Computer Support Forum

Windows XP initially with Windows Recovery Virus, but subsequent infections found.

Question: Windows XP initially with Windows Recovery Virus, but subsequent infections found.

I have been working on a laptop windows XP, SP2 Sony Vaio for about 7 hours now.
Originally it had no functionality due to the Windows Recovery Virus, but having tackled that (using ComboFix) I have now found further problems. It was first apparent when Windows IE redirected and Google Chrome failed to load. Programs are failing to install properly and my memory sticks are infected every time I insert them into the laptop. However after following instructions for obtaining diagnostics using the following as a guide;
http://www.bleepingcomputer.com/forums/topic368072.html
I would like some further guidance. Hopefully it should be a simple case but the sooner the better, until then I'll continue to see if I can do anything myself.

Thanks for your time.

Nick.

Relevance 100%
Preferred Solution: Windows XP initially with Windows Recovery Virus, but subsequent infections found.

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Windows XP initially with Windows Recovery Virus, but subsequent infections found.

Well...I don't think that it's wise to use a malware topic for a specific person on a specific system...with perhaps other problems...as a "guide" for self-troubleshooting.

That said, I will move your topic to the Am I Infected forum where those experienced with malware situations...can advise/suggest.

Louis

2 more replies
Relevance 70.52%

Hi and thanks for a very helpful forum. I read through all the malware removal instructions and have completed the step-by-step cleaning process (which seems to have worked) and now would like to confirm that my system is actually clean. Please see attached logs. Note: ComboFix did run but then froze during the "preparing log report" phase, so the attached ComboFix log is just the txt I found in the folder, not the full zip log. Also, RootRepeal failed to run at all (in normal or safe mode).

More infor about infection:

AVG found Crypt.AQLW but couldn't fully clean it
CPU & HD constantly at 100%, firewall had been disabled, internet traffic going mad & link redirection - immediately disconnected from internet
SUPERAntiSpyware found and cleaned Trojan.Agent/Gen-Loader
MalwareBytes Anti-Malware found and cleaned Exploit.Drop.CFG
ComboFix found and cleaned Rootkit.ZeroAccess ... but failed to generate full report. CPU dropped to normal after this!
RootRepeal failed to run
MGTools ran normally

Note: Before finding this forum, I also found advice to run Kaspersky TDSSKiller which I did, and it did find something, but didn't fix the issue. Log for that attached as well.
 

Answer:AVG found Crypt.AQLW and subsequent scans found Rootkit.ZeroAccess

More logs ...

Note: It says in the ComboFix.txt that AVG was still enabled (and it also gave me that warning message) but I had already used the recommended AVG removal tool and AVG was no longer installed or running at the time.

I've now updated my OS and all my software, have switched to MS Security Essentials and re-enabled firewall etc.
 

17 more replies
Relevance 70.11%

Hi all, I'm trying to do a vanilla installation of my Lenovo R61e 7650 and am experiencing something I've never seen before - I boot up XP, Press F6 and load the correct SATA drivers, Windows continues and successfully sees the hard drive, I tell it to format the hard drive but when it comes to asking for the SATA floppy disk again just before copying files (as normal), the setup suddenley ceases to see the floppy drive - game over.I decided to abandon the vanilla install and boot from the recovery partition but I don't get the To Start the Product Recovery program, press F11 message as instructed here: http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-4UFUYK. Does anyone have any ideas how to solve this?  I wanted to update the bios to see if that helped but have discovered you can't do it from a floppy ( CD only and I don't have a burner apart from on my laptop ) or directly from Windows on the laptop ( and the laptop is blank because I've formatted the drive during setup and I can't run the recovery partition). Any help would be appreciated. Thanks Bob













Solved!

Go to Solution.

Answer:XP Install - Floppy Found Initially but then Can't Be Found for SATA Drivers

Go into the BIOS and set the SATA to compatibility.I type this response twice a day. Does anybody ever search anymore?





______________________________________________________T60 2623-D7U, 3 GB Ram. Dual boot XP and Linux Mint.T400 2765-T7U Windows 7Registered Linux User #160145FYI: I am not employed by Lenovo

5 more replies
Relevance 70.11%

Since I upgraded to Windows Defender it has found and removed the following :Antivirus Gold (twice in three weeks)Yazzle Sudoku and Search CentrixFrom the forum search I see that other members have been infected with these but they have additional problems with the system being hi-jacked. I guess I?ve been lucky but is there any way I can trace back to the site that they originated from so as to avoid a repeat infection?More worrying, W D has also found but chose to ignore the following,Description:This program has potentially unwanted behavior.Advice:Allow this detected item only if you trust the program or the software publisher.Resources:iemain:[email protected]\SOFTWARE\Microsoft\Internet Explorer\Main\\Start PageCategory:Not Yet ClassifiedAnybody have any advice on this one?On X P, I have and use A2, Ad aware, Ewido, C Cleaner and Spy bot, non of which have picked up any problems other than Ewido which found eight tracking cookies Sorry its so long winded but many thanks for any help

Answer:Windows Defender Infections found !

As your title suggests you may have an infection or two.My advice would be to download HijackThis from here click hereThis is a zip file so you need to unzip this into a folder of its e.g C:\Program Files\hijackthisOpen hijackthis and click the button 'Do a system scan and save a logfile' this will then save a notepad logfile for you , next copy and paste the logfile into the 'Malware removal' forum at this site click hereThis site specialises in reading these logfiles and they will be able to help you with any infections that you may have.

2 more replies
Relevance 66.01%

Hi there!

I've used this site - with great success! - before and was wondering if you guys could help me again?

I'm running WinXP Service Pack 3 and last night AVG popped up with a warning that it had found a file infected with SHeur2.BQDA. I had AVG remove the infection but it seems to reinstall every time I reboot. (There are three instances of the infection listed in AVG's virus vault:

Virus found Win32/Heur C:\WINDOWS\Temp\wpv841257463018.exe
Virus found Win32/Heur C:\WINDOWS\Temp\wpv261257463018.exe
Virus found Win32/Heur C:\WINDOWS\Temp\wpv581257463018.exe)
In addition, a quick scan with Malwarebytes reveals 15 other infections, as shown in the log below:

Malwarebytes' Anti-Malware 1.41
Database version: 3102
Windows 5.1.2600 Service Pack 3

11/7/2009 3:22:05 AM
mbam-log-2009-11-07 (03-22-05).txt

Scan type: Quick Scan
Objects scanned: 107405
Time elapsed: 5 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 8
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rundll32.exe (Trojan.Agent) -> Quara... Read more

Answer:SHeur2.BQDA virus and 15 other infections found!

Hello John and welcome. Let' s run these now and see how we are. am signing off now but will be back in the morning here(east coast).Next run ATF and SAS:Note.. SAS doesn't open the registry hives for other user accounts on the system, so scans should be done from each user account.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".From your regular user account..Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..DO NOT run yet.Open SUPER from icon and install and Update itUnder Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.Now reboot into Safe Mode: How to enter safe mode(XP)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to De... Read more

9 more replies
Relevance 65.6%

I own a Dell Inspiron 3521 laptop. In the very first month I started getting a blue screen and fatal error UNEXPECTED STORE EXCEPTION. There is no error code.

Dell support replaced the hard disk and then for a few months the error did not occur. Again I'm facing the same issue after warranty has expired.

I upgraded to windows 10.

Now, This is happening too often and I lose the work that is unsaved. Please help.

Answer:Dell 3521 BSOD UNEXPECTED STORE EXCEPTION Initially Windows 8 now on WINDOWS 10

I don't remember seeing actual BSODs caused by a Store situation.  But since it seems to be happening, can you put the dump file on your OneDrive and give us a link?
We might be able to gain some insight into the situation.
If someone were to suggest you do a Clean install of Win 10, would you consider it?  I assume there are Win 10 drivers for that system?  Is there a Win 10 Recovery image available for download?

1 more replies
Relevance 65.19%

Hi.  I have had a series of events and am looking for advice on whether I have a hardware or software issue.
I have a Dell N5050 N15 laptop running Windows 7.  PC was working fine and mistakenly did a Windows 10 upgrade on this laptop.  Windows told me my device was compatible.  Upgrade downloaded over days and sort of upgraded but then all of the sudden the screen became black.  I plugged it into an external monitor and was able to see the screen and the windows 10 finished upgrading and seemed successful but i had no laptop  monitor and no mouse.  
I started doing some research and found out this PC was not compatible with Windows 10.  So I ended up rolling back to windows 7 which also seemed successful.  My mouse became responsive but no screen still.  
I  tried updating video drivers and it said my drivers were current.  i also tried deleting and reinstaling drivers as i heard Windows 10 removed old drivers.  At one point I could see the screen faintly in the background using a flashlight.  I also tried to reconnect the LCD thinking maybe the connection got loose.  
I no longer see any screen at all but still works with external monitor.  

So I am wondering if it is the screen, the backlight or inverter or still something with the drivers since this sort of just coincidentally happened after the Windows 10 issue with the video.  I am not sure what the proper drivers even are for this dev... Read more

Answer:Video problems after Windows 10 upgrade and subsequent rollback to Windows 7

Hi YOSHI00,
If the system works fine with an external monitor, then we could definitely suspect the LCD itself. In order to isolate the issue, turn off the system. Press and hold "D" key and Power button to turn on the system. On the LCD itself, the screen should start changing solid colors. If it does, then the LCD is fine. This is the LCD built in self test - http://dell.to/1ow1G4W
Also, turn off the system and press and hold the "fn" key and power button. It should initiate the diagnostics. If you encounter any errors, make a note of the complete error and report the same to us. 
If there is no display when you initiate either of the tests, then the LCD might have gone faulty. This is just a co-incidence and drivers would not cause the LCD to go faulty. It should work outside the OS environment. 
If there is display when you run the tests, then the LCD is fine. So, you could go to device manager and uninstall all display adapters. update the BIOS from - http://dell.to/21y0qdO and restart the system and check. If the display comes back, then download the video drivers from the same site and install the drivers.
If the system is under warranty, then contact us via Twitter - @dellcares for faster communication. If there is no warranty, then we can help with a paid service call if required.
If you wish to replace the parts yourself, then you could contact - http://www.parts-people.com/  - see direct link - http://bit.... Read more

10 more replies
Relevance 64.37%

Hi

I've tried everything I can to find the problem but I'm stumped. I've run just about ever anti malware virus scan that I can - maybe that is the problem?

Windows firewall is turned off. When I try to turn it on I see the message:

due to an unexpected problem, windows cannot display windows firewall settings

Help?

thanks

Answer:Windows Firewall Wont turn on, nothing found with Rkill, Tdskill, Malwarebytes, Windows virus or Trend micro virus

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results here.If you get crashes in normal mode,run it in safemode with networkingDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

17 more replies
Relevance 64.37%

Hi all. I would greatly appreciate some help as I've hit a real roadblock. My freshly built PC was working like a gem for about a month. I left the computer on over a weekend in July when I was away, only to come home to a blue screen. Since then, every time I would boot up, Windows would completely freeze on me within minutes. I wiped my drives and reinstalled the OS, which seemed to work for a day or so, but then it BSOD'd again.

Since then, I've run memtest overnight with no errors, tried running the computer with one stick of RAM out at a time, and switched the SATA ports my drives were plugged in to. Nothing has worked. Just getting these tests done for this post required about five restarts. Here's the requested info as per the sticky. Let me know if you need anything else and thank you so much in advance.


Code:
OS - Windows 7 64 bit, Retail.
Original OS - Windows 7. I built the computer in June.
? Age of system (hardware) 2-3 Months
? Age of OS installation - have you re-installed the OS? Yes. Less than a month ago.
? CPU - Intel Core i5 2500K
? Video Card Powercolor Radeon HD 6950
? MotherBoard ASUS P8P67-M Pro
? Power Supply - brand & wattage - Seasonic S12II 520 Bronze 520W

? System Manufacturer - I put it together.

Answer:BSOD upon wake, subsequent freezing minutes after subsequent bootups

Just a bump after 48.

2 more replies
Relevance 63.14%

Wife's PC is running Windows XP and we have been relying on Microsoft Security Essentials to help protect the PC. Some malware and or virus's have slipped through and infected the system.

Her PC seems to be locked up when booting in normal mode. We are not able to run our normal programs. We keep getting messages that the application was infected and it would close out.

I shut down the PC and booted up in safe mode. I am able to bring up MSCONFIG and unchecked all items in the startup tab. This allowed me to boot up in normal mode with out the virus warning. I downloaded McAfee Security Scan Plus, Microsoft Security Essentials, and MalwareBytes.

I ran McAfee Security Scan Plus and it found several Trojans infections. I attempted to clean using Microsoft Security Essentials and MalwareBytes.

Found the following with updated Microsoft Security Essentials definitions file 1.105.1563.0 for both virus and spy-ware definitions.

Trojan:DOS/Alureon.A -> Quarantined
Trojan:Win32/Alureon.CD -> Removed
Trojan:Win32/Wimpixo.E -> Removed
TrojanClicker:HTML/IFrame.J -> Removed

MalwareBytes Anti-Malware found and either Quarantined or removed the following:

Memory Processes Infected: 1
Memory Modules Infected: 2
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 21

Almost every file and shortcut is marked hidden. All of my program list has been stripped out with the exception of a few prog... Read more

Answer:Windows XP SP 3 Virus's and Trojan infections

I updated Malwarebytes's Anti-Malware again and now I am getting an error that says:
An error has occured. Please report this error code to ou rsupport team. PROGRAM_ERROR_UPDATING (5,0,CreateFile) Access is denied. OK button. This occured after the update reached 100%

Running another Full scan on all local hard drives C: D: F: and P:

20 more replies
Relevance 62.73%

Please if someone knows the answer to this question or if anyone has any experience in this problem. Can someone guide me - I am not much of an windows expert.

The problem started, with a never ending loop of restarts - after I put the computer to sleep mode. I regret doing that but it was no use since the problem started. So to do a quick fix I plugged in my Windows XP recovery disk and did the following - chkdsk /r, chkdsk, fixboot, fixmbr. And doing this - I made a temporary fix as I was able to boot into Windows XP but while booting I got this msg. Invalid boot.ini (Booting from C:/Windows)

So Next I tried using my Windows 7 recovery disk to do /fixboot, /fixmbr and when I was typing in /rebuildbcd this came out - No Windows Installation found (0 Windows Installation Found). So what must I do.?

Answer:Windows 7 Recovery - (Bootrec.exe 0 Windows Installations found)

I have Windows XP and Windows 7. My main OS that I use for my daily use is Windows 7 so it's recovery is vital to me.

So let me be more clear and precise to get more accurate help. I have 2 hard disks - one is of 250 Gb which has 4 partitions - C: D: E: F: (XP is in C:/ partition) and my second hard disk is of 1 TB and it has 3 Partitions - J: K: L: (Windows 7 is in J: ) it was set in dual boot setup. I was able to boot into XP because I used my Windows XP recovery disk to stop my computer from eternal rebooting loop. I used the fixboot command and others as mentioned above from the XP recovery console and temporarily fixed it as now I can boot into XP for the time being but I really need to use my Windows 7 because that is what I use for my daily work. Additional NOTES - Everytime I boot into Windows XP I get this message (Invalid boot.ini booting from C:/Windows) I know I can fix that by using bootcfg /rebuild but like I said, Windows 7 is what I need not Windows XP.

9 more replies
Relevance 61.5%

I have a Lenovo 3000 V100 notebook (OS : XP pro)The hard drive had two partitions, C: (74gb) and the 5gb hidden recovery partition which naturally does not show in My Computer.Using partitionmagic, I created an 30GB partition, making C 44GB in size. This partition is E:My question is such : If for some reason I need to use the recovery media to restore the system, what will happen to E: ? Will it dissapear, and will the data on it be lost ? Or will it remain intact, with the data, while C gets wiped out only?

More replies
Relevance 61.09%

Hello fellow geeks,
I am planning to upgrade from windows xp home, to windows 7 proffessional, using http://www.software4students.co.uk/...fessional_32_bit_Upgrade_Edition-details.aspx
i have a desktop computer with two internal hard drives:
Hard drive 1 - currently has windows xp installed on it, and has my docs and program files etc
Hard drive 2 - has all my music, videos, pictures etc on it.
My proposal is to backup all my docs and files for uni work and things (evereything important on HD 1) onto HD 2, then to unplug HD 2, and clean install windows 7 over xp on HD1.
If i then plug in the second hard drive to repopulate my documents, but leave music etc on hard drive 2, then will that work? or will windows 7 realise the hard drive was plugged into xp and try to wipe it?
i know this seems like a silly question, but i am one of the most unlucky people on the planet so i'm making absolutely sure!
also as a side question will flash 8 work with the xp compatibility platform thing that 7 has?
thanks a lot!
rich
 

Answer:windows 7 clean install and subsequent repopulation

Greetings, richardharveyhowells.

Your proposed procedure should work just fine for your documents, music, videos, pictures, etc. Be advised, however, that the 'program files' will be pretty much useless - the programs must be reinstalled with the new operating system.

As far as the Flash 8, I would venture that it should work in XP compat mode (especially since you're upgrading to 7 Pro instead of Home), but that's just a matter of opinion - perhaps other MGs will chime in with suggestions.
 

3 more replies
Relevance 60.27%

I've been having a weird problem for a couple weeks.  After a re-start, I can open one browser window from the desktop icon.  With Firefox, I can open subsequent windows from the already-open window, but not from the desktop icon.  If I shut down all windows, I have to re-start the computer to get a browser window to open.  I tried Internet Explorer 8 for comparison (I know it's old, but I just needed to try another browser).  If it is the first to open on re-start, a window comes up halfway, but non-functional, and I cannot open a Firefox window afterwards.  Same vice-versa - if Firefox is open, an IE window won't open at all.  In all cases of attempting to open second window, whether IE or FF, Task Manager does show a process starting, up to about 3000-5000K, then stops loading.
The problem seems to have started with an Avast update, but after trying their forum's suggestions of repairing, re-installing etc.,  the problem remains and I can no longer System Restore, and they are not being helpful.  Before this, IE was functional; I don't use it much because of vulnerability, but had been using it that today, so the problem of the original window coming up but being non-functional seems connected.
I have tried uninstalling Avast, but the problem persists without it.  I am using XP SP3, Avast 17.7.2314, Firefox 52.4.1 ESR, and Internet Explorer 8.  I would like to be able to shut down all Firefox windows to do scans etc. w... Read more

Answer:Browser problem: can't open subsequent windows in IE or Firefox

Please download MiniToolBox  , save it to your desktop and run it.
 Checkmark the following checkboxes:  List last 10 Event Viewer log  List Installed Programs  List Users, Partitions and Memory size.
 Click Go and paste the content into your next post.
 Also...please Publish a Snapshot using Speccy,  taking care to post the link of the snapshot in your next post.
   Go to Piriform's website, and download the free version on the left.  Click Download from Piriform.com (the FileHippo link requires an extra click). Or if you want to use a portable version of Speccy (which doesn't require installation), click the builds page link and download the portable version. You will now be asked where you want to save the file. The best place to put it is the Desktop, as it will be easy to find later.
    After the file finishes downloading, you are ready to run Speccy. If you downloaded the installer, simply double-click on it and follow the prompts until installation is complete. If you downloaded the portable version, you will need to unzip it before use. Right-click the ZIP file and click Extract all. Click Next. Open up the extracted folder and double-click on Speccy.
 
     Once inside Speccy, it will look similar to this (with your computer's specifications, of course):
 
     Now, at the top, click File > Publish Snapshot.
     Click Yes &g... Read more

5 more replies
Relevance 60.27%

Issue:

From a cold boot, the system gets past the POST screen. Boot sequence is successful up until after the Windows 10 loading screen, of which inconsistently (1 out of 7 attempts average) results in a black screen afterwards. Monitors do not detect input. All fans are spinning ? system is non-responsive to any input afterwards (keyboard is not lit up).

System was newly built 3 months ago. Thoroughly stability tested and ran issue free for 2 months (this issue has been happening in the past month).
Specs:
* Windows 10

* RAM @ 3200Ghz

* EVGA 750W B2

* Ryzen 1600 @ 3.75Ghz

* MX 200 SSD

* GTX 1070

* MSI B350 Tomahawk
Troubleshooting:

Only workaround so far is to perform a forced shutdown via power button and turn the system back on (and hope for the best). So far, the issue has not persisted twice in a row on boot attempts.
I had a thought to downclock the CPU to default (and RAM) as well, however I would figure that with instabilities, they would not allow the system to POST. In addition, the issue appears to be new.

I also have Event Viewer Logs from ?System? events available as needed ? not sure where to upload these if they are helpful.

Any ideas on what the issue might be?

Thanks!
 

More replies
Relevance 59.86%

We have several computers that are initially slow displaying a network drive. All of them are running XP Pro w/ SP3. When you open windows explorer and click on the network drive it takes approx. 15 seconds or so before the folders/files are displayed. You can then close windows explorer and the next time you open it the files/folders come up immediately. Some of our computer are affected and some are not. The webclient service is disabled, which I had heard can cause this, but to no avail. Can anyone help?

Thanks!

Answer:[SOLVED] Windows explorer initially slow displaying network

Figured it out. Here was the fix if anyone else is having the same issue:

Open IE and go to Security tab in Internet Options, click on Local Intranet, then
click on Sites. Uncheck "Automatically detect intranet network", and
check "Include all local (intranet) sites not listed in other zones" and
"Include all network paths (UNCs)".

1 more replies
Relevance 59.86%

Issue:

From a cold boot, the system gets past the POST screen. Boot sequence is successful up until after the Windows 10 loading screen, of which inconsistently (1 out of 7 attempts average) results in a black screen afterwards. Monitors do not detect input. All fans are spinning ? system is non-responsive to any input afterwards (keyboard is not lit up).

System was newly built 3 months ago. Thoroughly stability tested and ran issue free for 2 months (this issue has been happening in the past month).

Specs:

* Windows 10
* RAM @ 3200Ghz
* EVGA 750W B2
* Ryzen 1600 @ 3.75Ghz
* MX 200 SSD
* GTX 1070
* MSI B350 Tomahawk


Troubleshooting:

Only workaround so far is to perform a forced shutdown via power button and turn the system back on (and hope for the best). So far, the issue has not persisted twice in a row on boot attempts.

I had a thought to downclock the CPU to default (and RAM) as well, however I would figure that with instabilities, they would not allow the system to POST. In addition, the issue appears to be new.


I also have Event Viewer Logs from ?System? events available as needed ? not sure where to upload these if they are helpful.

Any ideas on what the issue might be?

Thanks!

More replies
Relevance 59.86%

1. I have an HP Laptop with an AMD processor.
 
2. I initially had Windows 8 loaded and successfully upgraded to 8.1 with no difficulty.
 
3. I have updates loaded automatically and when I see the shield to update & restart, I also go and install all of the optional updates.
 
4. Things were going swimmingly well until a couple of updates ago when I experienced what many others in the various forums had also experienced; to wit. a blue screen showed up saying there was a  problem and that more information needed to be collected antecedent to a mandatory/automated shutdown of the OS.
 
5. This problem was not resolved for more than a month but it was finally resolved and I had no problems until this latest automatic update + 700+mb optional update
 
6. That blue screen showed up again and shut me down again but the problem only occurred once
 
7. The system was unstable however (selecting "check box" commands options in dialog boxes was "iffy" and required multiple clicks)
 
8. I tried restarting and my OS would not shut down; i powered off
 
9. Subsequent to restart, the OS would no longer shut down other than by powering off
 
10. I utilized "Automatic Repair" option and Windows 8 was reloaded.
 
11. I loaded all updates without incident
 
12. I tried to load Windows 8.1 but Windows Store App Green Tile appears and then reverts to start screen.
 
13. Apps troubleshooter stated cache may be corrupted but cou... Read more

Answer:Windows 8 Store will not open subsequent to Automatic Repair being employed

I would like like to help you first of all dont download or buy any such programs which shows there us error in your pc to fix buy this or try this and even if you have this kind of programs installed like( my pc backup,optimizer pro,re iamge repair,any protect,etc )from unknown source just uninstall it
Plz let me know are you facing the problem to open the store or just with updates

4 more replies
Relevance 59.86%

Issue:From a cold boot, the system gets past the POST screen. Boot sequence is successful up until after the Windows 10 loading screen, of which inconsistently (1 out of 7 attempts average) results in a black screen afterwards. Monitors do not detect input. All fans are spinning ? system is non-responsive to any input afterwards (keyboard is not lit up).System was newly built 3 months ago. Thoroughly stability tested and ran issue free for 2 months (this issue has been happening in the past month). Specs:* Windows 10* RAM @ 3200Ghz* EVGA 750W B2* Ryzen 1600 @ 3.75Ghz* MX 200 SSD* GTX 1070* MSI B350 TomahawkTroubleshooting:Only workaround so far is to perform a forced shutdown via power button and turn the system back on (and hope for the best). So far, the issue has not persisted twice in a row on boot attempts.I had a thought to downclock the CPU to default (and RAM) as well, however I would figure that with instabilities, they would not allow the system to POST. In addition, the issue appears to be new.I also have Event Viewer Logs from ?System? events available as needed ? not sure where to upload these if they are helpful.Any ideas on what the issue might be?Thanks!

Answer:Booting to Windows Issue Inconsistent Subsequent Black Screen

I'd run memtest86 on your RAM to make sure that all is ok, let it run for like 5 full tests. Reseat RAM and make sure Jaws are locked to RAM. You can even try with a single stick of RAM to see if the problem completely vanishes to know if your on the memory issue path or not.Other causes of a black screen is a power supply that has a low voltage rail, so you can try a different power supply if you have one available.Lastly is I'd suspect the motherboard only because I have had horrible experiences with MSI brand boards failing.

2 more replies
Relevance 59.86%

Issue:

From a cold boot, the system gets past the POST screen. Boot sequence is successful up until after the Windows 10 loading screen, of which inconsistently (1 out of 7 attempts average) results in a black screen afterwards. Monitors do not detect input. All fans are spinning ? system is non-responsive to any input afterwards (keyboard is not lit up).

System was newly built 3 months ago. Thoroughly stability tested and ran issue free for 2 months (this issue has been happening in the past month).

Specs:

* Windows 10
* RAM @ 3200Ghz
* EVGA 750W B2
* Ryzen 1600 @ 3.75Ghz
* MX 200 SSD
* GTX 1070
* MSI B350 Tomahawk


Troubleshooting:

Only workaround so far is to perform a forced shutdown via power button and turn the system back on (and hope for the best). So far, the issue has not persisted twice in a row on boot attempts.

I had a thought to downclock the CPU to default (and RAM) as well, however I would figure that with instabilities, they would not allow the system to POST. In addition, the issue appears to be new.


I also have Event Viewer Logs from ?System? events available as needed ? not sure where to upload these if they are helpful.

Any ideas on what the issue might be?

Thanks!

More replies
Relevance 58.63%

My Acer Aspire A7600U-UR24 came with windows 8. I made a recovery drive by choosing "create recovery drive" in windows 8. After making the drive i installed windows 8.1 from DVD. Some time later I tried to restore it back to factory with my recovery usb. Every time I try I get "windows cannot find a system image on this computer" even though my flash drive is plugged in. I tried booting from the drive, doesn't seem to work. Not sure if my windows 8.1 version not being activated has anything to do with it (I installed 8.1 on 2 computers from the same dvd didn't realize i couldn't do that) . but I think I should still be able to boot from the drive. I need help.

I was thinking if the problem is my flash drive, can I somehow transfer the system image from one flash drive to another?

here's the screens:

at this point there should be an option for windows 8 but there's not.

Answer:my windows 8 recovery drive not found. trying to recover

If I understand correctly you created a USB Recovery Drive when you had Windows 8. It only contains files that help recover Window 8 in the event of a problem, it will not contain the factory recovery partition. It is of no value now since you tried to install Windows 8.1 by DVD. Was it an update version or upgrade to Pro?

Should you wish to return to Windows 8 OEM you must use the recovery partition process as outlined by Acer to reset to Factory Conditions. Hopefully the recovery partition was not corrupted when to tried to go to Windows 8.1. If it was, you will have to order Recovery Disks from Acer for a nominal charge.

Others here on this forum may have different ideas or understood your problem differently.

4 more replies
Relevance 58.22%

Two days ago, I got a VirusMelt virus. I looked up potential solutions on this website and subsequently downloaded MBAM, ran it and it found infections that it cleaned. After that I was unable to search from Yahoo or Google for several hours. When I was finally able to search, the links returned in search results would redirect to other sites when clicked on. I reran MBAM, but it found nothing. I came to the forums here again, and was planning to run this process (DDS), so I was backing up my data. During backup, I got a ShieldManager threat warning for a sHeur.VOI Trojan. I selected the Heal option, not know whether this was correct or not. I did not complete the DDS process, but the redirects continued. I came to the forums yet again, and subsequently ran a Kaspersky online scan, but it found nothing. I, once again, came back to the forums and subsequently ran ATF Cleaner and SuperAntiSpyware. Super found 13 threats, which it quarantined. Still, however, the redirect issue remains, and below is my DDS process text file.

I am running IE6 on Windows XP.

DDS (Ver_09-02-01.01) - NTFSx86
Run by Sarah&James at 18:30:22.70 on Sat 03/14/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.486 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
FW: Norton Internet Worm Protection *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
s... Read more

Answer:Infected initially with Virus Melt, now?

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructio... Read more

26 more replies
Relevance 57.81%

Hi - I used the Windows XP recovery uninstall guide. I removed the laptop drive and connected it to a system as a usb drive. I ran malwarebytes which cleaned the malware. Ran the unhide.exe program. I ran Kapersky tdsskiller. All seems back to normal except the windows menu options show up empty. example start/all programs/accessories/system tools/empty It seems that all the menu choices after all programs have empty choices. I have installed the purchased version of malwarebytes for the future. Any suggestions to recover the menu choices without a system rebuild?

Thanks for your help.

Answer:Windows XP recovery Virus Removed but missing windows system menu options

which forum is this in now? OK I found it.

1 more replies
Relevance 56.99%

from bad to tragic. My monitor had started blinking, several days ago, at times like a flip book, otherwise just annoying. I tried numerous things to fix it. Windows cannot locate the driver ~ anywhere. It tells me to insert the cd that came with the comp; I don't have it, if I ever did! I keep hoping that somehow it will surface.

Meanwhile, I have tried many programs that lured me by answering my googling for info re finding, getting the driver. The blinking stopped this morning after something (was it win?) set my comp back to an earlier date. Or it may have been PC Doctor or something. Then the comp was impossibly blurry, and it cost me $400 in work lost. I was away from the screen for minutes, returned to find it completely clear, and still not blinking.

But I still had the message that my ethernet had no driver, etc.

I pursued that, finally signing up for a 'free' scan because the site presented itself as 'fixing all drivers' when I was trying to access info from Acer. It started the scan, said I had 17 drivers to fix; I signed on and paid, finally, in desperate hope. (is there such a thing? yes) There were jigjags along the way, and I emailed them, but got no response re the ethernet driver. The download and install, of 12 "groups" of drivers continued for hours.

In the course of it I discovered that my skype sound was gone. In and out.
possibly connected, and then again possibly just skype. But it had been loud and active... Read more

Answer:found my recovery discs, how do I make windows read them? need to restore my ethernet

Hello My problem as of yesterday has begun to solve itself. While hunting for old cell recharger ! miracle! I found my computer recovery discs, that I made following Acer instructions, when I first turned on my computer 1 1/2 years ago (out of warranty now!)
Now HERE IS THE PROBLEM! I click ethernet> update driver software> (I have a recovery disc in my cd drive, one of the total 16) I choose 'search my computer'
and windows gives me a box ' where should windows search?' which has C drive in it. I erase that and type in DVD RWdrive (E)Recovery 4, which is how it is being read by the computer.
Windows says 'Please enter a new location ~~The location you specified does not exist or cannot be reached'
~What must I do to bridge this?
~~~~~Thank you ~~ If you can help me, please! I have no sound! I can't work on my music editing (I'm a musician); can't use skype phone; people I called are calling back and hating me~~one friend skyped my phone 3x~~I'm losing work! ~~~ oh please help
~~~~~ Vista 64bit home premium acer desktop 8Gram

7 more replies
Relevance 56.99%

Hi guys,

I recently backed up my Hitachi drive which developed bad sectors and then restored it to a same size Seagate one. The operation was done through Norton Ghost. Both backup and restore operations completed successfully, however, when I tried to boot up with the new drive, Windows 7 failed to boot with the message

autochk not found - skipping AUTOCHECK

and rebooting afterwards.

Can't boot into Safe Mode either.

1. There are two partitions, one is marked as 07 and the other is 27 (VAIO recovery). No hidden partitions.

2. The recovery console says Bad Driver (A recent driver installation may have caused a problem), because I believe the driver for previous hard drive was different (this one is actually a Seagate Momentus XT, so it must have some different driver). Yes, I ran it three times. By the way, recovery runs from the same hard disk.

Guys, any idea how I can get this thing to boot. I really don't want to reinstall tons of programs, even though I can obviously recover all of my docs.

PLEASE HELP!!

Thanks,

Fartcatsat

Answer:Windows Fails to Boot after Norton Ghost recovery (autochk not found)

Did you instruct Ghost to copy the MBR?

9 more replies
Relevance 56.99%

I am afraid i have come to you for help rather late in the process. I was infected withe the Met Police Virus, accusing me of infringing copyright.
 
I tried booting in safe mode, which failed.
 
I managed to boot into my Guest User, and then using administrator privileges create another user with administrator privileges.
 
In this second user I then ran Norton Power Eraser.
 
This has removed the virus, and i have subsequently scanned my computer using Norton and "apparently" have a clean bill of health. 
 
However, I have lost all my files that were in the My Documents folder, as well as much of My pictures. I cannot find any evidence of encrypted files. Have they actually been deleted? I was under the impression that they couldn't be?
 
If you want any logs, then please let me know.
 
Regards,
 
James

Answer:Met Police Virus infection and subsequent file loss.

Sorry forgot to state, I am running Windows 7 Starter on HP Mini 210.

8 more replies
Relevance 55.76%

I have IBM laptop, Windows XP Pro, Norton Corp. I have run numerous adware, spyware progroams - still need help please.

In my title is just one of the problem files, lots more below.

Here is the Hijack log..........

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:25:09 PM, on 4/3/2009
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINDOWS\System32\mnmsrvc.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\reader_s.exe
C:\Documents and Settings\fblack\reader_s.exe
C:\WINDOWS\System32\cmd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\services.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\DOCUME~1\fblack\LOCALS~1\Temp\1202370656.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\M... Read more

Answer:Major Virus and Infections - rundll32.exe "C:\WINDOWS\System32\zitakihu.dll",b

Thank you VERY much! I am desperate!!!
 

2 more replies
Relevance 55.35%

Hello,
My homepage has been Hijacked and my popup blocker has been disabled.
My laptop might be infected.

Below is my hijack this log:
Please help...

Logfile of HijackThis v1.99.1
Scan saved at 10:32:36 PM, on 6/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\j2r... Read more

Answer:Virus found - Help - Windows XP

9 more replies
Relevance 55.35%

Had the Windows Recvoery virus. I think it has been removed. Still have a redirect virus, can't get rid of it. There are some other issues I've been having with my PC as well: windows installer error messages for a program that was removed, cant download SP3, just to name a couple.

dds and gmer logs are as follows:
.
DDS (Ver_2011-06-03.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Owner at 6:31:22 on 2000-02-19
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1280.661 [GMT -8:00]
.
AV: McAfee VirusScan *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\... Read more

Answer:scour.com redirect virus after windows recovery virus and other problems

heres the gmer log.
GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-07 06:49:30
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_SV4002H rev.QP100-07
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kxldypob.sys
---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xB591A9CA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xB591AA61]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xB591A978]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xB591A98C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xB591AA75]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB591AAA1]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xB591AB0F]
Code \SystemRoot\s... Read more

23 more replies
Relevance 55.35%

Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
Processor: Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz, x86 Family 6 Model 15 Stepping 13
Processor Count: 2
RAM: 2039 Mb
Graphics Card: Intel(R) Q965/Q963 Express Chipset Family, 256 Mb
Hard Drives: C: Total - 66056 MB, Free - 11930 MB; D: Total - 10244 MB, Free - 8529 MB;
Motherboard: Hewlett-Packard, 0A60h, , MXM73402BS
Antivirus: Microsoft Security Essentials, Updated: Yes, On-Demand Scanner: Enabled

I'm experiencing IE redirecting in both Yahoo search and Google as my computer was infected with this Windows XP Recovery virus a few weeks ago which essentially hijacked my computer. It was difficult to eradicate. Besides this redirecting, I can't complete Windows Update downloads upon Shutdown, my computer periodically crashes (my taskbar will disappear and then the system freezes causing me to restart. Below please find my log file for HijackThis. Any help you could provide would be incredible. Thanks!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:34:07 AM, on 5/31/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\Sys... Read more

Answer:Redirect virus and other issues as a result of Windows XP Recovery virus

closing duplicate. Please do not create duplicate threads for the same issue. As malware is the busiest forum on the site, it's quite possible for some threads to get overlooked; if this occurs, please type 'bump' in the quick reply box after 24 hours have passed.

The thread I am keeping open is located at http://forums.techguy.org/virus-oth...13-ran-all-scans-requested-administrator.html .

thanks,

v
 

1 more replies
Relevance 54.53%

Hi.

Earlier today I clicked on a photograph on a blog and the next thing I knew my laptop was going crazy. (I have an HP laptop running Windows Vista designed for Windows XP.)

The Windows Recovery screen came u[p, and all my files disappeared and my screen looked different.

I spent much of the day getting rid of the Windows Recovery virus (or so I thought). I used Malwarebytes Anti-Malware as well as Advanced System Care. But, the color of my screen is still a little off, plus I keep getting this Internet Script error messages. (I use Mozilla Firefox but also have Internet Explore 8 on my laptop.) Now, my web searches on Mozilla Firefox are often being redirected to Tazinga.

Thank you a million times in advance for any help anyone can give me.

Answer:Windows Recovery virus followed by Tazinga redirect virus

Hi there,We Need to check for Rootkits with RootRepealDownload RootRepeal from the following location and save it to your desktop.Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorExtract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).Open on your desktop.Click the Report tab.Click the Scan button.Check all seven boxes: Click OkCheck the box for your main system drive (Usually C:), and press Ok.Allow RootRepeal to run a scan of your system. This may take some time.Once the scan completes, a logfile will open Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.Download and scan with SUPERAntiSpyware Free for Home UsersDouble-click SUPERAntiSpyware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink ... Read more

5 more replies
Relevance 54.53%

Had the Windows Recovery Virus, and was able to get rid of it after a few scans (Malwarebytes, Spybot, and Avast). After I fixed that problem (presumably) I discovered I had the google redirect virus, as well as the random ad virus that plays audio with no windows open. Also IE opens randomly on its on, as well as error messages for windows explorer. After many hours of trying to get rid of this problem I have had zero luck with anything I've tried including system restore from before the problem occurred. Here are my DDS logs, hijack this, and GMER log.

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_15
Run by TIM at 19:41:30 on 2011-05-30
Microsoft? Windows Vista? Home Basic 6.0.6002.2.1252.1.1033.18.3070.2002 [GMT -7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C... Read more

Answer:Windows Recovery Virus, Google Redirect Virus

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator&#... Read more

62 more replies
Relevance 54.53%

I read someone else's post with the same problem.. (he didn't have the shell32.dll one though) and I did what the other posts said. Here is my HijackThis Log. Please help me. And also.. lately Spybot - Search & Destroy hasn't been finding any spyware or anything at all. It used to find something every time I ran it.. but not anymore. I don't know if that has to do with these changes though. My Sims 2 game won't start anymore either. It reads the CD but it never starts. The game isn't scratched or anything.. maybe I just need to clean the drivers. But I thought since one of these changes says drivers in it.. that might be the reason why my game won't start. If you have any tips on how to help my computer run a little faster.. that'd be great too. I feel like my computer goes slower than it should. It's also been making a lot of weird noises lately. I'm sorry for listing so many problems.. I don't know if I'm supposed to post these here.. but if you could help me with all of that.. that would be really great. Thanks in advance.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:55:39 AM, on 12/9/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16544)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files ... Read more

Answer:Avg Anti Virus Found C:\windows\system32\shell32.dll And C:\windows\system32\drivers\etc...

..Update..A computer guy came and looked at my computer. He said I needed a new fan.. so I don't need help with that now. My Sims game also works now.I just need to know if I'm infected.. and if there's something wrong with my Spybot.. and how I could change my hosts back or whatever is wrong with them. Thanks. I have a new problem now though.. I can't watch videos on Mtv.com. When I pause them, they won't load anymore. Only if I play it.. and I don't have a very fast internet so.. it loads slow. So it always stops every 5 seconds. It's very annoying. It did it before.. but then worked sometimes. I thought it might have been the site or maybe a lot of people were watching it, but it hasn't been working at all now. Can you please help me with that too?

10 more replies
Relevance 54.53%

Hijackthis logLogfile of Trend Micro HijackThis v2.0.2Scan saved at 1:14:49 PM, on 2/1/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\WINDOWS\system32\HPConfig.exeC:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exeC:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exeC:\Program Files\LogMeIn\x86\RaMaint.exeC:\Program Files\LogMeIn\x86\LogMeIn.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\Program Files\RealVNC\VNC4\WinVNC4.exeC:\Program Files\Norton Password Manager\AcctMgr.exeC:\Program Files\MUSICM... Read more

Answer:Avg Found Lop Virus? \windows\systems32\vtssq.dll Need Help.here Is My Log

Hi,You are dealing with Several different infections, so we'll have to do this step by step..Open HijackThis, click Config, click Misc ToolsClick "Open Uninstall Manager"Click "Save List" (generates uninstall_list.txt)Click Save, copy and paste the results in your next post.

23 more replies
Relevance 54.53%

I opened an infected file and AVG instantly detected six trojans in the following locations: C:\WINDOWS\system32\tuvtusq.dll, C:\Documents and Settings\ HP_Administrator\Desktop\serial.exe, C:\ovvbu.exe, C:\hlkhyer.exe, C:\mivlms.exe, C:\lifsdxvr.exeI chose to quarantine all six. I'm now wondering if it is safe to leave it as is or if I should delete all of them. It does not give me the option to clean. I believe that only one of the locations is a Windows file, does that mean that I can delete the other five and that I must leave that infected Windows file alone? And does leaving a quarantined Windows file mean that the system cannot use it, which in turn will affect system performance?This is only the second time I've had an infection, so I'm fairly new at this.Any help would be appreciated =)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:17:14 PM, on 3/21/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16608)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\Ati2evxx... Read more

Answer:Virus Found C:\windows\system32\tuvtusq.dll

Hello FlushaToilet,

Welcome to Bleeping Computer

Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea

2 more replies
Relevance 54.53%

I have cleaned everything, run ccleaner, defragmented, flushed the DNS cache, and run a virus and spyware scan with nothing to be found.

I don't want to have to reformat, but is there anything else I can do?

Answer:Windows Xp running very slow,but not virus found

Hi Tazmania,

Sometimes when a machine runs slow it can indicate a Hard Drive is on it's way out. I would backup all your stuff right now before it is too late. You could also try running chkdsk. Just a few suggestions that are on the top of my head.

-Xuma

4 more replies
Relevance 54.53%

Tried running malwarebytes and removed two problems but did not fix the problem. McAfee still finding trojan and firewall continues to turn itself off. Help is appreciated on where to start. Thanks.
 
Virus I believe came off of a video file from a co-workers hard drive. I knew better than to install an unknown codec but it looked like the file for windows media player and started it without paying close enough attention. There was also no cancel button.
 
Will get DDS downloaded and a log up tomorrow. All I have at the moment is work access which I can not download from.

Answer:windows 7 zeroAccess-FAT!CBB5F2DB64C0 virus found

to BC Forums, ars2210!! Please do the following...    Download the Farbar Recovery Scan Tool:Link: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/Select the version that applies to your system.Save it to your Desktop. Double-click the downloaded file to run it.When the tool opens click Yes to the disclaimer. Press the Scan button. The tool creates a log (FRST.txt) in the same directory from which the tool is run (Desktop).Please provide the FRST.txt in your reply. The first time the tool is run, it also makes another log: Addition.txtAlso post the Addition.txt in your reply.  Next, download the Farbar Service Scanner:Link: http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/Save to the Desktop  Make sure the following options are checked:Internet Services Windows Firewall System Restore Security Center Windows Update Windows Defender  Press: Scan  When done, FSS creates a log, FSS.txt, on the Desktop.  Please provide the FSS.txt in your reply. 

20 more replies
Relevance 54.53%

I was using a program used to split videos named "Power Video Cutter" which I obtained from download.com and scanned for viruses using MS security essentials before installing it when I suddenly received a message from MS security essentials indicating that an exploit was found on my pc: Win32/CVE-2010-0818.gen

Category: Exploit
Description: This program is dangerous and exploits the computer on which it is run.
Recommendation: Remove this software immediately.
Microsoft Security Essentials detected programs that may compromise your privacy or damage your computer. You can still access the files that these programs use without removing them (not recommended). To access these files, select the 'Allow' action and click 'Apply actions'. If this option is not available, log on as administrator or ask the local administrator for help.
Items:
file:C:\video1.wmv
Can someone tell me what exactly that virus is and why download.com would make a file that has a virus available for download?
 

Answer:windows security essentials found a virus on my PC! Can someone tell me what it does?

szdpd said:





I was using a program used to split videos named "Power Video Cutter" which I obtained from download.com and scanned for viruses using MS security essentials before installing it when I suddenly received a message from MS security essentials indicating that an exploit was found on my pc: Win32/CVE-2010-0818.gen

Category: Exploit
Description: This program is dangerous and exploits the computer on which it is run.
Recommendation: Remove this software immediately.
Microsoft Security Essentials detected programs that may compromise your privacy or damage your computer. You can still access the files that these programs use without removing them (not recommended). To access these files, select the 'Allow' action and click 'Apply actions'. If this option is not available, log on as administrator or ask the local administrator for help.
Items:
file:C:\video1.wmv


Can someone tell me what exactly that virus is and why download.com would make a file that has a virus available for download?Click to expand...

How do you know it came from download.com ?

video1.wmv in the root of c is weird!
 

7 more replies
Relevance 53.71%

Good Day

This File has been flaged as a Virus Did Reaserch On google Got some mixed answers

Can any one please help

Path and file

D:\Windows\WinSxS\wow64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_6.3.9600.18192_none_9091bc412b87848c dnsapi.dll

Thank you

More replies
Relevance 53.71%

the windows security cannot detect my anti virus. I went to the Windows security and it says " Virus Protection NOT FOUND." i always keep my anti virus up to date. pls help...

Reply as soon as possible..
thx
 

Answer:Anti virus Not found? in windows security alerts.

Is your AV icon by the clock and what AV program is it?

What happens after you reboot your computer?

Did it come back?
 

1 more replies
Relevance 53.71%

Good Day

This File has been flaged as a Virus Did Reaserch On google Got some mixed answers

Can any one please help

Path and file

D:\Windows\WinSxS\wow64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_6.3.9600.18192_none_9091bc412b87848c dnsapi.dll

Thank you

More replies
Relevance 53.71%

For some reson, Windows Security Center says that Virus Protection is not found even though I have my antivirus on. My AV is Microsoft Security Essentials.

I tried uninstalling and reinstalling MSE and Windows Security Center still keeps saying that I don't have an AV on even though I do. I just got done doing full scans with MSE and with Super AntiSpyware and the both came up clean. I don't know what's going on.

Another thing I might mention is that when I tried to do a system restore, I couldn't do it because apparently it had been turned off, even though I swore I had it set to on before.

Could anyone help? Thank you!

Answer:Windows Security Center says "Virus Protection Not Found" even though I have an AV on

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results here.If you get crashes in normal mode,run it in safemode with networkingDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

18 more replies
Relevance 53.71%

I have tried eveything and cannot get rid of this damn virus

AVG resident shield picks it up on opening and all I can do is select remove threat as power user and ignore it, there is no option to remove/clean it.

Here is my HJT log...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:44:45 AM, on 22/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32... Read more

Answer:Virus found Win32/PEPatch in ...windows/spoolsv.exe

Can I get some help with this please?
 

1 more replies
Relevance 53.71%

Hello everyone, as of recently I have a horrible problem. I have a virus, or maybe it is malware, it brings me to a blue screen saying there is a windows error, even while I tried to format my hard drive, after fully formatting it and putting on windows again I have the same error, then I tried putting a different windows, and it went to the blue screen during the middle of the installation in dos.

The worst part is, after I shut down my computer by holding the button (becaus alt control delete doesn't work during the blue screen) it shuts down my computer out of nowhere before I get to windows, several tries, turning it on, somewhere in dos, turns off.

Actually the real worst part is, I am only in windows for a limited time, so no matter what antivirus I use, I cannot really scan for it, which is why I need a removal tool of some sort.

Do any of you have an idea of what is happening? Or if this is a new virus or not...?

P.S. I apologize if I am not allowed to post this but I am desperate.
 

Answer:New Major Virus Found, shuts down computer before it gets to windows

If you did a complete reformat and clean install, you need to post in the software forum for further assistance.
 

5 more replies
Relevance 53.71%

Hello I thought my issue was resolved when my thread closed here; http://forums.techguy.org/virus-oth...-computer-invaded-possibly-steal-banking.html

But now I used a new scanner and found new viruses in the windows folder. The files have long names:

That start with
2koma
2kompjtgt
2loklq

when I try to move or delete them some folders cant be entered (ownership issues?) or the file name is too long to move.
 
These are the files found so far
 
C:/Windows/SysWOW64/KBBDCA.DLL
C:\Windows\SysWOW64\KBBDCA.DLL
C:/Windows/SysWOW64/KBDCCA.DLL
C:\Windows\SysWOW64\KBDCCA.DLL
C:/Windows/SysWOW64/KBDDA2.DLL
C:\Windows\SysWOW64\KBDDA2.DLL

trojandownloader: win32/regonoid.gen!A
Scanned by MS Security Essentials

I know there is still an issue because my sound doesn't work I go to the sound device and disable>re-enable and it works for a minute then stops again. I have NO EXTERNAL SPEAKERS. This is a laptop.

Please let me know what I can do. Should I download a firewall?
I am doing a new scan and using Secunia Online Software Inspector as I type.

Thank you
 

More replies
Relevance 53.71%

Running windows xp professional, was attacked with the fake windows security 2012 virus. I have Avast installed on my system but it didn't seem to catch it. Ran Malwarebytes and had it clean the system, now I have no access to my network. No internet, no printer.
Did the netsh firewall reset, still nothing.

Your help is greatly appreciated.

Mike

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2011.12.24.05

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18702
Big Jeff :: JEFFSCOMPUTER [administrator]

1/5/2012 10:55:50 AM
mbam-log-2012-01-05 (10-55-50).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 218364
Time elapsed: 15 minute(s), 17 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|RRT-Auto (Autorun.RRT) -> Data: D:\New Folder\RRT.exe auto -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
D:\New Folder\RRT.exe (Autorun.RRT) -> Quarantined and deleted successfully.

(end)
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.1870... Read more

More replies
Relevance 53.71%

WinXPpro, SP3 It seems that I have the "Windows Recovery" virus onto my PC. After the "Windows Recovery" window appearing, I am now getting a continuing reboot.
I have XP CD
I can reboot to that drive using F11.
I "press any key to start from CD"
"Windows Setup" appears and load files
"Welcome to setup" appears
I press enter "To set up Windows XP now, press enter"
I press F8 to agree License
"The following list shows the existing Partitions etc" appears
I select C: Partition unknown 59734 MB (59733 MB free)
But...the only options at the bottom of the screen are:-
Enter=Install. "ESC=Cancel"
I was expecting to see "R=Repair" .
Has anyone any idea where I am going wrong. the funny(?) thing is that I am almost reaching the stage to move to Window 8 on a new machine but I obviously want my files.
Thanks in hope.

Answer:Windows Recovery Virus on Windows Xp

This link may help you:
click here

6 more replies
Relevance 53.71%

Hi there! First and foremost, I am somewhat of a noob... but I am hoping that my own actions didn't further my computer's trouble. My computer was entirely unprotected when it was infected with the Windows Recovery Virus a few days ago. I attempted to download Avast, but the virus blocked it. So I ran RKill, which seemed to have worked, then I downloaded both Malwarebytes and Avast and ran them both, which moved the viruses to my "chest", but when the chest was full began deleting the infected files. I am able to get on the internet and other typical functions (albeit veeeeeeeeery slowly) but my files can only be found when I run them by name. Is there anything I can do to fully restore my computer?

Thank you so much for any help you can offer!!

Answer:Windows Recovery Virus - Virus Removed, but...

And also... now, several days later, scour.com has started hijacking google searches again. *sigh*

8 more replies
Relevance 53.71%

Simple question : - the computer refuse to update, when installing the updates it gives an error message and all the next updates fail to install. Is there a way to make the install process resume correctly. Since i'm not a computer geek, i would appreciate help on how to investigate and solve / correct this issue. I'm a bit concerned as this has blocked several updates which some are said to be important. The SP1 went fine, but then no updates has occured since oct.2008 Thanks in advance for your guidance Best regards

Answer:Windows update fails and block subsequent update

Hi calabrache,

You can see if Windows Update and Background Intelligent Transfer Service (BITS) and Remote Procedure Call (RPC) in "Services" is disabled/stopped and re enable/start it again.

Start Menu-Control Panel-Administrative Tools-Services. Double click on BITS, and Windows Update to set them to Automatic/Delayed Start and Start them if they are stopped and make sure Remote Procedure Call is set to Automatic.

You can also try to reregister WU. Type cmd in the start menu search bar and right click on cmd. Click run as administrator. In the command prompt type: NET STOP WUASERV and press enter
type: REGSVR32 %WINDIR%\SYSTEM32\WUPS2.DLL and press enter
type: NET START WUASERV and press enter
Exit out of the cmd.

Restart your computer and see if it works.

Also you may want to do a malware scan with an Antivirus/Antispyware program to make sure you don't have any malicious software on your computer.

2 more replies
Relevance 53.3%

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/461756 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Answer:nginx virus, ie opening hundreds of windows, 404 not found error (appears same as nginx virus)

Hello again!I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.Thank you for using Bleeping Computer, and have a great day!

2 more replies
Relevance 53.3%

I got this virus a few days ago, fortunately on a secondary machine that we don't use that often.
I get a fake recovery window, with a whole lot of fake error reports. I was also unable to open the task manager or to view most of my files.

I used Rkill to disable the virus so it won't run, and by changing settings under "my computer" can now view my files. However, I have not been able to remove it. I downloaded and installed Malwarebytes; it ran once and found Hijack Task Manager but did not find the "recovery" problem. I'm not sure if the Malwarebytes database was up to date or not.
After running malwarebytes once, I can't update the database or get it to run again--Now I get an error message that says "Program_Error_Missing_File (2, 0, Mbamcore.dll) The system cannot find the file specified" and then "Runtime Error '53': File not found: Mbamcore"

.
DDS (Ver_2011-06-03.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_18
Run by Carol Church at 12:33:13 on 2011-06-05
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.303 [GMT -4:00]
.
AV: AVG Anti-Virus Free *Enabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\... Read more

Answer:Windows Recovery virus (XP)

Hello theGeoff , Welcome to Bleeping Computer.
My name is fireman4it and I will be helping you with your Malware problem.

Please take note of some guidelines for this fix:
Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.1.We need to remove Avg Antivirus As will interfere with some of the tools we need to use for this fix.Please download Appremover and run it to remove Avg.2.Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip... Read more

12 more replies
Relevance 53.3%

My wife's computer just got a virus - Windows 7 Recovery. It hid all the files (I was able Unhide the files) But it keeps coming back with Harddrive failure and Critical Ram useage, and Ram memory Failure. If I reboot it the Hidden files are reset back.

I have ran Defogger.exe, dds.scr and RKUnhooker.exe trying to repair this issue. Any other suggestions I should run to fix this issue?

Thanks,
Scott

Answer:Virus - Windows 7 Recovery

Hi sbaugh, to BleepingComputer. My name is Jason and I'll be helping you. You can call me by my screename jntkwx, or Jason is fine.Try following all of the steps listed here: http://www.bleepingcomputer.com/virus-removal/remove-windows-7-recoveryHopefully, you will be virus-free after following all of those steps. If however you run into problems with any of the steps in that guide, please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

1 more replies
Relevance 53.3%

I have an old presio pc and I just got a virus on it today and I cant acces the interent or anything I get windows recovery keeps coming on when I start it up and when I try to unstall it it wont let me and geek squad isnt coming till next week please Iam just a begerninner thanks.

Answer:windows recovery virus in xp

http://www.bleepingcomputer.com/virus-removal/remove-windows-recovery

1 more replies
Relevance 53.3%

Hello, I'm new here.. I created this topic just so I could get some help for that dreaded Windows 7 Recovery virus..Yesterday I was browsing the internet [on what I thought were safe sites.. I literally got the Avast notices popping up while looking for recipes] and then the fake Windows warnings started coming up. My friend told me this was the Windows 7 Recovery virus. I immedietly started scanning with Malwarebytes but the virus restarted my computer after about 10 minutes or so.I got onto my dad's laptop [which is the one I'm on right now] and booted my own laptop in Safe-Mode hoping I could catch the virus. I believe I originally "caught" it and deleted it out of quarantine but the virus icon remained on the desktop and the fake scareware ad pops up whenever I restart. Then I found BleepingComputer's solution to this virus and downloaded RKill onto my computer [in safe-mode, just to be sure I could even download anything] and then rebooted out of safe-mode to try and use RKill. Avast blocked it and wouldn't let me open it no matter what setting I chose on it's popup [Open normally, for example] and that's where I'm stuck.Any help getting me rid of this virus would be extremely appreciated, thank you!!EDIT: I should also mention that whenever I start MalwareBytes, it wants to update but I get an "Malwarebytes update error 5, 0, Createfile" error, and the update fails. I found this solution here: http://forums.ma... Read more

Answer:Windows 7 Recovery Virus Help

Have you been able to run Malwarebytes?

27 more replies
Relevance 53.3%

Hello everyone. My computer was infected with the windows recovery virus. I was able to remove it using the instructions I found on this site as the result of a google search. Thank you very much to those responsible. Like others I have seen, I am still dealing with unwanted audio ads and Google search hijacking. I was not able to find any self-service fix for these issues so I am requesting help. Thank you in advance.

Answer:Windows recovery virus...almost there.

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator&#... Read more

3 more replies
Relevance 53.3%

I got a very unattractive piece of malware on my puter that was called something like "Windows Recovery". It's completely rearranged my computer so that none of my program files are visible. I've run Trend and Malwarebytes to clean it off. I am now trying to do a system restore but it just freezes when I try to confirm the system restore date.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:08:57 AM, on 23/03/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:... Read more

More replies
Relevance 53.3%

Thanks in advance for the help. I had the windows recovery virus a couple of months ago and thought I had gotten rid of it. It came back a few wks ago and froze my computer up. I was finally able to run cureit from a flash drive in safe mode and it was able to remove a bunch of stuff. Then in normal mode I ran rootkill, which found nothing and then Malwarebytes, which also found nothing. So I assumed I was good. But now every so often I can't connect to the internet. It will be fine one minute, then next minute it will say I don't have a connection. The only thing that seems to fix it is when I restart the computer. Any suggestions?
Thanks,
Nathan

Answer:windows recovery virus

See if this helpsFor the connection try these...Please click Start > Run, type inetcpl.cpl in the runbox and press enter.Click the Connections tab and click the LAN settings option.Verify if "Use a proxy..." is checked, if so, UNcheck it and click OK/OK to exit.Now check if the internet is working again.ORGo to Start ... Run and type in cmdA dos Window will appear.Type in the dos window: netsh winsock resetClick on the enter key.Reboot your system to complete the process.Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!Be sure to download TDSSKiller.exe (v2.5.6.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.Click the Start Scan button.Do not use the computer during the scanIf the scan completes with nothing found, click Close to exit.If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.Ensure Cure (default) is selected, then click Continue > Reboot now t... Read more

1 more replies
Relevance 53.3%

Greetings.

My computer was infected with the "Windows Recovery" virus. For the removal, I followed the instructions on this page: http://www.bleepingcomputer.com/virus-removal/remove-windows-recovery . After step 17, I restarted my computer and no matter what option I choose, it always takes me to the same screen, where I must choose between "safe mode, safe mode with networking, safe mode with command prompt, last known good configuration and start windows normally". It is just impossible to pass this screen. I dont know what to do. Any help?

Answer:Windows Recovery virus

Here at BC we have two main malware forums.

The Am I Infected forum is used much like a acreening forum, in addition to handling all malware posts which do not reflect the appropriate malware logs which would result in being moved to the BC Virus, Trojan, Spyware, and Malware Removal Logs - http://www.bleepingcomputer.com/forums/forum22.html .

Part of the process posting in the Malware Removal Logs forum are reflected at Preparation Guide, Before Using Malware Removal Tools and Requesting Help - http://www.bleepingcomputom/forums/topic34773.html . If you wish to post in Malware Removal Logs forum...follow Steps 6 thru 9 exactly as they are written.

Currently, a backlog exists in the MRL forum, with logs from 16 Apr reflected at the top of the list.

The Removal Guide that you refer, saying that you have followed it...well, it has a section that you don't seem to have read.

"If you are still having problems with your computer after completing these instructions, ..." which directs you to follow the Prep Guide linked above. Perhaps you overlooked at part of the Removal Guide

Malware posts which do not reflect the appropriate malware logs...are routinely moved to the Am I Infected forum. This is done because there may be a solution available more quickly in the Am I Infected forum, as opposed to a 7-8 day wait in the Malware Removal Logs forum...and it allows us to try to facilitate the tracking and resolution of malware problems for members who have not fo... Read more

1 more replies
Relevance 53.3%

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
If I instruct you to download a specific tool in which you already have, please delete the copy that you hav... Read more

Answer:Windows XP Recovery Virus

Here are the logs you asked for.RkU Version: 3.8.388.590, Type LE (SR2)==============================================OS Name: Windows XPVersion 5.1.2600 (Service Pack 3)Number of processors #2==============================================>Drivers==============================================0xB95A3000 E:\WINDOWS\system32\DRIVERS\nv4_mini.sys 6557696 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 174.93 )0xBF9D6000 E:\WINDOWS\System32\nv4_disp.dll 5984256 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 174.93 )0x804D7000 E:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System)0x804D7000 PnpManager 2150400 bytes0x804D7000 RAW 2150400 bytes0x804D7000 WMIxWDM 2150400 bytes0xBF800000 Win32k 1851392 bytes0xBF800000 E:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)0xB944F000 E:\WINDOWS\system32\DRIVERS\athw.sys 1310720 bytes (Atheros Communications, Inc., Driver for Atheros AR5008 Wireless Network Adapter)0xB70F2000 E:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 991232 bytes (Conexant Systems, Inc., HSF_DP driver)0xB9BE4000 E:\WINDOWS\system32\DRIVERS\NVNRM.SYS 950272 bytes (NVIDIA Corporation, NVIDIA Network Resource Manager.)0xB724D000 E:\WINDOWS\system32\drivers\CHDAU32.sys 778240 bytes (Cone... Read more

17 more replies
Relevance 53.3%

Hi, a couple of days ago my computer became infected with Windows recovery virus. I have 2 user accounts on my pc (windows XP)but only one of the user accounts appears to be infected. By this is mean that my desktop has dissapeared and is now a completely black screen, all of my documents and my programs have dissapeared and i frequently get pop ups and warnings telling me that my computer is infected. I tried to follow the guide given on this site named: 'Automated Removal Instructions for Windows Recovery using Malwarebytes' Anti-Malware.' But i encountered 2 major problems: When i download and save 'RKill' to my desktop i cannot seem to run it, and when i try to download MBAM i recieve an error message saying 'access is denied' at the final stage of installment. Any help would be appreciated, Nat.

DDS:

.
DDS (Ver_2011-06-03.01) - NTFSx86 NETWORK
Internet Explorer: 6.0.2900.2180
Run by Administrator at 0:17:32 on 2011-06-06
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.1022.583 [GMT 1:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton Internet Worm Protection *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Apps\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files&#... Read more

Answer:Windows Recovery virus

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator&#... Read more

3 more replies
Relevance 53.3%

Hi all, I recently had the "Windows Recovery Virus" on my computer, I have been able to delete most of the files from it, so it doesnt pop up on my screen when I start up my computer anymore, but I cant change the background, access any files, or access any software(other than firefox because it is at the top of the start menu)

Does anyone know how I can make all the files unhidden for a start?

Quick update: I have found that I can actually view all files on my data hard drive, but, everything on the C hard drive is hidden.

Answer:Windows Recovery Virus

Please download and execute this file

http://download.bleepingcomputer.com/grinler/unhide.exe

Please be patient as this process can take a while. Wait until you see the Finished message box.

Let me know how things are.

2 more replies
Relevance 53.3%

Hello! I hope you're well. A few months ago bleepingcomputer helped me remove the Windows Vista Recovery Virus from my laptop. When my sister-in-law told me what was happening to her computer I knew exactly what it was, except she has XP not Vista.

I was able to install Malwarebytes and I ran it. I installed Microsoft Security Essentials and ran it as well. I currently have that setup for the real-time protection. I manually removed all unwanted and unnecessary programs and cleaned the registry of known associations with the Recovery Virus. I took extreme care to only remove the registry items I could verify were the virus.

I know there's still things wrong with it even though Malwarebytes and MSE tell me the computer's clean. I can see random letter processes running that I don't think should be there. I know there's cleanup tools but I'm not sure what the next step is. That's why I'm here

The outstanding issues on the computer are as follow...

1) The computer runs extremely slow. So slow that I'm using my laptop to post this because the infected computer crashed before I could click "Post..."
2) There's an annoying "Coupons" bar that shows up while using Google Chrome. I removed it from the Programs list but the bugger still pops up on Chrome.
3) The Start Menu items are empty. I think I may have screwed this one up. I read that the virus moves the items to the TEMP folder. Sadly, I read that after I delet... Read more

Answer:Windows XP Recovery Virus

Hello can you post one of those processes,It is probsbly the clue.Yes do not run a Temp file or reg cleaner now.I'd like us to scan your machine with ESET OnlineScanHold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScanClick the button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on to download the ESET Smart Installer. Save it to your desktop.Double click on the icon on your desktop.Check Click the button.Accept any security warnings from your browser.Under scan settings, check and check Remove found threats Click Advanced settings and select the following:Scan potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth technologyESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.When the scan completes, push Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.Push the button.Push NOTE: In some instances if no malware is found there will be no log produced.

15 more replies
Relevance 53.3%

Ive run RKill and scanned with malwarebytes which seems to have removed the main infection but I now have no desktop icons and my program list is empty except for open office. All favourites in Internet exporer are also missing.

DDS log:

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Admin at 11:42:27 on 2011-05-21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1312 [GMT 1:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Saitek\DirectOutput\DirectOutputService.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
C: ... Read more

Answer:Windows Recovery Virus

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

13 more replies
Relevance 53.3%

Hello,

I recently had a run in with the Windows XP Recovery Virus and am still trying to clean up the carnage. I have run Combofix and it tells me that it has detected rootkit activity and has to reboot. Prior to rebooting it asks me to note a file named ntos.exe. After letting combofix run fully if I run it again I get the same message regarding the same file. It's as if combofix can detect the rootkit activity but can't clean it. At this point I have lost most of my local profile, preferences and all the files on my desktop appear, but only after selecting "View Hidden Files" option. I am certain the computer still has issues but I can't clear them out. Any help would be greatly appreciated.

Eric

Here is the Combo Fix log:

ComboFix 11-05-25.03 - Administrator 05/26/2011 10:15:47.14.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.989.594 [GMT -4:00]
Running from: c:\documents and settings\Administrator.LIMERICKMACHINE\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\TEMP.LIMERICKMACHINE.000\Application Data\64dlls.exe
c:\documents and settings\TEMP.LIMERICKMACHINE.000\Application Data\intel64.exe
c:\documents and settings\TEMP.LIMERICKMACHINE.000\Application Data\Kernel32.exe
c:\documents and settings\TEMP.LIMERICKMACH... Read more

Answer:Windows XP Recovery Virus

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
If I instruct you to download a specific tool in which you already have, please delete the copy that you hav... Read more

2 more replies
Relevance 53.3%

My dads computer just got this windows xp recovery virus. how do I get rid of it?

Answer:windows xp recovery virus

just follow the steps in the following...

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

4 more replies
Relevance 53.3%

I've had this virus for a week or 2 now, and it is a real pain. I've managed to remove most of it I think, some of it with AVG and Clamwin and the rest manually (registry keys, files etc.). However, audio ads are playing over my speakers sporadically and I keep getting script error pop-ups, always with the same site (which I have never visited). Plus I have to keep 'un-hiding' my files, which really sucks. I downloaded a program called Hijackthis to do a scan of my computer, but I have no idea what's bad and what's good. This is what the results of the scan are -

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:56:17, on 26/04/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 SP3 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG10\avgfws.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\... Read more

Answer:Windows Recovery virus . . HELP!

Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far. Upon completing the steps below another staff member will review your topic an do their best to resolve your issues. If you have already posted a DDS log, please do so again, as your situation may have changed. Use the 'Add Reply' and add the new log to this thread. Thanks and again sorry for the delay. We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scr DDS.pifDouble click on the DDS icon, allow it to run. A small box will open, with an explaination about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that... Read more

2 more replies
Relevance 53.3%

I have just been infected with the Windows XP Recovery Virus. Most of my Desktop icons are gone. Functionality seems to be there for the programs that I can get to. What do I need to do first?

Answer:Windows XP Recovery Virus

Hello and welcome to the forum!Remove Windows XP Recovery The instructions in this guide should take car of it for you.

1 more replies
Relevance 53.3%

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514
Run by owner at 10:52:35 on 2012-01-09
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2937.1740 [GMT -8:00]
.
AV: Webroot AntiVirus with Spy Sweeper *Disabled/Outdated* {53211D91-0C31-95F2-E3A5-7661FB22889E}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Webroot AntiVirus with Spy Sweeper *Disabled/Outdated* {E840FC75-2A0B-9A7C-D915-4D1380A5C223}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32�... Read more

Answer:Windows 7 Recovery Virus!

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofixLink 1Link 2* IMPORTANT !!! Save ComboFix.exe to your DesktopIMPORTANT....1. Close any open browsers.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.3. Do not install any other programs until this if fixed.How to : Disable Anti-virus and Firewall...http://www.bleepingcomputer.com/forums/topic114351.htmlDouble click on ComboFix.exe & follow the prompts. When finished, it will produce a report for you. Please post the C:\ComboFix.txt Note:Do not mouse click ComboFix's window while it's running. That may cause it to stallNote: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html===Third party programs if not up to date can be the cause infiltration of an infection.Please run this security check for my review.Download Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad... Read more

7 more replies
Relevance 53.3%

I followed the instructions and ran iexporer, then Malwarebytes antimalware, then unhide, but many of my program links in the start, all programs, say (empty).
Thanks for the help.

Answer:Windows XP Recovery Virus

Can you please provide me with a list of what files are empty in the Start Menu?Do this to restore 2 of the folders:Restore Accessories Program Files MenuPlease download this tool here.You will need to unzip the tool first.Once you've unzipped the tool, please double-click on it to run it.Ensure that the following check boxes are checked (as seen in this image below):Once they are, click on the Restore button.NEXT:Restore Admin Tools Program Files MenuPlease download this tool here.You will need to unzip the tool first.Once you've unzipped the tool, please double-click on it to run it.Click on the Restore Administrative Tools Items button.As seen in this image below:

21 more replies
Relevance 53.3%

I am having a problem with programs saying that they are now empty. I have been following Lugwrench who seems to have the same problem.
Here is the results of the systemlook program.
SystemLook 04.09.10 by jpshortstuff
Log created at 11:27 on 22/05/2011 by Rob Nee
Administrator - Elevation successful

========== dir ==========

C:\DOCUME~1\ROBNEE~1\LOCALS~1\Temp\smtmp - Parameters: "/s"

---Files---
None found.

C:\DOCUME~1\ROBNEE~1\LOCALS~1\Temp\smtmp\1 d------ [00:27 22/05/2011]
desktop.ini --ahs-- 272 bytes [00:58 28/04/2009] [08:44 28/04/2009]
Microsoft Update.lnk ------- 1566 bytes [08:28 28/04/2009] [08:28 28/04/2009]
New Office Document.lnk ------- 1992 bytes [16:34 29/01/2010] [16:34 29/01/2010]
Open Office Document.lnk ------- 2002 bytes [16:34 29/01/2010] [16:34 29/01/2010]

C:\DOCUME~1\ROBNEE~1\LOCALS~1\Temp\smtmp\1\Programs d------ [00:27 22/05/2011]
Acrobat_com.lnk --a---- 738 bytes [22:15 19/04/2010] [21:40 02/08/2010]
Adobe Reader X.lnk --a---- 1804 bytes [17:14 09/03/2011] [17:14 09/03/2011]
Apple Software Update.lnk --a---- 2265 bytes [20:33 14/07/2009] [16:47 16/07/2009]
desktop.ini --ahs-- 150 bytes [00:58 28/04/2009] [08:11 28/04/2009]
I.R.I.S. OCR Registration.lnk --a---- 651 bytes [02:25 19/11/2010] [02:25 19/11/2010]
Microsoft ActiveSync.lnk --a---- 1808 bytes [18:39 22/02/2011] [18:39 22/02/2011]
Microsoft Default Manager.lnk --a---- 1077 bytes [02:26 ... Read more

More replies
Relevance 53.3%

After removing the Windows Recovery Virus my desktop icons are grayed out and there are no programs in my program start file.

rmonroe01

Answer:Windows Recovery Virus

Try this:Please download UnHide.exe by Grinler.It will unhide folders/files that were set to be hidden by the infection you had.

8 more replies
Relevance 53.3%

I seem to have goten the windows recovery virus at some point, and can not seem to shake it. My anti-virus software doesn't even seem to pick up on the fact that it's there. So now I have no idea how to go about getting rid of it. Help?
I have a windows xp operating system.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:13:11 AM, on 4/19/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\employee\Application Data\dwm.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Documents and Settings\employee\Application Data\Microsoft\conhost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\DOCUME~1\employee\LOCALS~1\Temp\csrss.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\S... Read more

More replies
Relevance 53.3%

Hello! I was hit with the Windows Recovery XP Virus late yesterday afternoon and have been struggling to remove it ever sense. I've followed all of the steps listed on this website to remove it, but I'd like to make sure it's completely gone. I'm also afraid there may be something else wrong with my computer that may hopefully be listed in the DDS.txt below.

The reason I'm worried that the virus is still active, is that after going through all the steps, which seemed to work (my Malware and virus protect did find and delete the virus) there were still active icons on my desktop. I used the iExplore program, but it did not remove the icons. And I continued to get the false virus message when I used it. Also, my hidden documents are still hidden (my start up menu and all eight billion of my IE favorites) despite using the unhide program.

I deleted the icons from my desktop and ran the malware scan two more times and it said I was clean, but with those icons not wanting to budge, still getting pop-ups, and my files still hidden, I'm not sure if it's completely gone. If you could let me know if it's still there and what I can do to remove it completely, I would really appreciate it.

Thank you so much!


GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-26 07:48:02
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-7 ST3250824AS rev.3.AAE
Running: gmer.exe; Driver:... Read more

Answer:Windows Recovery XP Virus

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
If I instruct you to download a specific tool in which you already have, please delete the copy that you hav... Read more

2 more replies
Relevance 53.3%

Hey, how's it going everyone?

Yesterday my Grandpa's computer was infected with this Windows Recovery virus. His computer had a similar virus before and I cleared that up with System Recovery. Simple enough. I'm not too familiar with the Tech stuff, by far, so I thought I'd ask for help. I've read through countless threads on the subject and haven't came up with anything.

I'm not sure if it's still infected or not. Last night, while running in Safe Mode with Networking, I ran TDSSKiller, then Rkill, which allowed me to run Malwarebyte's Anti-Malware Pro, solving most of the problems. No more pop-ups, so far. But, under All Programs, Windows XP Recovery is still there. I'm afraid if I "uninstall" it, it'll start popping up again. So, maybe I still have the virus and it's dormant? I don't know.

Either way, under All Programs, all of them are '(Empty)'. I've used the newest version of the Unhide program. Nothing.

If it still have the virus, I'd like to know what else can be done to get rid of it. If it's not infected, how do I get the programs back?

I'm not sure how to show logs...

Thanks in advance!! Cheers!

Answer:Windows Recovery Virus.....

Well, I thought I got rid of the virus. It's not showing up, but, I noticed I couldn't System Restore. Also, Windows Automatic Update won't turn on. I don't know what to think. Also, all the programs are still '(empty)' on the Startup Menu.

1 more replies
Relevance 53.3%

Hi and thank you in advance for any help you can provide.I've been touring the site for the past couple of hours trying to get rid of the "windows 7 recovery" virust that seems to have taken hold. Here's what I've done so far:Last night I did a boot log with Avast upon its recommendation after it had blocked a couple intrusions, and it quarantined a few things.Upon entering windows the virus had multiple pop-ups, some of which could be stopped with the 'Task Manager'I isolated it from the internet and pulled out a second computer.From there I dowloaded Malwarebytes Anti-Malware onto the infected computer as it would not work there.This seems to have removed a number of threats as well.I also transfered an unhide file from http://www.pcrisk.com/removal-guides/6426-remove-windows-7-recovery-removal-instructionsThis did not seem to do anything and I found your forum article http://www.bleepingcomputer.com/forums/topic399676.html which was able to restore almost everything after the installation of "Take Ownership"The Problem is that the infected computer will still not connect to the internet - the browsers(iexplorere & chrome) will not take you anywhere even though I am connected to my router.I have run "Hijackthis" and will include the results in the hopes of speeding up the process if it helps.Thanks again.Logfile of Trend Micro HijackThis v2.0.4Scan saved at 12:05:22 PM, on 6/3/2011Platform: Windows 7 (WinNT 6.00.3504)MS... Read more

Answer:Windows 7 Recovery Virus

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator&#... Read more

3 more replies
Relevance 53.3%

Just when we thought xp was over.... :-D

System got hammered by the windows xp recovery virus. was not the user on the machine when it got infected, but it did quite a number. The usual symptems occured, hidden files, dns got wipped out, infections ran rampent.

Cleaned most of the system and following the Read Me First here are my logs. Wanted to verify the system is now clean.

Side note, I will be adding a standard user account to operate under vrs. the admin account which is used and enabled the machine to get hammered.
 

Answer:Windows xp recovery virus

Your logs are clean, though I would have liked to see a ComboFix log. All I see that you need to do is uninstall your old Java and after a reboot, download and install:
Java Runtime 6

If you are not having any other malware problems, it is time to do our final steps:
We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real time protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.We recommend them for doing backup scans when you suspect a malware infection.
If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)

Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
"%userprofile%\Desktop\combofix" /uninstall

Notes: The space between the combofix" and the /uninstall, it must be there.
This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.




Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
If running Vista, it is time to make s... Read more

3 more replies
Relevance 53.3%

I have followed the removal instructions on how to get rid of windows 7 recovery. I am still unable to run TDSKiller, and I am getting redirected when using Google. I have attached the logs from DDS and Gmer.Any help would be appreciated.Anyone have any ideas?EDIT: Please be patient. There are over 330 unanswered topics in this forum at present and the current average wait time to receive help is 10 days. ~Budapest

Answer:Windows 7 Recovery Virus

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

3 more replies
Relevance 53.3%

Have tried the uninstall guide but cant get past the download of RKill keeps posting installation failed. I am in safe mode w/networking and have been so with all users.

More replies
Relevance 53.3%

I ended up getting the Windows XP Recovery Virus yesterday and with luck and the following link I was able to get rid of it. Bleepingcomputer.com/virus-removalHowever, even after this virus had been removed it left some items still hidden. I ran unhide.exe several times with antivirus and firewall turned off, ran Malwarebytes several times, ran Microsoft scan (ended up finding one more virus with it) and did everything I can think of.But, I still have items hidden. For instance: I go to Start, All Programs, Microsoft Office it says empty. I go to Start, All Programs, Accesories, System Tools and the only thing there now is Internet Explorer (with no add ons). Since I could not run disk defrag I downloaded Auslogics Disk Defrag. I have several other programs not showing as well. Any Ideas?.DDS (Ver_11-05-19.01) - NTFSx86 Internet Explorer: 8.0.6001.18702Run by Dell User at 16:42:37 on 2011-05-24Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2558.1892 [GMT -6:00].AV: Windows Live OneCare *Enabled/Outdated* {427ADFC3-B354-4A51-BE34-A9D4218E45C4}FW: Windows Live OneCare Firewall *Enabled* .============== Running Processes ===============.C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Java\jre6&... Read more

Answer:Windows XP Recovery Virus

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
If I instruct you to download a specific tool in which you already have, please delete the copy that you hav... Read more

2 more replies
Relevance 53.3%

This popped up on my computer today and has blocked all my efforts to resolve this.. I went on your site and downloaded rkill and tdsskiller from another computer to a flash and it still blocks that. I did get it in safemode and found my files in my computer in the control panel. But I have no icons on my desktop, all programs come up empty, documents and pics are blocked. I finally got the icon for explorer to come up and it allowed me to get on the internet.. only to be stirred away from any site that would help me. I have followed the steps on here and this virus has blocked every effort I persue. If you have any help I would appreciate it.. I just moved here and I don't know any computer specialists yet. thanks

Answer:Windows XP Recovery Virus

Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far. Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.Can you download any of the following programs and run them? Sometimes, if you load them onto a flash drive or burn them to a CD, the Autorun feature will bring them up when you insert the disk or flash drive into the infected machine. If you have already posted a DDS log, please do so again, as your situation may have changed. Use the 'Add Reply' and add the new log to this thread. Thanks and again sorry for the delay. We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your d... Read more

2 more replies
Relevance 53.3%

I'm trying to remove Windows Recovery virus from Vista. Successfully ran RKill but when I try to run Malwarebytes setup it starts to run then shows access denied, correct problem and run set up again. I've tried renaming and that hasn't worked. Any suggestions?

Answer:Windows Recovery virus

Hi TAL10,

Try right clicking malwarebytes and run as administrator.

3 more replies
Relevance 53.3%

I entered a website last night and a weird message popped up (I don't remember what it said).I proceeded to leave the site then my anti-virus (Avast version 6.0.1125) said it blocked avirus/malware from attacking my computer (URL:Mal). After that message, another popped up askingme if I wanted to allow adobe flash player access to my computer. I clicked cancel but it continuedto pop up,at that time I decided to restart my computer. So, after restarting I noticed my usually smooth running computer had slowed down quite a bit, then my computer desktop went black and someicons disappeared. I noticed a triangle (yellow) with an exclamation point in the center on my toolbar,I messages about my computer hard-drive and hard-ware started popping up( Actual message said "Damaged hard-ware cluster detected" and "System detected a problem with one or more installed IDE"). A scanner popped up and said it was analyzing my pc performance, I let it run but did not allow it to "fix" my computer. I tried removing theWindows vista recovery virus (Followed Bleepingcomputer.com instructions step-by-step, twice! But this virus seems to be a bit stubborn ), the windows recovery icon is still on my desktop. Also, I can't seem to get my icons back.. I'm not sure what I'm doing wrong, can someone please help me remove this horrible virus? Help would be highly appreciated! DDS.txt log below!DDS (Ver_11-05-19.01) - NTFSx86 Internet Explo... Read more

Answer:Windows Recovery Virus...?

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

66 more replies
Relevance 53.3%

I recently got the Windows XP Recovery Virus on my computer and like many others on this forum had my Programs in the Start Menu showing up empty. Yesterday, I found them all in the following location on my c: drive

c: Documents and Settings\User Name\Local Settings\Temp\smtmp\1

I was able to copy all items from this directory and then just pasted them back to the correct directory (Start Menu on my c: drive) and now all my programs on the start menu are no longer empty.

Hopefully this helps others having this same issue.

Answer:Windows XP Recovery Virus

I don't know if I would have done that...did you do a Google search for the folder indicated...to see what it might represent?

Reason I ask is that path on my system...does not include a folder labeled smtmp.

I don't know if that's significant, but the only other readable/valid reference I find to such folder...is at http://www.threatexpert.com/report.aspx?md5=d53a228938822dd04236ed9a76891951 .

I would be concerned since that folder seems (my uneducated opinion) to have been created as a consequence of some malware item...at least, that's the interpretation I give it.

Louis

1 more replies
Relevance 53.3%

Per instructions, here is a link to my topic started in the "Am I Infected?" forum: http://www.bleepingcomputer.com/forums/topic400884.html

My computer has been infected with the Windows XP Recovery virus. It has hidden all my files, so I can't access the internet in normal mode. I tried following the Windows XP Recovery virus uninstall found on this website, but I ran into problems. Since I can't access the internet in normal mode, I have been going into safe mode with networking and downloading the required programs onto a flash drive then running them in normal mode. I was able to run RKill and while the black box was running, it said access denied, but it still produced a log and closed a few processes. I then ran TDSS rootkit removal and it didn't find anything. Next I tried to run Malwarebytes, but it wouldn't install.

So I followed the preparation guide for using malware removal tools and was able to produce the DDS logs, but when I try to run GMER it causes a blue screen after running for about 3 or 4 minutes. So here are the logs I was able to produce:
.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Run by Ross at 15:52:30 on 2011-06-03
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.40 [GMT -5:00]
.
AV: Windows Live OneCare *Disabled/Outdated* {427ADFC3-B354-4A51-BE34-A9D4218E45C4}
FW: Windows Live OneCare Firewall *Disabled*
.
============== Running Processes ========... Read more

Answer:Windows XP Recovery Virus

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator&#... Read more

29 more replies
Relevance 53.3%

When I log on to my user a "Windows XP Recovery" screen appears. Looks like it's doing a disk scan and has every imaginable error there is. I know this is a fake, but how do I get rid of it.
When I click on Start, All Programs - it's empty. When I go to explorer, it only shows the OS partition and it looks empty and the other partition is gone.

I've run Malwarebytes, log below.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 6516

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/2/2011 4:07:07 PM
mbam-log-2011-06-02 (16-07-07).txt

Scan type: Quick scan
Objects scanned: 191185
Time elapsed: 14 minute(s), 50 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 4
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
C:\Documents and Settings\All Users\Application Data\15851300.exe (Trojan.FakeAlert.Gen) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\AvScan (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\SolutionAV (Rogue.AntivirSolutionPro) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ljeuyboo (Rogue.Anti... Read more

Answer:Windows XP Recovery virus ???

Open MRL topic at http://www.bleepingcomputer.com/forums/topic401496.html/page__p__2275303#entry2275303 .Now that your log is properly posted, here, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the logs you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Now that you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another Malware Removal Team member is already assist... Read more

1 more replies
Relevance 53.3%

On April 21 my computer which has Windows XP sp3 got several viruses on it. One of them is the Windows Recovery Virus that says your hard drive has failed. It also has some sort of Rogue Security virus on it, though I can't remember the specific name. It would randomly restart my computer and it hid all of my files and programs except the recycling bin and Internet Explorer. I was able to get rid of about 2 or 3 elements of the virus by running a scan on Webroot AntiVirus, which got the computer to stop restarting randomly. Also, when I tried to compress Ark.txt and Attatch.txt into .zip files, that option was not available. The only option I was able to send the file to was the cd in my disk drive. I'm not sure what you want me to do about that. Here is the dds.txt data:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Austin at 13:55:28.77 on Sun 05/15/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1406.405 [GMT -5:00]
.
AV: AntiMalware *Enabled/Outdated* {28e00e3b-806e-4533-925c-f4c3d79514b9}
AV: Webroot AntiVirus with Spy Sweeper *Enabled/Outdated* {77E10C7F-2CCA-4187-9394-BDBC267AD597}
.
============== Running Processes ===============
.
C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2ev... Read more

Answer:Windows Recovery Virus

Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please be patient with me during this time.

19 more replies
Relevance 53.3%

I wasn't quite sure where to put this. It involves AOL Instant Messanger but it may or may not involve other software as well. Recently I believe I contracted a virus. "msmsgs.exe" which is related to MSN Instant Messager kept draining 99% of CPU Useage. So I uninstalled Windows Messanger, MSN Messanger, and deleted msmsgs.exe. That seemed to fix the problem, but about an hour later aim.exe started exhibiting the same behavior, draining 99% of CPU useage.

At this point I decided I probably have a virus/worm/trojan. I disabled System Recovery and deleted previous restore points, then ran Norton in Safe Mode. It picked up 5 things, I got rid of them. Then I deleted the registry keys in Windows>Run on regedit that reffered to them. Then just to be safe I ran SpyBot, AdAware and the virus scanner at www.antivirus.com. SO all of that seemed to fix the problem, or so I thought.

Now when I sign on to AIM and send an IM, AIM freezes for about 5 seconds and then the IM goes through. I've tried completely uninstalling it and reinstalling it, as well as installing older versions and all yield the same result, that 5 second freeze.

SO any help on what's happening or what I can do to fix it would be much appreciated. I've done everything within my knowledge to attempt to fix this.
 

Answer:Windows XP Virus Recovery help!

Logfile of HijackThis v1.97.7
Scan saved at 1:27:45 AM, on 4/18/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\AlienAutopsy\Test_BS.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\AlienAutopsy\TEKS_Service.exe
C:\Program Files\Norton AntiViru... Read more

3 more replies
Relevance 53.3%

Hi guys,

I was following your guide on removal of the windows xp recovery malware but when I got to running malwarebytes, I was able to follow your guide and download it but when I ran the EXE, it kept getting blocked from actually running. I was following your Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help and I made it to step # 8 when, while running the GMER scan, I got a blue screen warning that said I may have recently installed hardware or software that may need to be removed (possibly in safe mode) to protect my computer. What is my next step? I'm hesitant to run the gmer scan again and risk another blue screen of death.
Thanks!

Answer:Windows xp recovery virus

Here are the txt files that I got after running the DDS scan....

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-03.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 8/31/2009 2:28:04 PM
System Uptime: 6/4/2011 6:36:02 AM (1 hours ago)
.
Motherboard: Dell Inc. | | 0T816J
Processor: Intel® Core™2 Duo CPU T6670 @ 2.20GHz | U2E1 | 2172/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 192.231 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP259: 3/7/2011 8:38:17 AM - System Checkpoint
RP260: 3/8/2011 3:55:43 PM - System Checkpoint
RP261: 3/9/2011 4:18:32 PM - System Checkpoint
RP262: 3/16/2011 10:50:28 AM - System Checkpoint
RP263: 3/16/2011 3:44:16 PM - Software Distribution Service 3.0
RP264: 3/17/2011 4:08:18 PM - System Checkpoint
RP265: 3/21/2011 12:15:10 PM - System Checkpoint
RP266: 3/25/2011 4:05:37 PM - System Checkpoint
RP267: 3/27/2011 1:04:02 PM - System Checkpoint
RP268: 3/28/2011 2:34:09 PM - System Checkpoint
RP269: 3/31/2011 12:03:28 PM - System Checkpoint
RP270: 4/4/2011 1:00:05 PM - System Checkpoint
RP271: 4/11/2011 8:58:11 AM - System Checkpoint
RP272: 4/15/2011 10:53:12 AM - System Checkpoint
RP273: 4/17/2011 9:32:19 AM - System Checkpoint
RP274: 4/18/2011 10:25:44 AM - System Checkpoint
RP275: 4/19/2011 ... Read more

5 more replies
Relevance 53.3%

Hello
I have been researching the Virus for days now ran alot of scans on this virus with Malwarebytes and The Eset Nod, Im still having this virus, i have ran it in safe mode and put the malwarebytes address in the "run" ran it got rid of like 11 bugs then I ran it again got another 1, (i love malwarebytes for my needs but this virus is testing me), This is the Computer at my office so we have a computer tech guy but hes not in the same state and is busy, Note: he gave me the insturctions i have tried so far, he had me do a sytem recovery so i have started my computer up in regular mode and ran virus scan on both malwarebytes and Eset, they have both told me im clean, BUT i unhide my icons and BAM right there is the windows xp recovery i cant get rid of it! i even right clicked it and "ran with malwarebytes and Eset" and its saying its clean?? This is a really bad virus for hiding its self and looking safe, I dont know how to get it off now that my virus scans says its safe but i am 100% positive it is still there.

More replies
Relevance 53.3%

I have a netbook with Windows XP and now it hit by the Windows-XP-Recovery virus (or malware). Anyway the system bootup very slow, and I can only see the "Windows-XP-Recovery" on the desktop. It also lock my system so I can't do much.

I managed to do the scans but failed on the last one - GMER. It crashed twice and I end up with the BSOD. So I can only post the first 2 scan result here. Please help. Thanks a lot.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:55:44 PM, on 01/06/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files\SRS Labs\S... Read more

More replies
Relevance 53.3%

When I log on to my user a "Windows XP Recovery" screen appears. Looks like it's doing a disk scan and has every imaginable error there is. I know this is a fake, but how do I get rid of it. When I click on Start, All Programs - it's empty. When I go to explorer, it only shows the OS partition and it looks empty and the other partition is gone.I've run Malwarebytes, log below.Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 6516Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.187026/2/2011 4:07:07 PMmbam-log-2011-06-02 (16-07-07).txtScan type: Quick scanObjects scanned: 191185Time elapsed: 14 minute(s), 50 second(s)Memory Processes Infected: 1Memory Modules Infected: 0Registry Keys Infected: 2Registry Values Infected: 4Registry Data Items Infected: 2Folders Infected: 0Files Infected: 1Memory Processes Infected:C:\Documents and Settings\All Users\Application Data\15851300.exe (Trojan.FakeAlert.Gen) -> Unloaded process successfully.Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_CURRENT_USER\SOFTWARE\AvScan (Trojan.FakeAlert) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\Software\SolutionAV (Rogue.AntivirSolutionPro) -> Quarantined and deleted successfully.Registry Values Infected:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ljeuyboo (Rogue.AntivirusSuite.Gen) -> Quarantined and d... Read more

Answer:Windows XP Recovery virus

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator&#... Read more

3 more replies