Computer Support Forum

malware &/or virus (I think) is preventing AV updates

Question: malware &/or virus (I think) is preventing AV updates

Hello guys, I hope I've posted this in the correct place. I'm only averagely tech minded so I'll try my best

I'm running Windows XP (sp3) and mostly use Chrome browser with IE occasionally.

My Avira Free has refused to net update for over 24hrs, and when I look at Internet Options I see the 'use proxy server' button is checked although I've previously un-checked it. I've managed to download manually from Avira and am currently running a scan with it & Malwarebytes.

I have some log files but I take notice of the warning against posting hijack this logs in this forum.

There are several processes & files that look decidedly fishy to me but am not sure of where/how to proceed. "ProxyServer = http=127.0.0.1:49717" for example!

I also use Malwarebytes free version & update & scan regularly with this & Avira free AV.

I usually scan any potentially fishy files with AV & MWB before downloading but something's gotten through (could be another user when I've not been here is responsible) or can hardware like a cheap chinese USB hub be responsible?

Relevance 100%
Preferred Solution: malware &/or virus (I think) is preventing AV updates

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: malware &/or virus (I think) is preventing AV updates

Welcome joolzLet's run these as I feel you have a rootkit.Many malwares like to change the proxy setting on you.Please click Start > Run, type inetcpl.cpl in the runbox and press enter.Click the Connections tab and click the LAN settings option.Verify if "Use a proxy..." is checked, if so, UNcheck it and click OK/OK to exit.Now check if the internet is working again.Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.Click the Start Scan button.Do not use the computer during the scanIf the scan completes with nothing found, click Close to exit.If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).Copy and paste the contents of that file in your next reply.Rerun MBAM (MalwareBytes) like this:Open MBAM in normal mode and click Update tab, select Check for Updates,when doneclick Scanner tab,select Quick scan and scan (normal mode).After scan click Remove Selected, Post new scan log and Reboot into normal mode.Please ask any needed questions,post logs and Let us know how the PC is running now.

10 more replies
Relevance 71.34%

Info in this thread:
http://forums.techguy.org/windows-nt-2000-xp/736643-automatic-updates-rundll32-error.html

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:55:39 PM, on 8/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avi... Read more

Answer:MalWare preventing Automatic Updates?

Er hm, was I suppose to post the HJT log while in non-safe mode?
 

1 more replies
Relevance 71.34%

Hello.

I posted in the Vista section about trouble I am having with updates installing. One person replied that "[b]ecause of the large number of problems in category items that [I] posted, and the corrupted SFC store," before I do anything else, I should post in this forum to make sure my system isn't infected.

To briefly summarize what I posted over there, I can't get some updates to install, and I have some corrupted files (or corrupted something . . . I honestly don't know enough to know what the problem is).

Here is what I got when I ran the dds:


DDS (Ver_09-03-16.01) - NTFSx86
Run by admin at 16:00:03.31 on Thu 04/16/2009
Internet Explorer: 7.0.6000.16830 BrowserJavaVersion: 1.6.0_07
Microsoft? Windows Vista? Home Premium 6.0.6000.0.1252.1.1033.18.2037.1118 [GMT -5:00]

AV: ZoneAlarm Security Suite Antivirus *On-access scanning enabled* (Outdated)
FW: ZoneAlarm Security Suite Firewall *enabled*

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkS... Read more

Answer:Possible malware infection preventing updates

Hello ti2,

I'm not seeing any malware in these logs. You can run an online scan and see if it detects anything lurking about. It can take some time, so please be patient and allow it to run it's full course:

**Vista users - right click on the IE icon and run as administrator

Using Internet Explorer or Firefox, visit http://www.kaspersky.com/kos/eng/par...avwebscan.html

1. Click Accept, when prompted to download and install the program files and database of malware definitions.


2. To optimize scanning time and produce a more sensible report for review:Close any open programs
Turn off the real time scanner of any existing antivirus program while performing the online scan

3. Click Run at the Security prompt. The program will then begin downloading and installing and will also update the database. Please be patient as this can take several minutes.Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
Click View scan report at the bottom.



Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

2 more replies
Relevance 70.52%

Hi Guys,

I could use some help getting rid of some malware that has been vexxing me for quite a while now. Looking back at my windows update history, I have been unable to install Vista Security Update KB979683 since 16 Apr 10 with it attempting to install everyday since then and always getting the same error 'FFFFFFFF'

I was unable to get a RootRepeal log as the program would use up all my RAM (2GB) and then just exit itself after about 20 mins.

My logs are attached. Thank You!
 

Answer:Malware preventing Vista security updates

Welcome to Major Geeks!

You ran steps in safe boot mode not normal boot mode. You should be running in normal boot mode to get proper logs unless that is not possible.

Also you skipped running step 6 of the READ & RUN ME so we cannot tell whether you have a Master Boot Record rootkit infection or it is just the disk emulation software you did not disable. To properly continue, you will have to run this step and then rerun MGtools and attach a new log; however, based on the sum of all logs, I don't think you are having malware problems.

While problems with Windows Updates can sometimes becaused by malware, it is quite frequently not malware. It could just issues with Windows itself or it could be your own protection sofware. You could try shutting down Symantec and Windows Defender and see if you can update.
 

3 more replies
Relevance 68.88%

This topic is tied to the following post: http://www.bleepingcomputer.com/forums/t/304226/unable-to-update-mbam-spybots-d-or-avg/I have malware on my machine that prevents me from updating any of my security apps (MBAM, SpybotS&D, AVG). If I do scans with them in both regular and safe mode I receive no results.Steps i've already taken with the help of a moderator includes: - running fixexe.reg - running TFC - running rkill - running SuperAntiSpyware - re-running MBAM (to no avail)Now I have run Defogger, DDS, and GMER and will post the results per the guidelines and attach the appropriate files:DDS.txtDDS (Ver_10-03-17.01) - NTFSx86 Run by Duong at 20:43:34.07 on Mon 03/22/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_05Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1270 [GMT -8:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) coloro:#E567177FW: ZoneAlarm Firewall *enabled* coloro:#E567176FW: NVIDIA Firewall *disabled* coloro:#E567175============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exesvchost.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\Program Files\Juniper Networks\Common Files\dsNcService.exeC:\Program Files\NVIDIA Corporation\... Read more

Answer:Malware preventing security apps updates (i.e. MBAM, Spybot, AVG)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

27 more replies
Relevance 68.88%

Hi, my computer somehow picked up some nasty little programs that caused a lot of problems. This is my first time posting on a tech help forum so I hope I followed the rules correctly. If I've done anything wrong or you need some information I didn't supply, please let me know and I'll try to correct it ASAP.

Thanks in advance for your help :]
Okay, here's an outline of my problem:

Initially the desktop of my computer was changed into a screen that read "Warning! Spyware has been detected on your computer!" in Blue and Yellow text.

I downloaded and ran a few different antispyware programs:
SUPERAntiSpyware Free Edition
Dr. Web Cure It!
and Malwarebyte's Anti-Malware

Each of these programs detected some things and I had them remove them.

The desktop issue is no longer present now, however two issues that I know of remain.

I use Mozilla Firefox 3 and it works normal, same homepage and everything, except when I do a search in google, I can not follow the links. If I click on a link it'll divert me to some other things.
At first the links (under properties) all lead to some weird website that started with an "a" sorry I don't remember what it was...

Now all the links are to a go.google.com/? followed by a ridiculously long string of characters.

Some of the redirects try to get me to download some pseudo antivirus program antivirus 2009? I think it was called.

Other issues I have is I can't access any help sit... Read more

More replies
Relevance 68.88%

I've somehow got some malware/ trojans/ viruses, whatever you may call them, and I'm unable to update my spyware/ anti-virus software. I currently have Spybot, Zonealarm pro, ad-aware pro and a recent download of the free avg anti virus...all of which are outdated. Can anybody please assist in the removal of these things causing the problems?

Thank you!
 

Answer:virus preventing updates

Welcome! to MajorGeeks.com!

Please follow the instructions in the READ & RUN ME FIRST link given further down and attach the requested logs when you finish these instructions.

If you have problems where no tools seem to run, please try following the steps given in the below and then continue on no matter what you find. You only need to try the TDSSserv steps if having problems getting scans in the Read & Run Me First.
TDSSserv Non-Plug & Play Driver Disable

If something does not run, write down the info to explain to us later but keep on going.
Do not assume that because one step does not work that they all will not.
READ & RUN ME FIRST. Malware Removal Guide


Helpful Notes:


If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in Safe Mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware, Malwarebytes and Spybot ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
To avoid additional delay i... Read more

3 more replies
Relevance 68.06%

hello everyone,
my sons laptop has acquired a virus. (an acer aspire 5100 on xp)basically it is preventing any windows updates & any security scans. It is clever; for example if i attempt trend micro house call i get blue screen & the pc shuts down immediately. When i reboot it refers to fat32 as follows:
checking file system on c the type of the file system is fat32.

i have current subscription to trend micro internet security for three pc's but can't download due to the virus.
i am not a "power user" but i am capable of starting the the laptop in safe mode & carrying out basic tasks.(but it appears to be stopping that unless i'm doing something wrong with the "f8" key)

how serious is this & is there the idiots guide to a resolution?
thanks for looking bob (uk)
 

More replies
Relevance 66.42%

I have a Windows XP Home laptop and I am unable to access any anti-virus websites for updates. Also tried installing Ad-aware but it failed. Malwarebytes found 2 objects but could not delete them on restart. Here are the results from DDS and the GMER results attached. What are the next steps?

Thanks in advance!


DDS (Ver_09-11-24.02) - NTFSx86
Run by Zeny at 14:35:07.86 on Wed 11/25/2009
Internet Explorer: 6.0.2800.1106
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.447.203 [GMT -8:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\America Online 9.0a\aoltray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AOL Companion\companion.exe
C:\Documents and Setting... Read more

Answer:Virus/Malware preventing access to Anti-Virus Sites

Haven't received any responses yet . . . bumping.

Thank you.

16 more replies
Relevance 65.6%

Hello,

I hope you will be able to help me with this.

I seem to have a virus of some sort that's preventing me from running any of my Anti-Virus, Anti-Malware or Anti-Spyware programs

Whenever I try to run one of them, the program will just close half way through without any warning messages. If I try to open to open the program again, I get an error message saying

Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item.Click to expand...

The programs that I have tried to run and have had this problem with are:

AVG AntiVirus
MalwareBytes' Anti-Malware
GMER
SuperAntiSpyware
HiJackThis

Because HiJackThis has been affected as well, I'm unable to provide you with a log. I'm hoping it won't be a problem when it comes to helping me get rid of the virus.

Many thanks

Roz
 

More replies
Relevance 64.37%

Sup hoes, I'll jump right into it.Workstation at a clinic is infected with a piece of malware that disables antivirus as soon as it's accessed. So far I've tried to run AVG's scan and MalwareBytes' scan. Running malware bytes once after installing will start the scan and the search is stopped seconds after initializing, program is terminated. At this point then the program can not be opened. Attempting to open mbam.exe delivers error "Windows can not access the specified device, path or file. You may not have the appropriate permissions to access the item." Identical results if repeating this entire process in safe mode.Installing AVG; AVG Active Anti-Virus (the real-time scan) disables and can not be enabled. An attempt at a scan with AVG results in an immediate conclusion stating no threats were found (nothing scanned). Safe mode is similar, the AVG scan will run for about 15 seconds then just simply close.The only active process I found out of the ordinary was this entry: "3517402925:3534772270.exe" - 464K. Ending the process does not seem to have any effect; it remains there. It is an active process in Safe Mode as well. Found registry entry inLOCAL_MACHINE > System > Services > 2d4fa7d1 >name: imagepathdata: \systemroot\3517402925:3534772270.exeAlso appears inLOCAL_MACHINE > System > CurrentControlSet > Services > 2d4fa7d1LOCAL_MACHINE > System > ControlSet003 > Services > 2d... Read more

Answer:Malware preventing Anti-Virus from scanning

Hi Putrid, I know it looks like a lot, but it's really just a lot of text asking for only 4 scans. Once you've done these and posted the results in your next post, let me know how the computer is running.Note: You may have to perform some or all of the following in Safe Mode With Networking, depending on if you have internet access while in the normal Windows environment.========================================================================================================================================================Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.========================================================================================================================================================Please download and scan with SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the update... Read more

3 more replies
Relevance 64.37%

we are in a small corporate environment.we have one user that needs administrator permissions to run some softwarethe problem is, this user regularly accidentally installs viruses and malware from her browsing habits.we have spent countless hours cleaning up the system from various attacks, malware and viruses.is there a way to give the user admin permissions to run the software, but block things from being installed.it is an active directory systemthanks

Answer:preventing virus and malware from admin user

mmm... Bit of rum situation when a user with admin rights is part of a problem re' malware/viruses etc...Perhaps restrict the profile (for that user only) so as to NOT allow actual online presence; able to browse access local network etc but thing outside of it?

5 more replies
Relevance 64.37%

Hi everyone,

I got a virus/malware of some sort the other day after downloading what i thought was a book.. -.-

Basically, this virus/malware (not sure what it is..) prevents some antiviruse programs from running, I had Microsoft Security Essentials at first, but this got disabled and I couldnt use it so i downloaded AVG which installed fine, but wouldn't lauch, Windows Defender was also prevented from functioning.

But Antimalware bytes and Kaspersky seem to work fine and i removed several viruses/malware with them, though the problem still persists and Windows Defender/Microsoft Security Essentials still won't run!

Spybot search and destroy can scan, but when it gives me the option to remove the infections, an error occurs and says i need admin rights to do this (even though i am on an admin account..)

I would try to remove the virus through safe mode, but i cant get onto it! A message pops us saying something about the screen not being compatible or something

I was thinking of using ComboFix since it worked for me last time i had a serious virus, but im not sure i should use it since they say yo only use it with supervision from a PC pro..

Any help would be much appreciated!

Edit: Rkill didnt work, it just said "The system could not find the path specified"

Answer:Virus/Malware preventing my antivirus from working! Help please!

Hello,Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Orange Blossom

2 more replies
Relevance 63.96%

Thanks in advance with and help/suggestions to solve this problem--I can't access Internet to download virus killing software...after windows login, even in safemode, the desktop shows no icons, no task bar...just a fake virus protector quick scan window and pop-ups asking me to register. Task manager "disabled by administrator". Any suggestions?

More replies
Relevance 63.96%

I obviously have a deep infection. After numerous attempts at scans and fixes by numerous programs, still no luck. I have a thread going in one of the other forums here, and I was advised by one of the techs to move it to this forum for more in depth assistance. To save typing, I will post the link to that thread, so you can see my symptoms and everything that has been tried as well as log files. http://www.bleepingcomputer.com/forums/topic364026.html

I have also attached a copy of the DDS log here in this current post.
 DDS.txt   9.79KB
  0 downloads

I hope I've given you all the info you need to help. If not, I will do my best to get you what you need. Thank you for your help.

**NOTE** while typing this post, using the infected PC, I received the blue screen of death 5 times. Wasnt doing anything but typing this. And then each time I obviously had to reboot, as soon as it got to my desktop, the blue screen shut me down again. Each blue screen mentioned the ldqgakb.sys file. You will see the full technical info in my thread posting. I had to finally boot into safe mode just to be able to type this.

Answer:Malware or virus infection preventing scans or fixes

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resu... Read more

3 more replies
Relevance 63.96%

Hi:
 
windows 7 64-bit system
 
I haven't run a virus scan of my computer for some time.  After allowing my nephew to use my computer for several weeks, I decided I'd better run a scan so I attempted to run my 2013 Kaspersky Pure 3.0 program to check for viruses this afternoon.
 
It started to run, then went to a blue screen before going to a black screen before rebooting.  I attempted to run the scan three times with the same results.
 
I can surf the net as long as I don't attempt to go anywhere that allows me to update drivers and/or virus/malware protection.  When I visit any virus or malware site, I get the blue screen to black screen and my computer reboots.
 
I contacted Kasperky support.  They wanted me to create a System State Report.  Once it runs, I'm to click on Finish, then View Report, then Save Report.  The report will run.  I click finish, but it won't allow me to view the report so I can't save the report or send it to Kaspersky.
 
When I attempted to update the Adobe Flash Player, the same thing.  Blue screen to black screen and reboot.
 
I attempted to manually update my Kaspersky,  It failed to update giving me the following error message;  Task failed.  Cannot create folder.
 
Hoping for help.  Thanks.
 
*edit*  Now can't open any browsers.  I'm on wireless internet and tried to disconnect the computer and it wouldn't let me.  I had to t... Read more

Answer:Probable Infection Preventing Virus/Malware Programs

I am replying to this topic in order to update.  I definitely seem to be infected with something.  My virus protection is corrupted.  I had Iobit Advanced System Care 7 with it's Malware Protection.  It seems to have been turned off and/or become corrupted.  Both programs say they are working, but they're not.  I tried to boot from a Kaspersky rescue disk, it said the databases were corrupted.  I've tried to turn on Windows firewall, but it won't let me.  I tried to install BitDefender and received an error message indicating that it can't install the drivers, try again, which I did with the same results.  Unfortunately whatever is going on is preventing me from performing a screen capture or copying the message to my PAINT program so that it can be attached to this post.  My .32 dlls, etc are also becoming involved.  I ran a couple of the Malware programs, AdwCleaner and SuperAnti Spyware...they each found a few things which I had them remove but as soon as I rebooted they were back.  Again, things moved to quickly for me to try to write down what the items were and I couldn't use the screen capture.  I finally turned off my computer because it was only getting worse, not to mention there was no antivirus protection or firewall running.  I patiently await help.  

6 more replies
Relevance 63.14%

I have been getting notifications about turning on my spyware and virus protection on windows 8.1. These messages are coming through windows defender. when i click to turn them on it gives me a error code: 0x80073b01. I have followed the instructions on Malware Removal Guide for Windows - Select Real Security but the messages still persist. Hope someone can help.
Many thanks,
J

Answer:Possible malware preventing turning on spyware and virus protection windows 8.1

Hi goatherbsThis is most likely a Zeroaccess infection and we should get a deeper look. Please follow this Preparation Guide and post in a new topic.Let me know if all went well.

1 more replies
Relevance 63.14%

Hello. I have a troubling problem on my wife's home computer. We suddenly are unable to run certain programs, as they now display messages saying we need administrator privileges. For example, Adobe photoshop cannot run because it says we need to be logged in as an administrator. We are running a Windows Vista Home Premium PC, and she is logging in as the same user she always logs in under, which has admin privileges. In fact, I downloaded malwarebytes, and cannot even run it for the same reason -- it tells me I may need different privileges. We also are suddenly seeing malware like popups for companies called "forex" or weird search interceptors.

I have run the DDS log application, and here are the results. I have also attached the attach file. Thanks for anyone's help.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6000.17037 BrowserJavaVersion: 1.6.0_20
Run by scherschligt at 21:54:16 on 2011-10-06
Microsoft? Windows Vista? Home Premium 6.0.6000.0.1252.1.1033.18.2046.768 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetwor... Read more

Answer:Virus on Windows Vista preventing administrator privileges, other malware

An update: I have tried to determine the nature of this issue on my own. After getting some advice from some others, I ran some rootkit utilities, and discovered this is apparently something called rootkit.win32.zaccess.e. Of course, that doesn't help me resolve the issue. If anyone can help, great. Otherwise, I'll close the topic in a day or two. Thanks. This flippin' virus is terrible.

3 more replies
Relevance 63.14%

As stated, I need help regarding this.
I've tried to clean remove MBAM and re-install it but to no avail.
When I run the installer, it states, "CreateFile failed; code 80. The file exists".
And when I tried searching it, I can't find the file.
 
I uninstalled my outdated Avast Antivirus and installed the latest one, and the program won't run either.
 
Can anyone kindly assist me with this? ):
 

Answer:Virus/Malware preventing me from starting MBAM and my Antivirus Software.

Hello haekaru -
Are you stable to run in Safe Mode With Networking ? Ask if you need help.How to start Windows in Safe Mode
 
Download Malwarebytes Chameleon technologies get Malwarebytes Anti-Malware installed and running when blocked by malicious programs.
 
Usage -
Download Chameleon from the link to the right.
Unzip the contents to a folder in a convenient location.
Follow the instructions in the included Chameleon CHM Help File
Or if the help file will not open, simply try to run the files by double-clicking on them one by one until one of them remains open, then follow the onscreen instructions.
 
 
Thank You -
Edited to add Safe Mode link -

2 more replies
Relevance 62.32%

Hi fantastic people!

I'm in a rutt and I need your help. My system is infected with malware because it's doing several things:

1) It started being awfully slow 2 days ago and it freezes on me any time I try to run any browser. And I regularly run super anti Spyware and malware bites so it cleans most things.

2) It paralyzes any anti virus software I try to run a third into its analysis then everything freezes and I have to restart my laptop.

3) I can't open any exe files I download whatsoever. I tried downloading adwcleaner but I couldn't even run the exe files or any other exe files at all.

4) Netflix started crashing on me for no reason and that was my first clue into finding out it's malware.

I already backed up all my files, pics, music, and documents. I am attaching a picture of TSG below because I'm sending this from my phone as I'm having all sorts of issues with my browsers crashing. I'm looking at buying a new laptop because I'm definitely due for an upgrade but I would like this one to run a bit longer if possible because I'm too busy to adjust to a new laptop now. Geek squad want $150 to clean it up. Any other alternatives?! Please help it's desperate!

Thank you so much in advance
 

More replies
Relevance 62.32%

Hi fantastic people!

I'm in a rutt and I need your help. My system is infected with malware because it's doing several things:

1) It started being awfully slow 2 days ago and it freezes on me any time I try to run any browser. And I regularly run super anti Spyware and malware bites so it cleans most things.

2) It paralyzes any anti virus software I try to run a third into its analysis then everything freezes and I have to restart my laptop.

3) I can't open any exe files I download whatsoever. I tried downloading adwcleaner but I couldn't even run the exe files or any other exe files at all.

4) Netflix started crashing on me for no reason and that was my first clue into finding out it's malware.

I already backed up all my files, pics, music, and documents. I am attaching a picture of TSG below because I'm sending this from my phone as I'm having all sorts of issues with my browsers crashing. I'm looking at buying a new laptop because I'm definitely due for an upgrade but I would like this one to run a bit longer if possible because I'm too busy to adjust to a new laptop now. Geek squad want $150 to clean it up. Any other alternatives?! Please help it's desperate!

Thank you so much in advance
 

More replies
Relevance 57.4%

I'm helping a friend with a computer that got infected when she opened an email attachment. I've used your tools many times before, but this is a tough one. The screens that pop up show "Virus Protector." I have your tools on a flash drive, but I cannot access them. Even in Safe Mode the pop-ups are fast and furious, and I cannot get to Start or anything else. Task Manager is also disabled, so I can't use it to stop processes and perhaps get past the pop-up windows.

Where should I begin? Thanks in advance for your help.
 

Answer:"Virus Protector" is preventing malware removal

If you can't access anything ( start menu / run / task manager / command prompt / cd drive ) in either normal or safe mode, there isn't much we can do to help you. All we can suggest is this:





[*]Take the hard disk out and scan it in another well protected PC
[*]Use another PC to make a special CD which you can boot from to try and run virus and spyware scans or to at least backup data. CDs like the below:

http://www.free-av.com/en/tools/12/avira_antivir_rescue_system.html
UBCD4Win
http://www.sysresccd.org/Main_Page
http://trinityhome.org/Home/index.php?wpid=1&front_id=12
[*]reinstall
Click to expand...


 

3 more replies
Relevance 54.53%

Hi. I am trying to diagnose a problematic laptop for a friend. I don't know the details of what happened to cause the problems. The main problem I can detect is that the laptop is EXTREMELY slow. It seems like anything I try has a delayed response (even a simple mouse click). I followed the Malware Removal Guide, but was only able to run two of the five suggested tools as follows:

1) SUPERAntiSpyware - I ran this after manually updating the definition files on the version already installed and the scan found nothing.

2) Malwarebytes Anti-Malware - I was not able to update the definition files for the current version installed. After several attempts to uninstall this (via the Control Panel), I was able to do it via CCleaner. However, I was not able to re-install a more recent version due to problems with the Windows Installer service. After uninstalling an outdated version of Java (Update 14) via the Control Panel, I have not been able to install/uninstall any more programs.

2) combofix.exe - not compatible with 64-bit OS

3) RootRepeal - did not run on 64-bit OS

4) MGtools - did run; kept getting errors, but continued to completion

Attached are the SUPERAntiSpyware and MGTools logs:
 

Answer:Possible Malware preventing me from running malware removal tools

I am not seeing any malware in those logs. I do not know why MalwareBytes would not run, are you able to run it in safe mode? How does the PC behave when you use safe mode?

More than likely I think I will be sending you off to the software forum.

We can do this:

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:



O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - (no file)
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - (no file)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - (no file)
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - (no file)
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsM... Read more

5 more replies
Relevance 54.53%

Dell m1330 Vista home premium. I have malware isses, frequent memory dumps, google redirection and something is preventing me from running or installing anti-malware programs. I had to install malwarebytes using the rename method, but the program will not run in safe mode or normal. I had spybot previously installed but I was also prevented from opening, so I tried reinstalling, but before it can complete the installation I get the blue screen of death memory dump! Before reading the procedure I ran coolweb, kill2me, windows defender and windows malicious software tool. None of the programs found anything. I also perfomed a couple system restores, but both failed.

Should I continue with the cleaning procedure (combofix), or does anyone know how I can get malwarebytes and spybot to run?
 

Answer:Trying to follow malware removal procedure, but malware is preventing me?

Here's my MGtools log, it was the only program that worked.
 

4 more replies
Relevance 53.71%

I'm having startup issues with a Windows 10 Build:
Cumulative update for Windows 10 ver. 1511
KB3192444. (I hope I copied it correctly).

Before this update is installed the problem doesn't exist, after it's installed it does.
I posted this issue here but have not gotten any help.
Because windows 10 automatically installs updates I needed to go into Group Policy Editor-Computer Configuration-Windows Components-Windows Update and set it to
"Notify for download and notify for install"

But, when I go back into settings for windows update advanced settings, the choose how updates are installed has remained with the same 2 options.

How can I be sure that Windows 10 does not install this update????
Does changing this setting in GPE work ok?

Any help will be appreciated,
James

Answer:Preventing Auto Updates

Hi, to hide (stop) a particular update see:
Windows Updates - Hide or Show in Windows 10 - Windows 10 Forums

1 more replies
Relevance 53.71%

I'm having startup issues with a Windows 10 Build:
Cumulative update for Windows 10 ver. 1511
KB3192444. (I hope I copied it correctly).

Before this update is installed the problem doesn't exist, after it's installed it does.
I posted this issue here but have not gotten any help.
Because windows 10 automatically installs updates I needed to go into Group Policy Editor-Computer Configuration-Windows Components-Windows Update and set it to
"Notify for download and notify for install"

But, when I go back into settings for windows update advanced settings, the choose how updates are installed has remained with the same 2 options.

How can I be sure that Windows 10 does not install this update????
Does changing this setting in GPE work ok?

Any help will be appreciated,
James

Answer:Preventing Auto Updates

Hi, to hide (stop) a particular update see:
Windows Updates - Hide or Show in Windows 10 - Windows 10 Forums

3 more replies
Relevance 53.71%

Hi,
Right now i have about 56 updates pending, most of them office updates, and a couple of Windows updates.
I've discovered that a update is preventing my PC from sleeping, as when i do a system restore back to before i updated my PC will sleep, and then instaill them again my PC wont sleep.

I'm assuming its a windows update rather than an office update causing this problem.
Is there a better way to see which update is causing the problem rather than instailling each update, one by one?

More replies
Relevance 53.71%

Hello
 
I recently did a fresh install of Windows 7 on my PC. I guess I forgot to install any AV until I was prompted to by Windows Update, which if I remember correctly, did install OK originally. Normally I would have installed AVG and MB, but I've had quite a few PC problems recently and so was a little haphazard, I can't remember whether I actually got MB installed prior to these problems or after. Anyhow, recently I started up my PC and upon starting got a message that MSE couldn't start because of error occurring during initialization, Error 0x80073b01.
 
I found a similar topic here and have run a few of the programs, most optimistically Hitman Pro, which found a couple trojans and malware items and deleted them. But I still have this issue with MSE that it can't load, can't be reinstalled and can't be uninstalled.
 
Other symptoms: Malware Bytes icon on my desktop went from being their logo to a generic .lnk/shortcut image and wouldn't load. I managed to reinstall it after using safe mode and using mbam clean to get rid of the mbamext.dll that wouldn't delete normally. I now have MBAM on my desktop and I can run it, but it won't get the latest updates (it appears to download them, but then says the db is missing or corrupt) and it won't let me do a scan.
 
I have been trying to copy some files to an external HD, but the ones with Security in their name can't be moved.
 
It seems like something is definitely running in the background ... Read more

Answer:Malware preventing MSE and Malware Bytes running?

Try running in Safe Mode and doing a full system scan with your antivirus.  You could also try a System Restore.  

2 more replies
Relevance 53.3%

Hi everyone,

I am new to this site and hoping you may be able to help me.

As the title says, I haven't had any windows updates in ages, and I can't update any anti spyware applications. I used to have ad-aware, I removed this as it wasn't updating.

I then installed Spybot, and I still can't update this either.

I have tried running spybot as it is but it detects no problems.

I am using AVG as my antivirus, this updates fine, but cannot detect any problems.

A lot of the support pages for these applications have been blocked, sometimes when I do a google search I click on the link and I get redirected to another page.

Internet is running a lot slower than normal.

Any help is appreciated, I have followed the instructions and attached all relevent files. I was unable to do a full scan with the gmer.exe as it kept crashing.



DDS log:

DDS (Ver_10-03-17.01) - NTFSx86
Run by Khus at 19:04:51.78 on 04/04/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2045.1184 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe... Read more

Answer:Virus/Malware has blocked security updates

I would like to ads, with ad-aware I downloaded the update for it on another un-infected computer and transferred over via usb, and the application didn't seem to load update, or acknowledge that it had been updated.

8 more replies
Relevance 53.3%

Greetings all,
I have in my possession a laptop with Windows Vista Home Premium Service Pack 2 (build 6002)
TOSHIBA Satellite A205 PSAF0U-0CQ009 180 GB Non-Partitioned HDD with 1 GB ram. This laptop belongs to a 21 year old who likes to download on a P2P site with absolutely NO virus protection.
I have so far seemed to have wiped out all virus' and Malware and Spyware as I have ran MULTIPLE scans with each all resulting in zero infections.
Just so you know I used the following programs: Comodo, MalwareBytes, SuperSpyware, and even ran Advanced system care and had it repair all registry errors.
When I first got this thing, it would not even boot into Safe Mode so I am pretty good at this point. The problem I am now having is, when trying to perform Windows Updates, I get a Error Code: 80072EFD which pretty much says that Windows can not search for updates. I do have a good wireless connection to the Internet. (Figured I would mention that because I know that I would ask that question first. :-D )
This is actually my first Vista repair. Have repaired many XP rigs so there maybe something I am doing wrong. So far, everything seems to be working fine except for this. Though I plan on running this thing through the wringer for a couple of more days just to make sure.
One thing to note, just for kicks, I turned off the Firewall and tried again with the same result.
Thanks in advance for any and all help and responses.
 

Answer:Can't get Windows updates after Virus/Malware removal

Just wanted to add another thing that I tried. I went to the command prompt as admin and entered
Code:
netsh winhttp reset proxy
I received the following reply:
Code:
Current winHTTP proxy settings:

Direct access <no proxy server>
Not quite sure if that was the response I was looking for. :-D

OK found another issue, not able to access the internet through IE though I am able to connect via Pale Moon which I installed at the VERY beginning of this issue to download some stuff while I was out of town. (when I got the computer handed to me with a stressed out 21 year old who thinks that ALL of her pictures are gone forever) :-D I already have them on another computer because I pulled the HD and got her pictures while on my Linux rig. :-D
 

6 more replies
Relevance 53.3%

What can I do to prevent updates from preventing me from using my computer?
Apparently whoever designed Windows update never considered the possibility of people using small SSD drives that only have a fraction of the space required to run applications. Everything worked under Windows 7, although I did have to do some tweaking to get it to install apps directly to drive E: (my multi-terabyte hard drive). After installing Windows Update, I had to do the same registry tweak to make it install programs on drive E:, and it worked fine the first six weeks or so, but then it started routinely breaking one or two of my applications with each update. The problem was initially tedious to fix, but I eventually got everything working. However, I was not successful at getting Windows to comply with running my Chrome browser from E: I finally relented, and moved as many of the commonly used apps to drive C: (the SSD) and consequently had to set the cache size smaller. Everything was fine for another month or so.
However, beginning sometime in November, Windows updates started failing. It schedules an update, runs the update, reboots my computer, says the update failed, and reboots the computer again, uninstalled the update, and then it works. This was an annoyance, but since it only happened once a month, I put up with it.
Recently however, Windows has started retrying updates every few days, and doesn't bother warning me in advance or asking my permission. It just unceremoniously shuts... Read more

Answer:What can I do to prevent updates from preventing me from using my computer?

In updates, there is a setting to schedule restart, usually 3am. Can you check that setting is enabled?

2 more replies
Relevance 53.3%

i keep getting this message. i have already disabled automatic updates through group policy editor.

Answer:updates preventing my computer from shutting down

With this batch script you can automatically close apps not responding at shutdown in windows. Please execute the batch script as a administrator.

1 more replies
Relevance 53.3%

I have a Compaq desktop at home running Windows 7 Home Premium. My girlfriend has a user account on it that she uses from time to time. She sometimes needs to restart the computer. When she tries to do that, many times the shut down screen shows "Install updates and Restart" as the default action. Is there a way to eliminate that option for her account or at least make Restart or Shutdown, without installing updates, the default choice? She is careful about changing the option, but I am concerned she might slip up one time.

I have no desire to upgrade to Windows 10 at this time (Yes, I know the free upgrade offer is supposed to end at the end of June). On my account, I manually go through the list of new available updates and remove any that are related to preparing the computer for Windows 10 or actually downloading and installing it.
 

More replies
Relevance 52.48%

Hi,
Since an automatic update on my computer, my computer will not access the internet. I have tried to resart the computer to a previous point pre-updates but now it will longer do this either. So i am a stuck. Can you help?

Thanks

Answer:Automatic updates now preventing access to internet

Quote:





Originally Posted by duncan hill


Hi,
Since an automatic update on my computer, my computer will not access the internet. I have tried to resart the computer to a previous point pre-updates but now it will longer do this either. So i am a stuck. Can you help?

Thanks




I have a similar problem. Bun not from automatic updates. I updated Adobe reader(it says "Install security update). Since then It appeared in system Tray an yellow triangle with an exclamtion mark on it. If I click on it, it disappears, but my network connection has stopped working. It connects normaly, but the computer works like it would not be connected to the Internet. I unistaled the update, but the problem reappeard after 2-3 days. Now it looks that it is all OK, but I do not know what am I suposed to do.

7 more replies
Relevance 52.48%

I was going to download Norton 2009 antivirus, but the setup said that the computer needed and upgrade. I proceeded to the windows update to check. Sure enough I needed windows service pack 2. I tried to download this but got the error 80072efd. Its not the firewall, but i also realized that I cannot download it directly from the windows update website. I am really confused and need this antivirus cause my computer is infected at this time. All help will be appreciated.

Answer:error 80072efd is preventing me fom downloading updates

hi and welcome to TSF the first thing you should do is go here
http://www.techsupportforum.com/f50/...lp-305963.html and get help for your infection and then see about antivirus i would not choose norton or mcafee as they can cause issues with vista

3 more replies
Relevance 52.48%

I have a paid version of AVG Internet Security 2012 which commenced in August 2012. I've had paid versions in the previous two years and until the last two months have had no problems.
In the past few days when I switch on my PC (Windows XP with Mozilla Firefox browser, wired connection with BT) the automatic AVG update will not proceed, nor will a manual attempt.
Within a few minutes of switching on the following Windows warning box appears on the screen:
'The software you are installing for this hardware - Non-Plug and Plug Drivers - has not passed the Windows Logo testing to verify its compatibility with Windows XP. Continuation of installation of this software may impair or destabilise the correct operation of of your system either immediately or in the future.'
Two options are then given: Continue anyway or Stop installation.
The updates waiting to be downloaded are all version 2238 of the the following: Alert Manager; Anti Rootkit Driver; Anti Spam Component; Scanning Engine; Set Up Component; Kernel components; E-mail Scanner; Firewall Component; User Interface Component; Identity Protection; Language Files (English); Online Shield (Settings); Resident Shield Scanner; Link Scanner HTTP Redirector; Systems Tools Component; TDI Component; Pc Analyzer; Update Component.
If I click on 'Continue anyway' the system attempts to download the updates again but aborts very quickly and the same warning notice appears. If I do nothing the warning notice remains but my AVG page sa... Read more

Answer:Windows preventing paid AVG updates download

I'd recommend putting this to AVG in the form of an email. Even copy and paste what you posted here.

2 more replies
Relevance 52.48%

Hello! Thanks in advance for taking the time to listen to my proble.This all started when I received an email from my ISP giving a 1st Abuse warning that one of our devices was "...sending out spam attached emails.." so I began ensuring all PCs were up-to-date with windows updates and virus scans. When I attempted a Windows Update on this PC I received the error "Cannot display the page" after hitting either the "Express" or "Custom" button on the update site.AVG and Spybot S&D did not find anything during scans. I then downloaded and attempted to run Malwarebytes Anti-Malware which was going fine untill the system self rebooted half way throught. I now get a "Run-time error '0'" when I attempt to run Malware Bytes. I have followed the instructions on your site and unfortunately not been able to get RootRepeal to run. When it starts a screen saying "Initializing please wait.." comes up and stays up (I have tried overnight and for an hour). Task Manger reveals RootRepeal is using a constant 50% of CPU.Thanks for your help I look forward to hearing from you -larry __________________________________________________________________DDS (Ver_09-07-30.01) - NTFSx86 Run by Owner at 0:24:01.39 on Sun 20/09/2009Internet Explorer: 6.0.2900.2180Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1149 [GMT 10:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D... Read more

Answer:Infected with unknown virus/malware blocking scans and updates

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

20 more replies
Relevance 52.07%

I am not able to install the windows updates>>used Express and got like 72 updates required. dloaded all but NONE installed.. got this message>>

A problem on your computer is preventing updates from being downloaded or installed

any help on this? this is after a windows XP install/repair

thanks, bo bo bolinski
 

Answer:A problem on your computer is preventing updates from being downloaded or installed

Re: A problem on your computer is preventing updates from being downloaded or install

no help on this? I am suprised! do I have to do the HJT routine or does someone have an easier solution??

thnx, bo bo bolinski
 

3 more replies
Relevance 52.07%

For some reason, whenever windows 8.1 updates, internet explorer stops working. Every time I try to get on the internet, I just keep getting a message that 'this page cannot be displayed'. Skype still works, so the problem seems to be internet explorer itself.

I have decided to switch to google chrome to fix the problem, but I can't do so without getting on the internet.

I would like to restore the computer to a point in which it worked, and I have one restore point which I'm certain will work, but the problem is, immediately after restoring, windows automatically updates, which kind of undermines the entire purpose of the restore. I have tried changing the update settings so it will restore without updating, but as soon as the system restores, my changes are undone and windows then proceeds with the stupid updates.

I just want to get on the internet somehow to install google chrome! (and no, I can't just copy and paste from the computer I'm currently on because this one has windows 7).

Any ideas?

Thanks,
smile puppy

Answer:Windows Updates Preventing Internet Explorer from Running!

Unplug your router, then do your system restore. You then have as much time as you need to configure Windows Update not to auto check.

2 more replies
Relevance 52.07%

I have 93 updates for XP & Office 2003 which I cannot install. I have stopped and re-started the update service & tried everything else I can find on the web.

I would be very grateful for any help anyone can provide!

Answer:A problem on your computer is preventing updates from being downloaded or installed

Is your windows update allowed to install updates automatically? Check your settings in the security center. I hope you are updating via a broad band connection. Also does windows download the updates and stalls have way thru the installation? During the install of the downloads, Windows will ask you to accept certain agreements. You may not be seeing these and think Windows has stopped installing. Windows will not move forward unless you respond to these agreement. When downloading be sure all the downloads are complete and upon the installation part, Minimize your screen to see these agreements. IE7 download and install is one of the biggest culprites. It hides behind your Download and install screen.
Hope this helps.

5 more replies
Relevance 52.07%

Hi

With Windows 8.1 Update, how do I prevent all users that the notification of any updates to the apps by Microsoft Store will never be displayed?

Thanks

Bye

Answer:Preventing the notification of any updates to the apps by Microsoft Store

This should cover it: Tech Blog :: Enable/Disable App Notifications In Windows 8

1 more replies
Relevance 51.66%

Logfile of HijackThis v1.99.1Scan saved at 12:47:25 AM, on 12/16/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Ahead\InCD\InCDsrv.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Common Files\Command Software\dvpapi.exeC:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exeC:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtr... Read more

Answer:Maintain Updates, Spy/virus/malware Scans, Defrag, Errors Still Keep Popping Up

You have Norton and Command Software AV's - only one active AV should be running - remove one

Explain in better details the problem you have

Have you checked spysweeper for updates and run?

16 more replies
Relevance 51.66%
Question: Preventing Malware

I am not sure the best place to post this. I am trying to find a secure method of moving files from home to office. Our office has a rule stating that you should not bring a thumb drive into the office from home without going through IT. This is to prevent infecting the work network. IT can run a Symantec scan on the USB device but is still not in favor of using the USB due to what might not be caught on a scan.

Any ideas of methods that IT might be willing to implement that allows the convenience of USB drives and the security that IT needs. I am in the position of greatly influencing this research if I had a direction to suggest. Of course IT would be researching in order to feel confortable. Thanks in advance. If there is a better forum for this question please advise.
 

Answer:Preventing Malware

There is not a lot that you can do to insure that any USB device is clean without running scans on them. Your IT department would have to insist that all employees install programs such as AutoEater on their home computers and scan them with something like USB Vaccine. But that would require faith that all employees took these measures.
 

2 more replies
Relevance 51.25%

Hello all!Firstly, thank you so much for running such a magnificent site with such detailed and easily understandable instructions. I direct everyone I know to this site once they become infected--you offer such useful tools and great suggestions. Anyway, onto my problem. I'm working on a friend's laptop that was infected with System Check. (Boo!) The computer is unable to connect to my wireless, nor his wireless at home and the Windows diagnostic tool is of no help in that area. So everything I'm downloading to run on his computer, (rkill, gmer.zip, etc.) is being downloaded on my computer and transferred via flashdrive. Everything is being run on this computer while it's in Safe Mode with Networking. After going through the steps per the removal guide for System Check, I discovered that the infection was a lot tougher to remove than previously thought. It has kept MalwareBytes from being able to update, and I had to initially rename both TDSSKiller and MalwareBytes installer with single word names so that the malware wouldn't stop the process from running. When trying to run MalwareBytes after going through the guide with Rkill and TDSSKiller (which found no infection,) I receive an error from MalwareBytes that states: Program_Error_updating(11004,0,No address found)I am unsure if this is related to the rootkit, or if the rootkit is preventing the update due to the wireless connectivity issue. So I suppose my questions are thus:1.) Is the rootkit... Read more

Answer:TDSS infection preventing updates to MalwareBytes/Internet connection

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you. I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated f... Read more

18 more replies
Relevance 51.25%

(I'm not entirely sure how I should format this. I've put a Hijack This log at bottom of post, as I'm having difficulty getting onto the computer right now to run the DDS and GMER logs. It sounds like logs from these two are preferable, so I'll post those as soon as I'm able to get them.)

Running Windows XP, SP2.

I first noticed this two days ago, when popups started occurring, seemingly at random. Popups were occurring in Firefox, which I did not otherwise have open at the time.

The most notable thing I was doing that day was reconfiguring my router, which had gotten out of sync with the modem awhile ago during a power outage. The only thing I did during this process was tell my router to automatically acquire a MAC address, and then had it clone the current MAC address. (I'm not sure I described this process right.) I'm not sure if this introduced a security risk, somehow.

Anyway, after getting the popups, I assumed spyware, opened AdAware SE, and attempted to update it. I started getting several runtime errors, which I did not, unfortunately, write down. After this, I deleted AdAware and reinstalled it. At this point, I was still able to get on to AdAware's webpage to redownload the software. After reinstalling it, it still wasn't loading right, so I updated Spybot S&D (Again, still able to access the update interface properly), and then I restarted the computer.

After restarting, things were significantly worse. I discovered that the XP login screen was... Read more

Answer:Malware - Anti-virus updates/pages blocked, popups, random shutdowns.

I was able to get DDS onto the affected PC and got logs from that.

I should note that SoulSeek keeps showing up in them. This program is not installed on my computer, and attempts to remove it with Add/Remove programs has failed repeatedly. I'm not sure why this is happening, but I'm getting the same thing with Norton. I thought I had that deleted as well...

I should also note that I kept getting forced shutdown messages while trying to run GMER, which is why it took my so long to get these logs.


DDS (Version 1.1.0) - NTFSx86 MINIMAL
Run by Owner at 21:17:17.15 on Thu 01/01/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_05
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.721 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
AV: Norton AntiVirus 2005 *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Owner\Desktop\avstf\dds.com

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.gatewaybiz.com
mStart Page = hxxp://www.gatewaybiz.... Read more

1 more replies
Relevance 50.84%

I've heard mention on other forums that for XP Pro there is stuff like EMET, Software Restristion Policy, Hosts File, etc., that will prevent installation of malware like OpenCandy, YellowMoxie Redirect, and so on. If true, I'd like to know more (a lot more) about this! Advice? Links? Anything at all appreciated!

Answer:Preventing malware installation

 There are supported antivirus and antimalware programs for XP if that's what you're looking for.  They're pretty much the same ones you can get for later versions of Windows.
 Of course MS pulled the plug on the last of the Windows updates for XP back on 4/8, so it's going to become more and more vulnerable to attacks over time.  My recommendation is to either upgrade to Windows 7 or 8 or go with Linux.  The Mint and Ubuntu versions of Linux run very well on computers that run XP, and they just boot up, find your devices, connect to the Internet, have a Windows like user interface, and come with Firefox and LibreOffice.  AND they're supported.
 
Good luck.

8 more replies
Relevance 50.84%

Hello,

It seems that my computer as been infected by a nasty virus/malware since yesterday. I have tried to eradicate it with ComboFix but it keeps resuming its activities.

The initial symptoms was no access to Web in Chrome: Error 102 (net::ERR_CONNECTION_REFUSED): Unknown error

However I had web access via IE and Firefox.

Also HTML content was not anymore displayed in Outlook (images displaying red cross).

Then I could not install any new software, seems like the access to Registry was blocked somehow.

I managed to install MBAM but it won't update it's 68 days old signature file.

Even to start the GMER I had to go back to safe mode because it would not start.

Below are the following logs:
1. The last instance of ComboFix (Sorry I did not know about this website and the rules when I ran ComboFix, so I thought I would post the log for info)
2. The defogger log
3. The HIJACK THIS log
4. The DDS log (plus the Attach)
5. The GMER log (I had to run it in safe mode because in normal mode I have the error: LoadDriver ("C:\Document and Settings\Alex\Locals~1\Temp\kwlorpod.sys" ) error 0xC0000034: The system cannot find the file specified.

Thanks in advance for your help.

Alex

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:57:15, on 26/02/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\... Read more

More replies
Relevance 50.84%

I have some form of malware that is preventing me from installing and running Super anti spyware, spy-bot and malware bytes. I keep getting an error window with the following message. " The instructions at "0x7c8841ee" referenced memory at "0x00000000", the memory could not be written" then an end program button.
Ad-Aware seems to be the only program that I can run and it finds "win32trojant.dss"
Attached is my HJT file
any help or direction would be appreciated, thanks
 

Answer:Malware preventing me from installing

Please at least attach logs from running Combofix and MGTools. You didn't mention whether you had problems running those so I assume you have logs from them.

Thanks
kes
 

14 more replies
Relevance 50.84%

Seems I have a nasty virus/malware which is preventing just about everything I try to do to exterminate it, even in safe mode. Progress has been made, but it has been extremely slow and has hit a wall. It started with over half of the sites I tried to visit getting redirected to various sites claiming to be able to disinfect my computer and such, as well as several virus warnings from Symantec. After noticing this, I tried running Spybot, but it wouldn't open. After I renamed the executable file, it ran, but would not connect to the internet for updates. The same problem occurred with Malwarebytes' Anti-Malware and HijackThis. Also, the website for Spybot would always get redirected to another one of the above-mentioned fake sites.

I ran the scans without updates in safe mode hoping they would still be up to date enough to handle the problem. They did held to fix the problem of website redirection and updating Spybot and Anti-Malware, but they and HijackThis are still unable to run as their native (non-renamed) executables. I don't know if the more annoying problems will resurface later, but I want to be sure that the malware is off of my computer.

EDIT: This appears similar to be the Google hijacker that others on this forum are experiencing

ANOTHER EDIT: The main annoyance is back. Google search results are being redirected again. :-(
DDS (Ver_09-06-26.01) - NTFSx86
Run by Aaron at 20:52:13.84 on Sat 06/27/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.... Read more

Answer:Malware preventing countermeasures

Hello AlfaWolf04,Delete these old version of Java, as they are malware magnets.Java™ 6 Update 2Java™ 6 Update 3Java™ 6 Update 5Java™ 6 Update 7 Please post the last Malwarebytes log so I can see what it is finding. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire MBAM report in your next reply

7 more replies
Relevance 50.43%

Hi,

My desktop PC running on Windows XP Professional with SP3 is infected with some kind of virus/spyware that prevents access to anti virus sites.

The virus has also corrupted McAfee virus scan binary and prevents access to sites which clean spyware/malware. I have Malwarebytes' Anti-Malware and SuperAnti Spyware installed. But they cannot update their definitions since the virus attack started about 1 week ago.

I have tried several attempts to clean the virus/malware using the above anti spyware (McAfee scan is corrupted and won't start). The anti spyware finds a few worms and trojans and says that it cleaned them, but they keep coming back. I ran the scan in Safe mode with/without internet connection but that didn't help.

I have Zone Alarm installed but think that it is also infected.

Following are the main symptoms I see

1. No visible error messages/pop ups during bootup.

2. After booting I see quite a few new programs, mainly from the "C:/windows/system32/temp" dir trying to access the internet. Zone Alarm blocks them.

3. After doing a Google search in IE, if I click any website link, it is redirected to another random site. Sometimes opening the link in another IE window helps. (right click -> "open in new window")
Cannot access Microsoft or any anti virus/spyware related website.

4. Many times a pop up message saying "my computer may be infected with spyware" shows up and asks for running a scan. Initial... Read more

Answer:Virus/Spyware preventing access to Anti-Virus/Microsoft files

Hi there,

* Go here to run an online scanner from ESET.Tick the box next to YES, I accept the Terms of Use.
Click Start
Make sure that the option Remove found threats is UNchecked.
Click Scan
Wait for the scan to finish
Copy and paste report as a reply to this topic.

10 more replies
Relevance 50.43%

Greetings! I have recently been infected with some sort of malware. It is preventing me from visiting several websites I used to visit often. A few examples:Google, Yahoo search engine, Gmail, Hotmail, Facebook... Just to name a few. When I try to visit any of these sites I receive a browser message "Unable To Connect". I use Firefox.

I run Windows 7 64 bit.
_____________________________________________________________
.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Tyrantius at 21:05:02 on 2011-08-22
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4030.2591 [GMT -4:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common File... Read more

Answer:Malware Preventing Me From Opening Many Websites

Hello, Welcome to TSF.
I'm nasdaq and will be helping you.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programs, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.
===

If you did not modify your HOSTS file it has been compromised.


Quote:




Hosts: 184.107.64.187 Google
Hosts: 209.172.56.118 search.yahoo.com
Hosts: 209.172.56.118 Bing




Go to: HostsXpert v4.4
Download the program HostsXpert to restore the default hosts file back onto your machine.
Unzip the program and execute it.
Select
"Restore MS Hosts File".
Close the application.

Restart the computer normally.
===

When the hosts file has been restored.

Please download C... Read more

7 more replies
Relevance 50.43%

I seem to have a particularly pernicious bit of malware that I can't shift.

"Live Security Platinum 3.6.1" is showing in my taskbar, and keeps feeding me fake alerts.

I foolishly googled a "fix", which i suspect is just yet more malware.

I can't follow any of the general fixes because it's blocking almost every .exe from running.

Judging by the lost keystrokes as i type, i suspect there is some kind of keylogging afoot here too.

Help please!

I have older versions of some of the recommended tools installed if that helps - although can't find a way to update or run them... any ideas?

I'm on Windows Vista.
 

Answer:Malware preventing .exe files from running

OK I managed to find a rogue .dll... deleting it let me run .exes again.

I've had a bit of a mixed bag with the recommended utils though.

Hitman blue-screened for me twice in a row, and MBAM crashed during fixes the first time.

I've attached a transcript of what was in the window when MBAM crashed (although some of it's not very helpful because the full filepath wasn't displayed in the window when it became unresponsive) - and a log from when it ran OK the second time.

Any advice?
 

8 more replies
Relevance 50.43%

Hello,
I have recently developed a problem when I play games on the Pogo & Slingo websites as I have done for many years. I recently started getting a popup to download some antivirus software called 'winsuperantispyware' which I knew was bogus, so I did my best to ignore & get rid of it. Anyway, shortly afterward I began having problems with java on both sites & on Pogo, it said my java was not working or I had a 'bug' in my cache. I decided to run all my clean up programs including Smitfraudfix & Superanitispyware & I am still getting an error message when I try to play my beloved games.
I spent time reading through some of the related forums on this subject at your site yesterday & so I even tried to download Mozilla Firefox & when I did that, I got the 'winsuperantispyware' popup at the time when my selected game is downloading which I believe tells me that this malware is preventing me to play games with java on any browser. I have tried relentlessly to solve this problem on my own & I am having no luck , so I hope you guys can help me get rid of this nasty little pest!
Here is my Hijackthis file:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:37:59 AM, on 9/30/2007
Platform: Windows Vista (WinNT 6.00.1904)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\s3trayp.exe
C:\Program Files\CyberLink\Powe... Read more

More replies
Relevance 50.43%

Let me start by saying I already started in the "Am I infected" forum and they told me to start a new post in here. The link to my thread over there is: Internet access shuts down right after loginI sure would appreciate your help!Here is my DDS.txt:.DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_21Run by Alan at 20:44:04 on 2011-09-23Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3325.2251 [GMT -7:00].AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exe -k LocalSe... Read more

Answer:Malware preventing internet connection

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/420238 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

30 more replies
Relevance 50.43%

Hi guys,

Here's my System info:
Windows 7 Home Premium 64bit
Intel i5-2500k cpu
8gig DDR3 RAM
OCD VertexII SSD 60GB running OS
2TB HDD and 1TB HDD
ASRock Z68 Pro3 Mainboard

I went through the clean up process step by step and my logs are attached over this and the next post
 

Answer:Possible Malware preventing drag and drop etc

And here's the last of the attachments
 

7 more replies
Relevance 50.43%

I've tried everything I know how to do (which admittedly isn't much) and I'm hoping someone can help. I've run Spybot, Malwarebytes, and AVG. They all say they detected something called Astromedia and removed it, but now my computer is running worse than when I started. Every time I open my browser or a new tab it acts like it's not connected to the Internet until I reload multiple times. Can someone please help? My system info is below.
Thank you!
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: AMD A10-4600M APU with Radeon(tm) HD Graphics, AMD64 Family 21 Model 16 Stepping 1
Processor Count: 4
RAM: 5609 Mb
Graphics Card: AMD Radeon HD 7660G, 512 Mb
Hard Drives: C: Total - 590202 MB, Free - 403986 MB; D: Total - 19972 MB, Free - 2166 MB;
Motherboard: Hewlett-Packard, 18A6
Antivirus: AVG AntiVirus Free Edition 2015, Updated and Enabled
 

More replies
Relevance 50.43%

Hi, recently i've been having problems with "XP Security 2010" and other pop ups that it appeared to install. I tried several times to remove them with Malwarebytes and Spybot Search and Destroy and I was sure they had fixed the problem, but i am still having problems! Whenever i start up my computer I.E and FF run fine for the first few minutes then suddenly they start redirecting me to "search.avg.com" or they "cannot display the web page as i am not connected to the internet".

Also whenever i try to connect to the net with my laptop at the same time as my PC, my laptop does the same as the PC and the same is said for my PS3 when trying to play online but when i disconnect my PC from my router, my laptop and ps3 work fine.

Thanks

Steven

EDIT: also i have just noticed when i connect my laptop at the same time it appears to be turning my windows firewall off on the laptop.

Answer:Malware preventing internet access?

Hi,Please download and scan with SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)In the Main Menu, click the Preferences... button.Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program.Do not run a scan just yet.Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several op... Read more

5 more replies
Relevance 50.43%

Attempting to follow the XP cleaning procedure, and none of the tools will run except MGTOOLS, which did run to completion and generated the zipped file.

Symptoms are: both IE and Firefox either redirect or deny finding websites. For example, cannot get to windowsupdate.microsoft.com--instead, browser is redirected to findstuff.com when I attempt to click on Google search result which points to windowsupdate.microsoft.com. Attempting to go directly there results in a 'page not found' error. Same is true for symantec.com or Mcafee,com.

Spybot did install, but when I run it, it loads a 3MB process I can see in task manager, but never opens.

Superantispyware will not install. Even after renaming the executable, it crashes with the "SUPERAntiSpyware Free Edition has encountered a problem and needs to close. We are sorry for the inconvenience" error, which pops up and asks if I want to send the error report to Microsoft.

Combofix opens the "do you want to run" window, but never continues when I tell it to.

Malwarebytes' Anti-Malware -- same thing: when I click to run it, nothing happens.

One detail: Netscape Navigator appears unphased by the malware. So, I do have a working browser for some web access (Microsoft insists on IE, so I cannot use windowsupdates via this browser) on that computer.

I am attaching the mglogs.zip file.

One other note: I am actually conversing from a clean machine. I am running logmein to access t... Read more

Answer:Malware's preventing most tools from running

Let's start with this:

Click Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices.

* Scroll down to ?Non-plug and Play Drivers? and click the plus icon to open those drivers.
* Then search for TDSSserv.sys
* Let me know if you find this or not.
* If you do find it, right click on it, and select Disable. Do not try to uninstall it.
* Also if this is found and you disable it, then reboot and see if you can run the other scans that would not run.

Use add/remove programs to uninstall:
J2SE Runtime Environment 5.0 Update 10"
J2SE Runtime Environment 5.0 Update 11"
J2SE Runtime Environment 5.0 Update 9"
Java 2 Runtime Environment, SE v1.4.1_02"
Java(TM) 6 Update 2"
Java(TM) 6 Update 3"
Java(TM) 6 Update 5"
Java(TM) 6 Update 7"
Java(TM) SE Runtime Environment 6 Update 1
Viewpoint Media Player

Now use windows explorer to find and delete:
C:\Documents and Settings\Julia\Application Data\MJUSBSP
C:\Documents and Settings\Julia\Local Settings\Application Data\tjnet

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file and any other logs you can run ( remember to try the in safe mode).
 

3 more replies
Relevance 50.43%

I think I may have picked up some malware that is preventing executable files from running.
Windows 10
avast free anti virus
Sony VAIO VPCEB2C5E

I first noted that i couldn't get FireFox to open. I removed the program & re-installed it but no joy. I eventually downloaded Chrome and this is working.
Now however I've discovered that the majority of the programs on my laptop will not run.
Symptoms:
The program will initially load, blue flashing disc, but then nothing.
The list of affected apps are below:
Outlook
Word
DIVX player
MalwareBytes
VLC media player
Any app updater is blocked.

Working Apps
Chrome
CCCleaner but no update
Excel
Spybot
iTunes but no updates

Any help much appreciated
 

Answer:Malware Preventing Executable Files

The fact that some programs run and some do not, makes this sound like it is not one of the typical executable program blocking malware problems. In fact, it may not be malware. Let's see if we can get anywhere with our cleaning process in the link below. Try all the tools. Don't assume that they all will not run just because one or more does not. Also if you run into major problems trying to run the tools, try running them in safe boot mode.

Read & Run Me First Malware Removal Guide (incl. Spyware, Virus, Trojan, Hijacker)

There is a chance that you may have to uninstall Avast temporarily. We have seen antivirus program cause problems like you are describing. But let's first see where we get with the Read & Run Me First.
 

3 more replies
Relevance 50.43%

OS - Windows XP Home

I've been trying for a couple of weeks now to install Comodo Firewall, but it just wouldn't install. I made a thread over at the Comodo forums regarding this, which ended up being 2-3 pages long, and finally a Comodo technician replied to me.

He said the following:


Quote:




I am sorry, but your PC is seriously infected with at least four dangerous viruses. They blocks your registry and fully controls your Windows.
For example:
C:\windows\fonts\fonts.exe - see http://www.auditmypc.com/process/fonts.asp
System32\appmgmts.dll - see http://www.greatis.com/appdata/d/a/appmgmts.dll.htm
si.exe - see http://www.processlibrary.com/directory/files/si/ - most dangerous, it loads under explorer (maybe even replaces it)
Also I've found few suspicious and unknown drivers in your system.





Therefore, I've decided to come on here for help, in the hopes that I can clean my PC of this malware. I've followed all the instructions in the "Read This Before Posting For Malware Removal Help" thread.

I did everything except for the Gmer scan. I ran the Gmer scan and it was running for around 3 hours. I went and did something else for a while, and when I came back it was still running. It had caused the whole PC to basically freeze up, with the only thing NOT freezing up being Gmer itself. Then all of a sudden the PC blue screened and rebooted, therefore I'm left without the "ark.txt" file unfortunatel... Read more

Answer:Malware Preventing Installation Of Firewall!

Bump, please.

19 more replies
Relevance 50.43%

What do you think about anonymous software, and firefox add-ons like switchproxy and stealther? Do they prevent malware? Do you have any Firefox add-on recommendations for effective internet security?
 

Answer:Question about Firefox Add-ons and Preventing Malware

You can not be anonymous on the internet.
In order for the post office to deliver mail to you, they need to know the address where you accept mail.
In order for the internet to deliver web pages to your computer, a server somewhere needs to know the address of your computer so you can view the pages. Some server (or more than one) knows exactly where you computer is located and what web pages you want to view. If this information wasn't known, you get a 404 error for every page that you tried to load.
The perception that you are anonymous is just that, a perception.

You do not protect the browser; you protect the computer so that things delivered to your computer don't come with nasties you don't want.

The computer needs: a firewall, one antivirus (monitoring in real time), one malware detector (monitoring in real time). You might be able to get two of these things in one program.

To lessen your chance of clicking on something you don't want and installing something not healthy for your computer, you can run noscript in Firefox. This turns off javascript and you are able to turn it on for certain sites either permanently or temporarily. I also run something called WOT (web of trust) which shows me when I use google to search, sites to avoid or to approach with caution.
 

2 more replies
Relevance 50.43%

My computer has been acting strange for a while, but I couldn't ever pin it on malware.  My clock doesn't sync even when I change the server.  I got really suspicions when I connected to a new wireless network and got the following error message:
 
Cannot connect to the real www.google.com
Something is currently interfering with your secure connection to www.google.com.
Try to reload this page in a few minutes or after switching to a new network. If you have recently connected to a new Wi-Fi network, finish logging in before reloading.
If you were to visit www.google.com right now, you might share private information with an attacker. To protect your privacy, Chrome will not load the page until it can establish a secure connection to the real www.google.com.
 
I tried enabling my firewall but got:
 
Windows Firewall can't change some of your settings
Error code 0x80070424
 
I have a backup.  I ran CC cleaner and Junkware Removal Tool.  I'm currently running a full scan of Malware Bytes.
 
I've attached the results from dds.  Thanks for any help!

Answer:Malware Preventing Enabling Firewall

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Download Malwarebytes' Anti-Malware from HereDouble-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).The scan may take some time to finish,so please be patient.If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Log... Read more

2 more replies
Relevance 50.43%

Hello!  Yesterday I was having some problems with some spyware.  It would randomly create a fake windows firewall error saying that my computer is infected and prompt me to visit a web page to download a full version of a virus scanner.  The malware was causing lots of pop ups and whatnot.  I downloaded MBAM and superantispyware.  I ran both of them and the popups are gone(wohoo!).  However... This morning I got on my computer and I am unable to use any web browser (IE, Firefox) to navigate to websites.  I am connected to my router just fine, and I am able to connect to Steam and AIM with no problems, so I know I am connected to the internet.  I am unable to ping any websites or anything.  When I try to navigate to a website, I get the "address not found" error.  Please help!

Answer:Malware preventing web browser usage!

Go to...http://www.computerhope.com/forum/index.php/topic,46313.0.htmlFollow the guidelines, post the three logs and a specialist will review them in turn.

5 more replies
Relevance 50.43%

I hope I'm posting this to the right spot... this website is pretty confusing...

McAfee will not update and I cannot access the McAfee site. Instead, I get redirected to a pseudo site. I had something similar happen on another computer using Kaspersky. I am running Combofix now. Is there someone who could help me read the log?

Answer:Malware preventing McAfee from updating

DO NOT EVER run Combofix on your own and without supervision of an expert. It can seriously damage your system and make it unbootable. DO NOT post the log here.Some types of malware will disable MBAM and other security tools. If MBAM will not install, try renaming it.Before saving any of your security programs, rename them first. For example, before you save Malwarebytes', rename it to something like MBblah.exe and then click on Save and save it to your desktop. Same thing after you install it. Before running it, rename the main executable file first

Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.

If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run..Another work around is by not using the mouse to install it, Just use the arrow keys, tab, and enter keys. ~ Courtesy of boopmePlease download Malwarebytes Anti-Malware and save it to your desktop.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and y... Read more

1 more replies
Relevance 50.43%

Hi,
I have formatted my computer a few days ago and now I'm reinstalling my adobe programs. in order to do so I must close firefox, but after I do it, it reappears in the processes window. I terminate it, and a second later appears a process named CuNew.exe which immidiately changes to firefox. it just keeps happening every time I try to terminate it.

this cunew sits in C:\WINDOWS\system32\install, and it's something by indetectables.net. I guess it's a malware but my antivirus doesn't recognize it.

in addition, every time I restart now. I get error messages from programs such as skype, "the program failed to initialize", each time more and more programs.

here's my hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:13:54 PM, on 9/19/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\Extensis\Exte... Read more

Answer:malware preventing firefox from closing

I ran Malwarebytes' Anti-Malware and it detected the file. It said that it deleted it, but it just pops up again in the same directory.
Also, I noticed that this process disguises itself as Firefox all the time, e.g. when Firefox is closed I see "Firefox" running in the processes window, when it's open, there are two "Firefox" there.

Help will be so much appreciated!

Here's the MAM log:

Malwarebytes' Anti-Malware 1.41
Database version: 2833
Windows 5.1.2600 Service Pack 2

9/21/2009 1:59:11 AM
mbam-log-2009-09-21 (01-59-11).txt

Scan type: Full Scan (C:\|D:\|F:\|)
Objects scanned: 194426
Time elapsed: 35 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{0014hv01-o13r-jqfl-rq46-27ap31np34lx} (Generic.Bot.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c20ee2d6-81c3-6a08-79c5-1989da43bc19} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\poprock (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UI... Read more

2 more replies
Relevance 50.43%

I posted previously in another section about lagging issues: How to make speed improvements

satrow: "The security processor loader driver (spldr.sys) isn't related to any 3rd party drivers, it's installed by MS as part of Windows. If it's not loading in at all, it could be a malware issue"

As instructed there, I'm asking for a malware review. Thank you!

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17689 BrowserJavaVersion: 11.31.2
Run by Tony at 7:19:24 on 2015-04-01
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.7630.4546 [GMT -4:00]
.
AV: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\AVG2015\avgrsa.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe ... Read more

Answer:Malware possibly preventing spldr.sys?

Hello revelry,

My name is Tolga and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.
First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
My native language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your und... Read more

7 more replies
Relevance 50.43%

I am running Windows XP SP3, with the latest version of Firefox. I am using Bellsouth Fastaccess DSL. My antivirus is Norton, and could not find any issues. My computer is connected to the wireless network, with excellent signal strength. I have tried repairing the connection and using IE, but neither have worked. My laptop and other computer can both connect to the Internet. Other things that I have noticed: SUPERAntispyware and Spybot Search and Destroy have both stopped working. I have also posted this on the Web Browsing forum. Thank you for your help!

Answer:Malware preventing connection to Internet?

Please just keep it to one forum for nowIf we can't fix you here then you can post thereSee if you can access Safe mode w/networkingorYou can burn to a CD or download to a thumb drive the tools I am going to have you useDouble-check that Spybot's Teatimer function is disabled----------------------------------The process of cleaning your computer may require you to temporarily disable some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all th... Read more

11 more replies
Relevance 50.43%

I am infected by a Trojan/Virus that prevents me from updating my antivirus software as well as redirects any clicked links from a Google search. I've run Ad-Aware and it removed a trojan but apparently did not completely fix the problem. I have run online scans (Kaspersky and Panda) but the scan either didn't finish or my computer rebooted when the infections were trying to be removed. I've installed MalwareBytes but it will not execute. I've pasted the dds.txt log below and attached the attach.txt and hijackthis.txt logs.

I appreciate any help that can be given.

Thanks,
Brian

DDS (Ver_09-05-14.01) - NTFSx86
Run by brian at 20:38:36.45 on Wed 05/13/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_13
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.3069.1563 [GMT -4:00]

AV: AVG 7.5.557 *On-access scanning enabled* (Outdated) {41564737-3200-1071-989B-0000E87B4FB1}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalS... Read more

Answer:Infected with an unknown trojan preventing updates to antivirus and causing google redirects

Just bumping this up. I'm still interested in getting some help if anyone is available.

I appreciate your time. Thanks.
Brian

4 more replies
Relevance 50.43%

The previous poster of this issue had his post closed after receiving his system restore disks without actually beating the virus and I'm experiencing the exact same symptoms as he had, so here's his post, please help me, I would rather not wait for disks.

My desktop computer contracted a virus, and it's unlike one I've ever dealt with. It seems to be affecting the computer in two ways:

1) When I use Internet Explorer and search Google for something and click on a link, it re-directs to a different website -- usually one about some sort of anti-virus software. It doesn't seem to be affecting Firefox at all, though. Searches and links are just fine there.

2) It prevents any currently installed anti-virus software from running a scan, or any new anti-virus software or anti-spyware software from installing. I had Norton installed, and when I tried to run a scan, it would look like it was running a scan, but nothing happened. I tried installing other anti-virus software (after un-installing Norton) and running anti-virus scans on the internet (like Trendmicro) and nothing worked. It either sat idle like Norton did, or it causes the computer to go to a blue screen and then shut down.

I've perused various forums for a solution, and most of the solutions involve running some sort of anti-virus or anti-spyware program, or programs like HijackThis, and none of these will run on my infected computer.

I also tried to restore the system back to factory settings, but it seems as th... Read more

Answer:Virus Preventing Anti-Virus Software and System Restore

bump >_>Hello KBM,While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large, as are other comparable sites that help others with malware issues. Athough our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, you wouldn't want someone to assist you who is not familiar with your issue and attempt to fix it, would you?We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of... Read more

3 more replies
Relevance 50.43%

Hi, I'm pretty sure someone clicked on a virus link on facebook because when I viewed my profile on another computer I've somehow started conversations with everyone on my contact list along with a link of the virus. Please help me. Thank you.Edit: Moved topic from XP to the more appropriate forum. ~ Animal

Answer:Virus Preventing connection to Facebook and anti virus scans

Hi, I'm pretty sure someone clicked on a virus link on facebook because when I viewed my profile on another computer I've somehow started conversations with everyone on my contact list along with a link of the virus. Also, on the infected PC facebook never loads up. So far I've done nothing as I was getting ready to format my PC. Somehow I stumbled upon this forum while browsing the internet so I was hoping my comp could be saved. Please help me. Thank you.

7 more replies
Relevance 50.02%

The problem started a few days ago when I got a fake anti-virus, I promptly killed it with Malware Bytes Anti-Malware or so I thought. Later that day the computer restarted without prompting or warning and then kept restarting just after windows loaded. So I went into safe mode and ran AVG Malware bytes and Spybot. They all found stuff and killed them. I left the computer a bit and there was another Fake anti-virus. I killed it and then winlogin and severel other windows system files were being killed by Data Execution Prevention. After several attempt to remedy the problem we took drastic steps. WE formatted and reinstalled windows. We couldn't activate this windows because it wouldn't give us a installation ID so we found a disk with the version of windows the computer previous;y had from an older computer that got fried. Because of this there are 3 OS on the computer. The recovery drive which was not included in the format reads as: Unrecognized Operating System on drive C and XP Professional which should have been erased from the 2nd formatting from the current OS XP Media Center.

Now that we are able to logon we saw that the bugger was still there. I can get on the internet but the virus is preventing me from getting help anti-virus and anti-spyware sites are all not coming up. I do have 1 anti-virus that I have on CD but it's 2 years old and the virus won't let it update. Now I am here.

DDS:

DDS (Ver_09-06-26.01) - NTFSx86
Run by EnzoreDax at 11:44:31.53 on ... Read more

Answer:Virus Preventing Access to Anti-Virus websites

Hi DragonFox,

Wow.. This machine is heavily infected!!

Sorry for the delay in looking into your log, as we are extremely busy in this section of the forums. If you still require assistance and are not seeking help elsewhere, then please carry out my instructions.

Please subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Add Subscription.

--------------------------------------------------------------

Please re-run DDS and post the resulting logs

Thanks

1 more replies
Relevance 50.02%

I have Malwarebytes and Microsoft Security Essentials installed. The former is running all the time while I only run MSE occasionally to do a scan. I don't run them together so they don't conflict.

A few days ago I was getting a bubble pop up in the corner of my screen saying Malwarebytes was blocking outgoing connections to several IP addresses.

I updated MWB and did a scan which found something and asked me to restart to remove it. After I did this I was still getting the pop up messages about blocking connections but subsequent scans found nothing so I ran MSE which did find something (Cutwail.BE) that was quarantined automatically.

After this I restarted again and when I logged into Windows the MWB live protection module (I forget the exact name and can't open it to check) and MSE Real Time protection were both disabled and I got an error when I tried to enable them.

I know viruses can cause problems with updating these programs so I ran more scans with both MWB and MSE separately. MWB never found anything else but MSE found another instance of Cutwail.be and Necurs.A.

The next time I restarted I was unable to update either anti-virus program and just now Malwarebytes told me it was installing a new version of the program, which I didn't get a choice about, and now it wont open at all.

Neither MWB or MSE are finding anything when they scan now but I think something is still wrong because I can't enable real time protection or update them.

I have access to a Wi... Read more

Answer:Virus preventing anti-virus working properly

BUMP, please.

14 more replies
Relevance 50.02%

My desktop computer contracted a virus, and it's unlike one I've ever dealt with. It seems to be affecting the computer in two ways:

1) When I use Internet Explorer and search Google for something and click on a link, it re-directs to a different website -- usually one about some sort of anti-virus software. It doesn't seem to be affecting Firefox at all, though. Searches and links are just fine there.

2) It prevents any currently installed anti-virus software from running a scan, or any new anti-virus software or anti-spyware software from installing. I had Norton installed, and when I tried to run a scan, it would look like it was running a scan, but nothing happened. I tried installing other anti-virus software (after un-installing Norton) and running anti-virus scans on the internet (like Trendmicro) and nothing worked. It either sat idle like Norton did, or it causes the computer to go to a blue screen and then shut down.

I've perused various forums for a solution, and most of the solutions involve running some sort of anti-virus or anti-spyware program, or programs like HijackThis, and none of these will run on my infected computer.

I also tried to restore the system back to factory settings, but it seems as though the system recovery partition doesn't exist, or has been disabled by the virus. I'm not exactly sure, because I just got the computer recently and I guess I never paid much attention as to whether or not there was a recovery partit... Read more

Answer:Virus Preventing Anti-Virus Software Scans

This sounds exactly like something that took down my work computer last week, all the same symptoms...ended up doing a clean install. Ugh!

Couldn't get anything mBAM or AVG to do anything....

...I am/was running XP...

I am *very* interested in any info anyone may have about this!

16 more replies
Relevance 50.02%

Hey there...

I must have some sort of virus preventing me from installing anti virus program, and even accessing their websites online.

It seems to be the same problem as bill here, had back in 2008.
Virus Prevents Access to Antivirus Sites

What should I do?

Best Regards - Lasse

Answer:virus of sorts, preventing anti virus installation...

Hello and Welcome.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

1 more replies
Relevance 50.02%

Greetings All,

I had an older version of McAfee Virus software (which I received from the army), their contract expired unbeknownst to me September 16th. When Comcast notified me that I could download free the McAfee virus software I jumped at it. However, my computer cannot access mcafee.com, symantec.com or it appears any other security site. It appears from reading other sites and yours that there could be a fix. Here is my hijack this log, I have Windows ME...I have Registry First Aid and Spyware Blaster. Any thoughts are appreciated.


Logfile of HijackThis v1.99.1
Scan saved at 10:34:35 PM, on 11/2/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\ADAPTEC\GOBACK\GBPOLL.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\SK9910DM.EXE
C:\CABS\7510447\USB\WIN ME\PRELOAD.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\IIEVTE.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MANAGER\VIEWMGR.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE
C:\PR... Read more

Answer:Virus Preventing me from loading McAfee or any other virus software

Hi Todd, and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back to address your problem A.S.A.P.

Please Subscribe to this thread, (Thread Tools->Subscribe to this Thread) so that you are notified when a reply has been made.

Please be patient with me during this time.

Thanks,

RavenMind

2 more replies
Relevance 50.02%

Hello, I am not able to update Malwarebytes, Windows Defender and run Avira Connect that I have downloaded.I did have AVG but has not been updating so I removed it and downloaded Avira, It won't install. I have run Malwarebytes but it can't update and so has not found anything.I can't update Windows defender,even though I am connected to the internet it tells me there is no connection.I am running Windows 10Help!!

More replies
Relevance 50.02%

I have been getting redirected to fake anti-virus sites when using explorer and firefox keeps having an error and closing down on me. I used my malware and anti-virus programs to check for infections. I updated them manually and tried it again and they say there are no infections, however I still can't update my AVG or Avira from their interface.

Any help would be appreciated, I'm gone as far as I can with it on my own.
Thanks

Answer:Virus redirecting me and preventing from updating my anti-virus?

Have you used Malwarebytes? If so, please post a log. If not:In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.If prompted with a legal dialog, accept the warning.Click and then on "Advanced Mode"
You may be presented with a warning dialog. If so, press Click on Click on Uncheck this checkbox:
Close/Exit Spybot Search and DestroyIf teatimer was already off proced with this nextPlease download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the ... Read more

1 more replies
Relevance 50.02%

I posted about this in the "Am I Infected?" area, but after several attempts at removing this beast of a virus, I was told to post here. Topic referenced is here: http://www.bleepingcomputer.com/forums/t/241480/virus-preventing-anti-virus-software-scans/ ~ OBThe contents of my original post:My desktop computer contracted a virus, and it's unlike one I've ever dealt with. It seems to be affecting the computer in two ways:1) When I use Internet Explorer and search Google for something and click on a link, it re-directs to a different website -- usually one about some sort of anti-virus software. It doesn't seem to be affecting Firefox at all, though. Searches and links are just fine there.2) It prevents any currently installed anti-virus software from running a scan, or any new anti-virus software or anti-spyware software from installing. I had Norton installed, and when I tried to run a scan, it would look like it was running a scan, but nothing happened. I tried installing other anti-virus software (after un-installing Norton) and running anti-virus scans on the internet (like Trendmicro) and nothing worked. It either sat idle like Norton did, or it causes the computer to go to a blue screen and then shut down.I've perused various forums for a solution, and most of the solutions involve running some sort of anti-virus or anti-spyware program, or programs like HijackThis, and none of these will run on my infected computer.I also tried to restore the system back to factory set... Read more

Answer:Virus Preventing Anti-Virus Software Scans

I received my System Restore discs, so I just did a complete restore to factory settings to get rid of the virus. It worked, so this thread can be considered closed.

Kris

2 more replies
Relevance 50.02%

I have a particularly nasty bugger that has apparently found it's way into my recovery files. The only anti-virus I have been able to put on the computer is 2 years old and the virus won't let it update and as the title says I cannot access the anti-virus parts of any anti-virus website. Preemptive thanks you for any help you can provide.

HiJackThis Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:34:21 AM, on 7/6/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\System32\WLTRYSVC.EXE
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\bcmwltry.exe
H:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\Iexplore.exe
H:\WINDOWS\ehome\ehtray.exe
H:\WINDOWS\system32\WLTRAY.exe
C:\windows\ld12.exe
C:\windows\pp10.exe
H:\Program Files\Softwin\BitDefender10\bdmcon.exe
H:\Program Files\Softwin\BitDefender10\bdagent.exe
H:\WINDOWS\system32\RUNDLL32.EXE
H:\Program Files\HostsMan\hm.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\WINDOWS\system32\wuauclt.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\HiJackThis\HiJackThis.exe

O2 - BHO: H:\WINDOWS\system32\grffr83hn.dll - {D76AB2A1-00F3-42BD-F434-00BBC39C8953} -... Read more

Answer:Virus Preventing Access to Anti-Virus websites

Hello and Welcome to TSF.

We no longer use HijackThis as our initial analysis tool.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

1 more replies
Relevance 50.02%

Hello, I am not able to update Malwarebytes, Windows Defender and run Avira Connect that I have downloaded.I did have AVG but has not been updating so I removed it and downloaded Avira, It won't install. I have run Malwarebytes but it can't update and so has not found anything.I can't update Windows defender,even though I am connected to the internet it tells me there is no connection.I am running Windows 10Help!!

Answer:HELP! A virus is preventing me from updating and launching virus protection.

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. 1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.2. The fixes are specific to your problem and should only be used for this issue on this machine.3. If you don't know or understand something, please don't hesitate to ask.4. Please DO NOT run any other tools or scans while I am helping you.5. It is important that you reply to this thread. Do not start a new topic.6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.7. Absence of symptoms does not mean that everything is clear.If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line. *************************************************************************Try booting in Safe Mode and run the scans. Windows 10 has its own AV called Windows Defender. You don't need anothe... Read more

1 more replies
Relevance 50.02%

Hello all. I definitely got myself something pretty bad I think. I'll try to explain everything along with an attached Hijack log. I run Vista 32bit.

A few days ago I noticed random programs erroring out. At first firefox would crash. Then Zune marketplace would crash. I ran AVG and Malware and both came up clean. I didn't think anything of it. Then I started to have some Bsod's.

One of the restarts I noticed there was a windows security warning. Now my AVG was disabled and no matter how I tried to enable it, nothing would happen. Also, I had trouble starting the scan. When I was able to get the scan running, it would error out or bsod. Also, it seems almost all of these bsod's are different. I've gotten "IRQL not less or equal" to "memory management." It seems to be random.

So I restarted in safemode and tried to run AVG. It froze. I read to uninstall it using the avgremover and I did. When I tried to reinstall it, it errored out twice before it was sucessful. However, when scanning, it'd just freeze. Also, when I try to just start up AVG, I can't find a place to start it. It's all "AVGUI" and such files but no base application.. if that makes sense.

I tried to download another anti-virus, like Avast, and that too wouldn't install.

Please let me know if you need any other information. Thanks in advance!

EDIT: Whoops, tried to attach log. Here's my Hijack.

Running processes:
C:\Windows\sys... Read more

More replies
Relevance 50.02%

It appears that my desktop PC is infected with some malware/virus which is preventing my malware diagnostic/cleaning tools from running. When I try to run MBAM or Spybot, I get the Windows message "Windows cannot access the specified device, path of file. You may not have the appropriate permission to access the item". When I run Avira, it goes all the way through a full system scan, identifies about 13 infections (including ZLOB etc), then just crashes.

I've tried booting in safe mode then running the tools, but I get the same result.

I've also been getting inconsistent boot-up, the occasional blue/black screen and sometimes the PC won't boot at all unless I power off and on again (sometimes twice!!).

I followed the Preparation Guide, downloaded DDS, but when I tried to run it, it just sat there, cursor blinking but no reports, even after 15 minutes. I also downloaded RootRepeal and tried to run it, but it also crashed immediately.

I would greatly appreciate your expert help with this.
Hazmat99

Answer:Infection preventing malware tools from running

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

3 more replies
Relevance 50.02%

Hi.  I am helping a friend remove malware.  She is using Windows 10, 64 bit.  The symptoms were the inability to connect to the internet.  I booted into safe mode with networking and was still unable to connect to the internet.  I tried troubleshooting the connection using Windows built in troubleshooter.  The "unidentified Network" message persists.  I ran a program called "CleanUp!" to clear temp files, history, etc.  I ran Malwarebytes, Spybot, and Hitman Pro.  A slew of files and reg entries were found and removed.  There are some entries that keep returning when scanning with Spybot and rebooting.  I am now able to connect to the internet in Safe Mode with Networking.  Though, still unable to connect in normal mode.  I have ran FRST as directed.  I will include the following in the post: Spybot report, FRST.txt, and Addition.txt.  Thank you in advance for the assistance.
 
***Search results from Spybot - Search & Destroy***
 
1/20/2018 2:20:53 PM
Scan took 01:16:39.
7 items found.
 
MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-612429805-3072876167-3422260051-1001\Software\Microsoft\DirectInput\MostRecentApplication\Name
  Category=Tracks
  ThreatLevel=2
  Weblink=http://forums.spybot.info/forumdisplay.php?54
 
MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, noth... Read more

Answer:Unknown Malware preventing internet connection

Greetings davsnotn and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.If you would allow me to call you by your first name I would prefer to do that.===================================================Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems... Read more

8 more replies
Relevance 50.02%

Hi there,

I've had my attention drawn to my sister in laws computer that appears to be causing major problems. it won't open IE or FF but will run Chrome. when trying to place the computer into safe mode the power cuts and it reverts back to booting up. this happens at all versions of safe mode.

I've run an avast boot scan and found several files infected with Win32:rootkit-gen. I've also run malware antibytes with no luck. i'm out of ideas :S


DDS (Ver_2011-07-14.01) - NTFS_x86
Internet Explorer: 7.0.5730.13
Run by Kathrin Wallace at 20:24:21 on 2011-07-17
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.2039.1212 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImage\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenge... Read more

Answer:Unknown Malware preventing safe mode?

Hello and welcome to TSF Virus & Malware support. My name is Taylor and I'll be helping you with your fix.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please be patient with me during this time.

9 more replies
Relevance 50.02%

Hello.

For about two weeks now I have been battling several trojans/worms that have attacked my computer. I have managed to remove the majority but I'm still having one problem; I cannot update, run in real time or reinstall my Symantec Antivirus program. Every time I attempt to reinstall my antivirus program I have a window pop up saying my computer will shut down in 60 seconds; it also says I initiated this shutdown sequence. I usually use to Mozilla Firefox but I did use Internet Explorer about two weeks ago to view some sports videos on Yahoo Sports (the videos could not be opened with Firefox). Ever since I used IE my computer started acting weird; pop up ads all over the place, additional browser windows opening and my task bar disappearing. All those problems have been fixed except the problem of my antivirus.

Thanks ahead of time for your help!

Best,
Erika
 

Answer:Malware Preventing the Reinstallation of Antivirus Program

Attached is my MG log....
 

4 more replies
Relevance 50.02%

Hey guys, I apologize in advance, but I want to let you guys know I am not tech-savvy whatsoever; I fell upon this forum by google searching repeatedly on issues my computer is having; Anyway, I think I have cornered down the problem;
 
 
I am unable to connect to the internet with my desktop (all other devices in my house are able to connect)
 
chrome, IE, etc etc are all giving me the error that they "could not connect to the proxy"
I go into my browser settings to disable the proxy which I never set up, and, it is automatically re-enabled; Obviously I have malware of some kind;
 
I have ran hitman 64bit, malwarebytes, and neither of them succeeded; I was reading multiple threads on this forum from people who were having the same issue and noticed that the mods/"consultants" here were asking them to have some kind of scanner run and create a log for them to see; I also noticed the solutions they offered were specific to the OP's computer, and thus, could not be used by others reading.
 
So, I have created this thread in hopes that someone can help me. Just tell me what to do and ill get right on it!
Thanks guys, I really appreciate the help;

Answer:Malware setting up a proxy and preventing me from disabling it

Also, I have a dell desktop with a preinstalled version of windows;
 
The F**** joke of a "reset/recovery" disc made in windows 8 doesnt work; I have created a repair disc using the program in windows 8, and, when I try to use it, it tells me the "media is not valid"
 

I have also looked up my product key using belclair or something like that, and went to microsoft's website, only for them to reject the product key in a new installation of windows;
 
therefore, I can not do a clean install of windows 8; I am bleep out of luck here with dell and microsoft and it seems my only option is getting rid of this malware myself;

2 more replies
Relevance 50.02%

Just occured to me to try using IE 64 on this Win7 64 machine as I've been reading this site from an alternate machine. It seems to work fine, but Firefox, Chrome or IE 32 won't work. I've checked the hosts file as well.

Microsoft Security Essentials Detected the following since this all occurred:

Trojan:Win32/Ertfor.A
Trojan:Win32/Hiloti.gen!D
Trojan:Win32/Wimpixo.E
VirTool:Win32/Obfuscator.KG
Rogue:Win32/Winwebsec
Trojan:Java/Mesdeh.C
Trojan:Java/Mesdeh.A
Trojan:Java/Mesdeh.D
VirTool:Win32/Obfuscator.KG
Trojan:Java/Mesdeh

Norman Malware Cleaner from 11/13 detected/removed 5 things but unfortunately I didn't log them.

I can't remember if ESET picked up anything- the history logs aren't showing anything, and it's not able to update itself (presumably the same protocol used as 32-bit browsing?)

GMER also has many of the options listed in the preparation guide greyed out:
 gmer.png   68.07KB
  1 downloads

---

DDS (Ver_10-11-10.01) - NTFS_AMD64
Run by John Doe at 8:53:01.79 on Sun 11/14/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.4060.2493 [GMT -8:00]
============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files�... Read more

Answer:Possible Malware Remnants Preventing Any 32-bit Browser From Working

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

10 more replies
Relevance 50.02%

I get svchost.exe errors on bootup with references to 0x85993a44 and 0x01c8284.

I get Google redirects.

I cannot do a Windows update. I get Error number: 0x80072EFF

I've attached the logs.

It looks like the limit for attachments is 4, but the 5th is short and is here:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/25/2008 at 04:17 AM

Application Version : 4.22.1012

Core Rules Database Version : 3685
Trace Rules Database Version: 1662

Scan type : Complete Scan
Total Scan Time : 01:39:58

Memory items scanned : 918
Memory threats detected : 0
Registry items scanned : 9108
Registry threats detected : 0
File items scanned : 47848
File threats detected : 0

Any help???
 

Answer:Malware preventing Update and causing redirects

Welcome to Major Geeks!

We need some additional info. Please run this: GMER - running with a random name and attach the log from GMER.
 

10 more replies
Relevance 50.02%

Please help to solove the problem. Google chrome when opens https://google.com tels that it can not open real google.com. But it opens https://www.yahoo.comDDS (Ver_2012-11-20.01) - NTFS_x86Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.65.2Run by U135428 at 18:08:26 on 2014-07-28Microsoft Windows 7 Enterprise 6.1.7601.1.1254.90.1033.18.3014.1552 [GMT 3:00].AV: McAfee VirusScan Enterprise *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ================.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\Hpservice.exeC:\Windows\system32\WUDFHost.exeC:\Windows\System32\spoolsv.exeC:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exeC:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exeC:\Program Files\Cisco Systems\VPN Client\cvpnd.exeC:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exeC:\Program Files\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exeC:\Program Files\McAfee\Common Framework\FrameworkService.exeC:\Windows\system32\mfevtps.exeC:\Program Files\Common Files\McAfee\SystemCore\mcshield.exeC:\Program Files\... Read more

Answer:Malware preventing https work on chrome

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/542521 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

4 more replies
Relevance 50.02%

Hello,

I believe my laptop is infected with malware, preventing it from performing any tasks, such as accessing the internet, or opening programs. It is a shared laptop used primarily for web browsing (google, facebook, etc.) iTunes, and paying bills online. I am able to boot the computer, logon (although noticeably slower), and then I receive two error messages. The first is:

rundll32.exe - Bad Image

"The application or DLL C:\WINDOWS\oparexurivikiki.dll is not a valid Windows image. Please check this against your installation diskette."

I click ok, then another error message immediately pops up:

RUNDLL

"Error loading C:\WINDOWS\oparexurivikiki.dll

%1 is not a valid Win32 application."

I then click ok, and now my desktop appears normal, although 9/10 times I notice that on the bottom right in my taskbar, my network icons do not appear (both LAN and wireless).

From trial and error, I've learned that sometimes I can open up 'my computer', text files, but once I try and open internet explorer or any exe files, my computer freezes. The computer will eventually lock up at some point even if I avoid opening exe files.

I've tried system restore to earlier points, and the problems have not gone away. I've been able to download programs like Malwarebytes' Anti-Malware, AVG 2011, and SUPERAntiSpyware Free Edition, and run them (without updating them; can't connect to internet) and although they have detected and quaranti... Read more

Answer:Suspected malware preventing operation of any programs

16 more replies
Relevance 49.2%

Hello,
My computer is infected with malware. After a while of having my computer turned on eventually a message comes up that says "Generic Host Process for Win32 Services has encountered a problem and needs to close. We are sorry for the inconvenience" with the option of sending an error report to Microsoft. After this window comes up, the computer becomes very slow, and the internet connection eventually disconnects, with no chance of regaining internet unless the computer is restarted. Also, the sound on my computer goes mute and sound can only be regained if restarted. Also, at first my computer couldn't restart, it would simply freeze at the gray screen or blue "logging off screen" and I would have to force turn off my laptop by holding the power button down for a few seconds. Here is my HijackThis log file:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:51:32 AM, on 10/5/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\L... Read more

Answer:Malware preventing internet access, crashing computer

Hello and Welcome to the forums!My name is Gringo and I'll be glad to help you with your computer problems.Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger:Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appea... Read more

3 more replies