originating from the same IP address but with different sources listed.

Also, I have received an error message that states that the 'Windows Host file stopped working.' I would like to be 100% sure My laptop is clean and working properly.

Here is the DDS log:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Jacalyn at 19:21:01.02 on Wed 04/27/2011
Internet Explorer: 8.0.6001.18865
Microsoft? Windows Vista? Home Premium 6.0.6000.0.1252.1.1033.18.3069.1052 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows... Read more

Answer:IE Not working after Malware removal

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
Do not d... Read more

6 more replies
Relevance 55.35%

USB port not working after malware removal. I use a card reader on the usb port loacated on the front of my computer. After succesfuly removing "my way s#ar#h assistant", The card driver doesn't work. Do I need to insal a driver to get it functioning properly?
Thanks for all your help
 

Answer:USB port not working after malware removal

Hi

I would say your are best to follow what Chaslang posted HERE and attach the logs in that thread of yours in malware forum as while you may look ok and malware free, their maybe some malware files causing this.

We may be able to reinstall the driver but that may not change anything, unless all malware is removed first.


The info we would need to get the correct driver is in below steps, but TBH, do make sure you are fully clean from malware first.





If your PC is one from the likes of DELL, HP, Sony, etc what is the Make and model varient as this will assist us if we need drivers?

If your PC is a home or custom build what is the motherboard make and version?

Download and install Everest to find this info, at times a summary log of your PC can help, to do this

Install Everest and run
Click Report (top menu) > Report Wizard > Next
Choose System Summary Only > Next
Choose Plain Text > Finish and wait for report to generate
Click Save to File and leave the File Name as Report, then click the Save as Type dropdown and choose Report files (*txt) and click Save (n.b. Save to desktop is best as easy place to find it, use Browse to locate desktop)



Then attach your log to your next post as per these instructions HOW TO: Attach Items To Your Post [/URLClick to expand...


 

1 more replies
Relevance 55.35%

Hi,

My computer has been attacked by malware.
Now I followed the instructions on the opening thread of this forum and download DDS.scr, but I cannot make it to work.
After opening the program, I dont think it is doing anything. No logs are created.

Please let me know how to go about the first step
Btw, the symptoms of my machine are -

1) Random new browser windows opening with hoax antivirus pop-ups asking for download
2) Firefox crashing everytime it is launched. Crash report submittal is failing.

3)Unable to connect to Internet through wired LAN. It shows connected status but no sites open.

4) Sometimes my McAfee Antivirus is closing down abrutly throwing warning that it has been closed although the system guard icon of McAfee is still active.

Thanks!
Ron

Answer:Need help to get started with malware removal-DDS.scr not working

Hi
Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized, if not you'll find it in c:\rsit folder)

19 more replies
Relevance 55.35%

I recently (about a week ago) had adware on my computer. I am not sure where it came from but that's not the point. I had it completed wiped the malware out today and now the internet connection is not working for my the used to be infected computer.
 

Answer:Internet Not working after malware removal

I meant adware sorry...
 

6 more replies
Relevance 55.35%

I have worked on a couple of machine lately that have had rootkits (.zeroaccess) and after removal devices would not work. I tried the easy stuff like uninstalling/reinstalling devices, replaceing driver files, reinstalling inf files for the devices, SFC, and repair installs but the devices do not work correctly again. On one machine it is the CDROM, on another the mouse and keyboard. The mouse/keyboard with work ater a removal and reinstall but stop working after a reboot. A wipe and reinstall will do the trick but I sure would like a better answer. Has anyone else run into this or found an answer?

Answer:Devices not working after malware removal

Are you looking for a general answer or do you have an infected machine?

2 more replies
Relevance 54.94%

Hi,
2 weeks ago Malware.Trace & Net-Worm.Win32.Koobface were removed from my pc (using F-Secure and MAB). Things seemed ok at that point.

Last week I noticed I wasn't able to access the SEARCH function. A few days later Windows Media Player wasn't working and my scanner wasn't being recognized by the system.(Had a death in the family and didn't have time to pursue the issues at that time.)

Today I reinstalled Media Player and the scanner. Scanner is fine.

Both Windows Media Player and the SEARCH function work just fine when I use the Administrator account.

When I try to run WMP in any of the 3 limited user accounts I get this message: "An internal application error has occurred."

When I try to use the SEARCH function in the limited accounts, a window opens with only a blank folder in the title bar.

Please let me know what you think I should do.

Thanks a lot!

Answer:Computer not working right after virus/malware removal

You never really did post any logs in your last topicIt's possible that you could still be infectetedUpdate mbam and run a FULL scanPlease post the resultsThen run ATF and SASATFPlease download ATF Cleaner by Atribune & save it to your desktop.Double-click [Please download Dr.Web CureIt, the free version & save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows:Double-click on launch.exe to open the program and click Start. (There is no need to update if you just downloaded the most current versionRead the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.The Express scan will automatically begin.
(This is a short scan of files currently running in memory, boot sectors, and targeted folders).If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All.When complete, click Select All, then choose Cure > Move incurable.
(This will move any... Read more

12 more replies
Relevance 54.94%

Problems:1) automatic updates unable to turn on (can't even manually start using services list)2) On Avant Browser, new windows with content related to open tabs pop up randomly3) Can't use gmail or google on Firefox (this may be application problem)4) Frequent pop-ups in Internet 7 browserPrograms:Used to have Ahnlab V3 Security Center (along with Adaware, Spybot, and Spydoctor (disabled) ), but switched to AVG upon review of this thread with similar problem (located here: http://www.bleepingcomputer.com/forums/t/36589/automatic-update-not-working/ ). Enabled Spydoctor and added C-Cleaner and did several online scans with programs on said thread. Computer started getting slow after installing V3Malware may have found it's way in after installation of the game Peggle. (See AVG log)I did an AVG scan and spybot scan in Safemode, log is as follows:AVG 8.0 Anti-Virus command line scannerCopyright ? 1992 - 2008 AVG TechnologiesProgram version 8.0.134, engine 8.0.0Virus Database: Version 270.4.7/1546 2008-07-11HKLM\SOFTWARE\Classes\MayaAsciiFile Found Adware.CommonName C:\Documents and Settings\Bienna Song\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Locked file. Not tested. C:\Documents and Settings\Bienna Song\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested. C:\Documents and Settings\Bienna Song\NTUSER.DAT Locked file. Not tested. C:\Documents and Settings\Bienna Song\ntuser.dat.LOG Locked file. Not tested. C:\Document... Read more

Answer:Automatic Updates Not Working/malware Removal

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.... Read more

14 more replies
Relevance 54.94%

Ransom virus popped up on kid's phone (yeah, I know)...Samsung Axiom running Android 4.1.2. None of the tactics found online work. Avast does not open. Tried installing Malwarebytes...installed, but unable to open through play store. I tried hooking it up to a pc with Malwarebytes, but the program won't let me scan the phone.
 
I need ideas. Please help.

Answer:android: malware removal steps not working

G'day nomad, Click on THIS LINK,...(I am assuming this is not the avast program you already have) ....install the program, follow the prompts, and let me know if it gives you any joy.

3 more replies
Relevance 54.94%

Hey

So my hp tablet (windows xp) was infected with fake virus alerts which would not allow me to connect to the internet.

The malware has been removed, but I still cannot connect to wireless at any location (others can). Wired ethernet works. Right now my laptop is connected to a wireless router via an ethernet cable.

I can "see" wireless networks. When I try to connect, I am told I am connected, but I can't do anything and become disconnected in about 5 seconds. The connection continues to "connect" and "disconnect" every 5-10 seconds, although I still can't use the internet either way.
When I "repair" connection, I am told the ip address cannot be renewed. I have renewed the ip address manually in command prompt, but that doesn't change anything.

When I run ipconfig/all in command prompt, I get this (minus the host name):

Windows IP Configuration
Host Name . . . . . . . . . . . . :
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Wireless Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Description . . . . . . . . . . . : Intel(R) PRO/Wireless 2200BG Network
Connection
Physical Address. . . . . . . . . : 00-16-6F-94-32-DB
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
... Read more

Answer:Solved: Wireless not working after malware removal

16 more replies
Relevance 54.94%

Hello,

Sorry for the length of this post, but I try to describe in detail what I've done. I have used the instructions in the "READ & RUN ME FIRST. Malware Removal Guide".

The reason I have done this is, because Avast On access scanner periodically alerted me to trojans in the temporary internet folder for the past two weeks. I instruct Avast to delete these files but the messages always come back a short while later. Two days ago it started alerting me of blocking access to a malicious site (the url for this site is garbled and ends in .cn). This message would pop up every 5 to 10 seconds. So I attempted to remove the malware on the pc with the help of the instructions of this forum yesterday night.

I am not sure where the trojan/malware originated from, as I am not the only user of this computer (my parents also use it). Around the time that the problems started, I visited a reputable (or so I thought) job site (engineeringcareers.co.za) - upon visiting Avast alerted me to a trojan attempting to download and gave me the option to block the connection to the site, so I did so.

Now, on to how I followed the instructions in your guide and the problems that I encountered:

I followed all the instructions to the letter, up to and including the Malwarebytes' Anti-Malware. Super antispyware had to be renamed to SAS.exe to run, as the explorer window crashed if I tried to run it normally. After MBAB finished, I could not connect to the interne... Read more

Answer:following malware removal instructions - MGTools not working

Hello again,

Here are the combofix and rootrepeal logs I intended to post. I wanted to post them directly after my earlier post, but real life interfered in the time between posting and my post showing up in the forum. This will probably be seen as a bump, but oh well - so far it looks like my problems are sorted out, so far Avast has not given me any more alerts to trojans/rootkits.

Thanks again,

Z.
 

8 more replies
Relevance 54.94%

Hi, I have been using Google Chrome for many months without a problem. However, last night I was somehow infected by malware. A fake anti-virus program appeared in my system tray and I could not kill it or any other processes. It prevented me from running MalwareBytes or getting to the Task Manager. I restarted my computer in safe mode and ran MalwareBytes and it removed 7 things. However, since then, I have not been able to use Google Chrome or Internet Explorer; I am currently only using Firefox because that is the only browser that works. I did some searching online and found that other people have had this problem after removing malware from their computers as well.I would greatly appreciate it if someone could help me figure out what is wrong with my computer.I am running Windows Vista (64-bit) SP 2.As stated in the Preparation Guide, here is the log produced by DDS. Also, I ran GMER, and I attached the file that I saved from it. However, a bunch of the options were grayed out, so I wasn't sure what else to do. I will await further instruction and rerun GMER if need be.Thank you so much!DDS (Ver_10-03-17.01) - NTFSX64 Run by Ken at 13:18:11.29 on Sat 07/10/2010Internet Explorer: 8.0.6001.18928 BrowserJavaVersion: 1.6.0_14Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.4093.2571 [GMT -4:00]SP: Windows Defender *enabled* (Updated)
google_ad_client = "ca-pub-3249370012249755";
/* Forums - Bottom */
google_ad_slot = "5165859604";
google_... Read more

Answer:Google Chrome not working after malware removal

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.Note** If you are having problems posting the complete log into this thread upload them here http://www.rapidshare.com/ and post the links in this thread We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.I order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is ... Read more

13 more replies
Relevance 54.94%

Hello, I've just about given up trying to fix this and am ready to reinstall the OS, but maybe someone here knows what's wrong and how to fix it. The computer was upgraded to Windows 10 and had some minor malware that was removed. After the clean up the printer no longer works (I'm not sure if it was working before the clean up since it wasn't tested). The computer has no other problems or errors in the event log.


The printer is an HP OfficeJet 8500 A909g. The OS is Win 10 x64.


Symptoms:

-The printer is detected in devices and printers
-The scanner actually works
-It will print an internal test page of some kind from the HP Solution Center, but not the Windows test page or anything else.
-The same problems happen with both network and USB installs
-When printing a text document it says "The handle is invalid." with a yellow triangle and exclamation mark.
-When printing a Word Document it says "We couldn't print because there doesn't seem to be a printer installed :-(" with a yellow triangle and exclamation mark and a "show help >>" button.
-Opening the printer properties from devices and printers gives the following error with a red X before the properties windows opens: "C:\Windows\Explorer.EXE Function address 0x3f416fda caused a protection fault. (exception code 0xc0000005) Some or all property page(s) may not be displayed."

Attempted repairs so far:

-Uninstalled the printer and rein... Read more

Answer:Printer not working after Win 10 upgrade plus malware removal

Hi jcompguy and welcome to Tenforums.

That's a problem, yes, and you've tried just about everything I would have tried.

Have you run the Utility-Diagnostic Tool (just below the driver/software download) here?
HP Software and Driver Downloads for HP Printers, Laptops, Desktops and More | HP® Customer Support

If the printer works with other machines, then it's definitely that computer. Perhaps you could run sfc /scannow to make sure all system files are intact?

Also, before doing a clean install, I always try a repair install using an in-place upgrade. That just might do the trick.

Hope that helps!

0 more replies
Relevance 54.94%

Hello, I've just about given up trying to fix this and am ready to reinstall the OS, but maybe someone here knows what's wrong and how to fix it. The computer was upgraded to Windows 10 and had some minor malware that was removed. After the clean up the printer no longer works (I'm not sure if it was working before the clean up since it wasn't tested). The computer has no other problems or errors in the event log.


The printer is an HP OfficeJet 8500 A909g. The OS is Win 10 x64.


Symptoms:

-The printer is detected in devices and printers
-The scanner actually works
-It will print an internal test page of some kind from the HP Solution Center, but not the Windows test page or anything else.
-The same problems happen with both network and USB installs
-When printing a text document it says "The handle is invalid." with a yellow triangle and exclamation mark.
-When printing a Word Document it says "We couldn't print because there doesn't seem to be a printer installed :-(" with a yellow triangle and exclamation mark and a "show help >>" button.
-Opening the printer properties from devices and printers gives the following error with a red X before the properties windows opens: "C:\Windows\Explorer.EXE Function address 0x3f416fda caused a protection fault. (exception code 0xc0000005) Some or all property page(s) may not be displayed."

Attempted repairs so far:

-Uninstalled the printer and rein... Read more

Answer:Printer not working after Win 10 upgrade plus malware removal

Hi jcompguy and welcome to Tenforums.

That's a problem, yes, and you've tried just about everything I would have tried.

Have you run the Utility-Diagnostic Tool (just below the driver/software download) here?
HP Software and Driver Downloads for HP Printers, Laptops, Desktops and More | HP® Customer Support

If the printer works with other machines, then it's definitely that computer. Perhaps you could run sfc /scannow to make sure all system files are intact?

Also, before doing a clean install, I always try a repair install using an in-place upgrade. That just might do the trick.

Hope that helps!

8 more replies
Relevance 54.94%

I have discovered some Malware on my computer - under advice from my own techie friend I have run MalwareBytes and Combofix to remove and both do so for a short period of time and then the computer gets reinfectedThe virus disables all my .exe files and am sure probably more than that and I just want to clear it for goodI use Symantec as my anti virus etc all installed by a professional so really would like some help in clearing thisBelow is the log from Malweare and Combofix run in that order today - Malware always finds the same 6 problems Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4485Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.1870229/08/2010 09:27:51mbam-log-2010-08-29 (09-27-51).txtScan type: Quick scanObjects scanned: 172496Time elapsed: 26 minute(s), 31 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 2Registry Data Items Infected: 4Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\secfile\shell\open\command\(default) (Rogue.MultipleAV) -> Quarantined and deleted successfully.Registry Data Items Infected:HKEY_LOC... Read more

Answer:Removal of Hijack This etc Malware and COmbo not working

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please downloa... Read more

more replies
Relevance 54.94%

Hi,
I got infected with some unknown spyware and decided to use AdwCleaner to remove it. Unfortunately, after removal and restart of my comp, all my browsers (chrome, firefox and ie) shows that I'm unable to connect to proxy server and i cannot get on the internet

Below are my stats and the Adw Reports

Thanks

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 8.1, 64 bit
Processor: Intel(R) Core(TM) i5-3337U CPU @ 1.80GHz, Intel64 Family 6 Model 58 Stepping 9
Processor Count: 4
RAM: 8077 Mb
Graphics Card: NVIDIA GeForce GT 740M, -2048 Mb
Hard Drives: C: Total - 190423 MB, Free - 4238 MB; D: Total - 264346 MB, Free - 44283 MB; G: Total - 476799 MB, Free - 476786 MB; H: Total - 953861 MB, Free - 6912 MB; I: Total - 476927 MB, Free - 476171 MB;
Motherboard: ASUSTeK COMPUTER INC., K46CB
Antivirus: Windows Defender, Disabled
 

Answer:Internet not working after removal of malware using AdwCleaner

# AdwCleaner v4.208 - Logfile created 06/08/2015 at 18:22:38
# Updated 09/07/2015 by Xplode
# Database : 2015-08-01.1 [Server]
# Operating system : Windows 8.1 (x64)
# Username : Gladwin - GLADWIN
# Running from : C:\Users\ASUS\Downloads\Programs\adwcleaner_4.208.exe
# Option : Scan

***** [ Services ] *****
***** [ Files / Folders ] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml
File Found : C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\eakacpaijcpapndcfffdgphdiccmpknp
File Found : C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_niloccemoadcdkdjlinkgdfekeahmflj_0.localstorage
File Found : C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_niloccemoadcdkdjlinkgdfekeahmflj_0.localstorage-journal
File Found : C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
File Found : C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
File Found : C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_user.qzone.qq.com_0.localstorage
File Found : C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_user.qzone.qq.com_0.localstorage-journal
File Found : C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_v.qq.com_0.localstorage
... Read more

6 more replies
Relevance 54.94%

Hi all, let me first introduce myself. My name is Andrew.

Here is my current situation: The other day while on my computer, I started receiving messages I've never received before. I kept receiving popups on my desktop saying that threats had been detected and then proceeded to perform a fake system scan. The "dialog box" said something like 'PC AntiSpyware 2010'. I also had the little red circle with the white X in my system tray. Anytime you'd mouse over it, a warning balloon would pop up.

After doing a little research around these forums, I decided the best bet would be to download, update and run MalwareBytes' remover tool. I did a scan, checked all the objects that came up (all 44 of them! OUCH!) and had the program delete them. I then restarted my PC and voila! No sign of the malware at all. Awesome.

Except now my internet doesn't work. Both my wireless adapter tray icon (D-Link DWL-G122) and my wireless network icon are shown as being connected and having excellent signal strength. I even did a ping of google.com using the CMD prompt and it showed no errors in either direction! Weird. It doesn't appear to have anything to do with my network either, as every other computer connected to this network also connects to the internet with no problems at all.

So my question is wtf is going on here!? lol

I'm running out of ideas and would really like to get this resolved ASAP. Any help/advice at all will be greatly appreciated!

Thanks... Read more

Answer:Internet not working after malware removal. Please help, I'm desperate!

Mods, please close this thread as I am already receiving help elsewhere.

Thank you and I apologize for the inconvenience.

2 more replies
Relevance 54.53%

Hello all, let me thank you in advance for your time on this.
I am working on my mother's computer (Aspire 6gig ram, 1T HD, Pentium)
She has been unable to access her email for a while now, and I took an initial run at the issue with HighjackThis. (I'll attach the logs)
HJT recommended a series of fixes, which I checked, only to find that they didn't go away.
I then turned to this faithful site.
I have run the Vista, Win 7 and Win 8 Malware Removal/Cleaning Procedure.
Attached are those logs.
As always, all advice and attention is greatly appreciated.
Thanks.
-Dave.
 

Answer:Working through Vista, Win 7 and Win 8 Malware Removal/Cleaning Procedure

Added the log files.
Thanks.
-Dave.
 

2 more replies
Relevance 54.53%

I?m running Windows XP (2002). Yesterday, I had the ?Hard Drive Diagnostic? issue that I removed using the self-help guide. I ran rkill, Malwarebytes? Anti Malware, and Unhide.exe. Doing so took care of all problems and put all of my documents back in the ?my Documents? folder, except that the start menu shortcuts were not there (a bunch of empty folders where I anticipated links to MS Word and the like) and the background of my desktop had changed to the basic blue (or whatever that color is). I tried to follow the advice today of disabling antivirus software and running unhide.exe again; however, I was shortly being bombarded with the annoyance of Malware Protection. (I should note just prior to doing disabling AV software, I ran a Malwarebytes scan to make sure I wasn?t missing anything and came up with zero infected files.)

I tried starting in Safe Mode with Networking and running rkill; however, every time that I did so, the command window would open and state hat it was running and to be patient. Less than a half minute later, I would get a desktop message: ?Windows is running in safe mode. This special diagnostic mode of Windows enables you to fix a problem which may be caused by your network or hardware settings. Make sure these settings are correct in the Control Panel and then try starting Windows again. While in safe mode, some of your devices may not be available. To proceed to work in safe mode, click yes. If you prefer to use System Restore to restore your co... Read more

Answer:Malware Protection removal and TDSS Killer not working

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator&#... Read more

29 more replies
Relevance 54.53%

Hi
I have a Windows 7 64bit home laptop, it was infected with Malware. I installed MSE and it removed the malware but now can't browse the Internet, I've tried chrome and IE. I have tried to install malwarebytes but get a runtime error. I contacted their support and was asked to run FRST and send them the two log files which I did but not heard back yet. If anyone has any suggestions it would be really appreciated.

Answer:Internet Explorer and Chrome not working after malware removal - please help!

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/593024 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

2 more replies
Relevance 54.53%

At some point during the removal of malware, the Task manager of one of two user accounts stopped working. When accessed, it appears without headings or options except New Task at the bottom right of the pane. When I click on it, I get "Create New Task" box, which says, Open: Combofix. If I click the down arrow I get the following list: Combofix/uninstall, Combofix\uninstall, Notepad.exe, Regedit, cmd, appwiz.cpl, System recovery. I recognize these as being remnants of the clean-up process that was just completed. If I click ok, I get Combofix box - "Windows cannot find Combofix." Combofix was uninstalled after we were done removing all the malware.
The other user account is working fine. Also, I downloaded and installed the latest Internet Explorer 8 and Windows updates, but that didn't seem to do anything. The other user account, the one with the functioning Task Manager, is running better in general, updated. ? There is a thread that describes what we did, but I don't know how to link it to this thread.
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit
Processor: Intel(R) Pentium(R) M processor 1.60GHz, x86 Family 6 Model 13 Stepping 8
Processor Count: 1
RAM: 502 Mb
Graphics Card: Mobile Intel(R) 915GM/GMS,910GML Express Chipset Family, 128 Mb
Hard Drives: C: Total - 71186 MB, Free - 57582 MB;
Motherboard:
Antivirus: Microsoft Security Essentials, Updated: Yes, On-Dema... Read more

Answer:Solved: Task Manager not working after Malware removal.

11 more replies
Relevance 53.71%

Hi

REGISTRY/DRIVER ISSUE

I have an Acer Aspire 5740g laptop running windows 7 (log attached below).

I'm already indebted to you guys for your "READ & RUN ME FIRST. Malware Removal Guide" by chaslang, because it helped me to remove some nasty malware that was popping up on startup.

I ran through that guide till completion, including re-enabling UAC and doing the system toggles etc, including running all the anti-spyware programs even after the problem seemed to have been solved (although only the first two seemed to actually finish). The problem is gone thankfully but I've noticed an unusual side-effect:
audio no longer runs in browsers.

I'm wondering if some driver/registry change has caused this change. I've only tried testing the problem by opening clips that use sounds in youtube and megavideo (i'm using latest IE).

So far I have tried:
-restarting my computer
-updating adobe flash player to the latest version
-changing a flash player setting which is supposed to help in some situations (according to their support site)
-uninstalling and reinstalling flash player
-updating my sound drivers (found on the acer website- which involved removing the old drivers and installing the driver i downloaded).
-going into IE internet options> advanced> checking the "play sounds in webpages" box is checked
-closing all IE windows and restarting IE
-trying out (the limited) solutions google has thrown up

... Read more

Answer:Audio stopped working in browsers after running malware removal

Hi

It would be best as you have had malware on your PC to as you mention you have run the read me guide to actually attach the logs that that guide has you produce to your thread in malware forum HERE so that the experts in that area can give you an all clear on any remianing malware components, as while you may not see any issues outwardly, there maybe malware components left that are causing the audio issues, so need to remove them first before trying any driver fixes.


Once given the al clear on malware then post again here and we can try a few fixes.
 

9 more replies
Relevance 52.48%

I hope I have posted this in the right forum - most of the topics I see here on the first page seem to have the "Moved" tag on them. Despite what the title and the first paragraph describing my problem may suggest on a quick skim, I don't believe this problem is currently being caused by malware nor removed with malware removal tools, but rather being a system problem in nature.

I recently cleaned a Windows XP SP3 Media Center Edition machine of SystemFix, which was quickly followed by another malware program I don't remember, and after that by AV Protection 2011, using MalwareBytes' Anti-Malware. Since then, the computer shows in Network Connections that it has been connecting to our Linksys router, but no packets are being sent or received and there is no internet access available, and I can't even access the router administration page from the affected computer. The internet works without issue if I boot to Ubuntu Linux off of a CD/USB drive, so the problem should be with the Windows software. I've tried just about every possible solution I could possibly find on the internet, as well as a few I made up on the spot, which to my memory includes but is not limited to the following (all under an account with administrator rights, of course):

- scanned computer with MalwareBytes' Anti-Malware, COMODO Antivirus, SuperAntiSpyware, Ad-Aware, ESET, IOBit Advanced SystemCare 5, Sophos Anti-Rootkit, and avast! aswMBR.exe
- attempted to run tdsskiller.e... Read more

Answer:Internet not working after malware removal - system/registry/setting damage suspected

and welcome to the Forum

We have a malware removal forum and I suggest you post there. Please follow our pre-posting process outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, please post the requested logs in the Virus/Trojan/Spyware Help forum, not here.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

2 more replies
Relevance 52.48%

A summary for the time-strapped can be found at the bottom of this post. If you have read my previous topic, the main new details are a more informative description of the unnamed malware and a brief mention of an attempt at a wired connection that I forgot earlier.

I have reposted this from the XP forums at the request of a team manager, though I feel it belongs there rather than here. Despite what the title and the first paragraph describing my problem may suggest on a quick skim, I don't believe this problem is currently being caused by malware nor removed with malware removal tools, but rather being a system problem in nature. Even so, I suppose that won't be so much of an issue if my helper is experienced in both subjects.

I recently cleaned a Windows XP SP3 Media Center Edition machine of SystemFix, which was quickly followed by another malware program I don't know the name of (it redirected search result links, and opened Mevio alerts and hidden iexplore.exe processes randomly with sporadic spurts of random audio in a manner similar to that described in this topic), and after that by AV Protection 2011, using MalwareBytes' Anti-Malware and possibly other automated removal tools which I can look up if that would be helpful. Since then, the computer shows in Network Connections that it has been connecting to our Linksys router, but no packets are being sent or received and there is no internet access available, and I can't even access the router administration pag... Read more

Answer:Internet not working after malware removal - system/registry/setting damage suspected

Hello and I guarantee the problem is still malware related.

What I need from you, is a proper set of logs so I can see the current state of the machine. I'll have to ask you to please stop doing any other self fixing while we're working together, or you'll make my job that much more difficult.

Please follow the instructions in our pre-posting topic New Instructions - Read This Before Posting for Malware Removal Help and post the requested logs in your next reply.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

19 more replies
Relevance 47.56%

Staff Advisory: This post needs to remain here until one of the malware team advise that it can be moved. This member cannot access our malware forums due to their infection. ~ Animal----------------------------------------------------------------------------------------------------------------------Hello, I got some help from some nice people in the live chat. I have made a log with your hijackprogram and am posting it at the bottom. It created two .txt files so there are two reports. I am unable to open ANY link that has the words anti-spyware anywhere on the page or in the address bar so unfortunately I cannot post this in the malware removal forum because the internet window closes every time. I am in dire need of some help! I have a subscription to spy sweeper and it is keeping things out but I was infected with Antivirus xp 2008 and possibly some viruses because the computer was un-protected for about a month while I was in the hospital..I run with Windows XP and a wireless connection. If someone could take the time to look at this for me I would be so incredibly thankful! I offer my services as a photographer/graphic artist/professional gift shopper/myspace designer/beginner web designer. You can see what I do at www.perfectionpictures.com and contact me if you need anything at all!Current Symptoms (in the order of appearance)Random Total system crash then restart then blue screen then back to windows. msvcp71.exe is missing so a program is being prevented ... Read more

Answer:Antivirus Xp 2008 Removal Help/am I Infected? Can't Open Malware Removal Forum

Hi & welcome,I would like to try a couple things before we go much further so I have a bit better picture of what is happening and can take the needed cautions.1.) click start> run> type msconfig and hit enter.click "boot.ini" tabCheckmark /bootlogClick "apply" and "close"Reboot when askedLocate and delete this file:C:\windows\ntbtlog.txt (in case your extensions don't show it looks like a notepad)RebootLocate & post:C:\windows\ntbtlog.txt2.) Click start> run> type: cmd.exe and hit enter.type the following commands exactly as you see em & hit enter after each one:cd c:\windows\system32dir userinit.exeNote the file size please & report that back to me. Leave cmd open a sec.Back at the cmd window...Type:cd dllcachedir userinit.exedir spoolsv.exeNote file sizes & report that back to me.Type exit in the CMD window & hit enter. (this closes it)3.) Can you see also if you can get this program installed please:http://download.bleepingcomputer.com/hijac.../HJTInstall.exeSave file> run it> follow prompts to install excepting defaults.Allow it to "launch" hijackthis.Click the "Do a System Scan and Save a Log File" optionSave the log file and then it should open with NotepadGo to Edit, Select All and then Edit, Paste to paste the contents of the log hereLet me know if you had any problems with the above please.I advise keeping the system offline as much as possib... Read more

3 more replies
Relevance 47.56%

Apologies, but i'm a bit of a novice. my computer did a scan when i started it and came up with some trojans. when i tried to delete them, a malware removal programme tried to install itself so i closed the download dialog box. unfortunately, i cannot remember the name of the software that was trying to install itself. please would you review my log below and help me clean my computer?

many thanks
---------------------------------------------------------------

DDS (Ver_09-12-01.01) - NTFSx86
Run by 0 at 19:57:35.67 on 02/01/2010
Internet Explorer: 7.0.6001.18000
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.44.1033.18.3000.1826 [GMT 0:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows&... Read more

Answer:attempted removal of trojans try to install "malware removal software

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 46.33%

Hi,

I have a dell xps 8300. It started acting up about 1 week ago (freezing while working online, freezing while trying to boot). Today i got the Blue screen asking me to restart if this was the first time I had received a blue screen.
I restarted it was fine for 30 minutes and everything froze.
I restarted it and I received error beeps ( 4 beeps)
I looked that up on dell support and they said it was RAM problems.
I opened up the computer vacuumed a bit, took out ram cards and reinstalled them.
It had been working o.k.for about 1 hour and only froze once more.
I decided to try the malware removal guide and here are the logs
Malware bytes did not find anything
TDSSKiller did not find anything
MGtools ran but as soon as it was done the window closed. i don't know how to find the log
Your help will be greatly appreciated
 

Answer:malware removal - have followed malware removal guide

I still want to see the log from Malware Bytes please.





MGtools ran but as soon as it was done the window closed. i don't know how to find the logClick to expand...

Should be directly on C:\ if that's where you boot Windows from. If you really cannot find the log, you'll have to run MGTools.exe again in order to produce a MGlogs.zip. Thanks.
 

20 more replies
Relevance 46.33%

I have run the malware removal intructions and when through each programs as they did remove some of the malware and virus. The issue that I am having is that when I open the computer under seperate user and try to run the malware removal programs via internet or through USB drive, I keep seeing a window which pops up asking me which program I want to use to open the program. I have run the computer under the adminstrator and do not seem to have problems running the

View attachment mbam-log-2011-03-28 (17-02-07).txt



View attachment combofix log.txt



View attachment SUPERAntiSpyware Scan Log - 03-28-2011 - 16-42-24.log



View attachment hijackthis.log

malware removal steps and have attached the reports from the intructions.

Even when I try to open add or remove programs under control panel- I get the following message: "C\windoesn\system32\rundll32.exe- application not found. I am thinking that It is something to do with AVG and have removed the program with the step.

Please help....

View attachment mbam-log-2011-03-28 (17-02-07).txt



View attachment combofix log.txt



View attachment SUPERAntiSpyware Scan Log - 03-28-2011 - 16-42-24.log
 

Answer:Help with malware removal- have run malware removal instructions

ssmehta007 said:



....try to run the malware removal programs via internet or through USB driveClick to expand...

Specific download and installation instructions are in our R&R ME FIRST guide :
ComboFix
Running from: l:\combifix\ComboFix.exe <--- belongs on your desktop

RootRepeal
Save it to your Desktop

SAS & MBAM
Installed to the Default Location - "C:/Program Files", as we suggest that you keep them after malware removal.

MGTools.zip
Download this file to the root folder of the drive where you have installed Windows (Typically this would be C:\ and thus you would have a C:\MGtools.exe file after downloading). ​
Please make those corrections and attach the missing RRlog.txt (from RootRepeal) and MGlogs.zip - normally it is C:\MGlogs.zip . Please tell me any problems you still have.
 

18 more replies
Relevance 46.33%

Since the ComboFix will not run on Vista or Windows 7 64-bit, I have to look for new malware/virus removal apps... It was good while it lasted. So what tools do people use for Vista these days when the computer says: "WARNING! YOURS COMPUTER IS AN INFECTED BY HARMFUL VIRUS!!!!"

Answer:64-Bit Virus Removal & Malware Removal Tools?

64-bit Anti-Virus:List of 64-bit Anti-Virus For VistaAnti-virus protection in 64-bit environmentsFree Anti-virus:avast! Free Antivirus Avira AntiVir Personal - Free AntivirusAVG Anti-Virus Free Edition 8.5Microsoft Security EssentialsPanda Cloud AntivirusKingsoft Free Antivirus (Cloud Scan)Paid for Anti-virus:NOD32 Anti-Virus PersonalMcAfee AntiVirus PlusTrend Micro AntiVirus plus AntiSpywareNorman Antivirus & AntispywareCA Anti-Virus Plus Anti-Spyware64-bit Anti-Malware tools:Malwarebytes Anti-MalwareSUPERAntiSpywareKaspersky Virus Removal Tool - How to install and use documentationSpyware TerminatorWindows Defender (64-bit)PrevxSpybot S&DAd-AwareNorman Malware CleanerSunbelt Counterspy (free Trial)Comodo BOClean Anti-MalwareSophos Anti-rootkitSanityCheck Advanced Rootkit and Malware DetectorESET Online Antiivirus ScannerESET SysInspectorAnVir Task Manager FreeWinPatrolStart with these:How to use Malwarebytes' Anti-Malware to scan and remove malware from your computerHow to use SUPERAntiSpyware to scan and remove malware from your computer

3 more replies
Relevance 46.33%

I posted the software forum yesterday and was instructed to complete the malware removal steps and repost here. I have a new computer running Windows 8.1. When I say new, I mean I started having problems within a couple of hours after turning it on!

I have McAfee antivirus protection and downloaded and installed my MSOffice 2013 Home and Student. All seemed to be fine. The MSOffice was up and running and McAfee said I was protected. Suddenly and I don't remember what I was doing...it said Microsoft something (sounded like an antivirus or firewall something) had detected several problems and I needed to "clean my computer". Oh so ignorant of all that was going on with learning Windows 8.1 after using XP for years I told it to clean. Somewhere in there it suggested I do a system restore. All seemed OK until I realized MSOffice was no longer there. I tried to download it again and reload, but with no luck. It occurred to me it had something to do with the system restore so I tried to undo the restore. That of course didn't help. I'm also now getting messages from McAfee that I am covered and safe but that my firewall is turned off and needs to be turned on. However I can get McAfee to do nothing. I can open a screen, but nothing I do makes it do anything. I tried downloading their "Virtual Technician" before I started the process you recommended and it acted like it was downloading, but 20 minutes later it was still "spin... Read more

Answer:malware removal help - removal instructions attempted

Can you try running the tools that were not working before including Hitman, in safe mode please. Let me know how you get on.
 

16 more replies
Relevance 46.33%

I read and followed precisely "Vista and Win 7 Malware Removal/Cleaning Procedure"

My issue: I was informed my my isp the following: "Mail Log Parsed from Feb 15, 2013 19:47:04 to Feb 16, 2013 19:47:04 User sent approximately 141,801 messages to 136,591 unique recipients. There were 2598 bounces received in this period, 1 percent of the emails sent. "

I have AVG, running constantly. ISP changed my password to stop the mail. I ran AVG in safe mode. Still not sure trojan erradicated. ISP referred me to your site.

I performed all steps. I have attached all logs except TDSSKiller. While it ran clean, no apparent log was generated. All except RogueKiller found no issues. RogueKiller found as reflected in log.

Please advise if you believe my system is clean, or what further I should do. Since I haven't seemed to find anything, it's hard for me to be comfortable that it's clean.

Thank you emmensely!!

Mike Sieber
 

Answer:Help with malware removal--have performed removal instructions

Welcome to Major Geeks!




mike sieber said:





I performed all steps. I have attached all logs except TDSSKiller. While it ran clean, no apparent log was generated. All except RogueKiller found no issues. RogueKiller found as reflected in log.Click to expand...

Not problems. It is just junk from AVG. All of your logs are clean. Many times when something like this happens, it is not an infection. It is due to a spammer/spammers getting your email login and password and they use it from other PCs to send out their spam. There are cases of infections that can cause spamming ( like some master boot record or partition infections ) but you show no signs of these.


If you are not having any other malware problems, it is time to do our final steps:
We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
Go back to step 4 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
Goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to ... Read more

3 more replies
Relevance 46.33%

Hello!
In reading more of these threads I can see Im not the only one with the iexplore issue.
Glad to know it can be corrected!!!!

I have multiple pop-ups and my computer is as slow as dirt.
When I get home at 3:30 Calif time I will do the HJTInstall.exe thing and post the results.
Would the results of one that was done two days ago help? Yes I was having the issue then and another company did one and told me to email it to someone, which I did but I havent heard anything back and my computer is close to useless at this point.
Can MFDnNC or anyone else help?
Thanks!!!!
Ginny
 

Answer:malware removal/popup/iexplore removal

16 more replies
Relevance 45.92%

I have scanned with AVG with the latest updates. On top of that insidious google redirect I get random pop ups even when I don't already have IE or Firefox running. Also getting sounds in the background like I'm clicking on a link, surfing the net when I'm not. And SYSTEM in task manager is hogging a ton of memory.Logfile of Trend Micro HijackThis v2.0.4Scan saved at 11:52:42 PM, on 8/7/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exeC:\... Read more

Answer:persistent malware undetected by virus scans and malware removal tools

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please download OT... Read more

2 more replies
Relevance 45.92%

Hi,

I am the IT manager in my company.

I have a co-worker, his computer has search redirect issue. That means most likely it has malware.
Then i installed some major malware removal: Spybot Search & Destroy, SUPERAntiSpyware, Malwarebytes

After i installed them, i cannot launch them(That definitely means it has some kind of malwares)
I needed to rename their .exe files, after i can run them and scan my computer.

SUPERAntiSpyware, Malwarebytes found something, but didn't solve the problem, search redirect and
blocking malware removal software are still there. Now i am running Spybot Search & Destroy will see what happened.

By the way, i run them in safe mode because when i logon window to normal mode, it is slow (like it takes a long time to explore hard drive, etc). I suspect the malware slow down my pc. hopefully not registry corrupted or something, but works smoothly in safe mode.

So you guys have any suggestions? or you need a log file from combofix?

Please advise,
Tommy

Answer:malware: google yahoo redirect and can't launch malware removal software

Try this:http://www.bleepingcomputer.com/virus-remo...sing-tdsskiller

5 more replies
Relevance 45.51%

I did a hijackthis scan and here's what I got:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:18:17 PM, on 4/20/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\WINDOWS\System32\DVDRAMSV.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exeC:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exeC:\WINDOWS\System32\00THotkey.exeC:\WINDOWS\system32\TFNF5.exeC:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exeC:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exeC:\WINDOWS\AGRSMMSG.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynT... Read more

Answer:Malware Blocking Acess to Spybot, Microsoft Malicious Removal Tool and other anti-malware programs

Hey guys I solved my own problem. I completely reinstalled windows. (It was about that time anyway)

2 more replies
Relevance 45.51%

Please help me,
I cannot access any internet (wifi & ethernet) after malware removal using GridinSoft Anti Malware. I already updated network drivers, but it's still not working.
 

More replies
Relevance 45.51%

I was surfing the web today and I believe I clicked on a pop up by mistake when I shouldn't have. Avira then blew up with Malware alerts and I knew I had a problem...

I did a virus scan and it removed the detections found but when I did a restart they were back again. Also, the virus seems to move itself around to other .exe files. I found it had infected moviemaker.exe so I manually deleted the file as I don't need it but as soon as I emptied my recycle bin the moviemaker.exe file returned back to its original folder.

I'm afraid something really nasty has infected me. Avira is detecting it as a W32/Infector.Gen2 and Maleware Bytes is detecting 2 Malware.Packer.Gen files.

I went through the Read Me First steps on this site and preformed everything it asked. However, I was unable to uninstall my previous JAVA (ver 19) and was not able to install the newest version of JAVA. Both gave me errors that the installation program wasn't working.

I'm attaching the logs here. Can anyone help me get rid of whatever is infecting my machine? I would really appreciate the help!
 

Answer:HELP-Requested Malware Removal (Infector.Gen2 / Malware Pacger Gen)

Here is the 5th log.
 

6 more replies
Relevance 45.51%

Hi, I'm suddenly having a lot of trouble with malware. My computer seemed to be running okay but I ran Malwarebytes as I occasionally do, and it picked up a fair amount of malware on my system. I deleted it and rebooted, but that's when my problems really began. Upon restarting, my internet connection has become almost unusable. It's extremely slow and generally I can't even open a page that I want after trying to refresh several times. Oddly though, google is working perfectly and a few other sites seem to work too, including this one. I've tried running MBAM again and again, each time it picks up more malware and I remove it, then reboot and the cycle renews. I can't seem to get rid of all of it, every time I scan my system there's just more of it. I've tried ComboFix but it doesn't seem to have done anything. One persistent thing seems to be photo_id.exe, I've got a few messages from MBAM saying it can't be removed and I need to reboot. Also, I've noticed that if I'm trying to reach a webpage, although it won't load there seems to be some redirecting, for example I just tried to reach a wikipedia page and it says &quot;The server at topsearchfeed.com is taking too long to respond&quot; For some reason I can't bloody format this properly no matter how hard I try, so here's an attached HJT log:
 

Answer:Malware removal attempt led to unusable internet, still can't remove all malware

problem has become more serious, now my mother has told me that the internet on her laptop is also extremely slow and essentially unusable, I'm worried that something from my computer has got on to hers via the wireless network we're both connected to. Somebody please help me
 

2 more replies
Relevance 45.51%

Gud day to everyone,

My computer having some malware activity, i have used adware 2008, spyware removal tool, norton anti-virus and other removal tool, but still those malware cannot be deleted.. My Computer icon could not display its properties, instead it appears like a file when you see its properties. It also disabled TCP/IP that why until now i cannot connect to the internet.. I don't have WindowsXP SP2 cd for repair..

Please help me as soon as possible, because it is a server..

Answer:Urgent! My XP SP2 have malware activity!.. cannot remove using malware removal tool

Hello frozenfire03, Welcome to TSF!

I recommend that you read this article… "Having problems with spyware and pop-ups? - First Steps"; follow the instructions very carefully; then, post all the requested logs and information; as instructed, in the HiJackThis Log Help Forum.
(Simply, click on the coloured links to be re-directed.)

Please ensure that you create a new thread in the HiJackThis Log Help Forum; not back here in this one.

When carrying out The 5 Steps, if you cannot complete any of them for whatever reason, just continue on with the next one until they are all completed.
However,it is extremely important to make mention of the fact that you could not complete any of the steps in your post to The HJT Help Forum; where an Analyst will assist you with other workarounds.

Once done, please be patient, as the Security Team Analysts are usually very busy; one of them will answer your request as soon as they can.

Good Luck with it.

Kind Regards,

7 more replies
Relevance 45.1%

Four steps that will keep your PC happy, healthy, and crap-free

Malware sucks. In the best-case scenario, it craps up your system with unwanted files and occasionally makes itself known in the form of a persistent pop-up window or annoying browser-based toolbar. In the worst-case scenario, malware completely takes over your desktop or laptop and ruins your life.

Your system slows to a crawl. You can’t even boot into Windows in the time it takes you to walk to the kitchen and back. Your data gets sent off to a faraway Internet land or, worse, your actual keystrokes are recorded for some unsavory individual to see. Malware locks down your browser, making you unable to actually do any browsing without being carted off to some bogus domain. You can barely run a program in Windows without getting bombarded by fake advertisements, programs, and dancing people on your desktop.

We can’t make this stuff up.

So what’s a computer enthusiast to do? Step zero: Read this guide, because we’re going to walk you through all the key details you need to know to both rid your computer of this junk and keep it free of downloaded nasties forevermore.



Read more at:
Maximum PC | Malware Removal Guide 2011: How to Get Rid of All The Latest Malware

Answer:Malware Removal Guide 2011: How to Get Rid of All The Latest Malware

Most excellent reading, thanks for posting for all to see, I , myself, use most all of these myself, the only paid program i have is malwarebytes, the rest are free add ons or are free programs . Thanks.

5 more replies
Relevance 45.1%

Dell m1330 Vista home premium. I have malware isses, frequent memory dumps, google redirection and something is preventing me from running or installing anti-malware programs. I had to install malwarebytes using the rename method, but the program will not run in safe mode or normal. I had spybot previously installed but I was also prevented from opening, so I tried reinstalling, but before it can complete the installation I get the blue screen of death memory dump! Before reading the procedure I ran coolweb, kill2me, windows defender and windows malicious software tool. None of the programs found anything. I also perfomed a couple system restores, but both failed.

Should I continue with the cleaning procedure (combofix), or does anyone know how I can get malwarebytes and spybot to run?
 

Answer:Trying to follow malware removal procedure, but malware is preventing me?

Here's my MGtools log, it was the only program that worked.
 

4 more replies
Relevance 45.1%

Hi, i got infected because i was triying to run malwarebytes and it skip the part of analising the files, it ended in arount 1 minute in a full scan, and i tried to download dr web cure it, and it dont allow me, the computer seems fine, but those things are very strange, and when i was running the scan i was in safe mode...
 
thanks for the help

Answer:Malware infected, malware removal tools useless

Greetings samidelcueva and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.If you would allow me to call you by your first name I would prefer to do that.===================================================Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter pro... Read more

0 more replies
Relevance 45.1%

Please find attached the logs from the scans in the Windows XP Cleaning Procedures. I followed the Cleaning Procedures but still have a problem. The problems can be pinpointed to yesterday when I surfed to a web site without having an up-to-date Anti-Virus definition files. Before I knew it, I had an infected machine.
There seems to be 2 problems.

(1) After restarting the computer, Windows File Protection gives following message.

Windows File Protection
Files that are required for Windows to run properly have been replaced by unrecognized versions. To maintain system stability, Windows must restore the original versions of these files. Insert your Windows XP Profession CD2 now.

I have Dell OEM Windows XP Media Center 2005 installed on my Dell Dimension 5150/E510. Problem is, Dell has a Windows XP re-installation CD but Dell states there is no 'CD2'.

(2) I keep getting pop ups every time Internet Explorer is open. The pop ups occur on their own.

Hopeful you can help me to fix the problem. :confused
Thanks,
Ankur

p.s. Please note, the AVG Anti-spyware log is not attached because it was not generated by the tool. I scanned my computer using Trend Micro (after updating virus definition files) and I can provide the logs if you need.
 

Answer:Malware problem not fixed with Malware Removal instructions

Welcome to Major Geeks!

Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Uninstall the below old versions of software:
Java 2 Runtime Environment, SE v1.4.2_03

Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

F3 - REG:win.ini: load=C:\WINDOWS\system32\mlljg.exe
O2 - BHO: (no name) - {3F7BDD0B-0462-4F19-8B87-54D83601B87C} - C:\WINDOWS\system32\mlljg.dll
O2 - BHO: (no name) - {B8AFD866-6B8B-490E-DA2E-39E671810F96} - C:\WINDOWS\system32\mknamps.dll (file missing)
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime

After clicking Fix, exit HJT.


Now download The Avenger by Swandog46, and save it to your Desktop.

Extract avenger.exe from the Zip file and save it to your desktop
Run avenger.exe by double-clicking on it.
Check the 'Input script manually' box.
Click on the magnifying glass icon.
Copy everything in the Quote box below, and paste it in the box that opens:




Files to delete:
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\mlljg.exe
C:\WINDOWS\system3... Read more

9 more replies
Relevance 45.1%

Had a machine in riddle with viruses which we duly cleaned up and removed without incident. Uninstalled the applications one at a time, restarting each time it was required and all was good.

After removing the last app (dont ask me which one it was I cant rememebr) the machine no longer starts.

It's boot cycling but once we disable automatic restart on system failure it brings up a STOP 24 error.

Have booted to puppy linux and examined the hard drive (which is SATA btw) and the data seems intact so we can assume, physically at least, that the drive is good.

Booting to an XP CD and attempting to access the recovery console to run chkdsk /r and it appears the drive is either not detected or is empty (the latter we know not to be the case)

Boot to an X CD to attempt a repair install and it tells me there is no hard drive present.

Check the BIOS and the drive is detected properly. swap the hard drive for a SATA CD and it detects the CD without issue which makes me thing the SATA controller must be functioning too.

Now it seems that the this single disk system has some kind of RAID configured on it according to the boot screens. My next step would be to remove the RAID but I'm concerned it might format the drive. Is this likely? It has an ASUS A8R-MX/S motherboard but the info I get from their site is a little vague.

Am I on the right track with the RAID thing or way off base, help me folks its driving me nuts.
 

More replies
Relevance 45.1%

Hi. I am trying to diagnose a problematic laptop for a friend. I don't know the details of what happened to cause the problems. The main problem I can detect is that the laptop is EXTREMELY slow. It seems like anything I try has a delayed response (even a simple mouse click). I followed the Malware Removal Guide, but was only able to run two of the five suggested tools as follows:

1) SUPERAntiSpyware - I ran this after manually updating the definition files on the version already installed and the scan found nothing.

2) Malwarebytes Anti-Malware - I was not able to update the definition files for the current version installed. After several attempts to uninstall this (via the Control Panel), I was able to do it via CCleaner. However, I was not able to re-install a more recent version due to problems with the Windows Installer service. After uninstalling an outdated version of Java (Update 14) via the Control Panel, I have not been able to install/uninstall any more programs.

2) combofix.exe - not compatible with 64-bit OS

3) RootRepeal - did not run on 64-bit OS

4) MGtools - did run; kept getting errors, but continued to completion

Attached are the SUPERAntiSpyware and MGTools logs:
 

Answer:Possible Malware preventing me from running malware removal tools

I am not seeing any malware in those logs. I do not know why MalwareBytes would not run, are you able to run it in safe mode? How does the PC behave when you use safe mode?

More than likely I think I will be sending you off to the software forum.

We can do this:

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:



O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - (no file)
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - (no file)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - (no file)
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - (no file)
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsM... Read more

5 more replies
Relevance 44.28%

HEY GEEKS NEED A LITTLE HELP. I HAVE A WINANTIVIRUS POP U THAT COMES UP EVERYTIME I AM ON THE NET, AFTER U X IT OUT 5 TO 6 OTHER POP-UP COME UP ABOUT A VIRUS. I AM RUNNING AVG EVERY MORNING, SYBOT SEARCH AND DESTROY, AD-WARE 6.0. HERE IS A HIJACK THIS LOG FILE TELL ME WHAT TO GET RID OF PLZ.

EDIT: Removed inline HJT log


THANKS

DOOKIE
 

Answer:winantivirus removal, malware removal

Hi and Welcome to Majorgeeks!

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.


Run this first

Virtumonde aka Trojan Vundo Removal - some people also refer to this as WinFixer

Then run the below and atach the requested logs for the malware experts to look over.


Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
Make sure you check version numbers and get all updates.
Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
Downloading, Installing, and Running HijackThis

Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.



When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:

[*]runkeys.txt - the log from GetRunKey.bat
[*]newfiles.txt - the log from ShowNew.bat
CounterSpy - ONLY IF you were not a... Read more

1 more replies
Relevance 44.28%

Hi. Thanks for this. I need to first tell you that I don't even know how to generate the logs everyone posts here for troubleshooting. I'm sorry. Maybe someone could tell me how, then I will.

Because my laptop wouldn't even boot to the O/S last week, DELL's tech support helped me move files, reformat and reinstall the OS. I reinstalled McAfee. A security tool warning popped up. I knew it was rogue; I came here and got rid of using mbam and process explorer - very easy. Or I thought I did. On my daughter's desktop this morning, there were 3 porn shortcut links ON HER DESKTOP!!!! There was also a link to "Active Security" - trying to figure out wtf this was it turns out it was another rogue. Awesome. It at least had an uninstall on Add/Remove programs... but obviously it is not gone, if that is even the cause of all this... Thinking MBAM would be a logical quick fix, I figured I would try that. My Mbam won't load - I have reinstalled and it - it reinstalls and then when I try to quicksccan it says I don't have permissions and then I can't even open it again. I can reinstall, then it is hijacked when I try to scan. My McAfee won't scan either so both are being hijacked and I also am having the same browser redirects as others when clicking on sites from search results. McAfee can't even fix itself. In safemode, McAfee tells me the truth at least that it is not working (in regular mode it poses like everything is... Read more

Answer:Ugh - Malware Removal Tools Disbled by Malware

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

1 more replies
Relevance 44.28%

Hi all, 
 
Recently on Chrome browsing on a site a received a web site popup saying "Your browser contains MALWARE. You have to install Chrome Malware Removal Tool". Confirming with OK opens an extension page:
 
https://chrome.google.com/webstore/detail/chrome-malware-removal-to/mbdoonnjlifcmakklcaembokjhjikank
 
I have a strong suspect this is a malware!!!
 
What I'm trying to understand if what kind of malware infected the web site I visited. Some technical specs could be useful . The web site is of a my friend and I'd like to help them to identify the malware infected their web site...
 
 

More replies
Relevance 44.28%

About a week ago, I noticed that when running Internet Explorer www.google.com that clicking on a website would take me to an add instead of the website. If I clicked back and clicked on the website again, it would correctly go to the website.

A day or two before noticing this issue I had upgraded to AVG 8.0 Free and had installed the latest Firefox version.

I am running a Windows XP Professional SP2, Intel Pentium 2.8 GHz.

I ran the instructions at forums.majorgeeks.com/showthread.php?t=35407 and am still experiencing the same issue as described above.

Any help would be greatly appreciated! This is the first forum I've ever posted to so be patient!

Thanks,
Deb
 

Answer:Malware - Exists after running MalWare Removal

This is the last of the Malware log files.

Thanks again!
Deb
 

2 more replies
Relevance 44.28%

Hiya

Im running XP, avg detected trojans, the first one it got rid of, the second one Generic13.ATHP it could only remove it partially, apparently located in in c:\windows\system32\svchost.exe

Started the Malware Removal Process as recommended, SuperAntiSpyware wouldnt install, so I changed the filename, and it has installed but when I attempt to run it I get an error message -

SUPERAntiSpyware Free Edition has encountered a problem and needs to close. We are sorry for the inconvenience

The same happens with any other malware/spyware removal program, Spybot S&D, Malwarebytes etc...

Is there anything I can do to fix this?

Thankyou!
 

Answer:malware halps/malware removal not running

Hi again,

also tried doing this (as seen in another thread)

Click Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices.

* Scroll down to ?Non-plug and Play Drivers? and click the plus icon to open those drivers.
* Then search for TDSSserv.sys
* Let me know if you find this or not.
* If you do find it, right click on it, and select Disable. Do not try to uninstall it.
* Also if this is found and you disable it, then reboot and see if you can run the cleaning procedure and attach the requested logs.


but the device mentioned is not present (although there are a few that have error "!" things next to them, but 30 or so others.

:confused have no idea if any of this will help you lovely helper person, but i guess im just trying...
 

2 more replies
Relevance 44.28%

Have got a strange one, where have attempted to remove XP antispyware 2009 using malware antimalwarebytes. Looks to have been partly successful - but have got something else interfering. Frequently have pages on IE as "not found".

Have posted HJThis log and Malware Antimalwarebytes log below. Thanks for any assistance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:01:58, on 08/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdjserv.exe
C:\WINDOWS\system32\lxdjcoms.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Technologi... Read more

Answer:Malware - blocking removal by malware antimalwarebytes

16 more replies
Relevance 43.05%

When I try to run a scan from usind AVG anti-virus, Avira, Windows Defender, or SuperAntiSpyware; when the scan gets to a certain point, Windows shuts computer down with a blue window. It says Kernel_Stack_ Inpage_ Error plus some standard verbage about if you recently installed sortware/hardware,see administrator, etc. At bottom it says: STOP: 0x00000077 (0x00000001, 0x00000000, 0x00000000, 0xF79B1D24). I could sometimes run AVG scan in "select drives/folders" mode but recently it quit allowing that after I upgrade to AVG 9 (free). I uninstalled AVG and went to Avira but with same results. Scanning with Windows defender did the same. I recently installed and ran SuperAntiSpyware and was able to pinpoint problem to " System Volume Information" directory. I am unable to open to see contents as Windows shows no files in it. When I ask Ariva to scan it, Ariva says no files also but if I use AntiSpyware to scan, it shows many files during it's scan but will get to a certain point and computer will shut down. I can almost see file that shuts it down but it happens too fast to catch it. I was able to run "RootRepeal" and log is below. I was not able to run "DDS.scr".

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/30 13:15
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: rootrepe... Read more

Answer:Unknown malware/virus won't let any anti-virus/windows defender/malware removal progran to complete scans

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

23 more replies
Relevance 42.23%

My computer recently became infected. At first, my taskmanager and regedit were locked. Next, my desktop background was locked. I fixed these problems, but continue to be bombarded with malware in my running processes which regenerate upon rebooting. Eventually, I could not startup Windows. Once the Windows loading page was finished, my computer would restart. I upgraded to XP Pro, can now log on, but still have malware. Please help! Thanks for your time!
 

Answer:completed steps in "READ & RUN ME FIRST MALWARE REMOVAL GUIDE" and still have malware

Re: completed steps in "READ & RUN ME FIRST MALWARE REMOVAL GUIDE" and still have mal

Here is my MGTools.zip log. Thanks in advance for your help. Any addition info needed please let me know. Take care.
 

4 more replies
Relevance 42.23%

I have followed recommended protocols to suceessfully remove the "Trovi" malware from my computer.
But have one minor problem.
The virus removal programs successfully removed the malware programs, as the program no longer runs on my computer.
But the malware appears to have left code in the windows startup directing the computer to run files which are now no longer present on my computer.
Problem is that this causes the following Windows Popup box "Run DLL" to come up , before any other windows startup programs run.

The Pop up box contains the following wording"

" There was a problem starting
C:\Users\LESTER\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll
The specified module could not be found."

Does anyone have any suggestions on how to get rid of the code lines in start up that lead to the popup box, so that it will no longer occur at computer start up.

Thanks.
Lester
 

Answer:Trovi Malware - "Run DLL" pop up box remains on windows startup after malware removal

Follow this thread and attach requested reports

http://malwaretips.com/threads/malware-removal-assistance-how-to-get-help.20334/
 

1 more replies
Relevance 41.41%

I ran the steps in the Malware removal guide, i haven't seen any new pop-ups, but i noticed that there were a few problems that bitdefender could not fix, and my laptop is still running slow.

I am running windows XP, and will attach all logs.

Thank you in advance for all you assistance.
 

Answer:ran all the steps in "Read & Run Me First malware removal guide," still have malware

Re: ran all the steps in "Read & Run Me First malware removal guide," still have malw

Here are the last three logs.
 

10 more replies
Relevance 41%

Hey,

So I got infected with this virus/malware MS Removal Tool. Things that I noticed: it created a file nvpcpl.dll, hid all my d drive files and removed 90% of the items from the Start > All Programs menu. I ran through all the scans but still cant seem to get the programs in the All Programs menu back. Attached are my clean scans in the order recommended. Just as an fyi, C: is my primary drive, D: stores all documents/pictures/music, F: is the external hard drive. Thanks for the help.
 

Answer:Malware removal help - MS Removal

Things that I noticed: it created a file nvpcpl.dllClick to expand...

See this link About nvpcpl.dll You do not have macafee installed and I am not seeing the file in your logs. Do you still see it? If so give me the full file path. But you also have NvCpl.dll running which relates to Nvidia which IS installed.

Download and run OTM.

Download OTM by Old Timer and save it to your Desktop.


Right-click OTM.exe And select " Run as administrator " to run it.
Paste the following code under the area. Do not include the word Code.

Code:


:reg
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}]

:files
C:\Documents and Settings\All Users\Application Data\oJh06504hBkGg06504

:Commands
[emptytemp]
[Reboot]

Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
Push the large button.
OTM may ask to reboot the machine. Please do so if asked.
Copy everything in the Results window (under the green bar), and paste it into notepad, save it as something appropriate and attach it into your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file prese... Read more

3 more replies
Relevance 40.18%
Question: Malware removal

I thought I might have some malware and did the scans last week. This week our server blocked something from my computer that was trying to access it so I scanned again with SuperAntiSpyware, malwarebytes, RootRepeal, ComboFix, and MGtools. SuperAntiSpyware found Trojan.Agent/Gen-Koobface and RootRepeal found something and I'm not sure what I am supposed to do with that. ComboFix ran while some programs were running. I'm trying to get work done also. MGtools did not make a log file that I can find. I have looked in the MGtools folder in the root drive and not logs.

Could someone look at these logs and tell me if there is anything else I should do.

Thank you.

Jim
 

Answer:Malware removal

Your log should be at:
C:\MGLogs.zip.
 

5 more replies
Relevance 40.18%

My dad is constantly reinfecting his computer every month or so and this latest infection is the worst ive ever seen.  The antivirus software has been disabled (Eset NOD32) and reinstallation fails with an error.  His user account does not have admin privileges either.
 
I have a ton of realtime security applications installed that i hoped would protect it but they didn't (Eset NOD32, Microsoft EMET, Webroot SecureAnywhere, Trend Micro Browser Guard, Trend Micro RU Botted, Spybot Search & Destroy Resident, Peerblock with subscription lists, K9 Web Protection, MVPS hosts file and dns set to use OpenDNS).  The proxy server is legit as K9 Web Protection is installed too.
 
I ran hijack this and while i can't understand the log, i did notice some host file redirections for Google.
 
P.S. I was going to reinstall the computer from a backup image, but i would like to know what the infection is before i do so because the malware might hang around.
 
P.S.S. Thanks in advance
 
Find below the DDS log:
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17126  BrowserJavaVersion: 10.51.2
Run by Adm1n at 0:36:34 on 2014-06-15
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.2047.917 [GMT -4:00]
.
AV: Webroot SecureAnywhere *Enabled/Updated* {66A6FE14-08CB-F415-3742-517201416109}
AV: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 6.0 *Di... Read more

Answer:Malware Removal Help

Good evening,.
If I was you I would just use Darik's Boot and Nuke to wipe the hard drive and then reimage and you should be good to go - it's bad enough trying to remove malware without trying to identify what it might be and the time spent doing that is wasted if you can just start afresh.

19 more replies
Relevance 40.18%

I ran across something nasty today - wish I copied the name down when AVG alerted me - but can not get to the logs. I have tried to run the steps in the instructions but can't get by them. I was running AVG 2012 Free and Malwarebytes Pro. But after encountering whatever I have both become corrupt. mbam would run for 2 minutes and then vanish and attempting to run again would give me the error "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."
I would reinstall mbam and run again and after 2 mins it would vanish. Downloaded and installed SUPERAntiSpywarePro and the exact same thing happens. Tried a full computer scan with AVG and it to became corrupt. Did a full AVG removal and tried to reinstall and it fails.

Please advise. And thanks.
 

Answer:Need help w/ Malware removal

Welcome to Major Geeks!

Sounds similar to problems cause by ZeroAccess infections which is the current major cause of problems these days. One of the common signs of this infection is seeing a process running that is made up of two longs sets of numbers with a colon in between them. For example a process similar to below will be seen in Task Manager:

4187824115:216031750.exe


If you try to kill it, it will just restart in a few seconds. This is just one piece of the infection. Please see if you can do the below:

Goto the below link and follow the instructions for running TDSSKiller from Kaspersky
TDSSkiller - How to run

Be sure to attach your log from TDSSKiller
Now please also download MBRCheck to your desktop.


See the download links under this icon

Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
It will show a Black screen with some information that will contain either the below line if no problem is found:
Done! Press ENTER to exit...

Or you will see more information like below if a problem is found:
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.
MBRCheck will create a log named similar to MBRCheck_07.16.10_00.32.33.txt which is random based on date and time.
Attach this log to your next message. (See: HOW TO: Attach Items To You... Read more

3 more replies
Relevance 40.18%

Hi all,I'm having a little trouble with removing some sort of virus which is becoming very tricky to remove. The .dlls (jowukuyu.dll & wuganabu.dll) appear to be hidden, and the registry entries just add themselves back in every time I remove them.I can't kill the .dll process as they don't even show up in task manager.Infact, I think the following is definately part of this virus:O20 - AppInit_DLLs: c:\progra~1\kasper~1\mzvkbd.dll c:\progra~1\kasper~1\mzvkbd3.dll c:\progra~1\kasper~1\adialhk.dll c:\progra~1\kasper~1\kloehk.dll c:\windows\system32\joretido.dll c:\windows\system32\loyayono.dll,C:\WINDOWS\system32\jowukuyu.dllMy 'hijack this' log is attached & I would be very appreciative of any feedback!Thanks

Answer:Pop-up/malware removal?

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable ... Read more

2 more replies
Relevance 40.18%

Have run malware removal instructions

The only one that failed was ComboFix. It has been a problem as it hangs up.
The recovery module that ComboFix installs also hangs up. Computer freezes.

I also still seem to have redirection by malware on my browser.

Original source of problem was a file titled Facebook_Password.zip that came in an e-mail.

I have attached the logs.
 

Answer:Please Help with Malware removal

What malware issues are you having, as I am not seeing any malware in your logs.
 

38 more replies
Relevance 40.18%
Question: Malware Removal

McAfee started to block suspicious sites. Decided to run through Malware removal. Below are the logs.
 

Answer:Malware Removal

Adding TDSSkiller Log.
 

12 more replies
Relevance 40.18%

Hello,

I have done the instructions for Read & Run Me First. So the next thing is to attach my logs I assume.

I noticed threat alerts earlier last week after I tried to download a TV show. I normally don't download shows to my computer for this exact reason, but I see my boyfriend do it all the time and think well I could just download 1, what could go wrong?? hahaha I'm an idiot!
I had AVG installed for quite some time (I now have Avast, thinking it would help more than AVG) that just kept popping up letting me know that threats were being blocked. I tried to run a scan and thought it would rid them, but that is when I realized it wasn't working, so I download Avast and removed AVG(uninstalled). I also downloaded Malwarebytes and tried to fix it that way. After those two programs didn't work, I researched online and found your site. I thought all the info I was reading seemed more helpful than what I was finding/doing myself. So i went through your instructions and my internet seems to be working a lot better. The only downside though, is that my Avast keeps telling me that it's still blocking the Malware/Trojan horse...how do I get rid of this??? It's showing up as object c:\win32

I plan to attend school soon and don't want to have any issues with my laptop not functioning properly..if you could help that would be FAB!!

Thank you!!!
 

Answer:PLEASE HELP I am new to Malware Removal

If there is any other log you need, please let me know

Thanks again team!
 

12 more replies
Relevance 40.18%

Alright so I was browsing some websites and then got several alerts with NOD32. I was using outdated java, outdated firefox, and outdated adobe reader (which I have now updated) which may or may not have contributed to this issue.

However regardless, I followed the removal guide and used MBAM and SAS yesterday to remove malware. MBAM found some things and I removed them (log provided), SAS found nothing - forgot to save the log (will re scan and post). Then today NOD32 popped up again and said these files were suspicious (which were the same files/similar as what popped up yesterday). Regardless I will let the logs speak for themselves as you all know more than I do:

RR log and MgTools will be otw
 

Answer:Malware Removal (need help!!!)

Welcome to Major Geeks!

You need to attach the logs from RootRepeal and MGtools before we can continue.
 

5 more replies
Relevance 40.18%

Hi! So, a few weeks ago I had an issue with two trojans. One was the GAC (redirecting me to advertisement sites) and another was a System 32\services. I searched online and came across your forum. There was also a similar thread with someone having the same issues. You recommended to do your cleaning and I haven't had a problem with getting redirected. However, I am still getting a pop up from Malware bytes about the System32. I ran your scans a few weeks ago (August 9) and I have attached all of the logs! Let me know if I should rerun any of the scans/programs! Any help would be appreciated. Thanks


--Just went to add the attachments and realize you have a maximum of 5. So, I still have the mglogs.zip and the TDSSKiller log that I can attach. I know you don't like double posts so just let me know when you want me to attach it!
 

Answer:Malware Removal help

Please do the below so that we can boot to System Recovery Options to run a scan. There will be two options to choose from. One if you do not have your Windows 7 boot DVD and another when you have your DVD.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Option1: Enter System Recovery Options from the Advanced Boot Options:
Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

Option2: Enter System Recovery Options by using Windows installation disc:
Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

On the System Recovery Options menu you will get the following options:



Startup Repair
System Restore
Windows Complete PC Resto... Read more

1 more replies
Relevance 40.18%

Problem started yesterday around noon-ish. I was suddenly hit with alot of popups, not sure what i was doing at the time that could have caused it. At first i could use spybot and it detected smitfraud and vundo. i removed them with spybot but it did not fix the problem. I am posting this from my other computer.

I ran smitfraud fix and vundofix that i downloaded online and both came up clean, didnt detect anything.

I cant start the computer in anything but safe mode, as it goes to blue screen of death if i try to start normally.

attempts to use spybot give me "invalid floating point operation", even when in safe mode.

thanks a million!
DDS (Version 1.1.0) - NTFSx86 MINIMAL
Run by Richard at 7:42:58.31 on Tue 01/06/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2038.1776 [GMT -8:00]
============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Richard\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchU... Read more

Answer:Malware Removal Help!

Hello Rhyyke and welcome to Bleeping Computer,1. Please download GooredFix and save it to your Desktop.Select "2. Fix Goored" by typing 2 and pressing Enter. Make sure all instances of Firefox are closed at this point. Type y at the prompt and press Enter again. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system. Please also allow any registry changes that may be prompted by any of your security programs.2. Please download ComboFix from one of the locations below, and save it to your Desktop.LinkLinkLinkDouble click the ComboFix icon to run it.If ComboFix askes you to install the Recovery Console, please do so..The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you.Once the Recovery Console is installed, continue with the malware scan.Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. If you have any questions along the way, STOP and ask them before proceeding !!Greetings,Thunder

12 more replies
Relevance 40.18%
Question: Malware removal

i got this virus last night. i was browsing on chrome and my AVG anti-virus thing popped up and said it blocked my access to a malicious site, but since it was chrome and not firefox with noscript, i worried that the damage had already been done. i tried a sweep with MBAM and it gave me some problems. when i rebooted i could suddenly not use my browsers anymore so i followed the instructions in the read-me thread.

i had to grab the superantispyware portable version because the other wouldnt load. this means unfortunately i dont have a log for that scan. it did find a trojan, though i cant remember what exactly unfortunately.

after that scan finished and it rebooted my PC, i was getting a bunch of error messages on startup that the system couldnt identify .exe files. i had a fix for that and run it but now, even after going through the whole read me post, i get the same error messages and must run the fix every time i start my computer.

i did get a bunch of errors when combofix was trying to write logs. it said somethings in an HIV folder couldnt be accessed or something. and when i ran mgtools, the hijack part told me something about not being able to access the "hosts" thing and gave me some instructions on how to do it manually or something but i wasnt sure what to do about that since i didnt see it in the read me.

here are the logs. the only lingering problem i've noticed is the .exe thing every start up.

thanks in advance. never using chrom... Read more

Answer:Malware removal

Please go here and scroll down to the exe file fix:
http://www.dougknox.com/xp/file_assoc.htm

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:




O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKCU\..\Run: [F.lux] "C:\Documents and Settings\Owner\Local Settings\Apps\F.lux\flux.exe" /noshow
O4 - HKUS\S-1-5-21-3517542941-223606305-1753810289-1005\..\Run: [F.lux] "C:\Documents and Settings\Owner\Local Settings\Apps\F.lux\flux.exe" /noshow (User '?')
O23 - Service: QZQCTACVOHC - Unknown owner - C:\DOCUME~1\Owner\LOCALS~1\Temp\QZQCTACVOHC.exe (file missing)Click to expand...

After clicking Fix, exit HJT.

* Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
If it is not on your Desktop, the below will not work.
* Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
* If ComboFix tells you it needs to update to a ... Read more

8 more replies
Relevance 40.18%

Problems:
Started last December or earlier
Recieved an alert
"Generic Host Process for Win 32 Services has encountered a problem and needs to close..." This would happen in nearly half of my user sessions.​sometimes programs would not open -- often I could use the computer for an hour or so, then this behavior would start.
often the computer would hang when shutting down, especially on
"Saving your settings...​
Yesterday I went through the malware removal process described in the Forum. The only exception was that I couldn't get RootRepeal to run. I got the window"Initializing, please wait"​and waited several times for more than half-an-hour. This morning I started again at that point, downloading a new RootRepeal exe. No programs were running; Avast was turned off. MB protection was off. Disabled internet connections. Task Manager showed it not responding. Tried repeatedly. Then went on to MGLogs.

I did notice different behavior while shutting down once this morning. Windows installed 21 updates. Then on start-up, instead of a long-lasting black screen before the Windows XP logo followed by the password window, there was a quick blue window with immediate Windows XP logo followed by the password window. That looked like the good XP blue background. The lack of delay on a black screen seemed healthier.

The system might be okay now. The previous error was so erratic, sometimes it would be a couple of hours before it ... Read more

Answer:Malware Removal 4-8-11

After an hour or so of use, the system seems okay. Previously, Avast would frequently block an outgoing connection, which it has not been doing. No Win 32 Services message. Programs open okay. Shuts down and restarts okay, though I'll try that again now. Only did it once since posting.

Now that I have so many choices, on a continuing basis should I run Avast, Malwarebytes, or Super-anti-spyware? I have the free version of each.

Again, thanks very much for your answer, your tools and support!

-- Peter
 

10 more replies
Relevance 40.18%

Im following the read and run instructions, ive reached step 6 and have downloaded the progams instructed but when trying to disable the user account control im unable to open the UAC settings tab.
probably because the zero access trojan is preventing me even though im in safemode, it is also preventing me from internet access and has suppressed mylatops ability to recognize its own usb ports and has shut down my mcaffee firewall.

Any suggestions anyone:confused?
 

Answer:Malware removal help

Welcome to Major Geeks!

What verion of Windows are you running?

Do you have the ability to run steps in normal boot mode at all?
 

1 more replies
Relevance 40.18%

Hello, I keep getting popups and when i try to open internet explorer or mozilla i get a message that says insecure internet activity threat of attack, continue to website unprotected?
here is the text from dds.txt The weird file name was win32.....rafiab i cant get it to come up again i dont remember the exact wording. Hope someone can help.
Thanks

DDS (Ver_09-02-01.01) - NTFSx86
Run by Katy Burns at 20:41:33.32 on Sat 02/07/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.503.207 [GMT -5:00]
============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Pro... Read more

Answer:malware removal dds.txt

ok security center alert says win32.Zafi.B high risk level

3 more replies
Relevance 40.18%
Question: Malware Removal

Hi, I have read and completed the R&R Malware Removal guide and I have attached my logs. I was not able to run the RootRepeal (it is a .rar file and wanted me to select a program to run) or the MGTools.exe (the folder is located on my C drive but when I double-click on the icon and then run, nothing happens). Also, when I ran the combo fix it never disconnected me from the internet like it said would happen. I didn't have any programs running or open while combofix was running but after the fact i opened internet explorer (trying to run RootRepeal) and it crashed.

The Super AntiSpyware was the only program that found "potentially harmful" files but previous to finding your website I ran Spybot and it came across 70+ possibly harmful files.

Thanks for your help.
 

Answer:Malware Removal

Welcome to Major Geeks!

What malware problems brought you here to begin with.





Texaslg said:





or the MGTools.exe (the folder is located on my C drive but when I double-click on the icon and then run, nothing happens).Click to expand...

Let's try to debug this.

Please click Start, Run, and enter cmd and click OK. This will open a command prompt window. Enter the below commands at the command prompt each followed by the enter key. The bold black are commands. The purple is merely informational.

cd \MGtools <-- this changes to the MGtools folder and the prompt should change to C:\MGtools>
nwktst<-- this will try to run all one scan from MGtools. Tell me what error messages, if any, you see.
analyse <-- this will try to run TrendMicro Hijackthis. Click Twice on the Accept button to accept the license agreement if it shows. Then run a scan and save a log. Tell me what error messages, if any, you see.
GetRunKey <-- this will try to run all one scan from MGtools. Tell me what error messages, if any, you see.
ShowNew <-- this will try to run all another scan from MGtools. Tell me what error messages, if any, you see.
Now look for the C:\MGlogs.zip file and attach it no matter what happened while doing the above.
 

7 more replies
Relevance 40.18%

I've run through the steps necessary for Malware Removal.

I'm a newbie, and need a little direction as to how to access your support.

All logs have been created.

Is this an appropriate first step?
.
 

Answer:Help With Malware Removal

Welcome to Major Geeks!



OregonGuy said:





All logs have been created.

Is this an appropriate first step?
.Click to expand...

Just attach the logs we requested and also explain what your problems are. And then we can get started.
 

1 more replies
Relevance 40.18%

I have run the instructions for malware removal and am posting the log files as requested. looking for guidance on whether I have an issues and next steps.
thanks in advance for the help.
 

Answer:malware removal help

Welcome to Major Geeks!




conein said:





looking for guidance on whether I have an issues and next steps.Click to expand...

Your logs do not show any malware. Are you having malware problems?
 

3 more replies
Relevance 40.18%

Hey guys,

I seem to only have one problem: When using Internet Explorer it randomly, but often redirects me to random spam sites (sometimes even just Yellowbook.com) when I click a link.
This seems to be happening more often when I just click a link from a google search. It also occurs when I try to use Chrome.

I am pretty confident it started yesterday, when I was in a hurry to watch a soccer game and installed Sopcast AND forgot to uncheck the 'Install Ask toolbar' thing. I have now uninstalled the toolbar and sopcast itself, but to no avail. I also have run the tests you wanted me to, except for RootRepeal (I have a 64 bit system) and MgTools doesn't work, when starting it on the desktop it gives me: C:/ is inaccessible.

Thank you guys!
 

Answer:Help with Malware Removal

Welcome to Major Geeks!





Xyllus said:





and MgTools doesn't work, when starting it on the desktop it gives me: C:/ is inaccessible.Click to expand...

But you attached the log from MGtools??? Did you mean ComboFix did not run since you did not attach that log?



Download TDSSKiller from Kaspersky to your directly onto your Desktop

Now double click the TDSSkiller.exe file to run it ( if using Vista or Windows 7 do not double click on it but rather, right click and select Run As Administrartor. )
If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123tdk.com).
If you do not see the file extension, please refer to: How to view hidden, system files & folders!

Allow the application to run if prompted by Windows or any security programs you have installed
It will start the scan and run rather quickly and will notify you of whether anything is found or not.
Follow the instructions to delete/quarantine if asks you what to do when if finds something.
Whether an infection is found or not, a log file should be created on your C: drive ( or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run. Please attach this log to your next reply. (See: HOW TO: Attach Items To Your Post )

 

28 more replies
Relevance 40.18%
Question: malware removal

i applied your steps for malware removal, my computer has been infected for a month. i ran the programs and it unhid my files. i am attaching the logs to see if anything further needs to be done.
 

Answer:malware removal

Welcome to MajorGeeks!

You need to attach (See: HOW TO: Attach Items To Your Post ) these other requested logs created while running the READ & RUN ME FIRST. Malware Removal Guide .
SASlog.txt log from SuperAntiSpyware.
Malwarebytes Anti-Malware log
ComboFix.txt (normally C:\ComboFix.txt)
C:\MGlogs.zip

Other Notes:
You should attach all of your logs to one message after you have completed all scans.
Be patient after posting your logs and wait for one of the helpers to get to you. It can take a while to read thru all of the logs and to create individual fixes for you.
Also DO NOT BUMP your thread to try and get a faster answer. This will actually significantly delay getting an answer. See this: Don't Bump! It Only Hurts You!!!

 

1 more replies
Relevance 40.18%

I have done the suggested malware removal process and the infection is still showing up on my virus scan (xxyczh.sys Hacktool.Rootkit). It has been about a week since I detected the problem, and my antivirus and malwarebytes said it quarantined and deleted the file at that time. I went through your READ ME last night and the infection continues to show up in my virus scan. My computer seems to be running fine as of now.

Thanks to the mods for running such an informative and helpful forum.
 

Answer:Help w/ Malware Removal

Re: Help w/ Malware Removal-MGLogs

Here is my MGtools results
 

6 more replies
Relevance 40.18%

Hi there,
Once again I need help

I'm attaching all the logs except Root Repeal, I got two errors while running that utility and attached them both in a word document.

Thanks in advance for your help,

Leah
 

Answer:Need help with malware removal

Here is the last log.
 

8 more replies
Relevance 40.18%
Question: Malware removal

Had a trojan hit and ran Anti-Malware. I know I am taking shortcuts. It cleaned up most of the infected files and ran a second time. Attached is the mbam log from the 2nd, 3rd & 4th runs run. it seems to not be able to clean up these five remaining registry hits. Are these infections? I tried launching in safe mode but a get a blue screen intially suggesting we run Chkdsk /F. But that did not help. Could not get PC into Safe mode to re-run Anti-Malware. Suggestions?
 

Answer:Malware removal

Welcome to Major Geeks!

You attached an MBAM log that indicates you didn't have it fix what it found.

Please read ALL of this message including the notes before doing anything.

Pleases follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide
and attach the requested logs when you finish these instructions.
**** If something does not run, write down the info to explain to us later but keep on going. ****
Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.

After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:

If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to... Read more

3 more replies
Relevance 40.18%

When clicking on results from a google search I get redirected to a different page. Here is my log, I hope someone can help.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:11:52 AM, on 3/23/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\iWin Games\iWinTrusted.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program File... Read more

Answer:malware removal lod

Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. Please take note: If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available. If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far. Upon completing the steps below another staff member will review your topic and do their best to resolve your issues. If you have already posted a DDS log, please do so again, as your situation may have changed. Use the '... Read more

3 more replies
Relevance 40.18%

Greetings,

I have a computer that was suffering from browser redirects, popups, sporadic browser performance, and other signs of malware infection. I have followed the instructions in your READ & RUN ME FIRST thread and have attached the logs that were created as a result.

SUPERAntiSpyware ran at first and indicated that it fixed an infection, but it no longer runs. Each time I try to launch the program, I receive an error that Windows cannot find the path and that I might not have the necessary permissions (even though the user I am logged in as is an administrator). Therefore, I am not sure how to recover the log file it created.

MalwareBytes installed properly and ran for all of two seconds before completely disappearing. No log for that program either.

The other three scans ran properly, and their logs are attached.

I have tried to test the computer somewhat after running these scans, and performance has improved. However, I am still seeing very sluggish and somewhat sporadic behavior from Internet Explorer and would love some assistance.

Thanks very much in advance.
 

Answer:Malware removal help

I am not seeing any evidence of malware. Can you uninstall both SAS and MBAM, run CCleaner to remove leftovers and then try reinstalling them? I would like to know that they both run and can produce logs. for you.

You may also wish to try doing an online scan here:
http://www.superantispyware.com/onlinescan.html

Reboot immediately after scanning if it finds and removes anything. Let me know if anything was found. It does not save a log.
 

5 more replies
Relevance 40.18%
Question: Malware removal

First of all, thanks for all the great resources available here. I completed everything on the Read Me First thread but my CPU is still having issues. It freezes up regularly and moves very slowly. It takes 1-2minutes for a program to start after I double click the icon and sometimes the programs don't start up at all. I can't pinpoint when the problems started, but the CPU is slowly getting worse. There has been some improvements since running the Read Me First stuff.

Thanks in advance for any additional help that you may be able to offer.

Cheers,
Aman
 

Answer:Malware removal

Last Log

...here is the last log.
 

4 more replies
Relevance 40.18%
Question: Malware Removal

I connected my portable harddisk to my NEC laptop last week and suspected my laptop had been infected with virus. Everytime I reboot my laptop, when it prompted for boot password, the password was entered automatically without me typing. I scanned with Avast but did not find any virus.

I followed the Malware Removal Guide (everything run smoothly except when running Root Repeal, I had to close a the dialog "Error - Invalid PE image found") and attached the logs here.

Would appreciate it very much for your kind help.
 

Answer:Malware Removal

Attached is MGlogs.zip.
 

6 more replies
Relevance 40.18%
Question: malware removal

I need help! I don't have a job (laid off in January) so I can't afford to pay for software to help remove can I do it with out paying?

Thanks,
Dawndage
DDS (Ver_09-03-16.01) - NTFSx86
Run by Dawn Wood at 15:57:43.70 on Mon 04/06/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.697 [GMT -5:00]

AV: Norton AntiVirus *On-access scanning disabled* (Updated)
FW: Norton AntiVirus *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\In... Read more

Answer:malware removal

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructio... Read more

2 more replies
Relevance 40.18%
Question: Malware removal

After running all of the preliminary items everything seemed ok. i wanted to enable superantispyware so i would have the anti spyware running. superantispyware had a notification of an update(should have all been updated earlier) so i updated and was prompted to restarted the computer which i did. there was an internet explorer popup trying to go to res://ieframe.dll/navcancl.htm at startup. i stopped it and also google chrome was changed to not being my default browser. So most of the problems are gone just want to make sure its all clean and stop this popup. thanks for all your help.
 

Answer:Malware removal

MGlog post
 

7 more replies
Relevance 40.18%

Hello,

The problem I have is that when I use google or any other search engine and get results (on Firefox and IE) and then I click the link in search results I get routed to another website trying to sell me something. When typing the website directly in I t works normally. ALso, I am having problems loading Google Chrome..it won't load on my computer. Lastly I get error messages saying Google Loader encountered and errort adn must close (or something like that). ANy help is appreciated.

Answer:Malware Removal Help

Sorry see the copied and pasted txt file below.
DDS (Ver_09-03-16.01) - NTFSx86
Run by keith johnson at 14:34:45.23 on Sun 04/05/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1297 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Sprint\Mobile Broadband\SMBAUtilSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\LClock\LClock.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12&#... Read more

4 more replies
Relevance 40.18%
Question: Malware Removal

Hello, my computer is running improperly and it seems to be seriously infected. Please help :cry


Thank You, Eric
 

Answer:Malware Removal

Welcome to Major Geeks!

Please read ALL of this message including the notes before doing anything.

Pleases follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide
and attach the requested logs when you finish these instructions.
**** If something does not run, write down the info to explain to us later but keep on going. ****
Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.

After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:

If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
If you cannot seem to login to an infected user account, try using a differe... Read more

1 more replies
Relevance 40.18%

I was infected with some malware while downloading some email forwards. The system was severely disabled and was getting a fail message -1073741482 NT Authority/System services.exe and it was going to shut down.

I have been able to restore quite a bit of functionality, but am unsure whether I have rid it of all the problems.

Please see my attached logs. Thank you so much for your help. I do not have much experience with this type of infection and want to make sure that I get it totally gone.

I will also post a few independent notes I found while going through the install

Thanks,

Keyser
 

Answer:Malware removal help

I had two rrlogs because I couldn't get it to run without the errors the first time and had to start over. Wanted to include both in case it mattered.

Thanks,

Keyser
 

4 more replies
Relevance 40.18%
Question: Malware removal

I have had some malware on my Dell Inspiron laptop for a few weeks now, but non of the anti spyware software you suggest comes up with anything wrong.
The problem is, the sound volume goes down or is muted and it tries to access 'my documents' and tries to 'log off'.
I have tried all the steps on the website, but non of the have seemed to resolve the problem.
Can somebody help me remove this nasty critter.

Regards
David
 

Answer:Malware removal

Welcome to Major Geeks!

You need to attach the below logs which were also requested whether they find anything or not. We do not ask for a HijackThis log. Please attach the logs from the below scans:
SUPERAntiSpyware
Malwarebytes
MGtools
Also note that your problems may not be due to malware.
 

7 more replies
Relevance 40.18%

I had a serious infestation of trojans, adware, and other issues after downloading a file from a trusted website in which I have been a member of for several years. I am running Vista 32-bit and I followed everything on the "Read and Run First" sticky post for my OS.

I am now down to a message when Windows starts up that says something like "Error loading d3dpwi.dll. Module could not be found." I don't recognize this driver and I'm assuming that there is still something dirty in the registry that is trying to call on this driver.

The only other thing is the mysterious appearance of 2 "desktop.ini" files, in hidden mode, that are now on my desktop. They showed up after I ran the malware programs listed on this site.

Also, I couldn't get RootRepeal or ComboFix to work. RootRepeal would crash after a while and ComboFix caused my computer to crash with the blue screen of death, twice. To be honest though, I made the assumption that all was right with msconfig. Then, out of curiosity, I checked it and found that the Startup Selection was set to "Selective Startup" with all options checked.

So, what do you think? How do I get rid of that message at startup? Do you still want to see the files, or should I start the process over?
 

Answer:Almost There: Malware Removal

Please attach the logs you have.
 

3 more replies
Relevance 40.18%

The original thread I googled into, and which got me interested in the forum, was in a sub-forum called Malware Removal FAQ. Now that I have joined the forum the sub-forum does not appear to be visible from the group tree. This is no big deal since I can get back to it via my browser history via
http://forums.majorgeeks.com/forumdisplay.php?f=39

Just curious to know if this sub-forum has it been purposely hidden for some reason, or am I missing some simple forum method ?
 

Answer:Malware removal FAQ

When you are on the first page of the malware forum.....just change the 35 to 39 in the address bar.
 

1 more replies